Allied Telesis AT-IX5-28GPX Manual Download Page 1056 | Manualshive

Page: 1056 / 1928

background image

1040

Command Reference for AT-IX5-28GPX High Availability, High Power Video Surveillance PoE Switch

C613-50057-01 REV A

AlliedWare Plus™ Operating System - Version 5.4.5-0.x

A

UTHENTICATION

C

OMMANDS

AUTH

AUTH

-

FAIL

VLAN

auth auth-fail vlan

Overview

Use this command to enable the

auth-fail vlan

feature on the specified vlan

interface. This feature assigns supplicants (client devices) to the specified VLAN if
they fail port authentication.

Use the

no

variant of this command to disable the

auth-fail vlan

feature for a

specified VLAN interface.

Syntax

auth auth-fail vlan <

1-4094

>

no auth auth-fail vlan

Default

The

auth-fail vlan

feature is disabled by default.

Mode

Interface Configuration for a static channel, a dynamic (LACP) channel group, or a
switch port.

Usage

Use the

auth-fail vlan

feature when using Web-Authentication instead of the

Guest VLAN feature, when you need to separate networks where one supplicant
(client device) requires authentication and another supplicant does not require
authentication from the same interface.

This is because the DHCP lease time using the Web-Authentication feature is
shorter, and the

auth fail vlan

feature enables assignment to a different VLAN if a

supplicant fails authentication.

To enable the

auth-fail vlan

feature with Web Authentication, you need to set

Web Authentication Server virtual IP address by using the

auth-web-server

ipaddress

command or the

auth-web-server dhcp ipaddress

command.

When using 802.1X port authentication, use a

dot1x max-auth-fail

command to set

the maximum number of login attempts. Three login attempts are allowed by
default for 802.1X port authentication before supplicants trying to authenticate
are moved from the Guest VLAN to the auth-fail VLAN. See the

dot1x max-auth-fail

on page 1011 for command information.

See the

Authentication Feature Overview and Configuration Guide

for information

about:

•

the auth-fail VLAN feature, which allows the Network Administrator to
separate the supplicants who attempted authentication, but failed, from the
supplicants who did not attempt authentication, and

•

restrictions regarding combinations of authentication enhancements
working together

Use appropriate ACLs (Access Control Lists) on interfaces for extra security if a
supplicant allocated to the designated auth-fail vlan can access the same network

Parameter

Description

<

1-4094

>

Assigns the VLAN ID to any supplicants that have failed port
authentication.

«
...
1054
1055
1056
1057
1058
...
»

Summary of Contents for AT-IX5-28GPX

Page 1: ...C613 50057 01 REV A AT IX5 28GPX HIGH AVAILABILITY HIGH POWER VIDEO SURVEILLANCE POE SWITCH Command Reference for AlliedWare Plus Version 5 4 5 ...

Page 2: ...Telesis Labs Ltd PO Box 8011 Christchurch New Zealand Allied Telesis AlliedWare Plus Allied Telesis Management Framework EPSRing SwitchBlade and VCStack are trademarks or registered trademarks in the United States and elsewhere of Allied Telesis Inc Adobe Acrobat and Reader are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and or other countries Micr...

Page 3: ... exit 73 help 74 logout 75 show history 76 Chapter 2 User Access Commands 77 Introduction 77 clear line console 78 clear line vty 79 enable password 80 enable secret 83 exec timeout 86 flowcontrol hardware asyn console 88 length asyn 90 line 91 privilege level 93 security password history 94 security password forced change 95 security password lifetime 96 security password minimum categories 97 se...

Page 4: ...utoboot enable 120 boot config file 121 boot config file backup 123 boot system 124 boot system backup 126 cd 127 copy current software 128 copy debug 129 copy running config 130 copy startup config 131 copy filename 132 copy zmodem 134 create autoboot 135 delete 136 delete debug 137 dir 138 edit 140 edit filename 141 erase startup config 143 mkdir 144 move 145 move debug 146 pwd 147 rmdir 148 sho...

Page 5: ...ntroduction 180 license 181 license member deleted 183 show license 184 show license brief 186 show license member 188 show license brief member 190 Chapter 5 System Configuration and Monitoring Commands 192 Introduction 192 banner exec 193 banner login system 195 banner motd 197 clock set 199 clock summer time date 200 clock summer time recurring 202 clock timezone 204 continuous reboot preventio...

Page 6: ... 263 speed asyn 265 system territory deprecated 267 terminal monitor 268 undebug all 269 Chapter 6 Logging Commands 270 Introduction 270 clear exception log 271 clear log 272 clear log buffered 273 clear log permanent 274 default log buffered 275 default log console 276 default log email 277 default log host 278 default log monitor 279 default log permanent 280 log buffered 281 log buffered filter...

Page 7: ... clear test interface 343 service test 344 test interface 345 Chapter 10 Switching Commands 347 Introduction 347 backpressure 348 clear loop protection counters 350 clear mac address table static 351 clear mac address table dynamic 352 clear port counter 354 debug loopprot 355 debug platform packet 356 duplex 358 flowcontrol switch port 359 linkflap action 361 loop protection 362 loop protection a...

Page 8: ...mum 407 switchport port security violation 408 thrash limiting 409 undebug loopprot 411 undebug platform packet 412 Chapter 11 VLAN Commands 413 Introduction 413 clear vlan statistics 414 port vlan forwarding priority 415 private vlan 418 private vlan association 419 show port vlan forwarding priority 420 show vlan 421 show vlan classifier group 422 show vlan classifier group interface 423 show vl...

Page 9: ... show spanning tree mst detail 482 show spanning tree mst detail interface 484 show spanning tree mst instance 486 show spanning tree mst instance interface 487 show spanning tree mst interface 488 show spanning tree mst detail interface 489 show spanning tree statistics 491 show spanning tree statistics instance 493 show spanning tree statistics instance interface 495 show spanning tree statistic...

Page 10: ...tion Commands 539 Introduction 539 channel group 540 clear lacp counters 542 debug lacp 543 lacp port priority 544 lacp system priority 545 lacp timeout 546 show debugging lacp 548 show diagnostic channel group 549 show etherchannel 551 show etherchannel detail 552 show etherchannel summary 553 show lacp sys id 554 show lacp counter 555 show port etherchannel 556 show static channel group 558 stat...

Page 11: ...ty 604 arp IP address MAC 605 arp log 606 arp opportunistic nd 609 clear arp cache 610 clear ip dns forwarding cache 611 debug ip dns forwarding 612 debug ip packet interface 613 ip address 615 ip directed broadcast 617 ip dns forwarding 619 ip dns forwarding cache 620 ip dns forwarding dead time 621 ip dns forwarding retry 622 ip dns forwarding source interface 623 ip dns forwarding timeout 624 i...

Page 12: ...nd managed config flag 674 ipv6 nd minimum ra interval 675 ipv6 nd other config flag 676 ipv6 nd prefix 677 ipv6 nd ra interval 679 ipv6 nd ra lifetime 680 ipv6 nd raguard 681 ipv6 nd reachable time 683 ipv6 nd retransmission time 684 ipv6 nd suppress ra 685 ipv6 neighbor 686 ipv6 opportunistic nd 687 ipv6 route 688 ping ipv6 689 show ipv6 forwarding 690 show ipv6 interface brief 691 show ipv6 nei...

Page 13: ...4 clear ip igmp group 735 clear ip igmp interface 736 debug igmp 737 ip igmp 738 ip igmp access group 739 ip igmp immediate leave 740 ip igmp last member query count 741 ip igmp last member query interval 742 ip igmp limit 743 ip igmp mroute proxy 745 ip igmp proxy service 746 ip igmp querier timeout 747 ip igmp query holdtime 748 ip igmp query interval 750 ip igmp query max response time 752 ip i...

Page 14: ...ipv6 mld querier timeout 800 ipv6 mld query interval 801 ipv6 mld query max response time 802 ipv6 mld robustness variable 803 ipv6 mld snooping 804 ipv6 mld snooping fast leave 806 ipv6 mld snooping mrouter 807 ipv6 mld snooping querier 809 ipv6 mld snooping report suppression 810 ipv6 mld static group 812 ipv6 mld version 814 show debugging mld 815 show ipv6 mld groups 816 show ipv6 mld interfac...

Page 15: ...ter 24 IPv6 Hardware Access Control List ACL Commands 903 Introduction 903 commit IPv6 905 ipv6 access list named 906 ipv6 access list named ICMP filter 908 ipv6 access list named protocol filter 912 ipv6 access list named TCP UDP filter 917 ipv6 traffic filter 921 show ipv6 access list IPv6 Hardware ACLs 923 Chapter 25 IPv6 Software Access Control List ACL Commands 925 Introduction 925 ipv6 acces...

Page 16: ...4 show mls qos interface policer counters 987 show mls qos interface queue counters 989 show mls qos interface storm status 990 show mls qos maps cos queue 991 show mls qos maps premark dscp 992 show policy map 993 storm action 994 storm downtime 995 storm protection 996 storm rate 997 storm window 998 trust dscp 999 wrr queue disable queues 1000 wrr queue egress rate limit queues 1001 wrr queue w...

Page 17: ...0 auth timeout server timeout 1061 auth timeout supp timeout 1062 auth two step enable 1063 auth mac enable 1066 auth mac method 1068 auth mac password 1069 auth mac reauth relearning 1071 auth web enable 1072 auth web forward 1073 auth web max auth fail 1075 auth web method 1076 auth web server blocking mode 1077 auth web server dhcp ipaddress 1078 auth web server dhcp lease 1079 auth web server ...

Page 18: ...116 show auth mac statistics interface 1117 show auth mac supplicant 1118 show auth mac supplicant interface 1120 show auth web 1121 show auth web diagnostics 1123 show auth web interface 1125 show auth web sessionstatistics 1128 show auth web statistics interface 1129 show auth web supplicant 1130 show auth web supplicant interface 1131 show auth web server 1132 show auth web server page 1134 sho...

Page 19: ... Server Commands 1189 Introduction 1189 attribute 1190 authentication 1193 clear radius local server statistics 1194 copy fdb radius users to file 1195 copy local radius user db from file 1197 copy local radius user db to file 1198 crypto pki enroll local 1199 crypto pki enroll local local radius all users 1200 crypto pki enroll local user 1201 crypto pki export local pem 1202 crypto pki export lo...

Page 20: ...y pubkey chain knownhosts 1245 crypto key pubkey chain userkey 1247 debug ssh client 1249 debug ssh server 1250 service ssh 1251 show banner login 1253 show crypto key hostkey 1254 show crypto key pubkey chain knownhosts 1255 show crypto key pubkey chain userkey 1256 show crypto key userkey 1257 show running config ssh 1258 show ssh 1260 show ssh client 1262 show ssh server 1263 show ssh server al...

Page 21: ...fy mac address 1305 ip dhcp snooping violation 1306 ip source binding 1307 service dhcp snooping 1309 show arp security 1311 show arp security interface 1312 show arp security statistics 1314 show debugging arp security 1317 show debugging ip dhcp snooping 1318 show ip dhcp snooping 1319 show ip dhcp snooping acl 1320 show ip dhcp snooping agent option 1323 show ip dhcp snooping binding 1326 show ...

Page 22: ... show debugging epsr 1384 show epsr 1385 show epsr common segments 1391 show epsr config check 1392 show epsr epsr instance 1394 show epsr epsr instance counters 1395 show epsr counters 1396 show epsr summary 1397 undebug epsr 1398 Chapter 37 AMF Commands 1399 Introduction 1399 atmf area 1400 atmf area password 1401 atmf backup 1403 atmf backup area masters delete 1404 atmf backup area masters ena...

Page 23: ...ogin 1454 atmf select area 1455 atmf virtual link 1456 atmf working set 1459 clear atmf links statistics 1461 debug atmf 1462 debug atmf packet 1464 erase factory default 1467 show atmf 1468 show atmf area 1472 show atmf area summary 1475 show atmf area nodes 1477 show atmf area nodes detail 1479 show atmf backup 1481 show atmf backup area 1484 show atmf detail 1486 show atmf group 1488 show atmf ...

Page 24: ...rver 1547 domain name 1548 host 1549 ip address dhcp 1550 ip dhcp bootp ignore 1552 ip dhcp leasequery enable 1553 ip dhcp option 1554 ip dhcp pool 1556 ip dhcp relay agent option 1557 ip dhcp relay agent option checking 1559 ip dhcp relay agent option remote id 1560 ip dhcp relay information policy 1561 ip dhcp relay maxhops 1563 ip dhcp relay max message length 1564 ip dhcp relay server address ...

Page 25: ...t pd 1620 ipv6 dhcp option 1622 ipv6 dhcp pool 1624 ipv6 dhcp server 1626 ipv6 local pool 1627 ipv6 nd prefix DHCPv6 1629 link address 1631 option DHCPv6 1633 prefix delegation pool 1635 show counter ipv6 dhcp client 1637 show counter ipv6 dhcp server 1639 show ipv6 dhcp 1641 show ipv6 dhcp binding 1642 show ipv6 dhcp interface 1645 show ipv6 dhcp pool 1647 sntp address 1649 Chapter 41 SNMP Comman...

Page 26: ... select 1699 lldp non strict med tlv order check 1701 lldp notification interval 1702 lldp notifications 1703 lldp port number type 1704 lldp reinit 1705 lldp run 1706 lldp timer 1707 lldp tlv select 1708 lldp transmit receive 1710 lldp tx delay 1711 location civic location configuration 1712 location civic location identifier 1717 location civic location id 1718 location coord location configurat...

Page 27: ...on statistics 1769 Chapter 45 Trigger Commands 1771 Introduction 1771 active trigger 1772 day 1773 debug trigger 1775 description trigger 1776 repeat 1777 script 1778 show debugging trigger 1780 show running config trigger 1781 show trigger 1782 test 1787 time trigger 1788 trap 1790 trigger 1791 trigger activate 1792 type atmf node 1793 type cpu 1796 type interface 1797 type memory 1798 type perio...

Page 28: ...ent 1836 sflow agent address 1837 sflow collector address 1839 sflow collector max datagram size 1841 sflow enable 1842 sflow max header size 1843 sflow polling interval 1845 sflow sampling rate 1846 show debugging sflow 1847 show running config sflow 1849 show sflow 1850 show sflow interface 1852 undebug sflow 1853 Chapter 48 Cable Fault Locator Commands 1854 Introduction 1854 clear test cable di...

Page 29: ... 1880 stack disabled master monitoring 1882 stack enable 1883 stack management subnet 1885 stack management vlan 1886 stack priority 1887 stack renumber 1888 stack renumber cascade 1889 stack resiliencylink 1891 stack software auto synchronize 1893 stack virtual chassis id 1894 stack virtual mac 1895 switch provision stack 1896 switchport resiliencylink 1897 vlan mode stack local vlan 1898 undebug...

Page 30: ...30 Command Reference for AT IX5 28GPX High Availability High Power Video Surveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x ...

Page 31: ...848 access list hardware TCP UDP filter 851 access list standard named filter 887 access list standard numbered filter 889 ipv6 access list extended IP protocol filter 934 ipv6 access list extended TCP UDP filter 937 ipv6 access list named ICMP filter 908 ipv6 access list named protocol filter 912 ipv6 access list named TCP UDP filter 917 ipv6 access list standard filter 941 aaa accounting auth ma...

Page 32: ...P numbered 824 access list hardware MAC numbered 834 access list standard numbered 885 access list extended named 860 access list hardware named 837 access list standard named 883 accounting login 1162 activate 323 active ping polling 1810 active trigger 1772 address prefix 1602 address range 1604 advertisement interval 1336 arp IP address MAC 605 arp log 606 arp opportunistic nd 609 arp security ...

Page 33: ...le 1423 atmf group membership 1424 atmf log verbose 1426 atmf management subnet 1427 atmf management vlan 1429 atmf master 1430 atmf network name 1431 atmf provision node clone 1433 atmf provision node configure boot config 1435 atmf provision node configure boot system 1437 atmf provision node create 1439 atmf provision node delete 1441 atmf provision node license cert 1443 atmf provision node lo...

Page 34: ...imeout quiet period 1059 auth timeout reauth period 1060 auth timeout server timeout 1061 auth timeout supp timeout 1062 auth two step enable 1063 authentication 1193 auth mac enable 1066 auth mac method 1068 auth mac password 1069 auth mac reauth relearning 1071 auth web enable 1072 auth web forward 1073 auth web max auth fail 1075 auth web method 1076 auth web server blocking mode 1077 auth web ...

Page 35: ... poll failcount 1094 auth web server ping poll interval 1095 auth web server ping poll reauth timer refresh 1096 auth web server ping poll timeout 1097 auth web server port 1098 auth web server redirect delay time 1099 auth web server redirect url 1100 auth web server session keep 1101 auth web server ssl intercept port 1104 auth web server ssl 1102 auth web server sslport deleted 1103 autoboot en...

Page 36: ... binding 1545 clear ip dhcp snooping binding 1289 clear ip dhcp snooping statistics 1290 clear ip dns forwarding cache 611 clear ip igmp group 735 clear ip igmp interface 736 clear ip igmp 734 clear ip mroute statistics 707 clear ip mroute 706 clear ip prefix list 891 clear ipv6 dhcp binding 1608 clear ipv6 dhcp client 1610 clear ipv6 mld group 788 clear ipv6 mld interface 789 clear ipv6 mld 787 c...

Page 37: ...cols RSTP and MSTP 464 clear spanning tree statistics 463 clear ssh 1240 clear test cable diagnostics tdr 1855 clear test interface 343 clear vlan statistics 414 clock set 199 clock summer time date 200 clock summer time recurring 202 clock timezone 204 commit IPv4 854 commit IPv6 905 configure terminal 67 continuous reboot prevention 205 copy filename 132 copy current software 128 copy debug 129 ...

Page 38: ... crypto pki enroll local user 1201 crypto pki enroll local 1199 crypto pki export local pem 1202 crypto pki export local pkcs12 1203 crypto pki trustpoint local 1204 day 1773 deadtime RADIUS server group 1170 debug aaa 1164 debug arp security 1291 debug atmf packet 1464 debug atmf 1462 debug crypto pki 1205 debug dot1x 1004 debug epsr 1373 debug gvrp 589 debug igmp 737 debug ip dhcp snooping 1292 ...

Page 39: ...861 debug trigger 1775 debug vrrp events 1341 debug vrrp packet 1342 debug vrrp 1340 default log buffered 275 default log console 276 default log email 277 default log host 278 default log monitor 279 default log permanent 280 default action 948 default router 1546 delete debug 137 delete mail 1751 delete 136 description interface 327 description ping polling 1814 description QoS policy map 949 de...

Page 40: ...it 1010 dot1x max auth fail 1011 dot1x max reauth req 1013 dot1x port control 1014 dot1x timeout tx period 1016 duplex 358 echo 324 ecofriendly led 207 ecofriendly lpi 208 edit filename 141 edit 140 egress rate limit 950 egress vlan id 1207 egress vlan name 1209 enable Privileged Exec mode 70 enable VRRP 1344 enable password 80 enable secret 83 end 72 epsr configuration 1376 epsr datavlan 1377 eps...

Page 41: ...le 88 group 1211 gvrp interface 591 gvrp dynamic vlan creation 592 gvrp enable global 593 gvrp registration 594 gvrp timer 595 help 74 host 1549 hostname 212 instance priority MSTP 469 instance vlan MSTP 471 interface to configure 328 ip ping polling 1816 ip address dhcp 1550 ip address 615 ip dhcp bootp ignore 1552 ip dhcp leasequery enable 1553 ip dhcp option 1554 ip dhcp pool 1556 ip dhcp snoop...

Page 42: ...t option remote id 1560 ip dhcp relay agent option subscriber id auto mac 1614 ip dhcp relay agent option 1557 ip dhcp relay information policy 1561 ip dhcp relay maxhops 1563 ip dhcp relay max message length 1564 ip dhcp relay server address 1566 ip directed broadcast 617 ip dns forwarding cache 620 ip dns forwarding dead time 621 ip dns forwarding retry 622 ip dns forwarding source interface 623...

Page 43: ...8 ip igmp snooping querier 759 ip igmp snooping report suppression 760 ip igmp snooping routermode 761 ip igmp snooping tcn query solicit 763 ip igmp snooping 756 ip igmp source address check 765 ip igmp ssm 766 ip igmp ssm map enable 767 ip igmp ssm map static 768 ip igmp startup query count 772 ip igmp startup query interval 773 ip igmp static group 770 ip igmp version 774 ip igmp 738 ip local p...

Page 44: ...nt pd 1620 ipv6 dhcp option 1622 ipv6 dhcp pool 1624 ipv6 dhcp server 1626 ipv6 enable 671 ipv6 forwarding 673 ipv6 local pool 1627 ipv6 mld access group 794 ipv6 mld immediate leave 795 ipv6 mld last member query count 796 ipv6 mld last member query interval 797 ipv6 mld limit 798 ipv6 mld querier timeout 800 ipv6 mld query interval 801 ipv6 mld query max response time 802 ipv6 mld robustness var...

Page 45: ...679 ipv6 nd ra lifetime 680 ipv6 nd reachable time 683 ipv6 nd retransmission time 684 ipv6 nd suppress ra 685 ipv6 neighbor 686 ipv6 opportunistic nd 687 ipv6 route 688 ipv6 traffic filter 921 lacp port priority 544 lacp system priority 545 lacp timeout 546 lease 1568 length asyn 90 length ping poll data 1817 license member deleted 183 license 181 line 91 link address 1631 linkflap action 361 lld...

Page 46: ...dentifier 1717 location civic location id 1718 location coord location configuration 1719 location coord location identifier 1721 location coord location id 1722 location elin location 1723 location elin location id 1724 log buffered filter 282 log buffered size 285 log buffered 281 log console filter 287 log console 286 log email filter 291 log email time 294 log email 290 log host filter 297 log...

Page 47: ...9 mac address table thrash limit 370 mail from 1753 mail smtpserver 1754 mail 1752 match access group 951 match cos 953 match dscp 954 match eth format protocol 955 match inner cos 958 match inner vlan 959 match ip precedence 960 match mac type 961 match tcp flags 962 match vlan 963 max fib routes 214 maximum access list 896 maximum paths 700 max static routes 215 mirror interface 371 mkdir 144 ml...

Page 48: ...ter 1530 ntp peer 1531 ntp server 1533 ntp source 1535 ntp trusted key 1537 optimistic nd 638 option DHCPv6 1633 option 1572 ping ipv6 689 ping 639 ping poll 1819 platform hwfilter size 373 platform l3 vlan hashing algorithm 1109 platform load balancing 374 platform mac vlan hashing algorithm 1110 platform stop unreg mc flooding 375 platform vlan stacking tpid 377 polarity 378 police single rate a...

Page 49: ... private vlan association 419 private vlan 418 privilege level 93 probe enable 1574 probe packets 1575 probe timeout 1576 probe type 1577 pwd 147 radius server deadtime 1173 radius server host 1174 radius server key 1177 radius server local 1213 radius server retransmit 1178 radius server timeout 1180 range 1578 reboot rolling 1862 reboot 217 region MSTP 473 reload rolling 1863 reload 218 remark n...

Page 50: ...security password minimum categories 97 security password minimum length 98 security password reject expired pwd 99 security password warning 100 server Server Group 1182 server auth port 1214 server enable 1215 service advanced vty 101 service dhcp relay 1580 service dhcp server 1581 service dhcp snooping 1309 service http 102 service password encryption 103 service power inline 575 service ssh 1...

Page 51: ... nodes 1477 show atmf area nodes detail 1479 show atmf area summary 1475 show atmf area 1472 show atmf backup area 1484 show atmf backup 1481 show atmf detail 1486 show atmf group members 1490 show atmf group 1488 show atmf links detail 1493 show atmf links statistics 1500 show atmf links 1492 show atmf memory 1505 show atmf nodes 1507 show atmf provision nodes 1508 show atmf tech 1510 show atmf w...

Page 52: ...show banner login 1253 show boot 150 show class map 982 show clock 219 show continuous reboot prevention 221 show counter dhcp client 1582 show counter dhcp relay 1583 show counter dhcp server 1586 show counter ipv6 dhcp client 1637 show counter ipv6 dhcp server 1639 show counter log 312 show counter mail 1755 show counter ntp 1538 show counter ping poll 1822 show counter snmp server 1652 show cou...

Page 53: ...g 1318 show debugging ip dns forwarding 642 show debugging ip packet 643 show debugging lacp 548 show debugging lldp 1725 show debugging loopprot 379 show debugging mld 815 show debugging mstp 475 show debugging platform packet 380 show debugging power inline 576 show debugging radius 1184 show debugging sflow 1847 show debugging snmp 1657 show debugging stack 1871 show debugging trigger 1780 show...

Page 54: ...w etherchannel detail 552 show etherchannel summary 553 show etherchannel 551 show exception log 313 show file systems 153 show file 152 show flowcontrol interface 381 show gvrp configuration 598 show gvrp machine 599 show gvrp statistics 600 show gvrp timer 601 show history 76 show hosts 645 show interface access group 857 show interface brief 337 show interface err disabled 382 show interface me...

Page 55: ...ns forwarding 646 show ip domain list 649 show ip domain name 650 show ip igmp groups 776 show ip igmp interface 778 show ip igmp proxy 781 show ip igmp snooping mrouter 782 show ip igmp snooping routermode 783 show ip igmp snooping statistics 784 show ip interface 651 show ip mroute 726 show ip mvif 728 show ip name server 652 show ip route database 703 show ip route summary 704 show ip route 701...

Page 56: ...pv6 route summary 695 show ipv6 route 693 show lacp sys id 554 show lacp counter 555 show license brief member 190 show license brief 186 show license member 188 show license 184 show lldp interface 1729 show lldp local info 1731 show lldp neighbors detail 1738 show lldp neighbors 1736 show lldp statistics interface 1744 show lldp statistics 1742 show lldp 1727 show location 1747 show log config 3...

Page 57: ...ciations 1540 show ntp status 1542 show ping poll 1825 show platform classifier statistics utilization brief 392 show platform port 394 show platform 391 show policy map 993 show port etherchannel 556 show port security interface 398 show port security intrusion 399 show port vlan forwarding priority 420 show power inline counters 580 show power inline interface detail 584 show power inline interf...

Page 58: ...running config ip route 165 show running config ipv6 access list 166 show running config ipv6 route 167 show running config key chain 168 show running config lldp 169 show running config log 321 show running config power inline 170 show running config route map 171 show running config router ipv6 vrrp 1353 show running config router vrrp 1352 show running config router 172 show running config rout...

Page 59: ...ng tree mst instance interface 487 show spanning tree mst instance 486 show spanning tree mst interface 488 show spanning tree mst 480 show spanning tree statistics instance interface 495 show spanning tree statistics instance 493 show spanning tree statistics interface 497 show spanning tree statistics 491 show spanning tree vlan range index 500 show spanning tree 476 show ssh client 1262 show ss...

Page 60: ...trigger 1782 show users 110 show version 176 show vlan classifier group interface 423 show vlan classifier group 422 show vlan classifier interface group 424 show vlan classifier rule 425 show vlan private vlan 426 show vlan statistics 427 show vlan 421 show vrrp session 1360 show vrrp counters 1357 show vrrp ipv6 1356 show vrrp 1354 shutdown 341 snmp trap link status suppress 1666 snmp trap link ...

Page 61: ... tree errdisable timeout interval 509 spanning tree force version 510 spanning tree forward time 511 spanning tree guard root 512 spanning tree hello time 513 spanning tree link type 514 spanning tree max age 515 spanning tree max hops MSTP 516 spanning tree mode 517 spanning tree mst configuration 518 spanning tree mst instance path cost 520 spanning tree mst instance priority 522 spanning tree m...

Page 62: ...r scp 1280 ssh server sftp 1281 ssh server 1271 ssh 1267 stack disabled master monitoring 1882 stack enable 1883 stack management subnet 1885 stack management vlan 1886 stack priority 1887 stack renumber cascade 1889 stack renumber 1888 stack resiliencylink 1891 stack software auto synchronize 1893 stack virtual chassis id 1894 stack virtual mac 1895 static channel group 559 storm action 994 storm...

Page 63: ...urity maximum 407 switchport port security violation 408 switchport port security 405 switchport private vlan host association 437 switchport private vlan mapping 438 switchport resiliencylink 1897 switchport trunk allowed vlan 439 switchport trunk native vlan 442 switchport vlan stacking double tagging 444 switchport voice dscp 445 switchport voice vlan priority 449 switchport voice vlan 446 syst...

Page 64: ...dscp 999 type atmf node 1521 type atmf node 1793 type cpu 1796 type interface 1797 type memory 1798 type periodic 1799 type ping poll 1800 type reboot 1801 type stack disabled master 1802 type stack link 1803 type stack master fail 1804 type stack member 1805 type time 1806 type usb 1807 undebug aaa 1168 undebug all 269 undebug atmf 1524 undebug dot1x 1036 undebug epsr 1398 undebug igmp 785 undebu...

Page 65: ...ts 1365 undebug vrrp packet 1366 undebug vrrp 1364 up count 1832 user RADIUS server 1229 username 115 virtual ip 1367 virtual ipv6 1369 vlan RADIUS server 1231 vlan classifier activate 451 vlan classifier group 452 vlan classifier rule ipv4 453 vlan classifier rule proto 454 vlan database 457 vlan mode stack local vlan 1898 vlan mode stack local vlan 458 vlan statistics 460 vlan 450 vrrp vmac 1371...

Page 66: ...er provides an alphabetical reference for the commands used to navigate between different modes This chapter also provides a reference for the help and show commands used to help navigate within the CLI Command List configure terminal on page 67 disable Privileged Exec mode on page 68 do on page 69 enable Privileged Exec mode on page 70 end on page 72 exit on page 73 help on page 74 logout on page...

Page 67: ...tem Version 5 4 5 0 x CLI NAVIGATION COMMANDS CONFIGURE TERMINAL configure terminal Overview This command enters the Global Configuration command mode Syntax configure terminal Mode Privileged Exec Example To enter the Global Configuration command mode note the change in the command prompt enter the command awplus configure terminal awplus config ...

Page 68: ...GATION COMMANDS DISABLE PRIVILEGED EXEC MODE disable Privileged Exec mode Overview This command exits the Privileged Exec mode returning the prompt to the User Exec mode To end a session use the exit command Syntax disable Mode Privileged Exec Example To exit the Privileged Exec mode enter the command awplus disable awplus Related Commands enable Privileged Exec mode end exit ...

Page 69: ... Version 5 4 5 0 x CLI NAVIGATION COMMANDS DO do Overview This command lets you to run User Exec and Privileged Exec mode commands when you are in any configuration mode Syntax do command Mode Any configuration mode Example awplus configure terminal awplus config do ping 192 0 2 23 Parameter Description command Specify the command and its parameters ...

Page 70: ...lege level 1 Users access higher privilege levels with the enable Privileged Exec mode command If the privilege level specified is higher than the users configured privilege level specified by the username command then the user is prompted for the password for that level Note that a separate password can be configured for each privilege level using the enable password and the enable secret command...

Page 71: ...ersion 5 4 5 0 x CLI NAVIGATION COMMANDS ENABLE PRIVILEGED EXEC MODE Privilege Exec mode Use the enable password command or the enable secret commands to set the password to enable access to Privileged Exec mode awplus enable 7 awplus Related Commands disable Privileged Exec mode enable password enable secret exit service password encryption username ...

Page 72: ...ed Exec command mode from any other advanced command mode Syntax end Mode All advanced command modes including Global Configuration and Interface Configuration modes Example The following example shows the use of the end command to return to the Privileged Exec mode directly from Interface mode awplus configure terminal awplus config interface vlan2 awplus config if end awplus Related Commands dis...

Page 73: ... mode at the previous level When used in User Exec mode the exit command terminates the session Syntax exit Mode All command modes including Global Configuration and Interface Configuration modes Example The following example shows the use of exit command to exit Interface mode and return to Configure mode awplus configure terminal awplus config interface vlan2 awplus config if exit awplus config ...

Page 74: ...de All command modes Example To display a description on how to use the system help use the command awplus help Output Figure 1 1 Example output from the help command When you need help at the command line press If nothing matches the help list will be empty Delete characters until entering a shows the available options Enter after a complete parameter to show remaining valid command parameters e ...

Page 75: ...PoE Switch 75 AlliedWare Plus Operating System Version 5 4 5 0 x CLI NAVIGATION COMMANDS LOGOUT logout Overview This command exits the User Exec or Privileged Exec modes and ends the session Syntax logout Mode User Exec and Privileged Exec Example To exit the User Exec mode use the command awplus logout ...

Page 76: ...t The output lists all command line entries including commands that returned an error For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show history Mode User Exec and Privileged Exec Example To display the commands entered during the current session use the command ...

Page 77: ...n page 81 enable secret on page 84 exec timeout on page 87 flowcontrol hardware asyn console on page 89 length asyn on page 91 line on page 92 privilege level on page 94 security password history on page 95 security password forced change on page 96 security password lifetime on page 97 security password minimum categories on page 98 security password minimum length on page 99 security password re...

Page 78: ...5 4 5 0 x USER ACCESS COMMANDS service terminal length deleted on page 106 show privilege on page 107 show security password configuration on page 108 show security password user on page 109 show telnet on page 110 show users on page 111 telnet on page 112 telnet server on page 113 terminal length on page 114 terminal resize on page 115 username on page 116 ...

Page 79: ... resets a console line If a terminal session exists on the line then the terminal session is terminated If console line settings have changed then the new settings are applied Syntax clear line console 0 Mode Privileged Exec Example To reset the console line asyn use the command awplus clear line console 0 awplus The new settings for console line 0 have been applied Related Commands clear line vty...

Page 80: ... x USER ACCESS COMMANDS CLEAR LINE VTY clear line vty Overview This command resets a VTY line If a session exists on the line then it is closed Syntax clear line vty 0 32 Mode Privileged Exec Example To reset the first vty line use the command awplus clear line vty 1 Related Commands privilege level line show telnet show users Parameter Description 0 32 Line number ...

Page 81: ...for enable password is level 15 by default Previously the default was level 1 Mode Global Configuration Usage This command enables the Network Administrator to set a password for entering the Privileged Exec mode when using the enable Privileged Exec mode command There are three methods to enable a password In the examples below for each method note that the configuration is different and the conf...

Page 82: ...ervice password encryption command First use the enable password command to specify the string that you want to use as a password mypasswd Then use the service password encryption command to encrypt the specified string mypasswd The advantage of using an encrypted password is that the configuration file does not show mypasswd it will only show the encrypted string fU7zHzuutY2SA NOTE Do not use enc...

Page 83: ...this method The output in the configuration file will show only the encrypted string and not the text string awplus configure terminal awplus config enable password 8 fU7zHzuutY2SA awplus config end This results in the following show output Related Commands enable Privileged Exec mode enable secret service password encryption privilege level show privilege username show running config awplus show ...

Page 84: ...y default Mode Global Configuration Usage This command enables the Network Administrator to set a password for entering the Privileged Exec mode when using the enable Privileged Exec mode command There are three methods to enable a password In the examples below for each method note that the configuration is different and the configuration file output is different but the password string to be use...

Page 85: ...ng that you want to use as a password mypasswd Then use the service password encryption command to encrypt the specified string mypasswd The advantage of using an encrypted password is that the configuration file does not show mypasswd it will only show the encrypted string fU7zHzuutY2SA NOTE Do not use encrypted passwords for GUI users The GUI requires unencrypted user passwords only not encrypte...

Page 86: ...le will show only the encrypted string and not the text string awplus configure terminal awplus config enable secret 8 fU7zHzuutY2SA awplus config end This results in the following show output Related Commands enable Privileged Exec mode enable secret service password encryption privilege level show privilege username show running config awplus show run Current configuration hostname awplus enable...

Page 87: ...s for an idle VTY session before it times out An exec timeout 0 0 setting will cause the telnet session to wait indefinitely The command exec timeout 0 0 is useful while configuring a device but reduces device security If no input is detected during the interval then the current connection resumes If no connections exist then the terminal returns to an idle state and disconnects incoming sessions ...

Page 88: ...ce for AT IX5 28GPX High Availability High Power Video Surveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x USER ACCESS COMMANDS EXEC TIMEOUT Related Commands line service telnet ...

Page 89: ...he receiving device are full a message is sent to the sending device to suspend the transmission until the data in the buffers has been processed Hardware flow control can be configured on terminal console lines e g asyn0 For Reverse Telnet connections hardware flow control must be configured to match on both the Access Server and the Remote Device For terminal console sessions hardware flow contr...

Page 90: ...amples To enable hardware flow control on terminal console line asyn0 use the commands awplus configure terminal awplus config line console 0 awplus config line flowcontrol hardware To disable hardware flow control on terminal console line asyn0 use the commands awplus configure terminal awplus config line console 0 awplus config line no flowcontrol hardware Related Commands clear line console sho...

Page 91: ... output from a command is longer than the length of the line the output will be paused and the More prompt allows you to move to the next screen full of data A length of 0 will turn off pausing and data will be displayed to the console as long as there is data to display Examples To set the terminal session length on the console to 10 rows use the command awplus configure terminal awplus config li...

Page 92: ...s To change the console asyn port speed use this line command to enter Line Configuration mode before using the speed asyn command Set the console speed Baud rate to match the transmission rate of the device connected to the console asyn port on your device Note that line configuration commands do not take effect immediately Line configuration commands take effect after one of the following comman...

Page 93: ...0 x USER ACCESS COMMANDS LINE To enter Line Configuration mode to configure the console asyn 0 port terminal line use the commands awplus configure terminal awplus config line console 0 awplus config line Related Commands accounting login clear line console clear line vty flowcontrol hardware asyn console length asyn login authentication privilege level speed asyn ...

Page 94: ...show commands in Privileged Exec and all User Exec commands However intermediate CLI security will not show configuration commands in Privileged Exec Examples To set the console connection to have the maximum privilege level use the following commands awplus configure terminal awplus config line console 0 awplus config line privilege level 15 To set all vty connections to have the minimum privileg...

Page 95: ...ion Examples To restrict reuse of the three most recent passwords use the command awplus configure terminal awplus config security password history 3 To allow the reuse of recent passwords use the command awplus configure terminal awplus config no security password history Validation Commands show running config security password show security password configuration Related Commands security passw...

Page 96: ...sword lifetime command and the reject expired pwd feature must be disabled with the security password reject expired pwd command The no security password forced change command disables the forced change feature Syntax security password forced change no security password forced change Default The forced change feature is disabled by default Mode Global Configuration Example To force a user to chang...

Page 97: ...rity password lifetime Default The default password lifetime is 0 which will disable the lifetime functionality Mode Global Configuration Example To configure the password lifetime to 10 days use the command awplus configure terminal awplus config security password lifetime 10 Validation Commands show running config security password show security password configuration Related Commands security p...

Page 98: ...ord security the minimum number of categories should align with the lifetime selected i e the fewer categories specified the shorter the lifetime specified Syntax security password minimum categories 1 4 Default The default number of categories that the password must satisfy is 1 Mode Global Configuration Example To configure the required minimum number of character categories to be 3 use the comm...

Page 99: ...sword minimum length 1 23 Default The default minimum password length is 1 Mode Global Configuration Example To configure the required minimum password length as 8 use the command awplus configure terminal awplus config security password minimum length 8 Validation Commands show running config security password show security password configuration Related Commands security password history securit...

Page 100: ...ed pwd in a default config file Note that when the reject expired pwd functionality is disabled and a user logs on with an expired password if the forced change feature is enabled with security password forced change command a user may have to change the password during login depending on the password lifetime specified by the security password lifetime command The no security password reject expi...

Page 101: ...ault warning period is 0 which disables warning functionality Mode Global Configuration Example To configure a warning period of three days use the command awplus configure terminal awplus config security password warning 3 Validation Commands show running config security password show security password configuration Related Commands security password history security password forced change securi...

Page 102: ...ons are possible the help feature displays the possible options The no service advanced vty command disables the advanced vty help feature Syntax service advanced vty no service advanced vty Default The advanced vty help feature is enabled by default Mode Global Configuration Examples To disable the advanced vty help feature use the command awplus configure terminal awplus config no service advanc...

Page 103: ...abled by default and is required to support the AlliedWare Plus GUI Java applet on a Java enabled browser The no service http command disables the HTTP feature Syntax service http no service http Default The HTTP service is enabled by default Mode Global Configuration Examples To disable the HTTP service use the command awplus configure terminal awplus config no service http To re enable the HTTP ...

Page 104: ...encrypted form instead of in plain text Use the no service password encryption command to stop the device from displaying newly entered passwords in encrypted form This does not change the display of existing passwords NOTE Do not use encrypted passwords for GUI users The GUI requires unencrypted user passwords only not encrypted user passwords Do not use option 8 for GUI users Syntax service pass...

Page 105: ... telnet sessions However existing telnet sessions will still be active Syntax service telnet ip ipv6 no service telnet ip ipv6 Default The IPv4 and IPv6 telnet servers are enabled by default The configured telnet port is TCP port 23 by default Mode Global Configuration Examples To enable both the IPv4 and IPv6 telnet servers use the following commands awplus configure terminal awplus config servic...

Page 106: ...vailability High Power Video Surveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x USER ACCESS COMMANDS SERVICE TERMINAL LENGTH DELETED service terminal length deleted Overview This command has been deleted ...

Page 107: ... show commands Privilege level 15 gives full user access to all Privileged Exec commands Syntax show privilege Mode User Exec and Privileged Exec Usage A user can have an intermediate CLI security level set with this command for privilege levels 7 14 to access all show commands in Privileged Exec mode and all commands in User Exec mode but no configuration commands in Privileged Exec mode Example ...

Page 108: ...Example To display the current security password rule configuration settings use the command awplus show security password configuration Output Figure 2 2 Example output from the show security password configuration command Related Commands show running config security password show security password user Security Password Configuration Minimum password length 8 Minimum password character categori...

Page 109: ... password user Mode Privileged Exec Example To display the system users remaining lifetime or last password change use the command awplus show security password user Output Figure 2 3 Example output from the show security password user command Related Commands show running config security password show security password configuration User account and password information UserName Privilege Last PW...

Page 110: ...w telnet Overview This command shows the Telnet server settings Syntax show telnet Mode User Exec and Privileged Exec Example To show the Telnet server settings use the command awplus show telnet Output Figure 2 4 Example output from the show telnet command Related Commands clear line vty service telnet show users telnet server Telnet Server Configuration Telnet server Enabled Protocol IPv4 IPv6 P...

Page 111: ...ple output from the show users command Line User Host s Idle Location Priv Idletime Timeout con 0 manager idle 00 00 00 ttyS0 15 10 N A vty 0 bob idle 00 00 03 172 16 11 3 1 0 5 Table 2 1 Parameters in the output of the show users command Parameter Description Line Console port user is connected to User Login name of user Host s Status of the host the user is connected to Idle How long the host ha...

Page 112: ...onnect to the telnet server host example use the command awplus telnet host example To connect to the telnet server host example on TCP port 100 use the command awplus telnet host example 100 Parameter Description hostname The host name of the remote system ip Keyword used to specify the IPv4 address or host name of a remote system ipv4 addr An IPv4 address of the remote system ipv6 Keyword used t...

Page 113: ...P port If the server is already enabled then it will be restarted on the new port Changing the port number does not affect the port used by existing sessions Syntax telnet server 1 65535 default Mode Global Configuration Example To enable the telnet server on TCP port 2323 use the following commands awplus configure terminal awplus config telnet server 2323 Related Commands show telnet Parameter D...

Page 114: ... command to remove the length specified by this command The default length will apply unless you have changed the length for some or all lines by using the length asyn command Syntax terminal length length terminal no length length Mode User Exec and Privileged Exec Examples The following example sets the number of lines to 15 awplus terminal length 15 The following example removes terminal length...

Page 115: ...to the number of rows configured on the user s terminal Syntax terminal resize Mode User Exec and Privileged Exec Usage When the user s terminal size is changed then a remote session via SSH or TELNET adjusts the terminal size automatically However this cannot normally be done automatically for a serial or console port This command automatically adjusts the terminal size for a serial or console po...

Page 116: ...vel 1 14 can only access higher privilege levels if an enable password has been configured for the level the user tries to access and the user enters that password A user at privilege level 1 can access the majority of show commands A user at privilege level 7 can access the majority of show commands including platform show commands Privilege Level 15 to access the Privileged Exec command mode is ...

Page 117: ...el of 0 can be set for port authentication purposes from a RADIUS server Examples To create the user bob with a privilege level of 15 for all show commands including show running configuration and show startup configuration and to access configuration commands in Privileged Exec command mode and the password bobs_secret use the commands awplus configure terminal awplus config username bob privileg...

Page 118: ...ile Use this syntax Example Copying in local Flash memory flash directory filename To specify a file in the configs directory in Flash flash configs example cfg Copyingtoorfrom a USB storage device usb directory filename To specify a file in the top level directory of the USB stick usb example cfg Copying with HTTP http username password hostname host ip filepath filename To specify a file in the ...

Page 119: ...ses within filenames Use hyphens or underscores instead Syntax for directory listings A leading slash indicates the root of the current filesystem location In commands where you need to specify the local filesystem s Flash base directory you may use flash or flash or flash For example these commands are all the same dir flash dir flash dir flash Copying with SFTP sftp location directory filename T...

Page 120: ...SB storage device on a backup stack member use the remote login command Command List autoboot enable on page 121 boot config file on page 122 boot config file backup on page 124 boot system on page 125 boot system backup on page 127 cd on page 128 copy current software on page 129 copy debug on page 130 copy running config on page 131 copy startup config on page 132 copy filename on page 133 copy ...

Page 121: ...w running config interface on page 164 show running config ip route on page 166 show running config ipv6 access list on page 167 show running config ipv6 route on page 168 show running config key chain on page 169 show running config lldp on page 170 show running config power inline on page 171 show running config route map on page 172 show running config router on page 173 show running config rou...

Page 122: ...nal media An example of a valid autoboot txt file is shown in the following figure Figure 3 1 Example autoboot txt file Use the no variant of this command to disable the Autoboot feature NOTE This command is not supported in a stacked configuration Syntax autoboot enable no autoboot enable Default The Autoboot feature operates the first time the device is powered up in the field after which the fe...

Page 123: ... the configuration fallback order see the File Management Feature Overview and Configuration Guide Examples To run the configuration file branch cfg stored on the device s Flash filesystem the next time the device boots up use the commands awplus configure terminal awplus config boot config file flash branch cfg To remove the configuration file branch cfg stored on the device s Flash filesystem th...

Page 124: ...n 5 4 5 0 x FILE MANAGEMENT COMMANDS BOOT CONFIG FILE To remove the configuration file branch cfg stored on the switch s USB storage device filesystem the next time the device boots up use the commands awplus configure terminal awplus config no boot config file usb branch cfg Related Commands boot config file backup boot system boot system backup show boot ...

Page 125: ... order see the File Management Feature Overview and Configuration Guide Examples To set the configuration file backup cfg as the backup to the main configuration file use the commands awplus configure terminal awplus config boot config file backup flash backup cfg To remove the configuration file backup cfg as the backup to the main configuration file use the commands awplus configure terminal awp...

Page 126: ...l stack members and all stack members have a bootloader version that supports booting from it If a stack member has a USB storage device removed an error message is displayed For example if stack member 2 does not have a USB storage device inserted the following message is displayed Examples To run the release file IX5 5 4 5 0 1 rel stored on the device s Flash filesystem the next time the device ...

Page 127: ... system usb IX5 5 4 5 0 1 rel In a VCStack configuration if there is not enough space to synchronize the new release across the stack the boot system command has an interactive mode that prompts you to delete old releases awplus configure terminal awplus config boot system IX5 5 4 5 0 1 rel awplus config y Related Commands boot config file boot config file backup boot system backup show boot Insuf...

Page 128: ...e Global Configuration Examples To specify the file IX5 5 4 5 0 1 rel as the backup to the main release file use the commands awplus configure terminal awplus config boot system backup flash IX5 5 4 5 0 1 rel To remove the file IX5 5 4 5 0 1 rel as the backup to the main release file use the commands awplus configure terminal awplus config no boot system backup flash IX5 5 4 5 0 1 rel Related Comm...

Page 129: ...em Version 5 4 5 0 x FILE MANAGEMENT COMMANDS CD cd Overview This command changes the current working directory Syntax cd directory name Mode Privileged Exec Example To change to the directory called images use the command awplus cd images Related Commands dir pwd show file systems Parameter Description directory name Name and path of the directory ...

Page 130: ...are to the local filesystem Syntax copy current software destination name Mode Privileged Exec Example To copy the current software as installed in the working directory with the file name my release rel use the command awplus copy current software my release rel Related Commands boot system backup show boot Parameter Description destination name The filename and path where you would like the curr...

Page 131: ... debug flash nvs scp tftp usb source name debug flash nvs scp tftp usb Mode Privileged Exec Example To copy debug output to a USB storage device with a filename my debug use the following command awplus copy debug usb mydebug Output Figure 3 2 CLI prompt after entering the copy debug command Related Commands delete debug move debug Parameter Description destination name The filename and path where...

Page 132: ...onfig To use SCP to copy the running config as current cfg to the remote server listening on TCP port 2000 use the command awplus copy running config scp user server 2000 config_files current cfg Related Commands copy startup config write file write memory Parameter Description source name The filename and path of a configuration file This must be a valid configuration file with a cfg filename ext...

Page 133: ...py the startup config as the file oldconfig cfg in the current directory use the command awplus copy startup config oldconfig cfg Related Commands copy running config Parameter Description source name The filename and path of a configuration file This must be a valid configuration file with a cfg filename extension Specify this to copy the script in the file into the startup config file Note that ...

Page 134: ...storage device create two copies of the same file on your device Syntax copy source name destination name Mode Privileged Exec Usage The filename and path can include characters from up to four categories The categories are 1 uppercase letters A to Z 2 lowercase letters a to z 3 digits 0 to 9 4 special symbols all printable ASCII characters not included in the previous three categories Including t...

Page 135: ..._files old cfg old cfg To copy the file newconfig cfg onto your device s Flash from a USB storage device use the command awplus copy usb newconfig cfg flash newconfig cfg To copy the file newconfig cfg to a USB storage device from your device s Flash use the command awplus copy flash newconfig cfg usb newconfig cfg To copy the file config cfg into the current directory from a USB storage device an...

Page 136: ...s using ZMODEM using Minicom ZMODEM works over a serial connection and does not need any interfaces configured to do a file transfer Syntax copy source name zmodem copy zmodem Mode Privileged Exec Example To copy the local file asuka key using ZMODEM use the command awplus copy asuka key zmodem Related Commands copy filename show file systems Parameter Description source name The filename and path...

Page 137: ...ically ensure that the keys and values that are expected in this file are correct After the file is created the create autoboot command will copy the current release and configuration files across to the external media The external media is then available to restore a release file and or a configuration file to the device Syntax create autoboot usb Mode Privileged Exec Example To create an autoboo...

Page 138: ...le one cfg from the current directory use the command awplus delete force one cfg To delete the directory old_configs which is not empty use the command awplus delete recursive old_configs To delete the directory new_configs which is not empty without prompting if any read only files are being deleted use the command awplus delete force recursive new_configs Related Commands erase startup config r...

Page 139: ...and to delete a specified debug output file Syntax delete debug source name Mode Privileged Exec Example To delete debug output use the following command awplus delete debug Output Figure 3 3 CLI prompt after entering the delete debug command Related Commands copy debug move debug Parameter Description source name The filename and path where the debug output originates See Introduction on page 117...

Page 140: ...fy a file in the configs directory on member 2 of a stack enter awplus 2 flash configs example cfg Examples To list the files in the current working directory use the command awplus dir To list the non hidden files in the root of the Flash filesystem use the command awplus dir flash To list all the files in the root of the Flash filesystem use the command awplus dir all flash Parameter Description...

Page 141: ... flash To list the files in alphabetical order use the command awplus dir sort name To list the files by size smallest to largest use the command awplus dir sort reverse size To sort the files by modification time oldest to newest use the command awplus dir sort reverse time To list the files within the Flash filesystem for stack member 2 use the command awplus dir awplus 2 flash Note that you mus...

Page 142: ...Before starting the editor make sure your terminal terminal emulation program or Telnet client is 100 compatible with a VT100 terminal The editor uses VT100 control sequences to display text on the terminal For more information about using the editor including control sequences see the File Management Feature Overview and Configuration Guide Syntax edit filename Mode Privileged Exec Examples To cr...

Page 143: ...th a VT100 terminal The editor uses VT100 control sequences to display text on the terminal Syntax edit filename Mode Privileged Exec Usage The filename and path can include characters from up to four categories The categories are 1 uppercase letters A to Z 2 lowercase letters a to z 3 digits 0 to 9 4 special symbols all printable ASCII characters not included in the previous three categories Incl...

Page 144: ...rveillance PoE Switch 143 AlliedWare Plus Operating System Version 5 4 5 0 x FILE MANAGEMENT COMMANDS EDIT FILENAME Example To view the file bob key stored in the security directory of a TFTP server use the command awplus edit tftp security bob key Related Commands copy filename edit show file ...

Page 145: ...e that the system runs when it boots up At the next restart the device loads the default configuration file default cfg If default cfg no longer exists then the device loads with the factory default configuration This provides a mechanism for you to return the device to the factory default settings Syntax erase startup config Mode Privileged Exec Example To delete the file currently set as the sta...

Page 146: ...w directory Syntax mkdir name Mode Privileged Exec Usage You cannot name a directory or subdirectory flash nvs usb card tftp scp sftp or http These keywords are reserved for tab completion when using various file commands Example To make a new directory called images in the current directory use the command awplus mkdir images Related Commands cd dir pwd Parameter Description name The name and pat...

Page 147: ...o rename the file temp cfg to startup cfg use the command awplus move temp cfg startup cfg To move the file temp cfg from the root of the Flash filesystem to the directory myconfigs use the command awplus move temp cfg myconfigs temp cfg Related Commands delete edit show file show file systems Parameter Description source name The filename and path of the source file See Introduction on page 117 f...

Page 148: ...flash nvs usb Mode Privileged Exec Example To move debug output onto a USB storage device with a filename my debug use the following command awplus move debug usb my debug Output Figure 3 4 CLI prompt after entering the move debug command Related Commands copy debug delete debug Parameter Description destination name The filename and path where you would like the debug output moved to See Introduc...

Page 149: ...witch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x FILE MANAGEMENT COMMANDS PWD pwd Overview This command prints the current working directory Syntax pwd Mode Privileged Exec Example To print the current working directory use the command awplus pwd Related Commands cd ...

Page 150: ...her stack member Refer to the Introduction Examples To remove the directory images from the top level of the Flash filesystem use the command awplus rmdir flash images To force the removal of directory level1 containing subdirectory level2 use the command awplus mkdir level1 awplus mkdir level1 level2 awplus rmdir force level1 To remove a directory called test from the top level of the Flash files...

Page 151: ... show autoboot Output Figure 3 5 Example output from the show autoboot command Figure 3 6 Example output from the show autoboot command when an external media source is not present Related Commands autoboot enable create autoboot show boot awplus show autoboot Autoboot configuration Autoboot status enabled USB file autoboot txt exists yes Restore information on USB Autoboot enable in autoboot txt ...

Page 152: ...kup boot config flash backup cfg file not found Autoboot status enabled Table 3 1 Parameters in the output of the show boot command Parameter Description Current software The current software release that the device is using Current boot image The boot image currently configured for use during the next boot cycle Backup boot image The boot image to use during the next boot cycle if the device cann...

Page 153: ...ailability High Power Video Surveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x FILE MANAGEMENT COMMANDS SHOW BOOT Related Commands autoboot enable boot config file backup boot system backup show autoboot ...

Page 154: ...Overview This command displays the contents of a specified file Syntax show file filename Mode Privileged Exec Example To display the contents of the file oldconfig cfg which is in the current directory use the command awplus show file oldconfig cfg Related Commands edit edit filename show file systems Parameter Description filename Name of a file on the local Flash filesystem or name and director...

Page 155: ...s Output Figure 3 8 Example output from the show file systems command awplus show file systems Size b Free b Type Flags Prefixes S D V Lcl Ntwk Avail 63 0M 29 4M flash rw flash static local Y system rw system virtual local 10 0M 9 9M debug rw debug static local Y 499 0K 404 0K nvs rw nvs static local Y usbstick rw usb dynamic local N tftp rw tftp network scp rw scp network sftp ro sftp network htt...

Page 156: ...Flags The file setting options rw read write ro read only Prefixes The prefixes used when entering commands to access the filesystems one of flash system nvs usb tftp scp sftp http S V D The memory type static virtual dynamic Lcl Ntwk Whether the memory is located locally or via a network connection Avail Whether the memory is accessible Y yes N no not applicable Table 3 2 Parameters in the output...

Page 157: ...e following ways To display only lines that contain a particular word enter include word after the command To start the display at the first line that contains a particular word enter begin word after the command To save the output to a file enter filename after the command For information on filtering and saving command output see Controlling show Command Output in the Getting Started with Allied...

Page 158: ... AT IX5 28GPX High Availability High Power Video Surveillance PoE Switch 157 AlliedWare Plus Operating System Version 5 4 5 0 x FILE MANAGEMENT COMMANDS SHOW RUNNING CONFIG Output Figure 3 9 Example output from the show running config command ...

Page 159: ...mezone snmp server snmp server contact Documentation Area snmp server location New Zealand aaa authentication enable default local aaa authentication login default local ip domain lookup no service dhcp server no ip multicast routing spanning tree mode rstp no spanning tree rstp enable switch 1 provision IX5 28 vlan database vlan 2 15 state enable interface port1 0 1 1 0 6 switchport switchport mo...

Page 160: ...r AT IX5 28GPX High Availability High Power Video Surveillance PoE Switch 159 AlliedWare Plus Operating System Version 5 4 5 0 x FILE MANAGEMENT COMMANDS SHOW RUNNING CONFIG Related Commands copy running config show running config access list ...

Page 161: ...nd saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show running config access list Mode Privileged Exec and Global Configuration Example To display the running system status and configuration details for access list use the command awplus show running config access list Output Figure 3 10 Example ...

Page 162: ...e running system status and configuration details for as path access list Syntax show running config as path access list Mode Privileged Exec and Global Configuration Example To display the running system status and configuration details for as path access list use the command awplus show running config as path access list Output Figure 3 11 Example output from the show running config as path acce...

Page 163: ...nd DHCP relay awplus show running config dhcp Output Figure 3 12 Example output from the show running config dhcp command Related Commands copy running config show running config show running config dhcp no service dhcp server service dhcp snooping interface port1 0 1 ip dhcp snooping trust interface port1 0 3 ip dhcp snooping max bindings 25 access group dhcpsnooping interface port1 0 4 ip dhcp s...

Page 164: ...ete status and configuration of the running system For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show running config full Mode Privileged Exec and Global Configuration Example To display the complete status and configuration of the running system use the command ...

Page 165: ...out An interface list can be a continuous range of interfaces ports static channel groups or dynamic LACP channel groups separated by a hyphen e g vlan2 8 or port1 0 1 1 0 4 or sa1 2 or po1 2 a comma separated list of the above e g port1 0 1 port1 0 4 1 0 6 Do not mix interface types in a list The specified interfaces must exist dot1x Displays running configuration for 802 1X port authentication f...

Page 166: ...mmand Figure 3 14 Example output from the show running config interface command Related Commands copy running config show running config awplus sh running config interface port1 0 2 interface port1 0 2 switchport switchport mode access awplus show running config interface interface port1 0 1 1 0 6 switchport switchport mode access interface port1 0 25 1 0 26 switchport switchport mode access switc...

Page 167: ... on filtering and saving command output see Controlling show Command Output of the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show running config ip route Mode Privileged Exec and Global Configuration Example To display the running system static IPv4 route configuration use the command awplus show running config ip route Output Figure 3 15 Example output f...

Page 168: ...mation on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show running config ipv6 access list Mode Privileged Exec and Global Configuration Example To display the running system status and configuration for IPv6 ACLs use the command awplus show running config ipv6 access list Output...

Page 169: ...ng and saving command output see Controlling show Command Output of the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show running config ipv6 route Mode Privileged Exec and Global Configuration Example To display the running system static IPv6 route configuration use the command awplus show running config ipv6 route Output Figure 3 17 Example output from the...

Page 170: ...mand to show the running system key chain related configuration Syntax show running config key chain Mode Privileged Exec and Global Configuration Example To display the running system key chain related configuration use the command awplus show running config key chain Output Figure 3 18 Example output from the show running config key chain command Related Commands copy running config show running...

Page 171: ...lldp Mode Privileged Exec and Global Configuration Example To display the current configuration of LLDP use the command awplus show running config lldp Output Figure 3 19 Example output from the show running config lldp command Related Commands show lldp show lldp interface awplus show running config lldp lldp notification interval 10 lldp timer 20 interface port1 0 1 lldp notifications lldp tlv s...

Page 172: ...ration details The PoE usage threshold percentage as specified by the power inline usage threshold command is displayed in the running config using this command Syntax show running config power inline Mode Privileged Exec and Global Configuration Example To display the PoE running system status and configuration details use the command awplus show running config power inline Output Figure 3 20 Exa...

Page 173: ...output see Controlling show Command Output of the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show running config route map Mode Privileged Exec and Global Configuration Example To display the running system status and configuration details for route map use the command awplus show running config route map Output Figure 3 21 Example output from the show run...

Page 174: ...uter protocol Mode Privileged Exec and Global Configuration Example To display the current running configuration for a given router use the command awplus show running config router ospf Output Figure 3 22 Example output from the show running config router command Related Commands copy running config show running config Parameter Description protocol ospf rip ipv6 rip vrrp ospf Open Shortest Path ...

Page 175: ...er id Overview Use this command to show the running system global router ID configuration Syntax show running config router id Mode Privileged Exec and Global Configuration Example To display the running system global router ID configuration use the command awplus show running config router id Output Figure 3 23 Example output from the show running config router id command Related Commands copy ru...

Page 176: ...that rule no output is displayed for that feature Syntax show running config security password Mode Privileged Exec and Global Configuration Example To display the current security password rule settings in the running config use the command awplus show running config security password Output Figure 3 24 Example output from the show running config security password command Related Commands show se...

Page 177: ...t in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show startup config Mode Privileged Exec Example To display the contents of the current start up configuration file use the command awplus show startup config Output Figure 3 25 Example output from the show startup config command Related Commands boot config file backup copy running config copy startup co...

Page 178: ...MENT COMMANDS SHOW VERSION show version Overview This command displays the version number and copyright details of the current AlliedWare Plus OS your device is running Syntax show version Mode User Exec and Privileged Exec Example To display the version details of your currently installed software use the command awplus show version Related Commands boot system backup show boot ...

Page 179: ... Overview This command copies the running config into the file that is set as the current startup config file This command is a synonym of the write memory and copy running config startup config commands Syntax write file Mode Privileged Exec Example To write configuration data to the start up configuration file use the command awplus write file Related Commands copy running config write memory sh...

Page 180: ...ry Overview This command copies the running config into the file that is set as the current startup config file This command is a synonym of the write file and copy running config startup config commands Syntax write memory Mode Privileged Exec Example To write configuration data to the start up configuration file use the command awplus write memory Related Commands copy running config write file ...

Page 181: ... x FILE MANAGEMENT COMMANDS WRITE TERMINAL write terminal Overview This command displays the current configuration of the device This command is a synonym of the show running config command Syntax write terminal Mode Privileged Exec Example To display the current configuration of your device use the command awplus write terminal Related Commands show running config ...

Page 182: ...ing System Version 5 4 5 0 x Licensing Commands Introduction Overview This chapter provides an alphabetical reference for each of the License commands Command List license on page 181 license member deleted on page 183 show license on page 184 show license brief on page 186 show license member on page 188 show license brief member on page 190 ...

Page 183: ...change the license label using this command to make it specific to you when you initially add a license Once a license is added any change to the license label first requires removal of the license before adding a license again with a new license label The default feature license labels are issued along with encrypted license keys by e mail for you to apply using this command to activate features ...

Page 184: ...at protocol will restart This action may result in the loss of network traffic Only install licenses in scheduled maintenance periods for devices in a live environment Examples To activate the license name1 with the key 12345678ABCDE123456789ABCDE use the command awplus license name1 12345678ABCDE123456789ABCDE To deactivate the license name1 use the command awplus no license name1 Output Figure 4...

Page 185: ...m Version 5 4 5 0 x LICENSING COMMANDS LICENSE MEMBER DELETED license member deleted Overview This command has been deleted Instead use the license command to apply licenses to VCStack members In a stacked configuration the license command will add a license to all stack members and the no license command will remove a license from all stack members ...

Page 186: ... member command instead if you need to display license information for a specific stack member or all stack members Examples To display full information about all enabled licenses use the command awplus show license To display full information about the licenses with index number 1 use the command awplus show license index 1 Parameter Description feature Only display license information for any ap...

Page 187: ...ed IPv6Basic LAG FULL MLDSnoop RADIUS 100 VCS VRRP Index 2 License name 5 4 4 Customer name 5 4 4 Quantity of licenses Type of license Trial License issue date 12 Dec 2013 License expiry date N A Release 5 4 4 Table 4 1 Parameters in the output of the show license command Parameter Description Board region Name of the region for the Base License features Index Index identifying entry The index is ...

Page 188: ...summary of information about all feature licenses use the command awplus show license feature brief Output Figure 4 3 Example output from the show license brief command Parameter Description feature Only display license information for any applied feature licenses label The license name of the software feature to show information about The license name can be used instead of the index number to id...

Page 189: ...ut of the show license brief command Parameter Description Board region Name of the region for the Base License features Index Index identifying entry The index is assigned automatically by the software It is not configured License name Name of the license key bundle case sensitive Quantity Quantity of licensed installations Customer name Customer name Type Full or Trial Period Expiry date for tri...

Page 190: ...vileged Exec Usage Use the show license member all command to display full list output of all licenses per stack member Examples To display full information about all enabled licenses on all stack members use the command awplus show license member all To display full information about all enabled licenses on stack member 2 use the command awplus show license member 2 To display full information ab...

Page 191: ...MLDSnoop RADIUS 100 VCS VRRP Index 2 License name PIM Trial Customer name PIM Trial Quantity of licenses 10 Type of license 30 day trial License issue date 12 Jul 2014 License expiry date 12 Jul 2014 Features included PIM PIM 100 Table 4 3 Parameters in the output of the show licensemember command Parameter Description Board region Name of the region for the Base License features Index Index ident...

Page 192: ... license brief member all command for brief table output of all licenses per stack member Examples To display a brief summary of information about all enabled licenses on stack member 2 use the command awplus show license brief member 2 To display a briefsummary aboutall enabledlicenses on all stack members use the command awplus show license brief member all To display a brief summary about the l...

Page 193: ...ase Licenses 1 Base License 1 Base License Full N A Current enabled features for displayed licenses IPv6Basic LAG FULL MLDSnoop RADIUS 100 VCS VRRP Table 4 4 Parameters in the output of the show license brief member command Parameter Description Board region Name of the region for the Base License features Index Index identifying entry The index is assigned automatically by the software It is not ...

Page 194: ...t banner exec on page 194 banner login system on page 196 banner motd on page 198 clock set on page 200 clock summer time date on page 201 clock summer time recurring on page 203 clock timezone on page 205 continuous reboot prevention on page 206 ecofriendly led on page 208 ecofriendly lpi on page 209 findme on page 211 hostname on page 213 max fib routes on page 215 max static routes on page 216 ...

Page 195: ...emory pools on page 240 show memory shared on page 241 show process on page 242 show reboot history on page 245 show router id on page 247 show system on page 248 show system environment on page 249 show system interrupts on page 250 show system mac on page 251 show system pci device on page 252 show system pci tree on page 253 show system pluggable on page 254 show system pluggable detail on page...

Page 196: ...lt banner Use the no banner exec command to disable the User Exec banner and remove the default User Exec banner Syntax banner exec banner text banner exec default no banner exec Default By default the AlliedWare Plus version and build date is displayed at console login such as Mode Global Configuration Examples To configure a User Exec mode banner after login enter the following commands AlliedWa...

Page 197: ...anner after login enter the following commands To remove the User Exec mode banner after login enter the following commands Related Commands banner login system banner motd awplus configure terminal awplus config banner exec default awplus config exit awplus exit awplus login manager Password AlliedWare Plus TM 5 4 5 03 31 14 13 03 59 awplus awplus configure terminal awplus config no banner exec a...

Page 198: ...nner is displayed after the MOTD Message of the Day banner and before the login username and password prompts Use the no banner login command to disable the login banner Syntax banner login no banner login Default By default no login banner is displayed at console login Mode Global Configuration Examples To configure a login banner to be displayed when you login enter the following commands awplus...

Page 199: ...re Plus Operating System Version 5 4 5 0 x SYSTEM CONFIGURATION AND MONITORING COMMANDS BANNER LOGIN SYSTEM To remove the login banner enter the following commands Related Commands banner exec banner motd awplus configure terminal awplus config no banner login awplus config exit awplus exit awplus login manager Password awplus ...

Page 200: ... affect all network users for example any imminent system shutdowns Use the no variant of this command to not display a text MOTD Message of the Day banner on login Syntax banner motd motd text no banner motd Default By default the device displays the AlliedWare Plus OS version and build date before login Mode Global Configuration Examples To configure a MOTD banner to be displayed when you log in...

Page 201: ...sion 5 4 5 0 x SYSTEM CONFIGURATION AND MONITORING COMMANDS BANNER MOTD To remove the login banner enter the following commands Related Commands banner exec banner login system awplus enable awplus configure terminal awplus config no banner motd awplus config exit awplus exit awplus login manager Password AlliedWare Plus TM 5 4 5 03 31 14 13 03 59 awplus ...

Page 202: ...e timezone the device applies the new offset to the local time NOTE If Network Time Protocol NTP is enabled then you cannot change the time or date using this command NTP maintains the clock automatically using an external time source If you wish to manually alter the time or date you must first disable NTP Example To set the time and date on your system to 2pm on the 2nd of April 2007 use the com...

Page 203: ...ST UTC 12 00 as the standard time and NZDT UTC 13 00 assummertime with thesummertimesetto begin on the 1st October 2007 and end on the 18th of March 2008 awplus config clock summer time NZDT date 1 oct 2 00 2007 18 mar 2 00 2008 60 To remove any summertime settings on the system use the command awplus config no clock summer time Parameter Description timezone name A description of the summertime z...

Page 204: ...ilability High Power Video Surveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x SYSTEM CONFIGURATION AND MONITORING COMMANDS CLOCK SUMMER TIME DATE Related Commands clock summer time recurring clock timezone ...

Page 205: ...ifies that this summertime setting applies every year from now on start week Week of the month when summertime starts in the range 1 5 The value 5 indicates the last week that has the specified day in it for the specified month For example to start summertime on the last Sunday of the month enter 5 for start week and sun for start day start day Day of the week when summertime starts Valid values a...

Page 206: ... a summertime definition for New Zealand using NZST UTC 12 00 as the standard time and NZDT UTC 13 00 as summertime with summertime set to start on the 1st Sunday in October and end on the 3rd Sunday in March use the command awplus config clock summer time NZDT recurring 1 sun oct 2 00 3 sun mar 2 00 60 To remove any summertime settings on the system use the command awplus config no clock summer t...

Page 207: ...e device applies the new offset to the local time Examples To set the timezone to New Zealand Standard Time with an offset from UTC of 12 hours use the command awplus config clock timezone NZST plus 12 To set the timezone to Indian Standard Time with an offset from UTC of 5 30 hours use the command awplus config clock timezone IST plus 5 30 To set the timezone back to UTC with no offsets use the c...

Page 208: ...s reboot prevention enable no continuous reboot prevention period threshold action Default Continuous reboot prevention is disabled by default The default period value is 600 the default threshold value is 1 and the default action is linkdown Mode Global Configuration Usage Note that user initiated reboots via the CLI and software version auto synchronization reboots are not counted toward the thr...

Page 209: ... the period to 500 and action to stopreboot use the commands awplus configure terminal awplus config continuous reboot prevention period 500 action stopreboot To return the period and action to the defaults and keep the continuous reboot prevention feature enabled use the commands awplus configure terminal awplus config no continuous reboot prevention period action To disable continuous reboot pre...

Page 210: ...on Usage When the eco friendly LED feature is enabled a change in port status will not affect the display of the associated LED When the eco friendly LED feature is disabled and power is returned to port LEDs the LEDs will correctly show the current state of the ports In a stack environment enabling the eco friendly LED feature on the stack master will apply the feature to every member of the stac...

Page 211: ...endly LPI feature Syntax ecofriendly lpi no ecofriendly lpi Default The eco friendly LPI feature is disabled by default Mode Interface Configuration for a switch port or Interface Configuration for a range of switch ports Usage For an example of how to configure a trigger to enable the eco friendly LPI feature see the Triggers Feature Overview and Configuration Guide All ports configured for LPI m...

Page 212: ...4 5 0 x SYSTEM CONFIGURATION AND MONITORING COMMANDS ECOFRIENDLY LPI To disable the eco friendly feature on a range of switch ports port1 0 2 port1 0 4 use the following commands awplus configure terminal awplus config interface port1 0 2 port1 0 4 awplus config if no ecofriendly lpi Related Commands duplex ecofriendly led show ecofriendly show interface speed ...

Page 213: ...behavior duration Normal LED behavior is restored automatically after either the default time or a specified timehas elapsed or a no findme command is used You can specify which interface or interfaces are flashed with the optional interface parameter You can specify a particular stack member with the optional member parameter All available interfaces are flashed by default NOTE The interface and ...

Page 214: ... and then all ports will flash twice Each alternate flash will be amber if that device has amber LEDs This pattern will repeat until timeout default or set or no findme commands are used To deactivate the Find Me feature use the following command awplus no findme To activate the Find Me feature for the default duration on stack member 2 use the following command awplus findme member 2 In the examp...

Page 215: ...stack master s host name will be Lab and the other stack members will have host names Lab 1 Lab 2 and so on In case of stack master fail over or stack split the new stack will use the previous stack name as its host name and the stack name unless it is changed by executing the hostname command on the new stack master Use the no variant of this command to revert the hostname setting to its default ...

Page 216: ...me to HQ Sales use the command awplus configure terminal awplus config hostname HQ Sales This changes the prompt to HQ Sales config To revert to the default hostname awplus use the command HQ Sales config no hostname This changes the prompt to awplus config NOTE When AMF is configured running the no hostname command will apply a hostname that is based on the MAC address of the device node for exam...

Page 217: ...he maximum number of dynamic routes to 2000 and warning threshold of 75 use the following commands awplus config terminal awplus config max fib routes 2000 75 Parameter Description max fib routes This is a the maximum number of routes that can be stored in the device s Forwarding Information dataBase In practice other practical system limits would prevent this maximum being reached 1 4294967294 Th...

Page 218: ...mmand to set the maximum number of static routes to the default of 1000 static routes NOTE To set dynamic FIB routes use the max fib routes command Syntax max static routes 1 1000 no max static routes Default The default number of static routes is the maximum number of static routes 1000 Mode Global Configuration Example To reset the maximum number of static routes to the default maximum use the c...

Page 219: ... by default Syntax no debug all dot1x ipv6 nsm Mode Global Configuration and Privileged Exec Example To disable debugging for all features use the command awplus no debug all To disable all 802 1X debugging use the command awplus no debug all To disable all IPv6 debugging use the command awplus no debug all To disable all NSM debugging use the command awplus no debug all Related Commands undebug a...

Page 220: ...When restarting the whole stack you can either use this reboot command to reboot all stack members immediately or to minimize downtime reboot the stack members in a rolling sequence by using the reboot rolling command Examples To restart the device use the command To restart the stand alone device use the command awplus reboot reboot system y n y To restart all devices in the stack use the command...

Page 221: ... 28GPX High Availability High Power Video Surveillance PoE Switch 219 AlliedWare Plus Operating System Version 5 4 5 0 x SYSTEM CONFIGURATION AND MONITORING COMMANDS RELOAD reload Overview This command performs the same function as the reboot command ...

Page 222: ...3 56 06 1200 UTC Time Mon 6 Aug 2007 01 56 06 0000 Timezone NZST Timezone Offset 12 00 Summer time zone NZDT Summer time starts Last Sunday in September at 02 00 00 Summer time ends First Sunday in April at 02 00 00 Summer time offset 60 mins Summer time recurring Yes Table 5 1 Parameters in the output of the show clock command Parameter Description Local Time Current local time UTC Time Current U...

Page 223: ...h Availability High Power Video Surveillance PoE Switch 221 AlliedWare Plus Operating System Version 5 4 5 0 x SYSTEM CONFIGURATION AND MONITORING COMMANDS SHOW CLOCK Related Commands clock set clock summer time date clock summer time recurring clock timezone ...

Page 224: ...d displays the current continuous reboot prevention configuration Syntax show continuous reboot prevention Mode User Exec and Privileged Exec Examples To show the current continuous reboot prevention configuration use the command awplus show continuous reboot prevention Output Figure 5 2 Example output from the show continuous reboot prevention command Related Commands continuous reboot prevention...

Page 225: ...ack members A stack member heading will distinguish the different information for every stack member device Examples To show the CPU utilization of current processes sorting them by the number of threads the processes are using use the command awplus show cpu sort thrds Note that in a stack environment executing this command on the stack master will show CPU utilization for all stack members To sh...

Page 226: ...g 1 0 0 20 sleep 0 356 859 klogd 1 0 0 20 sleep 0 1 910 inetd 1 0 0 20 sleep 0 3 920 portmap 1 0 0 20 sleep 0 0 931 crond 1 0 0 20 sleep 0 1 1090 openhpid 11 0 0 20 sleep 0 233 1111 hpilogd 1 0 0 20 sleep 0 0 1240 hsl 1 0 0 20 sleep 0 79 1453 authd 1 0 0 20 sleep 0 85 1497 cntrd 1 0 0 20 sleep 0 2 1520 epsrd 1 0 0 20 sleep 0 56 1571 imi 1 0 0 20 sleep 0 275 1594 irdpd 1 0 0 20 sleep 0 23 1617 lacp...

Page 227: ...ecified by load types pid Identifier number of the process name A shortened name for the process thrds Number of threads in the process cpu Percentage of CPU utilization that this process is consuming pri Process priority state state Process state one of run sleep zombie and dead sleep Percentage of time that the process is in the sleep state runtime The time that the process has been running for ...

Page 228: ... Exec and Privileged Exec Usage This command s output displays three graphs of the percentage CPU utilization per second for the last minute then per minute for the last hour then per 30 minutes for the last 30 hours If this command is entered on the stack master it will print graphs for all the stack members A stack member heading will be displayed to distinguish the different graphs for every st...

Page 229: ...tput from the show cpu history command Stack member 2 Per second CPU load history 100 90 80 70 60 50 40 30 20 10 Oldest Newest CPU load per second last 60 seconds average CPU load Per minute CPU load history 100 90 80 70 60 50 40 30 20 10 Oldest Newest CPU load per minute last 60 minutes average CPU load maximum Per 30 minute CPU load history 100 90 80 70 60 50 40 30 20 10 Oldest Newest CPU load p...

Page 230: ... High Power Video Surveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x SYSTEM CONFIGURATION AND MONITORING COMMANDS SHOW CPU HISTORY Related Commands show memory show memory allocations show memory pools show process ...

Page 231: ...in alphabetical order Mode User Exec and Privileged Exec Usage This command displays all debugging information similar to the way the show tech support command displays all show output for use by Allied Telesis authorized service personnel only Example To display all debugging information use the command awplus show debugging Output Figure 5 5 Example output from the show debugging command awplus ...

Page 232: ...om the show ecofriendly command awplus show ecofriendly Front panel port LEDs normal Energy efficient ethernet Port Name Configured Status port1 0 1 Port 1 lpi lpi port1 0 2 lpi lpi port1 0 3 lpi lpi port1 0 4 off off port1 0 5 lpi off port1 0 6 Port 6 off off port1 0 7 off port1 0 8 off port1 0 9 off port1 0 10 off Table 5 3 Parameters in the output of the show ecofriendly command Parameter Descr...

Page 233: ...ith the eco switch button overriding the configuration set with the ecofriendly led command Power to the port LEDs is disabled Port Displays the port number as assigned by the switch Name Displays the port name if a name is configured for a port number Configured The eco friendly LPI feature is configured on the port Either LPI or off is displayed Status The eco friendly LPI feature is active on t...

Page 234: ... shared memory used by all interfaces use the command awplus show interface memory To display the shared memory used by port1 0 1 and port1 0 5 to port1 0 6 use the command awplus show interface port1 0 1 port1 0 5 1 0 6 memory Output Figure 5 7 Example output from the show interface port list memory command Parameter Description port list The ports to display information about The port list can b...

Page 235: ...ief show interface status show interface switchport awplus show interface memory Vlan blocking state shared memory usage Interface shmid Bytes Used nattch Status port1 0 1 393228 512 1 port1 0 2 458766 512 1 port1 0 3 360459 512 1 port1 0 4 524304 512 1 port1 0 5 491535 512 1 port1 0 6 557073 512 1 port1 0 7 327690 512 1 port1 0 8 655380 512 1 port1 0 9 622611 512 1 port1 0 21 950301 512 1 port1 0...

Page 236: ... stack members A stack member heading will display the information for every stack member device Example To display the memory used by the current running processes use the command awplus show memory Output Figure 5 9 Example output from the show memory command Parameter Description stack ID Stack member number from 1 to 8 sort Changes the sorting order for the list of processes If you do not spec...

Page 237: ... 4 Parameters in the output of the show memory command Parameter Description Stack member Stack member number RAM total Total amount of RAM memory free free Available memory size buffers Memory allocated kernel buffers pid Identifier number for the process name Short name used to describe the process mem Percentage of memory utilization the process is currently using size Amount of memory currentl...

Page 238: ...User Exec and Privileged Exec Example To display the memory allocations used by all processes on your device use the command awplus show memory allocations Output Figure 5 10 Example output from the show memory allocations command Parameter Description process Displays the memory allocation used by the specified process awplus show memory allocations Memory allocations for imi Current 15093760 pea...

Page 239: ...ty High Power Video Surveillance PoE Switch 237 AlliedWare Plus Operating System Version 5 4 5 0 x SYSTEM CONFIGURATION AND MONITORING COMMANDS SHOW MEMORY ALLOCATIONS Related Commands show memory show memory history show memory pools show memory shared show tech support ...

Page 240: ...utput displays three graphs of the percentage memory utilization per second for the last minute then per minute for the last hour then per 30 minutes for the last 30 hours If entered on the stack master this command will display corresponding memory utilization information for all the stack members A stack member heading will be displayed to distinguish the different lists for every stack member E...

Page 241: ...TION AND MONITORING COMMANDS SHOW MEMORY HISTORY Output Figure 5 11 Example output from the show memory history command Related Commands show memory allocations show memory pools show memory shared show tech support STACK member 1 Per minute memory utilization history 100 90 80 70 60 50 40 30 20 10 Oldest Newest Memory utilization per minute last 60 minutes average memory utilisation ...

Page 242: ... User Exec and Privileged Exec Example To shows the memory pools used by processes use the command awplus show memory pools Output Figure 5 12 Example output from the show memory pools command Related Commands show memory allocations show memory history show tech support Parameter Description process Displays the memory pools used by the specified process awplus show memory pools Memory pools for ...

Page 243: ...mmand Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show memory shared Mode User Exec and Privileged Exec Example To display information about the shared memory allocation used on the device use the command awplus show memory shared Output Figure 5 13 Example output from the show memory shared command Related Commands show memory allocations sho...

Page 244: ... mem Mode User Exec and Privileged Exec Usage For a stacked configuration if this command is entered on the stack master it will display the information for all the stack members A stack member heading will be displayed to distinguish the different information for every stack member Example To display a summary of the current running processes use the command awplus show process To display a summa...

Page 245: ...eep 88 kernel threads pid name cpu pri state sleep 71 aio 0 0 20 sleep 0 3 events 0 0 10 sleep 98 Table 5 5 Parameters in the output from the show process command Parameter Description Stack member Stack member number CPU load Average CPU load for the given period RAM total Total memory size free Available memory buffers Memory allocated to kernel buffers pid Identifier for the process name Short ...

Page 246: ...8GPX High Availability High Power Video Surveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x SYSTEM CONFIGURATION AND MONITORING COMMANDS SHOW PROCESS Related Commands show cpu show cpu history ...

Page 247: ... 2 date time type description 2014 01 10 01 42 04 Expected User Request 2014 01 10 01 35 31 Expected User Request 2014 01 10 01 16 25 Unexpected Rebooting due to critical process network nsm failure 2014 01 10 01 11 04 Unexpected Rebooting due to critical process network nsm failure 2014 01 09 20 46 40 Unexpected Rebooting due to VCS duplicate member ID 2014 01 09 19 56 16 Expected User Request 20...

Page 248: ...d Commands show continuous reboot prevention show tech support Continuous reboot prevention A continuous reboot prevention event has occurred The action taken is configured with the continuous reboot prevention command The next time period during which reboot events are counted begins from this event User request User initiated reboot via the CLI Table 5 6 Parameters in the output from the show re...

Page 249: ...AND MONITORING COMMANDS SHOW ROUTER ID show router id Overview Use this command to show the Router ID of the current system Syntax show router id Mode User Exec and Privileged Exec Example To display the Router ID of the current system use the command awplus show router id Output Figure 5 16 Example output from the show router id command awplus show router id Router ID 10 55 0 2 automatic ...

Page 250: ...tion use the command awplus show system Usage For a stacked configuration if this command is entered on the stack master it will display the information for all the stack members A stack member heading will be displayed to distinguish the different information for every stack member Output Figure 5 17 Example output from the show system command Related Commands show system environment awplus show ...

Page 251: ... and Privileged Exec Usage For a stacked configuration if this command is entered on the stack master it will display the information for all the stack members A stack member heading will be displayed to distinguish the different information for every stack member Example To display the system s environmental status use the command awplus show system environment Output Figure 5 18 Example output f...

Page 252: ... Configuration Guide Syntax show system interrupts Mode User Exec and Privileged Exec Example To display information about the number of interrupts for each IRQ in your device use the command awplus show system interrupts Output Figure 5 19 Example output from the show system interrupts command Related Commands show system environment awplus show system interrupts CPU0 5 10428098 Enabled 0 MIPS li...

Page 253: ...re information see the VCStack Feature Overview and Configuration Guide Example To display the physical MAC address enter the following command awplus show system mac Output Figure 5 20 Example output from the show system mac command Output Figure 5 21 Example output showing how to use the stack virtual mac command and the show system mac command Related Commands stack virtual mac awplus show syst...

Page 254: ...able size 4K Memory at 58000000 32 bit non prefetchable size 64M 00 0d 0 Class 0200 11ab 00d1 rev 01 Flags bus master 66Mhz medium devsel latency 128 IRQ 116 Memory at 57fff000 32 bit non prefetchable size 4K Memory at 50000000 32 bit non prefetchable size 64M Member1 show system pci device 00 00 0 Class 0600 14e4 5300 rev 01 Subsystem 14e4 5300 Flags bus master fast devsel latency 0 IRQ 5 Memory ...

Page 255: ...em pci tree Overview Use this command to display the PCI tree on your device Syntax show system pci tree Mode User Exec and Privileged Exec Example To display information about the PCI tree on your device use the command awplus show system pci tree Output Figure 5 23 Example output from the show system pci tree command Related Commands show system environment show system pci device awplus show sys...

Page 256: ...n for all pluggable transceivers in the system In a stack a separate heading will be displayed to distinguish each stack member s information Example To display brief information about pluggable transceivers installed in port1 0 1 through port1 0 4 use the command awplus show system pluggable port1 0 1 1 0 4 Output Figure 5 24 Example output from the show system pluggable port1 0 1 1 0 4 command E...

Page 257: ...URATION AND MONITORING COMMANDS SHOW SYSTEM PLUGGABLE Output Figure 5 25 Example output from the show system pluggable port1 0 1 command Related Commands show system environment show system pluggable detail show system pluggable diagnostics System Pluggable Information Port Manufacturer Device Serial Number Datecode Type 1 0 1 AGILENT HFBR 5710L 0401312315461272 040131 1000BASE SX ...

Page 258: ...led information about the pluggable transceivers for all the stack members A stack member heading will be displayed to distinguish the different pluggable transceiver information for every stack member NOTE In addition to the information about pluggable transceivers displayed using the show system pluggable command port manufacturer serial number manufacturing datecode and type information the sho...

Page 259: ...supported or not specified a hyphen is displayed instead Example To display detailed information about the pluggable transceivers installed in a particular port on the device use a command like awplus show system pluggable port1 0 24 detail To display detailed information about all the pluggable transceivers installed on the device use the command awplus show system pluggable detail Output Figure ...

Page 260: ...r 10Km OM1 62 5um Fiber 550m OM2 50um Fiber 550m Diagnostic Calibration Internal Power Monitoring Avg FEC BER support Stack member 2 Port2 0 24 Vendor Name FINISAR CORP Device Name FTRJ 8519 7D CSC Device Type 1000BASE SX Serial Number P430KGY Manufacturing Datecode 030718 SFP Laser Wavelength 850nm Link Length Supported Single Mode Fiber OM1 62 5um Fiber 300m OM2 50um Fiber 550m Diagnostic Calibr...

Page 261: ... Specifies the laser wavelength of the installed pluggable transceiver Single Mode Fiber Specifies the link length supported by the pluggable transceiver using single mode fiber OM1 62 5um Fiber Specifies the link length in μm micron supported by the pluggable transceiver using 62 5 micron multi mode fiber OM2 50um Fiber Specifies the link length in μm micron supported by the pluggable transceiver...

Page 262: ...formation about the pluggable transceivers for all the stack members A stack member heading will be displayed to distinguish different pluggable transceiver information for every stack member Usage Modern optical SFP and SFP transceivers support Digital Diagnostics Monitoring DDM functions Diagnostic monitoring features allow you to monitor real time parameters of the pluggable transceiver such as...

Page 263: ...643 8 953 28 313 11 271 Rx Power mW 0 006 Low 15 849 0 025 Low 12 589 0 040 Rx LOS Rx Down Port1 0 22 Status Alarms Warnings Reading Alarm Max Min Warning Max Min Temp Degrees C 29 387 100 00 40 00 85 000 10 00 Vcc Volts 3 378 3 630 2 970 3 465 3 135 Tx Bias mA 2 802 6 000 1 000 5 000 1 000 Tx Power mW 2 900 11 000 0 600 10 000 0 850 Rx Power mW 1 739 18 000 0 000 10 000 0 200 Rx LOS Rx Up awplus ...

Page 264: ...ITORING COMMANDS SHOW SYSTEM PLUGGABLE DIAGNOSTICS Related Commands show system environment show system pluggable show system pluggable detail Rx Power mW Shows the amount of light received in the transceiver Rx LOS Shows when the received optical level falls below a preset threshold Table 5 8 Parameters in the output from the show system pluggables diagnostics command cont Parameter Description ...

Page 265: ...umber information for the device For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show system serialnumber Mode User Exec and Privileged Exec Example To display the serial number information for the device use the command awplus show system serialnumber Output Figur...

Page 266: ...ory or a TFTP server whenever possible to avoid device lockup This method is not likely to be appropriate when running the working set option of AMF across a range of physically separated devices Syntax show tech support all atmf dhcpsn epsr igmp ip ipv6 mld pim stack stp system t acacs outfile filename Default Captures all information for the device Parameter Description all Display full informat...

Page 267: ... exists in the current directory then a new file is generated with the time stamp appended to the file name for example tech support20080109 txt gz so the last saved file is retained Usage This command is useful for collecting a large amount of information about all protocols or specific protocols on your device so that it can then be analyzed for troubleshooting purposes The output of this comman...

Page 268: ...rate is 9600 bps Mode Line Configuration Usage This command is used to change the console asyn port speed Set the console speed to matchthetransmissionrateofthe device connectedto theconsole asyn port on your device Example To set the terminal console asyn0 port speed from the device to 57600 bps then exit the session use the commands awplus configure terminal awplus config line console 0 awplus c...

Page 269: ...High Availability High Power Video Surveillance PoE Switch 267 AlliedWare Plus Operating System Version 5 4 5 0 x SYSTEM CONFIGURATION AND MONITORING COMMANDS SPEED ASYN Related Commands clear line console line show running config show startup config speed ...

Page 270: ...rveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x SYSTEM CONFIGURATION AND MONITORING COMMANDS SYSTEM TERRITORY DEPRECATED system territory deprecated Overview This command has been deprecated in version 5 4 4 0 1 It now has no effect ...

Page 271: ...ing debugging output on the terminal or use the timeout option to stop displaying debugging output on the terminal after a set time Syntax terminal monitor 1 60 terminal no monitor Default Disabled Mode User Exec and Privileged Exec Examples To display debugging output on a terminal enter the command awplus terminal monitor To specify timeout of debugging output after 60 seconds enter the command ...

Page 272: ... High Power Video Surveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x SYSTEM CONFIGURATION AND MONITORING COMMANDS UNDEBUG ALL undebug all Overview This command applies the functionality of the no debug all command ...

Page 273: ...clear log on page 273 clear log buffered on page 274 clear log permanent on page 275 default log buffered on page 276 default log console on page 277 default log email on page 278 default log host on page 279 default log monitor on page 280 default log permanent on page 281 log buffered on page 282 log buffered filter on page 283 log buffered size on page 286 log console on page 287 log console fi...

Page 274: ...LOGGING COMMANDS log host time on page 301 log monitor filter on page 303 log permanent on page 306 log permanent filter on page 307 log permanent size on page 310 log rate limit nsm on page 311 show counter log on page 313 show exception log on page 314 show log on page 315 show log config on page 318 show log permanent on page 321 show running config log on page 322 ...

Page 275: ...ING COMMANDS CLEAR EXCEPTION LOG clear exception log Overview This command resets the contents of the exception log but does not remove the associated core files NOTE When this command is used within a stacked environment it will remove the contents of the exception logs in all stack members Syntax clear exception log Mode Privileged Exec Example awplus clear exception log ...

Page 276: ...mand removes the contents of the buffered and permanent logs NOTE When this command is used within a stacked environment it will remove the contents of the buffered and permanent logs in all stack members Syntax clear log Mode Privileged Exec Example To delete the contents of the buffered and permanent log use the command awplus clear log Validation Commands show log Related Commands clear log buf...

Page 277: ...ed Overview This command removes the contents of the buffered log NOTE When this command is used within a stacked environment it will remove the contents of the buffered logs in all stack members Syntax clear log buffered Mode Privileged Exec Example To delete the contents of the buffered log use the following commands awplus clear log buffered Validation Commands show log Related Commands clear l...

Page 278: ...nt Overview This command removes the contents of the permanent log NOTE When this command is used within a stacked environment it will remove the contents of the buffered logs in all stack members Syntax clear log permanent Mode Privileged Exec Example To delete the contents of the permanent log use the following commands awplus clear log permanent Validation Commands show log Related Commands cle...

Page 279: ...r the buffered log stored in RAM By default the size of the buffered log is 50 kB and it accepts messages with the severity level of warnings and above Syntax default log buffered Default The buffered log is enabled by default Mode Global Configuration Example To restore the buffered log to its default settings use the following commands awplus configure terminal awplus config default log buffered...

Page 280: ...e default settings for log messages sent to the terminal when a log console command is issued By default all messages are sent to the console when a log console command is issued Syntax default log console Mode Global Configuration Example To restore the log console to its default settings use the following commands awplus configure terminal awplus config default log console Validation Commands sh...

Page 281: ...or email addresses Filters must be defined before messages will be sent This command also restores the remote syslog server time offset value to local no offset Syntax default log email email address Mode Global Configuration Example To restore the default settings for log messages sent to the email address admin alliedtelesis com use the following commands awplus configure terminal awplus config ...

Page 282: ...syslog servers Filters must be defined before messages will be sent This command also restores the remote syslog server time offset value to local no offset Syntax default log host ip addr Mode Global Configuration Example To restore the default settings for messages sent to the remote syslog server with IP address 10 32 16 21 use the following commands awplus configure terminal awplus config defa...

Page 283: ...nd restores the default settings for log messages sent to the terminal when a terminal monitor command is used Syntax default log monitor Default All messages are sent to the terminal when a terminal monitor command is used Mode Global Configuration Example To restore the log monitor to its default settings use the following commands awplus configure terminal awplus config default log monitor Rela...

Page 284: ...ings for the permanent log stored in NVS By default the size of the permanent log is 50 kB and it accepts messages with the severity level of warnings and above Syntax default log permanent Default The permanent log is enabled by default Mode Global Configuration Example To restore the permanent log to its default settings use the following commands awplus configure terminal awplus config default ...

Page 285: ...red maximum allowable size old messages will be deleted to make way for new ones Syntax log buffered no log buffered Default The buffered log is configured by default Mode Global Configuration Examples To configured the device to store log messages in RAM use the following commands awplus configure terminal awplus config log buffered To configure the device to not store log messages in a RAM buffe...

Page 286: ... Syntax log buffered level level program program name facility facility msgtext text string no log buffered level level program program name facility facility msgtext text string Parameter Description level Filter messages to the buffered log by severity level level The minimum severity of message to send to the buffered log The level can be specified as one of the following numbers or level names...

Page 287: ...e IMI imish Integrated Management Interface Shell IMISH epsr Ethernet Protection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protection poe Power inline Power over Ethernet dhcpsn DHCP snooping DHCPSN Filter messages to the buffered log by syslog facility Specify one of the following syslog facilities to include messages from in the buffered log kern Kernel messages user Random user l...

Page 288: ... log buffered level notices program epsr To add a filter to send all messages containing the text Bridginginitialization to the buffered log use the following commands awplus configure terminal awplus config log buffered msgtext Bridging initialization To remove a filter that sends all messages generated by EPSR that have a severity of notices or higher to the buffered log use the following comman...

Page 289: ...fered log is permitted to use Once this memory allocation has been filled old messages will be deleted to make room for new messages Syntax log buffered size 50 250 Mode Global Configuration Example To allow the buffered log to use up to 100 kB of RAM use the following commands awplus configure terminal awplus config log buffered size 100 Validation Commands show log config Related Commands defaul...

Page 290: ...es to the devices main console port Use the no variant of this command to configure the device not to send log messages to consoles Syntax log console no log console Mode Global Configuration Examples To configure the device to send log messages use the following commands awplus configure terminal awplus config log console To configure the device not to send log messages in all consoles use the fo...

Page 291: ...onsole level level program program name facility facility msgtext text string no log console level level program program name facility facility msgtext text string Parameter Description level Filter messages by severity level level The minimum severity of message to send The level can be specified as one of the following numbers or level names where 0 is the highest severity and 7 is the lowest se...

Page 292: ...panning Tree Protocol RSTP mstp Multiple Spanning Tree Protocol MSTP imi Integrated Management Interface IMI imish Integrated Management Interface Shell IMISH epsr Ethernet Protection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protection poe Power inline Power over Ethernet dhcpsn DHCP snooping DHCPSN Filter messages by syslog facility Specify one of the following syslog facilities t...

Page 293: ... mstp and then use the command awplus config log console level info program mstp To create a filter to send all messages containing the text Bridging initialization to console instances where the log console command has been given use the following commands awplus configure terminal awplus config log console msgtext Bridging initialization To remove a filter that sends all messages generated by EP...

Page 294: ...his command Syntax log email email address Default By default no filters are defined for email log targets Filters must be defined before messages will be sent Mode Global Configuration Example To have log messages emailed to the email address admin alliedtelesis com use the following commands awplus configure terminal awplus config log email admin alliedtelesis com Validation Commands show log co...

Page 295: ...ill be removed Syntax log email email address level level program program name facility facility msgtext text string no log email email address level level program program name facility facility msgtext text string Parameter Description email address The email address to send logging messages to level Filter messages by severity level level The minimum severity of message to send The level can be ...

Page 296: ...i Integrated Management Interface IMI imish Integrated Management Interface Shell IMISH epsr Ethernet Protection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protection poe Power inline Power over Ethernet dhcpsn DHCP snooping DHCPSN Filter messages by syslog facility Specify one of the following syslog facilities to include messages from kern Kernel messages user Random user level mes...

Page 297: ... level of informational and above to the email address admin alliedtelesis com use the following commands awplus configure terminal awplus config log email admin alliedtelesis com level informational To stop the device emailing log messages emailed to the email address admin alliedtelesis com use the following commands awplus configure terminal awplus config no log email admin homebase com To remo...

Page 298: ... when the message was generated Use the offset option if the email recipient is in a different time zone to this device Specify the time offset of the email recipient in hours Messages will display the time they were generated on this device but converted to the time zone of the email recipient Parameter Description email address The email address to send log messages to time Specify the time diff...

Page 299: ...mail address admin base com with the time information converted to the time zone of the email recipient which is 3 hours ahead of the device s local time zone use the following commands awplus configure terminal awplus config log email admin base com time local offset plus 3 To send messages to the email address user remote com with the time information converted to the time zone of the email reci...

Page 300: ...re messages will be sent Syntax log host ip addr no log host ip addr Mode Global Configuration Examples To configure the device to send log messages to a remote syslog server with IP address 10 32 16 99 use the following commands awplus configure terminal awplus config log host 10 32 16 99 To stop the device from sending log messages to the remote syslog server with IP address 10 32 16 99 use the ...

Page 301: ...ration relating to this log target will be removed Syntax log host ip addr level level program program name facility facility msgtext text string no log host ip addr level level program program name facility facility msgtext text string Parameter Description ip addr The IP address of a remote syslog server level Filter messages by severity level level The minimum severity of message to send The le...

Page 302: ... Integrated Management Interface IMI imish Integrated Management Interface Shell IMISH epsr Ethernet Protection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protection poe Power inline Power over Ethernet dhcpsn DHCP snooping DHCPSN Filter messages by syslog facility Specify one of the following syslog facilities to include messages from kern Kernel messages user Random user level mess...

Page 303: ...al and above to the syslog server with IP address 10 32 16 21 use the following commands awplus configure terminal awplus config log host 10 32 16 21 level informational To remove a filter that sends all messages generated by EPSR that have a severity of notices or higher to a remote syslog server with IP address 10 32 16 21use the following commands awplus configure terminal awplus config no log ...

Page 304: ...Specify the time offset of the remote syslog server in hours Messages will display the time they were generated on this device but converted to the time zone of the remote syslog server Examples To send messages to the remote syslog server with the IP address 10 32 16 21 in the same time zone as the device s local time zone use the following commands awplus configure terminal awplus config log hos...

Page 305: ... which is 3 hours ahead of the device s local time zone use the following commands awplus configure terminal awplus config log host 10 32 16 12 time local offset plus 3 To send messages to the remote syslog server with the IP address 10 32 16 02 with the time information converted to the time zone of the email recipient which is 3 hours behind the device s UTC time zone use the following commands ...

Page 306: ...g monitor level level program program name facility facility msgtext text string no log monitor level level program program name facility facility msgtext text string Parameter Description level Filter messages by severity level level The minimum severity of message to send The level can be specified as one of the following numbers or level names where 0 is the highest severity and 7 is the lowest...

Page 307: ...tocol RSTP mstp Multiple Spanning Tree Protocol MSTP imi Integrated Management Interface IMI imish Integrated Management Interface Shell IMISH epsr Ethernet Protection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protection poe Power inline Power over Ethernet dhcpsn DHCP snooping DHCPSN Filter messages by syslog facility Specify one of the following syslog facilities to include messag...

Page 308: ...nd has been given use the following commands awplus configure terminal awplus config log monitor level info program mstp To remove a filter that sends all messages generated by EPSR that have a severity of notices or higher to the terminal use the following commands awplus configure terminal awplus config no log monitor level notices program epsr To remove a default filter that includes sending ev...

Page 309: ...lowable size old messages will be deleted to make way for new messages The no variant of this command configures the device not to send any messages to the permanent log Log messages will not be retained over a restart Syntax log permanent no log permanent Mode Global Configuration Examples To enable permanent logging use the following commands awplus configure terminal awplus config log permanent...

Page 310: ...sent to the permanent log Syntax log permanent level level program program name facility facility msgtext text string no log permanent level level program program name facility facility msgtext text string Parameter Description level Filter messages sent to the permanent log by severity level level The minimum severity of message to send The level can be specified as one of the following numbers o...

Page 311: ...d Management Interface IMI imish Integrated Management Interface Shell IMISH epsr Ethernet Protection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protection poe Power inline Power over Ethernet dhcpsn DHCP snooping DHCPSN Filter messages by syslog facility Specify one of the following syslog facilities to include messages from kern Kernel messages user Random user level messages mail ...

Page 312: ...Configuration Examples To create a filter to send all messages generated by EPSR that have a severity of notices or higher to the permanent log use the following commands awplus configure terminal awplus config log permanent level notices program epsr To create a filter to send all messages containing the text Bridging initialization to the permanent log use the following commands awplus configure...

Page 313: ...t log is permitted to use Once this memory allocation has been filled old messages will be deleted to make room for new messages Syntax log permanent size 50 250 Mode Global Configuration Example To allow the permanent log to use up to 100 kB of NVS use the following commands awplus configure terminal awplus config log permanent size 100 Validation Commands show log config Related Commands default...

Page 314: ...cause the device to shutdown This log rate limiting feature constrains the rate that log messages are generated by the device Notethatif withinthe giventimeinterval thenumberoflogmessages exceeds the limit then any excess log messages are discarded At the end of the time interval a single log message is generated indicating that log messages were discarded due to the log rate limit being exceeded ...

Page 315: ...E Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x LOGGING COMMANDS LOG RATE LIMIT NSM To return the device the default setting to generate up to 200 log messages per second use the following commands awplus configure terminal awplus config no log rate limit nsm ...

Page 316: ... Total Received P3 9 Total Received P4 32 Total Received P5 312 Total Received P6 1602 Total Received P7 372 Table 6 1 Parameters in output of the show counter log command Parameter Description Total Received Total number of messages received by the log Total Received P0 Total number of Priority 0 Emergency messages received Total Received P1 Total number of Priority 1 Alert messages received Tota...

Page 317: ...m the show exception log command on a device awplus show exception log Stack member 1 date time facility severity program pid message 2014 Jan 27 09 57 47 local7 debug awplus corehandler Process imish PID 3746 signal 11 core dumped to flash imish x610 5 4 3 3 7 1 1390816667 3746 tgz 2014 Jan 27 09 57 47 local7 debug awplus corehandler Process imish PID 2504 signal 11 core dumped to flash imish x61...

Page 318: ...il 10 250 Default By default the entire contents of the buffered log is displayed Mode User Exec Privileged Exec and Global Configuration Usage If the optional tail parameter is specified only the latest 10 messages in the buffered log are displayed A numerical value can be specified after the tail parameter to select how many of the latest messages should be displayed Examples To display the cont...

Page 319: ... 12 at1 mak er awpmaker03 dl gcc version 4 3 3 Gentoo 4 3 3 r3 p1 2 pie 10 1 5 1 Wed Dec 8 11 53 40 NZDT 2010 2011 Aug 29 07 55 22 kern warning awplus kernel No pci config register base in dev tree using default 2011 Aug 29 07 55 23 kern notice awplus kernel Kernel command line console tty S0 9600 releasefile IX5 5 4 5 0 1 rel ramdisk 14688 bootversion 1 1 0 rc12 loglevel 1 extraflash 00000000 201...

Page 320: ...anager pid 471 cmd nbqueue wipe 2006 Nov 10 13 35 01 cron notice crond 116 USER manager pid 472 cmd nbqueue wipe 2006 Nov 10 13 40 01 cron notice crond 116 USER manager pid 477 cmd nbqueue wipe 2006 Nov 10 13 44 36 syslog notice syslog ng 67 Log statistics processed center queued 70 processed 2006 Nov 10 13 45 01 cron notice crond 116 USER manager pid 478 cmd logrotate etc logrotate conf 2006 Nov ...

Page 321: ...w This command displays information about the logging system This includes the configuration of the various log destinations buffered permanent syslog servers hosts and email addresses This also displays the latest status information for each of these destinations Syntax show log config Mode User Exec Privileged Exec and Global Configuration Example To display the logging configuration use the com...

Page 322: ...s 1 Level notices Program any Facility any Message text any 2 Level informational Program mstp Facility daemon Message text any Statistics 1327 messages received 821 accepted by filter 2006 Dec 11 10 36 16 Permanent log Status enabled Maximum size 60kb Filters 1 Level error Program any Facility any Message text any 2 Level warnings Program dhcp Facility any Message text pool exhausted Statistics 1...

Page 323: ...5 28GPX High Availability High Power Video Surveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x LOGGING COMMANDS SHOW LOG CONFIG Related Commands show counter log show log show log permanent ...

Page 324: ...show log permanent 2 Output Figure 6 6 Example output from the show log permanent command Related Commands show log Parameter Description stack ID Stack member number from 1 to 8 tail Display only the latest log entries 10 250 Specify the number of log entries to display awplus show log permanent 2 Stack member 2 date time facility severity program pid message 2014 Feb 25 09 10 48 daemon crit awpl...

Page 325: ...ING COMMANDS SHOW RUNNING CONFIG LOG show running config log Overview This command displays the current running configuration of the Log utility Syntax show running config log Mode Privileged Exec and Global Configuration Example To display the current configuration of the log utility use the command awplus show running config log Related Commands show log show log config ...

Page 326: ...er Video Surveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x Scripting Commands Introduction Overview This chapter provides commands used for command scripts Command List activate on page 323 echo on page 324 wait on page 325 ...

Page 327: ...ipt must be a text file with a filename extension of either sh or scp only for the AlliedWare Plus CLI to activate the script file The sh filename extension indicates the file is an ASH script and the scp filename extension indicates the file is an AlliedWare Plus script Examples To activate a command script to run as a background process use the command awplus activate background test scp Related...

Page 328: ... This command echoes a string to the terminal followed by a blank line Syntax echo line Mode User Exec and Privileged Exec Usage This command may be useful in CLI scripts to make the script print user visible comments Example To echo the string Hello World to the console use the command awplus echo Hello World Output Related Commands activate wait Parameter Description line The string to echo Hell...

Page 329: ...and line Usage Use this command to pause script execution in an scp AlliedWare Plus script or an sh ASH script file executed by the activate command The script must contain an enable Privileged Exec mode command since the wait command is only executed in the Privileged Exec mode When a script is activated the privilege level is set to 1 enabling User Exec commands to run in the script If you need ...

Page 330: ... Interface Commands Introduction Overview This chapter provides an alphabetical reference of commands used to configure and display interfaces Command List description interface on page 327 interface to configure on page 328 mru on page 330 mtu on page 332 show interface on page 334 show interface brief on page 337 show interface status on page 338 shutdown on page 341 ...

Page 331: ...E description interface Overview Use this command to add a description to a specific port or interface Syntax description description Mode Interface Configuration Example The following example uses this command to describe the device that a switch port is connected to awplus configure terminal awplus config if description Boardroom PC Parameter Description description Text describing the specific ...

Page 332: ...pback interfaces can add flexibility and simplify management information gathering and filtering One example of this increased reliability is for OSPF to advertise a local loopback interface as an interface route into the network irrespective of the physical links that may be up or down at the time This provides a higher probability that the routing traffic will be received and subsequently forwar...

Page 333: ...liedWare Plus Operating System Version 5 4 5 0 x INTERFACE COMMANDS INTERFACE TO CONFIGURE The following example shows how to enter Interface mode to configure the local loopback interface awplus configure terminal awplus config interface lo awplus config if Related Commands ip address show interface show interface brief ...

Page 334: ...de internally for the following additional components Source and Destination addresses EtherType field Priority and VLAN tag fields FCS These additional components increase the frame size internally to 1522 bytes Syntax mru mru size no mru Default The default MRU size is 1500 bytes for switch ports Mode Interface Configuration for switch ports Usage Note that show interface output will only show M...

Page 335: ...eo Surveillance PoE Switch 331 AlliedWare Plus Operating System Version 5 4 5 0 x INTERFACE COMMANDS MRU To restore the MRU size of 1500 bytes on port1 0 2 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if no mru Related Commands show interface ...

Page 336: ... has the don t fragment bit set then the device will send an ICMP destination unreachable 3 packet type and a fragmentation needed and DF set 4 code back to the source For IPv6 packets bigger than the MTU size of the transmitting VLAN interface an ICMP packet too big ICMP type 2 code 0 message is sent to the source Note that show interface output will only show MTU size for VLAN interfaces Example...

Page 337: ...PoE Switch 333 AlliedWare Plus Operating System Version 5 4 5 0 x INTERFACE COMMANDS MTU To restore the MTU size to the default MTU size of 1500 bytes on vlan2 and vlan4 use the commands awplus configure terminal awplus config interface vlan2 vlan4 awplus config if no mtu Related Commands show interface ...

Page 338: ...ommand will show MTU Maximum Transmission Unit size for VLAN interfaces and MRU Maximum Received Unit size for switch ports Example To display configuration and status information for all interfaces use the command awplus show interface Parameter Description interface list The interfaces or ports to configure An interface list can be an interface such as a VLAN e g vlan2 a switch port e g port1 0 ...

Page 339: ...i SNMP link status traps Sending Suppressed after 20 traps in 60 sec input packets 2396 bytes 324820 dropped 0 multicast packets 2370 output packets 73235 bytes 406566 multicast packets 7321 broadcast packets 7 Time since last state change 0 days 16 35 52 Interface lo Scope both Link is UP administrative state is UP Hardware is Loopback index 1 metric 1 UP LOOPBACK RUNNING SNMP link status traps D...

Page 340: ... since last state change 69 days 01 28 47 awplus show interface vlan1 vlan2 Interface vlan1 Scope both Link is UP administrative state is UP Hardware is VLAN address is 0015 77e9 5c50 IPv4 address 192 168 1 1 24 broadcast 192 168 1 255 index 201 metric 1 mtu 1500 arp ageing timeout 300 UP BROADCAST RUNNING MULTICAST SNMP link status traps Disabled Bandwidth 1g input packets 295606 bytes 56993106 d...

Page 341: ...Guide Syntax show interface brief Mode User Exec and Privileged Exec Output Figure 8 4 Example output from the show interface brief command Related Commands show interface show interface memory awplus show int brief Interface Status Protocol port1 0 1 admin up down port1 0 2 admin up down port1 0 3 admin up down port1 0 4 admin up down port1 0 5 admin up down port1 0 6 admin up running lo admin up...

Page 342: ...us Parameter Description port list The ports to display information about The port list can be a switch port e g port1 0 6 a static channel group e g sa2 or a dynamic LACP channel group e g po2 a continuous range of ports separated by a hyphen e g port1 0 1 1 0 6 or sa1 2 or po1 2 a comma separated list of ports and port ranges e g port1 0 1 port1 0 4 1 0 6 Do not mix switch ports static channel g...

Page 343: ...ot present port1 0 24 notconnect 1 auto auto unknown sa1 notconnect trunk auto auto Table 8 4 Parameters in the output from the show interface status command Parameter Description Port Name Type of the interface Name Description of the interface Status The administrative and operational status of the interface one of disabled the interface is administratively down connect the interface is operatio...

Page 344: ...his duplex mode If the port is disabled or not connected it displays the configured duplex setting Speed The actual link speed of the interface preceded by a if it has autonegotiated this speed If the port is disabled or not connected it displays the configured speed setting Type The type of interface e g 1000BaseTX For SFP bays it displays Unknown if it does not recognize the type of SFP installe...

Page 345: ...nterface Configuration Example The following example shows the use of the shutdown command to shut down port1 0 2 awplus configure terminal awplus config interface port1 0 2 awplus config if shutdown The following example shows the use of the no shutdown command to bring up port1 0 2 awplus configure terminal awplus config interface port1 0 2 awplus config if no shutdown The following example show...

Page 346: ...13 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x Interface Testing Commands Introduction Overview This chapter provides an alphabetical reference of commands used for testing interfaces Command List clear test interface on page 343 service test on page 344 test interface on page 345 ...

Page 347: ...t interface commands later on Syntax clear test interface port list all Mode Privileged Exec Examples To clear the counters for port1 0 1 use the command awplus clear test interface port1 0 1 To clear the counters for all interfaces use the command awplus clear test interface all Related Commands test interface Parameter Description port list The ports to test A port list can be a switch port e g ...

Page 348: ...tate ready to begin testing After entering this command enter Interface Configuration mode for the desired interfaces and enter the command test interface Do not test interfaces on a device that is part of a live network disconnect the device first Use the no variant of this command to stop the test service Syntax service test no service test Mode Global Configuration Example To put the device int...

Page 349: ...ace port list all time 1 60 cont no test interface port list all Mode Privileged Exec Example To test the switch ports in VLAN 1 install loopbacks in the ports and enter the following commands awplus config service test awplus config no spanning tree rstp enable bridge forward awplus config interface vlan1 awplus config if shutdown awplus config if end awplus test interface all Parameter Descripti...

Page 350: ...1 REV A AlliedWare Plus Operating System Version 5 4 5 0 x INTERFACE TESTING COMMANDS TEST INTERFACE To see the output use the commands awplus show test awplus show test count To start the test on all interfaces for 1 minute use the command awplus test interface all time 1 Related Commands clear test interface ...

Page 351: ...e 349 clear loop protection counters on page 351 clear mac address table static on page 352 clear mac address table dynamic on page 353 clear port counter on page 355 debug loopprot on page 356 debug platform packet on page 357 duplex on page 359 flowcontrol switch port on page 360 linkflap action on page 362 loop protection on page 363 loop protection action on page 365 loop protection action del...

Page 352: ...interface switchport on page 384 show loop protection on page 385 show mac address table on page 387 show mac address table thrash limit on page 389 show mirror on page 390 show mirror interface on page 391 show platform on page 392 show platform classifier statistics utilization brief on page 393 show platform port on page 395 show port security interface on page 399 show port security intrusion ...

Page 353: ... are configured in the half duplex mode The flow control applied by the flowcontrol switch port command operates only on full duplex links whereas back pressure operates only on half duplex links If a port has insufficient capacity to receive further frames the device will simulate a collision by transmitting a CSMACD jamming signal from this port until the buffer empties The jamming signal causes...

Page 354: ...are Plus Operating System Version 5 4 5 0 x SWITCHING COMMANDS BACKPRESSURE Todisablebackpressureflowcontroloninterfaceport1 0 2enterthefollowing commands awplus configure terminal awplus config interface port1 0 2 awplus config if backpressure off Validation Commands show running config show interface Related Commands duplex ...

Page 355: ...d to clear the counters for the Loop Protection counters Syntax clear loop protection interface port list counters Mode Privileged Exec Examples To clear the counter information for all interfaces awplus clear loop protection counters To clear the counter information for a single port awplus clear loop protection interface port1 0 1 counters Parameters Description interface The interface whose cou...

Page 356: ...table static This example shows how to clear all filtering database entries for a given interface configured through the CLI awplus clear mac address table static interface port1 0 3 This example shows how to clear filtering database entries filtering database entries configured through the CLI for a given mac address awplus clear mac address table static address 0202 0202 0202 Related Commands cl...

Page 357: ...ance Compare this usage and operation with the clear mac address table static command Note that an MSTP instance cannot be specified with clear mac address table static Examples This example shows how to clear all dynamically learned filtering database entries for all interfaces addresses VLANs awplus clear mac address table dynamic Parameter Description interface Specify a switch port to be clear...

Page 358: ...arned filtering database entries when learned through device operation for a given MAC address awplus clear mac address table dynamic address 0202 0202 0202 This example shows how to clear all dynamically learned filtering database entries whenlearnedthroughdeviceoperationforagivenMSTP instance1 on switchport interface port1 0 2 awplus clear mac address table dynamic interface port1 0 2 instance 1...

Page 359: ... x SWITCHING COMMANDS CLEAR PORT COUNTER clear port counter Overview Use this command to clear the packet counters of the port Syntax clear port counter port Mode Privileged Exec Example To clear the packet counter for port1 0 1 use the command awplus clear port counter port1 0 1 Related Commands show platform port Parameter Description port The port number or range ...

Page 360: ... pkt state nsm all no debug loopprot info msg pkt state nsm all Mode Privileged Exec and Global Configuration Example To enable debug for all state transitions use the command awplus debug loopprot state Related Commands show debugging loopprot undebug loopprot Parameter Description info General Loop Protection information msg Received and transmitted Loop Detection Frames LDFs pkt Echo raw ASCII ...

Page 361: ...This command can be used to trace packets sent and received by the CPU If a timeout is not specified then a default 5 minute timeout will be applied If a timeout of 0 is specified packet debug will be generated until the no variant of this command is used or another timeout value is specified The timeout value applies to both send and receive debug and is updated whenever the debug platform packet...

Page 362: ...only for the default timeout of 5 minutes enter awplus debug platform packet sflow To enable send packet debug with no timeout enter awplus debug platform packet send timeout 0 To enable VLAN packet debug for VLAN 2 with a timeout duration of 3 minutes enter awplus debug platform packet vlan 2 timeout 150 To disable receive packet debug enter awplus no debug platform packet recv Related Commands s...

Page 363: ... LACP channel group must have the same port speed and be in full duplex mode Once switch ports have been aggregated into a channel group you can set the duplex mode of all the switch ports in the channel group by applying this command to the channel group Examples To specify full duplex for port1 0 4 enter the following commands awplus configure terminal awplus config interface port1 0 4 awplus co...

Page 364: ...e port experiences congestion and cannot receive any more traffic it notifies the other port to stop sending until the condition clears When the local device detects congestion at its end it notifies the remote device by sending a pause frame On receiving a pause frame the remote device stops sending data packets which prevents loss of data packets during the congestion period Flow control is not ...

Page 365: ...inal awplus config interface port1 0 2 awplus config if flowcontrol receive on awplus configure terminal awplus config interface port1 0 2 awplus config if flowcontrol send on awplus configure terminal awplus config interface port1 0 2 awplus config if flowcontrol receive off awplus configure terminal awplus config interface port1 0 2 awplus config if flowcontrol send off Validation Commands show ...

Page 366: ...5 seconds the flapping port will shut down Use the no variant of this command to disable flapping detection at this rate Syntax linkflap action shutdown no linkflap action Default Linkflap action is disabled by default Mode Global Configuration Example To enable the linkflap action command on the device use the following commands awplus configure terminal awplus config linkflap action shutdown Par...

Page 367: ... Feature Overview and Configuration Guide for relevant conceptual configuration and overview information prior to applying this command Example To enable the loop detect mechanism on the switch and generate loop detect frames once every 5 seconds use the following commands awplus configure terminal awplus config loop protection loop detect ldf interval 5 Parameter Description loop detect Enables l...

Page 368: ...ility High Power Video Surveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x SWITCHING COMMANDS LOOP PROTECTION Related Commands loop protection action loop protection timeout show loop protection thrash limiting ...

Page 369: ... Switching Feature Overview and Configuration Guide for relevant conceptual configuration and overview information prior to applying this command Example To disable an interface port1 0 4 and bring the link down when a network loop is detected use the commands awplus configure terminal awplus config interface port1 0 4 awplus config if loop protection action link down Related Commands loop protect...

Page 370: ...ion delay time for an interface to default Syntax loop protection action delay time 0 86400 no loop protection action Default Action delay timer is disabled by default Mode Interface Configuration Example To configure a loop protection action delay time of 10 seconds use the commands awplus configure terminal awplus config interface port1 0 4 awplus config if loop protection action delay time 10 T...

Page 371: ...e Configuration Usage See the Loop Protection section in the Switching Feature Overview and Configuration Guide for relevant conceptual configuration and overview information prior to applying this command Example To configure a loop protection action timeout of 10 seconds for port1 0 4 use the command awplus configure terminal awplus config interface port1 0 4 awplus config if loop protection tim...

Page 372: ... ADDRESS TABLE ACQUIRE mac address table acquire Overview Use this command to enable MAC address learning on the device Use the no variant of this command to disable learning Syntax mac address table acquire no mac address table acquire Default Learning is enabled by default for all instances Mode Global Configuration Example awplus configure terminal awplus config mac address table acquire ...

Page 373: ...ageing out time back to the default of 300 seconds 5 minutes Syntax mac address table ageing time ageing timer none no mac address table ageing time Default The default ageing time is 300 seconds Mode Global Configuration Examples The following commands specify various ageing timeouts on the device awplus configure terminal awplus config mac address table ageing time 1000 awplus configure terminal...

Page 374: ...ly applicable to Layer 2 switched traffic within a single VLAN Do not apply the mac address table static command to Layer 3 switched traffic passing from one VLAN to another VLAN Frames will not be discarded across VLANs because packets are routed across VLANs This command only works on Layer 2 traffic Example awplus configure terminal awplus config mac address table static 2222 2222 2222 forward ...

Page 375: ... no variant of this command to disable thrash limiting Syntax mac address table thrash limit rate no mac address table thrash limit Default No thrash limiting Mode Global Configuration Usage Use this command to limit thrashing on the selected port range Example To apply a thrash limit of 100 MAC address flips per second awplus configure terminal awplus config mac address table thrash limit 100 Rel...

Page 376: ...uration Parameter Description source port list The source switch ports to mirror A port list can be a port e g port1 0 2 a continuous range of ports separated by a hyphen e g port1 0 1 1 0 2 a comma separated list of ports and port ranges e g port1 0 1 port1 0 4 1 0 6 The source port list cannot include dynamic or static channel groups link aggregators direction Specifies whether to mirror traffic...

Page 377: ...mand before issuing the mirror interface command One interface may have multiple mirror interfaces Example To mirror traffic received and transmitted on port1 0 4 and port1 0 5 to destination port1 0 3 use the commands awplus configure terminal awplus config interface port1 0 3 awplus config if mirror interface port1 0 4 port1 0 5 direction both To enable use with the access list hardware IP numbe...

Page 378: ...diagnostic message will be generated Syntax platform hwfilter size ipv4 limited ipv6 ipv4 full ipv6 Default The default mode is ipv4 limited ipv6 Mode Global Configuration Example To configure hardware ACLs to filter IPv4 and IPv6 traffic use the following commands awplus configure terminal awplus config platform hwfilter size ipv4 full ipv6 Related Commands show platform ipv6 access list named Pa...

Page 379: ...load balancing Default The default is src dst ip Mode Global configuration Examples To set the load balancing algorithm to include only Layer 2 MAC addresses enter awplus configure terminal awplus config platform load balancing src dst mac To set the load balancing algorithm to include only Layer 3 IP addresses and L4 ports enter awplus configure terminal awplus config platform load balancing src ...

Page 380: ... assignments multicast addresses multicast addresses xml multicast addresses 1 Syntax platform stop unreg mc flooding no platform stop unreg mc flooding Default This feature is disabled by default Mode Global Configuration Usage This command stops the periodic flooding of unknown or unregistered multicast packets when the Group Membership interval timer expires and there are no subscribers to a mu...

Page 381: ...s from Group Membership queries Examples To enable this feature and stop multicast packet flooding use the following commands awplus configure terminal awplus config platform stop unreg mc flooding To disable this feature and allow multicast packet flooding use the following commands awplus configure terminal awplus config no platform stop unreg mc flooding Related Commands show platform show runn...

Page 382: ...tagincreasestheframesizebeyond1522bytes youmust increase the MRU size to activate VLAN stacking Go into interface mode for the appropriate ports and use the mru command Syntax platform vlan stacking tpid tpid no platform vlan stacking tpid Default The default TPID value is 0x8100 Mode Global Configuration Examples To set the VLAN stacking TPID value to 0x9100 use the following commands awplus conf...

Page 383: ...g for MDI MDIX polarity Polarity applies to copper 10BASE T 100BASE T and 1000BASE T switch ports It does not apply to fiber ports See the MDI MDIX Connection Modes section in the Switching Feature Overview and Configuration Guide for more information Example To set the polarity for port1 0 6 to fixed MDI mode use the following commands awplus configure terminal awplus config interface port1 0 6 a...

Page 384: ...sion 5 4 5 0 x SWITCHING COMMANDS SHOW DEBUGGING LOOPPROT show debugging loopprot Overview This command shows Loop Protection debugging information Syntax show debugging loopprot Mode User Exec and Privileged Exec Example To display the enabled Loop Protection debugging modes use the command awplus show debugging loopprot Related Commands debug loopprot ...

Page 385: ...HOW DEBUGGING PLATFORM PACKET show debugging platform packet Overview This command shows platform to CPU level packet debugging information Syntax show debugging platform packet Mode User Exec and Privileged Exec Example To display the platform packet debugging information use the command awplus show debugging platform packet Related Commands debug platform packet undebug platform packet ...

Page 386: ...ntrol information Syntax show flowcontrol interface port Mode User Exec and Privileged Exec Example To display the flow control for the port1 0 5 use the command awplus show flowcontrol interface port1 0 5 Output Figure 10 1 Example output from the show flowcontrol interface command for a specific interface Parameter Description port Specifies the name of the port to be displayed Port Send FlowCon...

Page 387: ...e device and the protocols responsible for the shutdown Syntax show interface IFRANGE err disabled Mode User Exec and Privileged Exec Example Show the protocols that have shut down port2 0 21 and port2 0 23 use the commands awplus show interface err disabled Output Figure 10 2 Example output from the show interface err disabled command Parameter Description IFRANGE Interface range err disabled Bri...

Page 388: ...itchport Mode User Exec and Privileged Exec Example To display VLAN information about each switch port enter the command awplus show interface switchport Output Figure 10 3 Example output from the show interface switchport command Related Commands show interface memory Interface name port1 0 1 Switchport mode access Ingress filter enable Acceptable frame types all Default Vlan 2 Configured Vlans 2...

Page 389: ...tection feature Examples To display the current configuration status for port1 0 1 use the command awplus show loop protection interface port1 0 1 Figure 10 4 Example output from the show loop protection command To display the counter information for port1 0 1 use the command awplus show loop protection interface port1 0 1 counters Parameter Description interface The interface selected for display...

Page 390: ...EV A AlliedWare Plus Operating System Version 5 4 5 0 x SWITCHING COMMANDS SHOW LOOP PROTECTION Figure 10 5 Example output from the show loop protection interface counters command for port1 0 1 Interface port1 0 1 Vlan 1 LDF Tx 3 LDF Rx 1 Invalid LDF Rx 1 Action 1 Vlan 2 LDF Tx 3 LDF Rx 0 Invalid LDF Rx 0 Action 0 ...

Page 391: ...ow sample output captured when there was no traffic being switched See the sample output captured when packets were switched and mac addresses were learned Note the new mac addresses learned for port1 0 4 and port1 0 6 added as dynamic entries Note the first column of the output below shows VLAN IDs if multiple VLANs are configured awplus show mac address table VLAN Port MAC State 1 unknown 0000 c...

Page 392: ... right of the type column Related Commands clear mac address table dynamic clear mac address table static mac address table static awplus config mac address table static 0000 1111 2222 for int port1 0 3 vlan 2 awplus config end awplus awplus show mac address table VLAN Port MAC State 1 unknown 0000 cd28 0752 static 1 port1 0 2 0030 846e bac7 dynamic 2 port1 0 3 0000 1111 2222 static 2 unknown 0000...

Page 393: ... limit Overview Use this command to display the current thrash limit set for all interfaces on the device Syntax show mac address table thrash limit Mode User Exec and Privileged Exec Example To display the current use the following command awplus show mac address table thrash limit Output Figure 10 6 Example output from the show mac address table thrash limit command Related Commands mac address ...

Page 394: ...us show mirror Output Figure 10 7 Example output from the show mirror command Mirror Test Port Name port1 0 1 Mirror option Enabled Mirror direction both Monitored Port Name port1 0 2 Mirror Test Port Name port1 0 3 Mirror option Enabled Mirror direction receive Monitored Port Name port1 0 4 Mirror Test Port Name port1 0 3 Mirror option Enabled Mirror direction receive Monitored Port Name port1 0 ...

Page 395: ...ow mirror interface port Mode User Exec Privileged Exec and Interface Configuration Example To display port mirroring configuration for the port1 0 4 use the following commands awplus configure terminal awplus config interface port1 0 4 awplus config if show mirror interface port1 0 4 Output Figure 10 8 Example output from the show mirror interface command Parameter Description port The monitored ...

Page 396: ...se settings to take effect the device must be rebooted with the new settings in the startup config Example To check the settings configured with platform commands on the device use the following command awplus show platform Output Figure 10 9 Example output from the show platform command Related Commands platform load balancing platform vlan stacking tpid awplus show platform Vlan stacking TPID 0x...

Page 397: ...classifier utilization statistics use the following command awplus show platform classifier statistics utilization brief Output Figure 10 10 Output from the show platform classifier statistics utilization brief command Figure 10 11 Output from the show platform classifier statistics utilization brief command awplus show platform classifier statistics utilization brief Instance 0 Number of Entries ...

Page 398: ...m the show platform classifier statistics utilization brief command with the DOS detection feature enabled Related Commands show platform Instance 3 0 Port1 0 1 1 0 24 Number of Entries Policy Type Group ID Used Total ACL 1476395009 0 122 0 DoS 1476395011 0 128 0 VLAN Counter 1 0 0 0 QoS 0 640 0 Instance 3 1 Port1 0 25 1 0 48 Number of Entries Policy Type Group ID Used Total ACL 1476395009 0 122 0...

Page 399: ...ters Mode Privileged Exec Examples To display port registers for port1 0 1 and port1 0 2 use the following command awplus show platform port port1 0 1 port1 0 2 To display platform counters for port1 0 1 and port1 0 2 use the following command awplus show platform port port1 0 1 port1 0 2 counters Parameter Description port list The ports to display information about A port list can be a continuou...

Page 400: ...0x08001000 enabled 1 loopback 0 link 0 speed 0 max speed 1000 duplex 0 linkscan 2 autonegotiate 1 master 2 tx pause 1 rx pause 1 untagged vlan 1 vlan filter 3 stp state 1 learn 5 discard 0 max frame size 1522 MC Disable SA no MC Disable TTL no MC egress untag 0 MC egress vid 0 MC TTL threshold 1 Table 10 2 Parameters in the output from the show platform port command Parameter Description Ethernet ...

Page 401: ...f octets received Pkts Number of packets received FCSErrors Number of FCS Frame Check Sequence error events received UnicastPkts Number of unicast packets received MulticastPkts Number of multicast packets received BroadcastPkts Number of broadcast packets received PauseMACCtlFrms Number of Pause MAC Control Frames received OversizePkts Number of oversize packets received Fragments Number of fragm...

Page 402: ... Multiple Deferral Frame counter SingleCollsnFrm Transmit Single Collision Frame counter MultCollsnFrm Transmit Multiple Collision Frame counter LateCollisions Transmit Late Collision Frame counter ExcessivCollsns Transmit Excessive Collision Frame counter Collisions Transmit Total Collision counter Layer 3 Counters ifInUcastPkts Inbound interface Unicast counter ifInDiscards Inbound interface Dis...

Page 403: ...xample To see the port security status on port1 0 1 use the following command awplus show port security interface port1 0 1 Output Figure 10 14 Example output from the show port security interface command Parameter Description port The port to display information about The port may be a switch port e g port1 0 4 a static channel group e g sa3 or a dynamic LACP channel group e g po4 Port Security c...

Page 404: ...rface port Mode Privileged Exec Example To see the intrusion list on port1 0 1 use the following command awplus show port security intrusion interface port1 0 1 Output Figure 10 15 Example output from the show port security intrusion command for port 1 0 1 Parameter Description interface Specify a port port The port to display information about The port may be a switch port e g port1 0 4 a static ...

Page 405: ... and Privileged Exec Example To display storm control information for port1 0 2 use the following command awplus show storm control port1 0 2 Output Figure 10 16 Example output from the show storm control command for port1 0 2 Example To display storm control information for all ports use the following command awplus show storm control Parameter Description port The port to display information abo...

Page 406: ... 0 100 0 port1 0 3 100 0 100 0 100 0 port1 0 4 100 0 100 0 100 0 port1 0 5 100 0 100 0 100 0 port1 0 6 100 0 100 0 100 0 port1 0 7 100 0 100 0 100 0 port1 0 8 100 0 100 0 100 0 port1 0 9 100 0 100 0 100 0 port1 0 10 100 0 100 0 100 0 port1 0 11 100 0 100 0 100 0 port1 0 12 100 0 100 0 100 0 port1 0 13 100 0 100 0 100 0 port1 0 14 100 0 100 0 100 0 port1 0 15 100 0 100 0 100 0 port1 0 16 100 0 100 ...

Page 407: ...egotiate speed except for 100Base FX ports which do not support auto negotiation so default to 100Mbps Usage Switch ports in a static or dynamic LACP channel group must have the same port speed and be in full duplex mode Once switch ports have been aggregated into a channel group you can set the speed of all the switch ports in the channel group by applying this command to the channel group NOTE N...

Page 408: ...s config interface port1 0 4 awplus config if speed auto To set a port to auto negotiate its speed at 100Mbps and 1000Mbps enter the following commands awplus configure terminal awplus config interface port1 0 4 awplus config if speed auto 100 1000 To set a port to auto negotiate its speed at 1000Mbps only enter the following commands awplus configure terminal awplus config interface port1 0 4 awp...

Page 409: ...ult By default storm control is disabled Mode Interface Configuration Usage Flooding techniques are used to block the forwarding of unnecessary flooded traffic A packet storm occurs when a large number of broadcast packets are received on a port Forwarding these packets can cause the network to slow down or time out Example To limit broadcast traffic on port1 0 2 to 30 of the maximum port speed us...

Page 410: ...er of MAC addresses that each port can learn Use the no variant of this command to disable the port security feature Syntax switchport port security no switchport port security Mode Interface Configuration Examples To enable the port security feature on port1 0 4 use the following commands awplus configure terminal awplus config interface port1 0 4 awplus config if switchport port security To disa...

Page 411: ...t security aging Overview Sets the port security MAC to time out Use the no variant of this command to set the port security to not time out Syntax switchport port security aging no switchport port security aging Mode Interface Configuration Examples To set the MAC to time out use the following command awplus switchport port security aging To unset the MAC time out use the following command awplus...

Page 412: ...d and the MAC is statically configured for another port a violation is triggered The maximum learn limit will be ignored and the specified intrusion action for the port will be carried out Syntax switchport port security maximum 0 256 no switchport port security maximum Mode Interface Configuration Examples To learn 3 MAC addresses on port1 0 4 use the following commands awplus configure terminal ...

Page 413: ... is set thepacketwill simply be discarded by the packet processor silently The no variant of this command sets the violation action to default The default violation action is protect Syntax switchport port security violation shutdown restrict protect no switchport port security violation Mode Interface Configuration Examples To set the action to be shutdown on port1 0 4 use the following commands ...

Page 414: ...iew information prior to applying this command Examples To set the action to learn disable for port1 0 4 use the following commands awplus configure terminal awplus config interface port1 0 4 awplus config if thrash limiting action learn disable To block all traffic on a vlan use the following command awplus configure terminal awplus config thrash limiting action vlan disable To set the thrash lim...

Page 415: ...WITCHING COMMANDS THRASH LIMITING To set the thrash limiting action to its default use the following command awplus config if no thrash limiting action To set the thrash limiting timeout to its default use the following command awplus config if no thrash limiting timeout Related Commands loop protection loop protection action loop protection timeout show loop protection ...

Page 416: ...bility High Power Video Surveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x SWITCHING COMMANDS UNDEBUG LOOPPROT undebug loopprot Overview This command applies the functionality of the no debug loopprot command ...

Page 417: ...vailability High Power Video Surveillance PoE Switch 413 AlliedWare Plus Operating System Version 5 4 5 0 x SWITCHING COMMANDS UNDEBUG PLATFORM PACKET undebug platform packet Overview This command applies the functionality of the no debug platform packet command ...

Page 418: ...e vlan on page 419 private vlan association on page 420 show port vlan forwarding priority on page 421 show vlan on page 422 show vlan classifier group on page 423 show vlan classifier group interface on page 424 show vlan classifier interface group on page 425 show vlan classifier rule on page 426 show vlan private vlan on page 427 show vlan statistics on page 428 switchport access vlan on page 4...

Page 419: ...trunk allowed vlan on page 440 switchport trunk native vlan on page 443 switchport vlan stacking double tagging on page 445 switchport voice dscp on page 446 switchport voice vlan on page 447 switchport voice vlan priority on page 450 vlan on page 451 vlan classifier activate on page 452 vlan classifier group on page 453 vlan classifier rule ipv4 on page 454 vlan classifier rule proto on page 455 ...

Page 420: ... terms frame and packet are used interchangeably Syntax clear vlan statistics name instance_name Mode Privileged Exec Examples To reset all packet counters for the packet counter instance vlan2 data awplus clear vlan statistics name vlan2 data To reset all packet counters for all packet counter instances awplus clear vlan statistics Related Commands show vlan statistics vlan statistics Parameter D...

Page 421: ...er node Use the epsr parameter option on an EPSR master node instead Setting this command incorrectly on an EPSR master node could cause unexpected broadcast storms Use the no variant of this command to restore the default highest priority protocol back to the default of EPSR For more information about EPSR see the EPSR Feature Overview and Configuration Guide Syntax port vlan forwarding priority ...

Page 422: ...ode primary port is configured to switchport interface port1 0 1 The EPSR master node secondary port is configured to switchport interface port1 0 2 The EPSR master node control VLAN is configured to VLAN interface vlan10 The EPSR master node has a first data VLAN configured to VLAN interface vlan20 The EPSR master node has a second data VLAN configured to VLAN interface vlan30 Initially the EPSR ...

Page 423: ...ection settings so that EPSR or MAC Thrashing protection cannot set a port to the forwarding state a VLAN if Loop Protection has set it to the blocking state use the commands awplus configure terminal awplus config port vlan forwarding priority loop protection To set EPSR Loop Protection and MAC Thrashing protection protocols to have equal priority for port forwarding and blocking which allows the...

Page 424: ...e vlan vlan id community isolated primary Mode VLAN Configuration Examples awplus configure terminal awplus config vlan database awplus config vlan vlan 2 name vlan2 state enable awplus config vlan vlan 3 name vlan3 state enable awplus config vlan vlan 4 name vlan4 state enable awplus config vlan private vlan 2 primary awplus config vlan private vlan 3 isolated awplus config vlan private vlan 4 co...

Page 425: ...n id association add secondary vlan id remove secondary vlan id no private vlan primary vlan id association Mode VLAN Configuration Examples The following commands associate primary VLAN 2 with secondary VLAN 3 awplus configure terminal awplus config vlan database awplus config vlan private vlan 2 association add 3 The following commands remove the association of primary VLAN 2 with secondary VLAN...

Page 426: ...splays whether EPSR or Loop Protection is set as the highest priority for determining whether a port forwards a VLAN as set by the port vlan forwarding priority command For more information about EPSR see the EPSR Feature Overview and Configuration Guide Syntax show port vlan forwarding priority Mode Privileged Exec Example To display the highest priority protocol use the command awplus show port ...

Page 427: ...ut VLAN 2 use the command awplus show vlan 2 Output Figure 11 2 Example output from the show vlan command Related Commands vlan Parameter Description 1 4094 Display information about the VLAN specified by the VLAN ID all Display information about all VLANs on the device brief Display information about all VLANs on the device dynamic Display information about all VLANs learned dynamically static Di...

Page 428: ...igured VLAN classifier groups or a specific group Syntax show vlan classifier group 1 16 Mode User Exec and Privileged Exec Usage If a group ID is not specified all configured VLAN classifier groups are shown If a group ID is specified a specific configured VLAN classifier group is shown Example To display information about VLAN classifier group 1 enter the command awplus show vlan classifier grou...

Page 429: ...fier group interface switch port Mode User Exec and Privileged Exec Usage All configured VLAN classifier groups are shown for a single interface Example TodisplayVLANclassifiergroupinformationforswitchportinterface port1 0 2 enter the command awplus show vlan classifier group interface port1 0 2 Output Figure 11 3 Example output from the show vlan classifier group interface port1 0 1 command Relat...

Page 430: ...e To display information about all interfaces configured for all VLAN groups enter the command awplus show vlan classifier interface group To display information about all interfaces configured for VLAN group 1 enter the command awplus show vlan classifier interface group 1 Output Figure 11 4 Example output from the show vlan classifier interface group command Output Figure 11 5 Example output fro...

Page 431: ... 256 Mode User Exec and Privileged Exec Usage If a rule ID is not specified all configured VLAN classifier rules are shown If a rule ID is specified a specific configured VLAN classifier rule is shown Example To display information about VLAN classifier rule 1 enter the command awplus show vlan classifier rule 1 Output Figure 11 6 Example output from the show vlan classifier rule1 command Related ...

Page 432: ...play the private VLAN configuration and associations Syntax show vlan private vlan Mode User Exec and Privileged Exec Example To display the private VLAN configuration and associations enter the command awplus show vlan private vlan Output Figure 11 7 Example output from the show vlan private vlan command Related Commands private vlan private vlan association awplus show vlan private vlan PRIMARY ...

Page 433: ...y all VLAN packet counter instances Syntax show vlan statistics name instance_name Mode User Exec and Privileged Exec Examples To display all packet counters for the packet counter instance vlan2 data awplus show vlan statistics name vlan2 data To display all packet counters for all packet counter instances awplus show vlan statistics Related Commands clear vlan statistics vlan statistics Table 11...

Page 434: ...VLAN 1 to specified switchports using the negated form of this command Mode Interface Configuration Usage Any untagged frame received on this port will be associated with the specified VLAN Examples To change the port based VLAN to VLAN 3 for port1 0 2 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if switchport access vlan 3 To reset the port based VLAN...

Page 435: ...tain actions such as QSP QoS Storm Protection or EPSR Ethernet Protection Switching Ring Note that if the VID is not given all disabled VLANs are re enabled Syntax switchport enable vlan 1 4094 Mode Interface Configuration Example To re enable the port1 0 1 from VLAN 1 awplus configure terminal awplus config interface port1 0 1 awplus config if switchport enable vlan 1 Related Commands show mls qo...

Page 436: ...iteria Syntax switchport mode access ingress filter enable disable Default By default ports are in access mode with ingress filtering on Usage Use access mode to send untagged frames only Mode Interface Configuration Example awplus configure terminal awplus config interface port1 0 2 awplus config if switchport mode access ingress filter enable Validation Command show interface switchport Paramete...

Page 437: ... terminal awplus config interface port1 0 2 awplus config if switchport mode private vlan host awplus config interface port1 0 3 awplus config if switchport mode private vlan promiscuous awplus config interface port1 0 4 awplus config if no switchport mode private vlan promiscuous Related Commands switchport private vlan mapping Parameter Description host This port type can communicate with all ot...

Page 438: ... port in trunk mode is disabled as a promiscuous port Mode Interface Configuration Usage A port must be put in trunk mode with switchport mode trunk command before it can be enabled as a promiscuous port To add VLANs to be trunked over the promiscuous port use the switchport trunk allowed vlan command These VLANs can be isolated VLANs or non private VLANs To configure the native VLAN for the promi...

Page 439: ...wplus config interface port1 0 2 awplus config if switchport mode trunk awplus config if switchport trunk allowed vlan add 2 4 awplus config if switchport mode private vlan trunk promiscuous group 3 To remove port1 0 2 in trunk mode as a promiscuous port for a private VLAN use the commands To remove port1 1 2 in trunk mode as a promiscuous port for a private VLAN use the commands awplus configure ...

Page 440: ...dary port When a port in trunk mode is enabled to be a secondary port for isolated VLANs by default it will have a native VLAN of none no native VLAN specified Mode Interface Configuration Usage A port must be put in trunk mode with switchport mode trunk command before the port is enabled as a secondary port in trunk mode To add VLANs to be trunked over the secondary port use the switchport trunk ...

Page 441: ...lus config vlan vlan 2 awplus config vlan private vlan 2 isolated awplus config vlan exit awplus config interface port1 0 3 awplus config if switchport mode trunk awplus config if switchport trunk allowed vlan add 2 awplus config if switchport mode private vlan trunk secondary group 3 To remove port1 1 3 in trunk mode as a secondary port use the commands awplus configure terminal awplus config int...

Page 442: ...s mode are untagged members of the default VLAN vlan1 and have ingress filtering on Mode Interface Configuration Usage Aportin trunkmodecan be a tagged member ofmultipleVLANs and anuntagged member of one native VLAN To configure which VLANs this port will trunk for use the switchport trunk allowed vlan command Example awplus configure terminal awplus config interface port1 0 3 awplus config if swi...

Page 443: ...rt Use the no variant of this command to remove the association Syntax switchport private vlan host association primary vlan id add secondary vlan id no switchport private vlan host association Mode Interface Configuration Examples awplus configure terminal awplus config interface port1 0 2 awplus config if switchport private vlan host association 2 add 3 awplus configure terminal awplus config in...

Page 444: ...d remove secondary vid list no switchport private vlan mapping Mode Interface Configuration Usage This command can be applied to a switch port or a static channel group but not a dynamic LACP channel group LACP channel groups dynamic LACP aggregators cannot be promiscuous ports in private VLANs Examples awplus configure terminal awplus config interface port1 0 2 awplus config if switchport private...

Page 445: ...t s tagged member set The add and remove parameters will add and remove VLANs to and from the port s member set See the note below about restrictions when using the add remove except and all parameters Parameter Description all Allow all VLANs to transmit and receive through the port none Allow no VLANs to transmit and receive through the port add Add a VLAN to transmit and receive through the por...

Page 446: ... except parameter with the list of VLANs to remove instead of using the remove parameter as shown in the command example below awplus configure terminal awplus config interface port1 0 6 awplus config if switchport trunk allowed vlan except 3 4 Then the configuration is changed after entering the above commands to remove VLAN 3 To add a VLAN where the configuration for port1 0 6 shows the below ou...

Page 447: ...ed after entering the above commands to add VLAN 4 Examples The following shows adding a single VLAN to the port s member set awplus configure terminal awplus config interface port1 0 2 awplus config if switchport trunk allowed vlan add 2 The following shows adding a range of VLANs to the port s member set awplus configure terminal awplus config interface port1 0 2 awplus config if switchport trun...

Page 448: ...ault VLAN 1 the default VLAN which is reverted to using the no form of this command Mode Interface Configuration Examples The following commands show configuration of VLAN 2 as the native VLAN for interface port1 0 2 awplus configure terminal awplus config interface port1 0 2 awplus config if switchport trunk native vlan 2 The following commands show the removal of the native VLAN for interface po...

Page 449: ...613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x VLAN COMMANDS SWITCHPORT TRUNK NATIVE VLAN ThefollowingcommandsrevertthenativeVLANtothedefaultVLAN1 forinterface port1 0 2 awplus configure terminal awplus config interface port1 0 2 awplus config if no switchport trunk native vlan ...

Page 450: ... interface Syntax switchport vlan stacking customer edge port provider port no switchport vlan stacking Default By default ports are not VLAN stacking ports Mode Interface Configuration Usage Use VLAN stacking to separate traffic from different customers to that they can be managed over a provider network Traffic with an extra VLAN header added by VLAN stacking cannot be routed Example awplus conf...

Page 451: ...dscp 0 63 no switchport voice dscp Default A DSCP value of 0 will be advertised Mode Interface Configuration Usage LLDP MED advertisements including Network Policy TLVs are transmitted via a port if LLDP is enabled lldp run command Voice VLAN is configured for the port switchport voice vlan command The portis configured to transmitLLDP advertisements enabled by default lldp transmit receive comman...

Page 452: ...is configured and therefore no network policy is advertised for voice devices Mode Interface Configuration Usage LLDP MED advertisements including Network Policy TLVs are transmitted via a port if LLDP is enabled lldp run command Voice VLAN is configured for the port using this command switchport voice vlan The portis configured to transmitLLDP advertisements enabled by default lldp transmit recei...

Page 453: ...ort1 0 5 to send voice data tagged for VLAN 10 use the commands awplus configure terminal awplus config interface port1 0 5 awplus config if switchport voice vlan 10 To tell IP phones connected to ports 1 0 2 1 0 6 to send priority tagged packets 802 1p priority tagged with VID 0 so that they will be assigned to the port VLAN use the following commands The priority value is 5 by default but can be...

Page 454: ...deo Surveillance PoE Switch 449 AlliedWare Plus Operating System Version 5 4 5 0 x VLAN COMMANDS SWITCHPORT VOICE VLAN Related Commands egress vlan id egress vlan name lldp med tlv select spanning tree edgeport RSTP and MSTP switchport voice dscp switchport voice vlan priority show lldp ...

Page 455: ...5 Mode Interface Configuration Usage LLDP MED advertisements including Network Policy TLVs are transmitted via a port if LLDP is enabled lldp run command Voice VLAN is configured for the port switchport voice vlan command The portis configured to transmitLLDP advertisements enabled by default lldp transmit receive command The port is configured to transmit Network Policy TLVs enabled by default ll...

Page 456: ...isable vlan vid vlan name mtu mtu value no vlan vid vid range mtu Default By default VLANs are enabled when they are created Mode VLAN Configuration Examples awplus configure terminal awplus config vlan database awplus config vlan vlan 45 name accounts state enable awplus configure terminal awplus config vlan database awplus config vlan no vlan 45 Related Commands mtu vlan database show vlan Param...

Page 457: ... mode for a switch port Usage See the protocol based VLAN configuration example in the VLAN Feature Overview and Configuration Guide for configuration details Example To associate VLAN classifier group 3 with switch port1 0 3 enter the following commands awplus configure terminal awplus config interface port1 0 3 awplus config if vlan classifier activate 3 To remove VLAN classifier group 3 from sw...

Page 458: ...s command to delete a group of VLAN classifier rules Syntax vlan classifier group 1 16 add delete rule vlan class rule id no vlan classifier group 1 16 Mode Global Configuration Example awplus configure terminal awplus config vlan classifier group 3 add rule 5 Related Commands show vlan classifier rule vlan classifier activate vlan classifier rule ipv4 vlan classifier rule proto Parameter Descript...

Page 459: ...6 ipv4 ip addr prefix length vlan 1 4094 no vlan classifier rule 1 256 Mode Global Configuration Usage If the source IP address matches the IP subnet specified in the VLAN classifier rule the received packets are mapped to the specified VLAN Example awplus configure terminal awplus config vlan classifier rule 3 ipv4 3 3 3 3 8 vlan 5 Related Commands show vlan classifier rule vlan classifier activa...

Page 460: ...ypes in the IANA 802 numbers are given as hexadecimal values The no variant of this command removes a previously set rule Syntax vlan classifier rule 1 256 proto protocol encap ethv2 nosnapllc snapllc vlan 1 4094 no vlan classifier rule 1 256 Parameter Description 1 256 VLAN Classifier identifier proto Protocol type protocol Specify a protocol either by its decimal number 0 65535 or by one of the ...

Page 461: ...ocol decsyscomm 24583 DEC Systems Comms Arch protocol g8bpqx25 2303 G8BPQ AX 25 protocol ieeeaddrtrans 2561 Xerox IEEE802 3 PUP Address ieeepup 2560 Xerox IEEE802 3 PUP protocol ip 2048 IP protocol ipv6 34525 IPv6 protocol ipx 33079 IPX protocol netbeui 61680 IBM NETBIOS NETBEUI protocol netbeui 61681 IBM NETBIOS NETBEUI protocol pppdiscovery 34915 PPPoE discovery protocol pppsession 34916 PPPoE s...

Page 462: ...lus config vlan classifier rule 5 proto encap ethv2 vlan 234525 awplus config vlan classifier rule 6 proto encap ethv2 vlan 2ipv6 awplus config vlan classifier rule 7 proto encap ethv2 vlan 22048 awplus config vlan classifier rule 8 proto encap ethv2 vlan 2ip Validation Output awplus show vlan classifier rule Related Commands show vlan classifier rule vlan classifier activate vlan classifier group...

Page 463: ...verview Use this command to enter the VLAN Configuration mode Syntax vlan database Mode Global Configuration Usage Use this command to enter the VLAN configuration mode You can then add or delete a VLAN or modify its values Example In the following example note the change to VLAN configuration mode from Configure mode awplus configure terminal awplus config vlan database awplus config vlan Related...

Page 464: ... VLAN Configuration Examples To add a stack local VLAN with the VID of 4002 and assign it to stack member 2 use the following commands awplus configure terminal awplus config vlan database awplus config vlan vlan 4002 mode stack local vlan 2 To remove VLAN 4002 use the following commands awplus configure terminal awplus config vlan database awplus config vlan no vlan 4002 Parameter Description vid...

Page 465: ...AT IX5 28GPX High Availability High Power Video Surveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x VLAN COMMANDS VLAN MODE STACK LOCAL VLAN Related Commands mtu vlan database show vlan ...

Page 466: ...eserve sufficient resources to support 128 packet counter instances These resources are also shared with other features such as QoS and ACLs Where the remaining resources are insufficient to support the VLAN Statistics feature the feature will not be enabled and an error message will display Examples Create a VLAN packet counter instance named vlan2 data and apply this to count incoming vlan2 tagg...

Page 467: ... COMMANDS VLAN STATISTICS To remove the remaining ports 1 0 2 to 1 0 4 from the packet counter instance named vlan2 data Note that because there are no ports associated with the vlan2 data this instance will be removed awplus config interface port1 0 2 port1 0 4 awplus config if no vlan statistics name vlan2 data Related Commands clear vlan statistics show vlan statistics ...

Page 468: ... tree detected protocols RSTP and MSTP on page 465 debug mstp RSTP and STP on page 466 instance priority MSTP on page 470 instance vlan MSTP on page 472 region MSTP on page 474 revision MSTP on page 475 show debugging mstp on page 476 show spanning tree on page 477 show spanning tree brief on page 480 show spanning tree mst on page 481 show spanning tree mst config on page 482 show spanning tree m...

Page 469: ...1 spanning tree forward time on page 512 spanning tree guard root on page 513 spanning tree hello time on page 514 spanning tree link type on page 515 spanning tree max age on page 516 spanning tree max hops MSTP on page 517 spanning tree mode on page 518 spanning tree mst configuration on page 519 spanning tree mst instance on page 520 spanning tree mst instance path cost on page 521 spanning tre...

Page 470: ...er Exec and Privileged Exec Usage Use this command with the instance parameter in MSTP mode Specifying this command with the interface parameter only not the instance parameter will work in STP and RSTP mode Examples awplus clear spanning tree statistics awplus clear spanning tree statistics instance 1 awplus clear spanning tree statistics interface port1 0 2 awplus clear spanning tree statistics ...

Page 471: ...protocols RSTP and MSTP Overview Use this command to clear the detected protocols for a specific port or all ports Use this command in RSTP or MSTP mode only Syntax clear spanning tree detected protocols interface port Mode Privileged Exec Example awplus clear spanning tree detected protocols Parameter Description port The port to clear detected protocols for The port may be a switch port e g port...

Page 472: ...lobal Configuration mode Usage 1 Use the debug mstp topology change interface command to generate debugging messageswhen the device receives an indicationof a topology change in a BPDU from another device The debugging can be activated on a per port basis Although this command uses the keyword mstp it displays debugging output for RSTP and STP protocols as well as the MSTP protocol Due to the like...

Page 473: ...ceive debugging is controlled independently Although this command uses the keyword mstp it displays debugging output for RSTP and STP protocols as well as the MSTP protocol Due to the likely volume of output these debug messages are best viewed using the terminal monitor command before issuing the relevant debug mstp command The default terminal monitor filter will select and display these message...

Page 474: ...ac3bca8 17 23 42 awplus MSTP 1417 CIST int pathcost 0 17 23 42 awplus MSTP 1417 CIST bridge id 0000 0000cd1000fe 17 23 42 awplus MSTP 1417 CIST hops remaining 20 17 23 42 awplus MSTP 1417 MSTI flags Agree Forward Learn role Desig 17 23 42 awplus MSTP 1417 MSTI reg root id 8001 0000cd1000fe 17 23 42 awplus MSTP 1417 MSTI pathcost 0 17 23 42 awplus MSTP 1417 MSTI bridge priority 32768 port priority ...

Page 475: ... 0 6 Related Commands log buffered filter show debugging mstp terminal monitor undebug mstp awplus terminal monitor awplus debug mstp packet rx decode interface port1 0 4 awplus 17 30 17 awplus MSTP 1417 port1 0 4 xSTP BPDU rx start 17 30 17 awplus MSTP 1417 Protocol version RSTP BPDU type RST 17 30 17 awplus MSTP 1417 CIST Flags Forward Learn role Desig 17 30 17 awplus MSTP 1417 CIST root id 8000...

Page 476: ... bridge priority for the instance MSTP selects the device with the lowest MAC address to be the root bridge Give the device a higher priority for becoming the root bridge for a particular instance by assigning it a lower priority number or vice versa Examples To set the root bridge priority for MSTP instance 2 to be the highest 0 so that it will be the root bridge for this instance when available ...

Page 477: ...igh Power Video Surveillance PoE Switch 471 AlliedWare Plus Operating System Version 5 4 5 0 x SPANNING TREE COMMANDS INSTANCE PRIORITY MSTP Related Commands region MSTP revision MSTP show spanning tree mst config spanning tree mst instance spanning tree mst instance priority ...

Page 478: ...rom the MSTI Syntax instance msti id vlan vid vid list no instance msti id vlan vid vid list Mode MST Configuration Usage The VLANs must be created before being associated with an MST instance MSTI If the VLAN range is not specified the MSTI will not be created This command removes the specified VLANs from the CIST and adds them to the specified MSTI If you use the no variant of this command to re...

Page 479: ...gh Availability High Power Video Surveillance PoE Switch 473 AlliedWare Plus Operating System Version 5 4 5 0 x SPANNING TREE COMMANDS INSTANCE VLAN MSTP Related Commands region MSTP revision MSTP show spanning tree mst config spanning tree mst instance vlan ...

Page 480: ...e this region name and reset it to the default Syntax region region name no region Default By default the region name is My Name Mode MST Configuration Usage The region name the revision number and the digest of the VLAN to MSTI configuration table must be the same on all devices that are intended to be in the same MST region Example awplus configure terminal awplus config spanning tree mst config...

Page 481: ...d for MSTP only Syntax revision revision number Default The default of revision number is 0 Mode MST Configuration Usage The region name the revision number and the digest of the VLAN to MSTI configuration table must be the same on all devices that are intended to be in the same MST region Example awplus configure terminal awplus config spanning tree mst configuration awplus config mst revision 25...

Page 482: ...nformation on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging mstp Mode User Exec and Privileged Exec mode Example To display the MSTP debugging options set enter the command awplus show debugging mstp Output Figure 12 1 Example output from the show debugging mstp comm...

Page 483: ...es that are not installed A topology change counter has been included for RSTP and MSTP You can see the topology change counter for RSTP by using the show spanning tree command You can see the topology change counter for MSTP by using the show spanning tree mst instance command Example To display spanning tree information about port1 0 3 use the command awplus show spanning tree interface port1 0 ...

Page 484: ...st errdisable timeout interval 300 sec port1 0 3 Port 5023 Id 839f Role Designated State Forwarding port1 0 3 Designated Path Cost 0 port1 0 3 Configured Path Cost 200000 Add type Explicit ref count 1 port1 0 3 Designated Port Id 839f Priority 128 port1 0 3 Root 80000000cd20f093 port1 0 3 Designated Bridge 80000000cd20f093 port1 0 3 Message Age 0 Max Age 20 port1 0 3 Hello Time 2 Forward Delay 15 ...

Page 485: ...0 1 forward transitions 0 port1 0 1 Version Rapid Spanning Tree Protocol Received None Send STP port1 0 1 No portfast configured Current portfast off port1 0 1 portfast bpdu guard default Current portfast bpdu guard off port1 0 1 portfast bpdu filter default Current portfast bpdu filter off port1 0 1 no root guard configured Current root guard off port1 0 1 Configured Link Type point to point Curr...

Page 486: ...spanning tree mst instance command Example To display a summary of spanning tree status information use the command awplus show spanning tree brief Output Figure 12 4 Example output from the show spanning tree brief command Related Commands show spanning tree Parameter Description brief A brief summary of spanning tree information Default Bridge up Spanning Tree Enabled Default Root Path Cost 4000...

Page 487: ...ode User Exec Privileged Exec and Interface Configuration Example To display bridge level information about the CIST and VLAN to MSTI mappings enter the command awplus show spanning tree mst Output Figure 12 5 Example output from the show spanning tree mst command Related Commands show spanning tree mst interface 1 Bridge up Spanning Tree Enabled 1 CIST Root Path Cost 0 CIST Root Port 0 CIST Bridg...

Page 488: ...nterface Configuration Usage The region name the revision number and the digest of the VLAN to MSTI configuration table must be the same on all devices that are intended to be in the same MST region Example To display MSTP configuration identifier information enter the command awplus show spanning tree mst config Output Figure 12 6 Example output from the show spanning tree mst config command Rela...

Page 489: ...sociated with that particular instance For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show spanning tree mst detail Mode User Exec Privileged Exec and Interface Configuration Example To display detailed information about each instance and all interfaces associated...

Page 490: ...1 0 2 forward transitions 0 port1 0 2 Version Multiple Spanning Tree Protocol Received None Send STP port1 0 2 No portfast configured Current portfast off port1 0 2 portfast bpdu guard default Current portfast bpdu guard off port1 0 2 portfast bpdu filter default Current portfast bpdu filter off port1 0 2 no root guard configured Current root guard off port1 0 2 Configured Link Type point to point...

Page 491: ...rolling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show spanning tree mst detail interface port Mode User Exec Privileged Exec and Interface Configuration Example To display detailed information about port1 0 3 and the instances associated with it enter the command awplus show spanning tree mst detail interface port1 0 3 Output F...

Page 492: ... 2 Message Age 0 Max Age 20 port1 0 2 CIST Hello Time 2 Forward Delay 15 port1 0 2 CIST Forward Timer 0 Msg Age Timer 0 Hello Timer 0 topo change timer 0 port1 0 2 forward transitions 0 port1 0 2 Version Multiple Spanning Tree Protocol Received None Send STP port1 0 2 No portfast configured Current portfast off port1 0 2 portfast bpdu guard default Current portfast bpdu guard off port1 0 2 portfas...

Page 493: ...ning tree mst instance instance Mode User Exec Privileged Exec and Interface Configuration Usage To display detailed information for instance 2 and all switch ports associated with that instance use the command awplus show spanning tree mst instance 2 Output Figure 12 9 Example output from the show spanning tree mst instance command Parameter Description instance Specify an MSTP instance in the ra...

Page 494: ...2 use the command awplus show spanning tree mst instance 2 interface port1 0 2 Output Figure 12 10 Example output from the show spanning tree mst instance command Parameter Description instance Specify an MSTP instance in the range 1 15 port The port to display information about The port may be a switch port e g port1 0 4 a static channel group e g sa2 or a dynamic LACP channel group e g po2 1 MST...

Page 495: ...To display detailed information about each instance and all interfaces associated with them for port1 0 4 use the command awplus show spanning tree mst interface port1 0 4 Output Figure 12 11 Example output from theshow spanning tree mst interface command Parameter Description port The port to display information about The port may be a switch port e g port1 0 4 a static channel group e g sa2 or a...

Page 496: ...olling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show spanning tree mst detail interface port Mode User Exec Privileged Exec and Interface Configuration Example To display detailed information about port1 0 3 and the instances associated with it enter the command awplus show spanning tree mst detail interface port1 0 3 Output Fi...

Page 497: ... 2 Message Age 0 Max Age 20 port1 0 2 CIST Hello Time 2 Forward Delay 15 port1 0 2 CIST Forward Timer 0 Msg Age Timer 0 Hello Timer 0 topo change timer 0 port1 0 2 forward transitions 0 port1 0 2 Version Multiple Spanning Tree Protocol Received None Send STP port1 0 2 No portfast configured Current portfast off port1 0 2 portfast bpdu guard default Current portfast bpdu guard off port1 0 2 portfas...

Page 498: ...d all switch ports associated with all spanning tree instances For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show spanning tree statistics Mode Privileged Exec Usage To display BPDU statistics for all spanning tree instances and all switch ports associated with a...

Page 499: ...gnated Bridge ec cd 6d 20 c0 ed Designated Port Id 8393 Top Change Ack FALSE Config Pending FALSE PORT Based Information Statistics Config Bpdu s xmitted 0 Config Bpdu s received 0 TCN Bpdu s xmitted 0 TCN Bpdu s received 0 Forward Trans Count 0 STATUS of Port Timers Hello Time Configured 2 Hello timer INACTIVE Hello Time Value 0 Forward Delay Timer INACTIVE Forward Delay Timer Value 0 Message Age...

Page 500: ...ree instance and all switch ports associated with that MST instance For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show spanning tree statistics instance instance Mode Privileged Exec Usage To display BPDU statistics information for MST instance 2 and all switch p...

Page 501: ...inst 0 0 TCN Bpdu s received port inst 0 0 Message Age port Inst 0 0 port1 0 3 Forward Transitions 0 Next State Learning Topology Change Time 0 INST_PORT port1 0 4 Information Statistics Config Bpdu s xmitted port inst 0 0 Config Bpdu s received port inst 0 0 TCN Bpdu s xmitted port inst 0 0 TCN Bpdu s received port inst 0 0 Message Age port Inst 0 0 port1 0 4 Forward Transitions 0 Next State Lear...

Page 502: ...instance For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show spanning tree statistics instance instance interface port Mode Privileged Exec Example To display BPDU statistics for MST instance 2 interface port1 0 2 use the command awplus show spanning tree statisti...

Page 503: ...0 2 instance 1 Spanning Tree Enabled for Instance 1 INST_PORT port1 0 2 Information Statistics Config Bpdu s xmitted port inst 0 0 Config Bpdu s received port inst 0 0 TCN Bpdu s xmitted port inst 0 0 TCN Bpdu s received port inst 0 0 Message Age port Inst 0 0 port1 0 2 Forward Transitions 0 Next State Learning Topology Change Time 0 Other Inst Vlan Information Statistics Bridge Priority 0 Bridge ...

Page 504: ...d with that switch port For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show spanning tree statistics interface port Mode Privileged Exec Example To display BPDU statistics about each MST instance for port1 0 4 use the command awplus show spanning tree statistics i...

Page 505: ...t 20000000 Message Age 0 Designated Root ec cd 6d 20 c0 ed Designated Cost 0 Designated Bridge ec cd 6d 20 c0 ed Designated Port Id 838a Top Change Ack FALSE Config Pending FALSE PORT Based Information Statistics Config Bpdu s xmitted 0 Config Bpdu s received 0 TCN Bpdu s xmitted 0 TCN Bpdu s received 0 Forward Trans Count 0 STATUS of Port Timers Hello Time Configured 2 Hello timer INACTIVE Hello ...

Page 506: ...elated Commands show spanning tree statistics Other Bridge information Statistics STP Multicast Address 01 80 c2 00 00 00 Bridge Priority 32768 Bridge Mac Address ec cd 6d 20 c0 ed Bridge Hello Time 2 Bridge Forward Delay 15 Topology Change Initiator 5023 Last Topology Change Occured Mon Aug 22 05 41 20 2011 Topology Change FALSE Topology Change Detected TRUE Topology Change Count 1 Topology Chang...

Page 507: ...he VLANs associated with them including the VLAN range index value for the device Syntax show spanning tree vlan range index Mode Privileged Exec Example To display information about MST instances and the VLANs associated with them for the device including the VLAN range index value use the following command awplus show spanning tree vlan range index Output Figure 12 17 Example output from theshow...

Page 508: ...utomatically detect that it is an edge port If it does not receive any BPDUs in the first three seconds after linkup enabling or entering RSTP or MSTP mode it sets itself to be an edgeport and enters the forwarding state Use this command for RSTP or MSTP Use the no variant of this command to disable this feature Syntax spanning tree autoedge no spanning tree autoedge Default Disabled Mode Interfac...

Page 509: ...g Tree with the spanning tree enable command before you can use this command to then configure BPDU discarding or forwarding This command enables the switch to forward unsupported BPDUs with an unsupported Spanning Tree Protocol such as proprietary STP protocols with unsupported BPDUs by forwarding BDPU Bridge Protocol Data Unit frames unchanged through the switch When you want to revert to defaul...

Page 510: ... enable STP BPDU forwarding for untagged frames in Global Configuration mode with STP disabled which forwards any ingress STP BPDU frames to all ports that are untagged members of the ingress port s native VLAN enter the commands awplus configure terminal awplus config no spanning tree stp enable awplus config spanning tree bpdu forward untagged vlan To enable STP BPDU forwarding for tagged frames...

Page 511: ...n Cisco devices all devices in the switched LAN running the AlliedWare Plus Operating System must have Cisco interoperability enabled When the AlliedWare Plus Operating System is interoperating with Cisco the only criteria used to classify a region are the region name and revision level VLAN to instance mapping is not used to classify regions when interoperating with Cisco Examples To enable Cisco...

Page 512: ... displays differently in the output of some show commands Use the no variant of this command to set a port to its default state not an edge port Syntax spanning tree edgeport no spanning tree edgeport Default Not an edge port Mode Interface Configuration Usage Use this command on a switch port connected to a LAN that has no other bridges attached If a BPDU is received on the port that indicates th...

Page 513: ...n spanning tree is enabled and the spanning tree mode is set to RSTP To change the mode see spanning tree mode command Examples To enable STP in Global Configuration mode enter the below commands awplus configure terminal awplus config spanning tree stp enable To disable STP in Global Configuration mode enter the below commands awplus configure terminal awplus config no spanning tree stp enable To...

Page 514: ... 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x SPANNING TREE COMMANDS SPANNING TREE ENABLE To disable RSTP in Global Configuration mode enter the below commands awplus configure terminal awplus config no spanning tree rstp enable Related Commands spanning tree bpdu spanning tree mode ...

Page 515: ...meout facility Syntax spanning tree errdisable timeout enable no spanning tree errdisable timeout enable Default By default the errdisable timeout is disabled Mode Global Configuration Usage The BPDU guard feature shuts down the port on receiving a BPDU on a BPDU guard enabled port This command associates a timer with the feature such that the port is re enabled without manual intervention after a...

Page 516: ... up when it has been disabled by the BPDU guard feature Use this command for RSTP or MSTP Syntax spanning tree errdisable timeout interval 10 1000000 no spanning tree errdisable timeout interval Default By default the port is re enabled after 300 seconds Mode Global Configuration Example awplus configure terminal awplus config spanning tree errdisable timeout interval 34 Related Commands show span...

Page 517: ... it automatically detects one Mode Interface Configuration mode for a switch port interface only Examples Set the value to enforce the spanning tree protocol STP awplus configure terminal awplus config interface port1 0 2 awplus config if spanning tree force version 0 Set the default protocol version awplus configure terminal awplus config interface port1 0 2 awplus config if no spanning tree forc...

Page 518: ...ken to transition from discarding to learning and from learning to forwarding This value is used only when the device is acting as the root bridge Devices not acting asthe RootBridgeuse adynamic valuefor the forwarddelayset by theroot bridge The forward delay max age and hello time parameters are interrelated Syntax spanning tree forward time forward delay no spanning tree forward time Default The...

Page 519: ...ion of superior BPDUs You can use this command for RSTP STP or MSTP Use the no variant of this command to disable the root guard feature for the port Syntax spanning tree guard root no spanning tree guard root Mode Interface Configuration mode for a switch port interface only Usage The Root Guard feature makes sure that the port on which it is enabled is a designated port If the Root Guard enabled...

Page 520: ...e no variant of this command to restore the default of the hello time Syntax spanning tree hello time hello time no spanning tree hello time Default Default is 2 seconds Mode Global Configuration and Interface Configuration for switch ports Usage The allowable range of values is 1 10 seconds The forward delay max age and hello time parameters should be set according to the following formula as spe...

Page 521: ... RSTP or MSTP only Use the no variant of this command to return the port to the default link type Syntax spanning tree link type point to point shared no spanning tree link type Default The default link type is point to point Mode Interface Configuration mode for a switch port interface only Usage You may want to set link type to shared if the port is connected to a hub with multiple devices conne...

Page 522: ...ing tree max age Default The default of spanning tree max age is 20 seconds Mode Global Configuration Usage Max age is the maximum time in seconds for which a message is considered valid Configure this value sufficiently high so that a frame generated by the root bridge can be propagated to the leaf nodes without exceeding the max age The forward delay max age and hello time parameters should be s...

Page 523: ...this command for MSTP only Syntax spanning tree max hops hop count no spanning tree max hops hop count Default The default max hops in a MST region is 20 Mode Global Configuration Usage Specifying the max hops for a BPDU prevents the messages from looping indefinitely in the network The hop count is decremented by each receiving port When a device receives an MST BPDU that has a hop count of zero ...

Page 524: ...stp mstp Default The default spanning tree protocol mode on the device is RSTP Mode Global Configuration Usage With no configuration the device will have spanning tree enabled and the spanning tree mode will be set to RSTP Use this command to change the spanning tree protocol mode on the device MSTP is VLAN aware but RSTP and STP are not VLAN aware To enable or disable spanning tree operation see ...

Page 525: ...IGURATION spanning tree mst configuration Overview Use this command to enter the MST Configuration mode to configure the Multiple Spanning Tree Protocol Syntax spanning tree mst configuration Mode Global Configuration Examples ThefollowingexampleusesthiscommandtoenterMSTConfigurationmode Note the change in the command prompt awplus configure terminal awplus config spanning tree mst configuration a...

Page 526: ...ault A port automatically becomes a member of an MSTI when it is assigned to a VLAN Mode Interface Configuration mode for a switch port or channel group Usage You can disable automatic configuration of member ports of a VLAN to an associated MSTI by using a no spanning tree mst instance command to remove the member port from the MSTI Use the spanning tree mst instance command to add a VLAN member ...

Page 527: ...e mst instance instance id path cost Default The default path cost values and the range of recommended path cost values depend on the port speed as shown in the following table from the IEEE 802 1q 2003 standard Mode Interface Configuration mode for a switch port interface only Usage Before you can use this command to set a path cost in a VLAN configuration you must explicitly add an MST instance ...

Page 528: ...xamples awplus configure terminal awplus config interface port1 0 2 awplus config if spanning tree mst instance 3 path cost 1000 awplus configure terminal awplus config interface port1 0 2 awplus config if no spanning tree mst instance 3 path cost Related Commands instance vlan MSTP spanning tree mst instance spanning tree mst instance priority spanning tree mst instance restricted role spanning t...

Page 529: ...The MST algorithm uses the port priority when determining the root port for the switch in the MSTI The port with the lowest value is considered to have the highest priority and will be chosen as root port over a port equivalent in all other aspects but with a higher priority value Examples awplus configure terminal awplus config interface port1 0 2 awplus config if spanning tree mst instance 3 pri...

Page 530: ...nning tree mst instance instance id restricted role Default The restricted role for an MSTI instance on a switch port is disabled by default Mode Interface Configuration mode for a switch port interface only Usage The root port is the port providing the best path from the bridge to the root bridge Use this command to disable a port from becoming a root port Use the no variant of this command to en...

Page 531: ... switch port interface only Usage A Topology Change Notification TCN is a simple Bridge Protocol Data Unit BPDU that a bridge sends out to its root port to signal a topology change You can configure restricted TCN between TRUE and FALSE values with this command and the no variant of this command If you configure restricted TCN to TRUE with this command then this stops the switch port from propagat...

Page 532: ...57 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x SPANNING TREE COMMANDS SPANNING TREE MST INSTANCE RESTRICTED TCN Related Commands instance vlan MSTP spanning tree priority port priority spanning tree mst instance spanning tree mst instance path cost spanning tree mst instance restricted role ...

Page 533: ...is configured this will apply to the port s path cost for the CIST Syntax spanning tree path cost pathcost no spanning tree path cost Default The default path cost values and the range of recommended path cost values depend on the port speed as shown in the following table from the IEEE 802 1q 2003 and IEEE 802 1d 2004 standards Mode Interface Configuration mode for switch port interface only Exam...

Page 534: ...lt state not an edge port Syntax spanning tree portfast no spanning tree portfast Default Not an edge port Mode Interface Configuration mode for a switch port interface only Usage Portfast makes a port move from a blocking state to a forwarding state bypassing both listening and learning states The portfast feature is meant to be used for ports connected to end user devices Enabling portfast on po...

Page 535: ... Operating System Version 5 4 5 0 x SPANNING TREE COMMANDS SPANNING TREE PORTFAST STP Example awplus configure terminal awplus config interface port1 0 2 awplus config if spanning tree portfast Related Commands spanning tree edgeport RSTP and MSTP show spanning tree spanning tree portfast bpdu filter spanning tree portfast bpdu guard ...

Page 536: ...panning tree portfast bpdu filter Default BPDU Filter is not enabled on any ports by default Mode Global Configuration and Interface Configuration Usage This command filters the BPDUs and passes only data to continue to act as an edge port Using this command in Global Configuration mode applies the portfast bpdu filter feature to all ports on the device Using it in Interface mode applies the featu...

Page 537: ...REE COMMANDS SPANNING TREE PORTFAST BPDU FILTER To enable STP BPDU filtering in Interface Configuration mode enter the commands awplus configure terminal awplus config interface port1 0 2 awplus config if spanning tree portfast bpdu filter enable Related Commands spanning tree edgeport RSTP and MSTP show spanning tree spanning tree portfast STP spanning tree portfast bpdu guard ...

Page 538: ...ard is not enabled on any ports by default Mode Global Configuration or Interface Configuration Usage This command blocks the port s to all devices and data when enabled BPDU Guard is a port security feature that changes how a portfast enabled port behaves if it receives a BPDU When bpdu guard is set then the port shuts down if it receives a BPDU It does not process the BPDU as it is considered su...

Page 539: ...stratively configured and currently running values of bpdu guard Example To enable STP BPDU guard in Global Configuration mode enter the below commands awplus configure terminal awplus config spanning tree portfast bpdu guard To enable STP BPDU guard in Interface Configuration mode enter the below commands awplus configure terminal awplus config interface port1 0 2 awplus config if spanning tree p...

Page 540: ...mmand for RSTP STP or MSTP When MSTP mode is configured this will apply to the CIST Use the no variant of this command to reset it to the default Syntax spanning tree priority priority no spanning tree priority Default The default priority is 32678 Mode Global Configuration Usage To force a particular device to become the root bridge use a lower value than other devices in the spanning tree Exampl...

Page 541: ...nt of this command to reset it to the default Syntax spanning tree priority priority no spanning tree priority Default The default priority is 128 Mode Interface Configuration mode for a switch port interface only Usage To force a port to be part of the active topology for instance become the root port or a designated port use a lower value than other ports on the device This behavior is subject t...

Page 542: ... Interface Configuration mode for a switch port interface only to restrict the port from becoming a root port Use the no variant of this command to disable the restricted role functionality Syntax spanning tree restricted role no spanning tree restricted role Default The restricted role is disabled Mode Interface Configuration mode for a switch port interface only Example awplus configure terminal...

Page 543: ...y Change Notification BPDUs Bridge Protocol Data Units from being sent on a port If this command is enabled after a topology change a bridge is prevented from sending a TCN to its designated bridge Use the no variant of this command to disable the restricted TCN functionality Syntax spanning tree restricted tcn no spanning tree restricted tcn Default The restricted TCN is disabled Mode Interface C...

Page 544: ...nning tree transmit holdcount Overview Use this command to set the maximum number of BPDU transmissions that are held back Use the no variant of this command to restore the default transmit hold count value Syntax spanning tree transmit holdcount no spanning tree transmit holdcount Default Transmit hold count default is 3 Mode Global Configuration Example awplus configure terminal awplus config sp...

Page 545: ...X High Availability High Power Video Surveillance PoE Switch 539 AlliedWare Plus Operating System Version 5 4 5 0 x SPANNING TREE COMMANDS UNDEBUG MSTP undebug mstp Overview This command applies the functionality of the no debug mstp RSTP and STP command ...

Page 546: ... link It also aims to spread data flows across the links as evenly as possible Link aggregation hashes one or more of the source and destination MAC address IP address and UDP TCP ports to select a link on which to send a packet So packet flow between a pair of hosts always takes the same link inside the Link Aggregation Group LAG The net effect is that the bandwidth for a given packet stream is r...

Page 547: ...S lacp timeout on page 547 show debugging lacp on page 549 show diagnostic channel group on page 550 show etherchannel on page 552 show etherchannel detail on page 553 show etherchannel summary on page 554 show lacp sys id on page 555 show lacp counter on page 556 show port etherchannel on page 557 show static channel group on page 559 static channel group on page 560 undebug lacp on page 562 ...

Page 548: ...e the same tagging status and can only be operated on as a group All device ports within a channel group must have the same port speed and be in full duplex mode Once the LACP channel group has been created it is treated as a device port and can be referred to in most other commands that apply to device ports To refer to an LACP channel group in other LACP commands use the channel group number To ...

Page 549: ...from any created LACP channel groups use the command below awplus configure terminal awplus config interface port1 0 6 awplus config if no channel group awplus config To reference the pre defined LACP channel group 2 as an interface apply commands as below awplus configure terminal awplus config interface port1 0 6 awplus config if channel group 2 mode active awplus config if exit awplus config in...

Page 550: ...n 5 4 5 0 x LINK AGGREGATION COMMANDS CLEAR LACP COUNTERS clear lacp counters Overview Use this command to clear all counters of all present LACP aggregators channel groups or a given LACP aggregator Syntax clear lacp 1 32 counters Mode Privileged Exec Example awplus clear lacp 2 counters Parameter Description 1 32 Channel group number Parameter Description ...

Page 551: ... lacp timer detail awplus debug lacp all Related Commands show debugging lacp undebug lacp Parameter Description all Turn on all debugging for LACP cli Specifies debugging for CLI messages Echoes commands to the console event Specifies debugging for LACP events Echoes events to the console ha Specifies debugging for HA High Availability events Echoes High Availability events to the console packet ...

Page 552: ...e port Ports are selected for aggregation based on their priority with the higher priority numerically lower ports selected first Use the no variant of this command to reset the priority of port to the default Syntax lacp port priority 1 65535 no lacp port priority Default The default is 32768 Mode Interface Configuration Example awplus configure terminal awplus config interface port1 0 5 awplus c...

Page 553: ...system This is used in determining the system responsible for resolving conflicts in the choice of aggregation groups Use the no variant of this command to reset the system priority of the local system to the default Syntax lacp system priority 1 65535 no lacp system priority Default The default is 32768 Mode Global Configuration Example awplus configure terminal awplus config lacp system priority...

Page 554: ... port a port out of the aggregation if no updates are seen for 3 seconds i e 3 consecutive updates are lost The device indicates its preference by means of the Timeout field in the Actor section of its LACPDUs If the Timeout field is set to 1 then the device has set the short timeout If the Timeout field is set to 0 then the device has set the long timeout Setting the short timeout enables the dev...

Page 555: ...E Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x LINK AGGREGATION COMMANDS LACP TIMEOUT The following commands set the LACP short timeout for 1 second on port1 0 2 awplus configure terminal awplus config interface port1 0 2 awplus config if lacp timeout short ...

Page 556: ... and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging lacp Mode User Exec and Privileged Exec Example awplus show debugging lacp Output Figure 13 1 Example output from the show debugging lacp command Related Commands debug lacp LACP debugging status LACP timer debugging is on LACP ti...

Page 557: ...nd displays dynamic and static channel group interface status information The output of this command is useful for Allied Telesis authorized service personnel for diagnostic purposes For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show diagnostic channel group Mode...

Page 558: ...Member port IfIndex Active Pos sa3 4503 port1 0 15 5015 No sa3 4503 port1 0 18 5018 No po1 4601 port1 0 7 5007 No po1 4601 port1 0 8 5008 No po1 4601 port1 0 9 5009 No Channel Group Info based on HSL Note Pos position in hardware table Dev Interface IfIndex Member port IfIndex Active Pos sa3 4503 N a po1 4601 N a Channel Group Info based on IPIFWD Note Pos position in hardware table Dev Interface ...

Page 559: ...ash limiting command is set to vlan disable the output will also show the VLANs on which thrashing is detected For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show etherchannel 1 32 Mode User Exec and Privileged Exec Example awplus show etherchannel 2 Output Figure...

Page 560: ...onfiguration Guide Syntax show etherchannel detail Mode User Exec and Privileged Exec Example awplus show etherchannel detail Output Figure 13 4 Example output from the show etherchannel detail command Aggregator po1 IfIndex 4501 Mac address 00 00 cd 24 fd 29 Admin Key 0001 Oper Key 0001 Receive link count 1 Transmit link count 0 Individual 0 Ready 1 Partner LAG 0x8000 00 00 cd 24 da a7 Link port1...

Page 561: ...mation on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show etherchannel summary Mode User Exec and Privileged Exec Example awplus show etherchannel summary Output Figure 13 5 Example output from the show etherchannel summary command Aggregator po1 Admin Key 0001 Oper Key 0001 Lin...

Page 562: ...his command to display the LACP system ID and priority For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show lacp sys id Mode User Exec and Privileged Exec Example awplus show lacp sys id Output Figure 13 6 Example output from the show lacp sys id command System Pri...

Page 563: ...ven LACP aggregator For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show lacp counter 1 32 Mode User Exec and Privileged Exec Example awplus show lacp counter 2 Output Figure 13 7 Example output from the show lacp counter command Parameter Description 1 32 Channel ...

Page 564: ...ils of the device port specified For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show port etherchannel port Mode User Exec and Privileged Exec Example awplus show port etherchannel port1 0 1 Output Figure 13 8 Example output from the show port etherchannel command...

Page 565: ...ne state Fast periodic Mux machine state Collecting Distributing Actor Information Partner Information Selected Selected Partner Sys Priority 0 Physical Admin Key 1 Partner System 00 00 00 00 00 00 Port Key 5 Port Key 0 Port Priority 32768 Port Priority 0 Port Number 5001 Port Number 0 Mode Active Mode Passive Timeout Long Timeout Short Individual Yes Individual Yes Synchronised Yes Synchronised Y...

Page 566: ...miting parameter of the thrash limiting command is set to vlan disable the output will also show the VLANs on which thrashing is detected For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show static channel group Mode User Exec and Privileged Exec Example awplus sho...

Page 567: ...up If the port is the last member to be removed the static channel group is deleted All the ports in a channel group must have the same VLAN configuration they must belong to the same VLANs and have the same tagging status and can only be operated on as a group Once the static channel group has been created it is treated as a device port and can be referred to in other commands that apply to devic...

Page 568: ...OUP To reference the pre defined static channel group 2 as an interface apply the example commands as below awplus configure terminal awplus config interface port1 0 6 awplus config if static channel group 2 awplus config if exit awplus config interface port 1 0 8 awplus config if static channel group 2 awplus config if exit awplus config interface sa2 awplus config if Related Commands show static...

Page 569: ...lability High Power Video Surveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x LINK AGGREGATION COMMANDS UNDEBUG LACP undebug lacp Overview This command applies the functionality of the no debug lacp command ...

Page 570: ... supported the SNMP Feature Overview and Configuration Guide for information about SNMP traps Power over Ethernet PoE is a technology allowing devices such as IP phones to receive power over existing LAN cabling PoE is configured using the commands in this chapter Note the Power Sourcing Equipment PSE referred to throughout this chapter is an Allied Telesis PoE switch running the AlliedWare Plus O...

Page 571: ...g power inline on page 565 power inline allow legacy on page 567 power inline description on page 568 power inline enable on page 569 power inline max on page 570 power inline priority on page 572 power inline usage threshold on page 574 service power inline on page 575 show debugging power inline on page 576 show power inline on page 577 show power inline counters on page 580 show power inline in...

Page 572: ...upported by the Power Ethernet MIB RFC 3621 Syntax clear power inline counters interface port list Mode Privileged Exec Usage The PoE counters are displayed with the show power inline counters command Examples To clear the PoE counters for port1 0 2only use the following command awplus clear power inline counters interface port1 0 2 To clear the PoE counters for port1 0 1 through port1 0 10 use th...

Page 573: ...display of PoE event and info debug messages on the console use the following commands awplus terminal monitor awplus debug power inline event info To enable PoE debugging and start the display of all PoE debugging messages on the console use the following commands awplus terminal monitor awplus debug power inline all To disable PoE debugging and stop the display of PoE event and info debug messag...

Page 574: ...lability High Power Video Surveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x POWER OVER ETHERNET COMMANDS DEBUG POWER INLINE Validation Commands show debugging power inline Related Commands terminal monitor ...

Page 575: ...s detection of pre IEEE 802 3af Power Ethernet standard legacy Powered Devices PDs Syntax power inline allow legacy no power inline allow legacy Default Detection of legacy PDs is enabled on all ports on the Power Sourcing Equipment PSE Mode Global Configuration Examples To disable detection of legacy PDs use the following commands awplus configure terminal awplus config no power inline allow lega...

Page 576: ...ge Select a PoE port a list of PoE ports or a range of PoE ports with the preceding interface to configure command If you specify a range or list of ports they must all be PoE capable ports Examples To add the description Desk Phone for a connected PD on port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if power inline description Desk P...

Page 577: ...X5 switches this command is supported on all PoE capable ports Select a PoE port a list of PoE ports or a range of PoE ports from the preceding interface to configure command If you specify a range or list of ports they must all be PoE capable ports No PoE log messages are generated for specified PoE port s after PoE is disabled The disabled PoE port s still provide Ethernet connectivity after PoE...

Page 578: ...t of this command sets the maximum power supplied to a PoE port to the default which is set to the maximum power limit for the class of the connected Powered Device PD Syntax power inline max 4000 30000 no power inline max Default The Power Sourcing Equipment PSE supplies the maximum power limit for the class of the PD connected to the port by default NOTE See the PoE Feature Overview and Configur...

Page 579: ... To set the maximum power supplied to ports in the range1 0 2 to 1 0 4 to 6450mW per port use the following commands awplus configure terminal awplus config interface port1 0 2 port1 0 4 awplus config if power inline max 6450 To set the maximum power supplied to port1 0 2 to 6450 mW use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if power inline...

Page 580: ...eceding interface to configure command If you specify a range or list of ports they must all be PoE capable ports PoE ports with higher priorities are given power before PoE ports with lower priorities If the priorities for two PoE ports are the same then the lower numbered PoE port is given power before the higher numbered PoE port See the PoE Feature Overview and Configuration Guide for further ...

Page 581: ...ort1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if power inline priority high To reset the priority level to the default for port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if no power inline priority Validation Commands show power inline show power inline interface show run...

Page 582: ...shold Default The default power usage threshold is 80 of the nominal power rating of the PSE Mode Global Configuration Usage Use the snmp server enable trap command to configure SNMP notification An SNMP notification is sent when the usage threshold as configured in the example is exceeded Examples To generate SNMP notifications when power supplied exceeds 70 of the nominal PSE power use the follo...

Page 583: ...efault PoE functionality is enabled by default on the PSE Mode Global Configuration Usage In a stack issuing this command enables PoE globally for all PoE ports In a stack configuration only stack members containing PoE hardware will have PoE enabled by default in software Examples To disable PoE on the PSE use the following commands awplus configure terminal awplus config no service power inline ...

Page 584: ... Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging power inline Mode User Exec and Privileged Exec Example To display PoE debug settings use the following command awplus show debugging power inline Output Figure 14 1 Example output from the show debugging power inline command Related Commands debug power inline terminal monito...

Page 585: ...atus Stack Member 2 Nominal Power 370W Power Allocated 246W Actual Power Consumption 151W Operational Status On Power Usage Threshold 80 296W PoE Interface Interface Admin Pri Oper Power Device Class Max mW port2 0 1 Enabled Low Powered 3840 n a 1 4000 C port2 0 2 Enabled High Powered 6720 n a 2 7000 C port2 0 3 Enabled Low Powered 14784 n a 3 15400 C port2 0 4 Enabled Crit Powered 14784 n a 3 154...

Page 586: ...ent PoE priorities for PoE ports on the PSE as configured from a power inline priority command Low displays when the low parameter is issued The lowest priority for a PoE enabled port default High displays when the high parameter is issued The second highest priority for a PoE enabled port Crit displays when the critical parameter is issued The highest priority for a PoE enabled port Oper The curr...

Page 587: ...he PD from the PSE See the Power over Ethernet Introduction chapter for further information about PD classes and the power levels assigned per class Max mW The power in milliwatts mW allocated for the PoE port Additionally note the following as displayed per PoE port U if the power limit for a port was user configured with the power inline max command L if the power limit for a port was supplied b...

Page 588: ...B objects are supported For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overviewand Configuration Guide Syntax show power inline counters port list Mode User Exec and Privileged Exec Usage To display all PoE event counters for all PoE ports on the PSE do not enter the optional interface parameter Example...

Page 589: ...E port s in the format portx y z where x is the device number y is the module number within the device and z is the PoE port number within the module MPSAbsent The number of instances when the PoE MPS Maintain Power Signature signal has been lost The PoE MPS signal is lost when a PD is disconnected from the PSE Also increments pethPsePortMPSAbsentCounter in the PoE MIB Overload The number of insta...

Page 590: ...orts on the switch use the following command awplus show power inline interface To display the PoE port specific information for the port range1 0 1 to 1 0 4 use the following command awplus show power inline interface port1 0 1 port1 0 4 Output Figure 14 4 Example output from the show power inline interface command Parameter Description port list Enter the PoE port s to display PoE specific infor...

Page 591: ...E go over the power budget Disabled displays when the PoE port is administratively disabled Off displays when PoE has been disabled for the port Fault displays when a PSE goes over its power allocation Power The power consumption in milliwatts mW for the PoE port when this command was entered Device The description of the connected PD device if a description has been added with the power inline de...

Page 592: ... Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show power inline interface port list detail Mode User Exec and Privileged Exec Usage To show detailed PoE information for all ports on the PSE do not specify any ports The power allocated to each port is listed in the Power allocated row and is limited by the maximum power per Powered Device PD class or a user c...

Page 593: ...e detail command output Parameter Description Interface The PoE port s in the format portx y z where x is the device number y is the module number within the device and z is the PoE port number within the module Powered device type The name of the PD if connected and if power is being supplied to the PD from the PSE configured with the power inline description command n a displays if a description...

Page 594: ...ower classes Power allocated The power in milliwatts mW allocated for the PoE port Additionally note the following as displayed per PoE port U if the power limit for a port was user configured with the power inline max command L if the power limit for a port was supplied by LLDP C if the power limit for a port was supplied by the PD class Detection of legacy devices is Enabled Disabled The status ...

Page 595: ... not supported by the AlliedWare Plus GVRP implementation GVRP and MSTP are mutually exclusive STP and RSTP are supported by GVRP VCStack is not supported by the current AlliedWare Plus GVRP implementation This chapter provides an alphabetical reference for commands used to configure GVRP For information about GVRP including configuration see the GVRP Feature Overview and Configuration Guide Comma...

Page 596: ...Command Reference for AT IX5 28GPX High Availability High Power Video Surveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x GVRP COMMANDS show gvrp timer on page 602 ...

Page 597: ...p statistics all interface Mode Privileged Exec Usage Use this command together with the show gvrp statistics command to troubleshoot GVRP Examples To clear all GVRP statistics for all switchport on the switch enter the command awplus clear gvrp statistics all To clear GVRP statistics for switchport interface port1 0 3 enter the command awplus clear gvrp statistics port1 0 3 Related Commands show ...

Page 598: ...nfig gvrp enable awplus config interface port1 0 1 port1 0 2 awplus config if gvrp To disable GVRP on interfaces port1 0 1 port1 0 2 enter the commands awplus configure terminal awplus config interface port1 0 1 port1 0 2 awplus config if no gvrp Examples To send debug output to the console for GVRP packets and GVRP commands and to enable the display of debug output on the console first enter the ...

Page 599: ...VRP commands to the console enter the commands awplus terminal monitor awplus configure terminal awplus config debug gvrp cli To stop sending debug output for GVRP packets and GVRP commands to the console and to stop the display of any debug output on the console enter the commands awplus terminal no monitor awplus configure terminal awplus config no debug gvrp all Related Commands show debugging ...

Page 600: ...mand before issuing a gvrp interface command You must enable GVRP on both ends of a link for GVRP to propagate VLANs between links NOTE MSTP is not supported by the current AlliedWare Plus GVRP implementation GVRP and MSTP are mutually exclusive STP and RSTP are supported by GVRP Private VLAN trunk ports are not supported by the current AlliedWare Plus GVRP implementation GVRP and private VLAN tru...

Page 601: ...nmodebefore enabling GVRP on an interface in Interface Configuration mode Both of these tasks must occur to create VLANs NOTE There is limit of 400 VLANs supported by the AlliedWare Plus GVRP implementation VLANsmaybenumbered1 4094 butalimitof400oftheseVLANsare supported Examples Enter the following commands for switches with hostnames switch1 and switch2 respectively so switch1 propagates VLANs t...

Page 602: ...ssue a gvrp enable global command before issuing a gvrp interface command You must enable GVRP on both ends of a link for GVRP to propagate VLANs between links NOTE MSTP is not supported by the current AlliedWare Plus GVRP implementation GVRP and MSTP are mutually exclusive STP and RSTP are supported by GVRP Private VLAN trunk ports are not supported by the current AlliedWare Plus GVRP implementat...

Page 603: ...efault mode Validate using the show gvrp configuration command Configuring a trunk port in fixed registration mode allows manual creation of VLANs Configuring a trunk port in forbidden registration mode prevents VLAN creation on the port Examples To configure GVRP registration to fixed on port1 0 1 enter the commands awplus configure terminal awplus config interface port1 0 1 awplus config if gvrp...

Page 604: ...ust be the same for all GVRP enabled switches See also the section Setting the GVRP Timers in the GVRP Feature Overview and Configuration Guide Use the show gvrp timer command to confirm GVRP timers set with this command Examples To set the GVRP join timer to 30 hundredths of a second 300 milliseconds for interface port1 0 1 enter the commands awplus configure terminal awplus config interface port...

Page 605: ...AlliedWare Plus Operating System Version 5 4 5 0 x GVRP COMMANDS GVRP TIMER To reset the GVRP join timer to its default of 20 hundredths of a second for interface port1 0 1 enter the commands awplus configure terminal awplus config interface port1 0 1 awplus config if no gvrp timer join Related Commands show gvrp timer ...

Page 606: ... in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging gvrp Mode User Exec and Privileged Exec Example Enter the following commands to display GVRP debugging output on the console awplus configure terminal awplus config debug gvrp all awplus config exit awplus show debugging gvrp Output See sample output from the show debugging gvrp command afte...

Page 607: ...AlliedWare Plus Feature Overview and Configuration Guide Syntax show gvrp configuration Mode User Exec and Privileged Exec Example To show GVRP configuration for the switch enter the command awplus show gvrp configuration Output The following is an output of this command displaying the GVRP configuration for a switch awplus show gvrp configuration Global GVRP Configuration GVRP Feature Enabled Dyn...

Page 608: ...g and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show gvrp machine Mode User Exec and Privileged Exec Example To show the GVRP state machine for the switch enter the command awplus show gvrp machine Output See the following output of this command displaying the GVRP state machine awplus show ...

Page 609: ...xec and Privileged Exec Usage Use this command together with the clear gvrp statistics command to troubleshoot GVRP Examples To show the GVRP statistics for all switchport interfaces enter the command awplus show gvrp statistics To show the GVRP statistics for switchport interfaces port1 0 1 and port1 0 2 enter the command awplus show gvrp statistics port1 0 1 port1 0 2 Output The following is an ...

Page 610: ... AlliedWare Plus Feature Overview and Configuration Guide Syntax show gvrp timer interface Mode User Exec and Privileged Exec Examples To show the GVRP timers for all switchport interfaces enter the command awplus show gvrp timer To show the GVRP timers for switchport interface port1 0 1 enter the command awplus show gvrp timer port1 0 1 Output The following show output displays data for timers on...

Page 611: ...ature Overview and Configuration Guide Command List arp aging timeout on page 604 arp mac disparity on page 605 arp IP address MAC on page 606 arp log on page 607 arp opportunistic nd on page 611 clear arp cache on page 612 clear ip dns forwarding cache on page 613 debug ip dns forwarding on page 614 debug ip packet interface on page 615 ip address on page 617 ip directed broadcast on page 619 ip ...

Page 612: ...name server on page 637 ip proxy arp on page 638 ip redirects on page 639 optimistic nd on page 640 ping on page 641 show arp on page 642 show debugging ip dns forwarding on page 644 show debugging ip packet on page 645 show hosts on page 647 show ip dns forwarding on page 648 show ip dns forwarding cache on page 649 show ip dns forwarding server on page 650 show ip domain list on page 651 show ip...

Page 613: ...amic ARP entries to ensure that the cache does not fill with entries for hosts that are no longer active Static ARP entries are not aged or automatically deleted By default the time limit for dynamic ARP entries is 300 seconds on all interfaces The no variant of this command sets the time limit to the default of 300 seconds Syntax arp aging timeout 0 432000 no arp aging timeout Default 300 seconds...

Page 614: ...valid for an ARP request to resolve a multicast MAC address By default ARP replies with a multicast MAC addresses are not learned This command allows control over the learning of dynamic ARPs that resolve to a multicast MAC address ARP MAC disparity may need to be enabled to support multicast network load balancing The arp mac disparity command allows ARP replies quoting multicast MAC addresses to...

Page 615: ...s in the ARP cache Syntax arp ip addr mac address port number alias no arp ip addr Mode Global Configuration Examples To add the IP address 10 10 10 9 with the MAC address 0010 2533 4655 into the ARP cache and have your device respond to ARP requests for this address use the commands awplus configure terminal awplus config arp 10 10 10 9 0010 2355 4566 alias Related Commands clear arp cache ip pro...

Page 616: ... HHHH or the IEEE format hexadecimal notation HH HH HH HH HH HH when you apply the mac address format ieee parameter Enter the arp log command without the optional mac address format ieee parameter specified for MAC addresses in the ARP log output to use the default hexadecimal notation HHHH HHHH HHHH Enter the arp log mac address format ieee command for MAC addresses in the ARP log output to use ...

Page 617: ...decimal notation HH HH HH HH HH HH and revert to the use of the default hexadecimal notation HHHH HHHH HHHH instead use the following commands awplus configure terminal awplus config no arp log mac address format ieee To display ARP log messages use following command awplus show log include ARP_LOG Output Below is example output from the show log include ARP_LOG command after enabling ARP logging ...

Page 618: ... 168 2 10 2010 Apr 6 06 26 53 user notice awplus HSL 1007 ARP_LOG port1 0 6 vlan1 del 00 30 94 0e 13 6b 192 168 2 20 2010 Apr 6 06 27 31 user notice awplus HSL 1007 ARP_LOG port1 0 6 vlan1 del 00 17 9a b6 03 69 192 168 2 12 2010 Apr 6 06 28 09 user notice awplus HSL 1007 ARP_LOG port1 0 6 vlan1 del 00 03 37 6b a6 a5 192 168 2 10 2010 Apr 6 06 28 14 user notice awplus IMISH 1830 show log include AR...

Page 619: ...lt Mode Global Configuration Usage When opportunistic neighbor discovery is enabled the device will reply to any received unsolicited ARP packets but not gratuitous ARP packets The source MAC address for the unsolicited ARP packet is added to the ARP cache so the device forwards the ARP packet When opportunistic neighbor discovery is disabled the source MAC address for the ARP packet is not added ...

Page 620: ...Pv4 address of an ARP entry to be cleared from the ARP cache Syntax clear arp cache ip address Mode Privileged Exec Usage To display the entries in the ARP cache use the show arp command To remove static ARP entries use the no variant of the arp IP address MAC command Example To clear all dynamic ARP entries use the command awplus clear arp cache To clear all dynamic ARP entries associated with th...

Page 621: ...5 4 5 0 x IP ADDRESSING AND PROTOCOL COMMANDS CLEAR IP DNS FORWARDING CACHE clear ip dns forwarding cache Overview Use this command to clear the DNS Relay name resolver cache Syntax clear ip dns forwarding cache Mode Privileged Exec Examples To clear all cached data use the command awplus clear ip dns forwarding cache Related Commands ip dns forwarding cache ...

Page 622: ...and to enable DNS Relay debugging Use the no variant of this command to disable DNS Relay debugging Syntax debug ip dns forwarding no debug ip dns forwarding Default DNS Relay debugging is disabled by default Mode Privileged Exec Examples To enable DNS forwarding debugging use the commands awplus debug ip dns forwarding To disable DNS forwarding debugging use the commands awplus no debug ip dns fo...

Page 623: ...ll or as a single Layer 3 interface to show debugging for either all interfaces or a single interface all Specify all Layer 3 interfaces on the device ip address Specify an IPv4 address If this keyword is specified then only packets with the specified IP address as specified in the ip address placeholder are shown in the output verbose Specify verbose to output more of the IP packet If this keywor...

Page 624: ... all interfaces on the device use the command awplus debug ip packet interface all To turn on TCP packet debugging on vlan1 and IP address 192 168 2 4 use the command awplus debug ip packet interface vlan1 address 192 168 2 4 tcp To turn off IP packet interface debugging on all interfaces use the command awplus no debug ip packet interface To turn off IP packet interface debugging on interface vla...

Page 625: ...and removes the IP address from the interface You cannot remove the primary address when a secondary address is present Syntax ip address ip addr prefix length secondary label label no ip address ip addr prefix length secondary no ip address Mode Interface Configuration for a VLAN interface or a local loopback interface Examples To add the primary IP address 10 10 10 50 24 to the interface vlan3 u...

Page 626: ...em Version 5 4 5 0 x IP ADDRESSING AND PROTOCOL COMMANDS IP ADDRESS To add the IP address 10 10 11 50 24 to the local loopback interface lo use the following commands awplus configure terminal awplus config interface lo awplus config if ip address 10 10 11 50 24 Related Commands interface to configure show ip interface show running config interface ...

Page 627: ...ion address is a broadcast address for some IP subnet but originates from a node that is not itself part of that destination subnet When a directed broadcast packet reaches a device that is directly connected to its destination subnet that packet is flooded as a broadcast on the destination subnet The ip directed broadcast c ommand controls the flooding of directed broadcasts when they reach targe...

Page 628: ...PX High Availability High Power Video Surveillance PoE Switch 619 AlliedWare Plus Operating System Version 5 4 5 0 x IP ADDRESSING AND PROTOCOL COMMANDS IP DIRECTED BROADCAST Related Commands ip forward protocol udp ip helper address show running config ...

Page 629: ... is disabled by default Mode Global Configuration Usage See the IP Feature Overview and Configuration Guide for more information about DNS Relay See the ip dns forwarding dead time command used with this command Examples To enable the forwarding of incoming DNS query packets use the commands awplus configure terminal awplus config ip dns forwarding To disable the forwarding of incoming DNS query p...

Page 630: ... of the cache entry will only be used when the time out period of the DNS reply from the DNS server is bigger than the time out period configured on the device Syntax ip dns forwarding cache size 0 1000 timeout 60 3600 no ip dns forwarding cache size timeout Default The default cache size is 0 no entries and the default lifetime is 1800 seconds Mode Global Configuration Usage See the IP Feature Ov...

Page 631: ...o stop sending DNS requests to an unresponsive server is 3600 seconds Mode Global Configuration Usage See the IP Feature Overview and Configuration Guide for more information about DNS Relay See the ip dns forwarding retry command used with this command Examples To set the DNS forwarding retry count to 50 and to set the DNS forwarding dead time to 1800 seconds use the commands awplus configure ter...

Page 632: ...requests to an unresponsive server Mode Global Configuration Usage See the IP Feature Overview and Configuration Guide for more information about DNS Relay See the ip dns forwarding dead time command used with this command Examples To set the DNS forwarding retry count to 50 and to set the DNS forwarding dead time to 1800 seconds use the commands awplus configure terminal awplus config ip dns forw...

Page 633: ...rding source interface Default The default is that no interface is set and the device selects the appropriate source IP address automatically Mode Global Configuration Usage See the IP Feature Overview and Configuration Guide for more information about DNS Relay Examples To set vlan1 as the source interface for relayed DNS queries use the commands awplus configure terminal awplus config ip dns for...

Page 634: ...3 seconds Syntax ip dns forwarding timeout 0 3600 no ip dns forwarding timeout Default The default timeout value is 3 seconds Mode Global Configuration Usage See the IP Feature Overview and Configuration Guide for more information about DNS Relay Examples To set the timeout value to 12 seconds use the commands awplus configure terminal awplus config ip dns forwarding timeout 12 To set the timeout ...

Page 635: ...t The no variant of this command deletes a domain from the list Syntax ip domain list domain name no ip domain list domain name Mode Global Configuration Usage If there are no domains in the DNS list then your device uses the domain specified with the ip domain name command If any domain exists in the DNS list then the device does not use the domain set using the ip domain name command Example To ...

Page 636: ...he DNS client The client will not attempt to resolve domain names You must use IP addresses to specify hosts in commands Syntax ip domain lookup no ip domain lookup Mode Global Configuration Usage The client is enabled by default However it does not attempt DNS inquiries unless there is a DNS server configured For more information about DNS clients see the IP Feature Overview and Configuration Gui...

Page 637: ...ode Global Configuration Usage If there are no domains in the DNS list created using the ip domain list command then your device uses the domain specified with this command If any domain exists in the DNS list then the device does not use the domain configured with this command When your device is using its DHCP client for an interface it can receive Option 15 from the DHCP server This option repl...

Page 638: ... forward protocol udp command is not enabled by default Mode Global Configuration Usage Combined with the ip helper address command in interface mode the ip forward protocol udp command in Global Configuration mode allows control of which protocols destination port numbers are forwarded The ip forward protocol udp command configures protocols for forwarding and the ip helper address command config...

Page 639: ...System Version 5 4 5 0 x IP ADDRESSING AND PROTOCOL COMMANDS IP FORWARD PROTOCOL UDP To delete a UDP port from the UDP ports that the device forwards use the following commands awplus configure terminal awplus config no ip forward protocol udp port Validation Commands show running config Related Commands ip helper address ip directed broadcast ...

Page 640: ...no ip gratuitous arp link Default The default Gratuitous ARP time limit for all switchports is 8 seconds Mode Global Configuration Usage Every switchport will send a sequence of 3 Gratuitous ARP packets to each VLAN that the switchport is a member of whenever the switchport moves to the forwarding state The first Gratuitous ARP packet is sent 1 second after the switchport becomes a forwarding swit...

Page 641: ... REV A AlliedWare Plus Operating System Version 5 4 5 0 x IP ADDRESSING AND PROTOCOL COMMANDS IP GRATUITOUS ARP LINK To restrict the sending of Gratuitous ARP packets to one every 20 seconds use the commands awplus configure terminal awplus config ip gratuitous arp link 20 Validation Commands show running config ...

Page 642: ...on port numbers are forwarded The ip forward protocol udp command configures protocols for forwarding and the ip helper address command configures the destination address es The destination address can be a unicast address or a subnet broadcast address The UDP destination port is configured separately with the ip forward protocol udp command If multiple destination addresses are registered then UD...

Page 643: ...dress to which to forward UDP broadcasts received on vlan2 awplus configure terminal awplus config interface vlan2 awplus config if ip helper address 192 168 1 100 The following example removes IPv4 address 192 168 1 100 as an IP Helper destination address to which to forward UDP broadcasts received on vlan2 awplus configure terminal awplus config interface vlan2 awplus config if no ip helper addr...

Page 644: ...ing on an interface your device does not generate or forward any ICMP Redirect messages on that interface This command does not enable proxy ARP on the interface see the ip proxy arp command for more information on enabling proxy ARP The no variant of this command disables Local Proxy ARP to stop your device from intercepting and responding to ARP requests between hosts within a subnet This allows...

Page 645: ...ntax ip name server ip addr no ip name server ip addr Mode Global Configuration Usage When your device is using its DHCP client for an interface it can receive Option 6 messages from the DHCP server This option appends the name server list with more DNS servers For more information about DHCP and DNS see the IP Feature Overview and Configuration Guide Examples To allow a device to send DNS queries...

Page 646: ...sted excluding the interface route that the ARP request arrived from It ignores all other ARP requests See the ip local proxy arp command about enabling your device to respond to other ARP messages The no variant of this command disables Proxy ARP responses on an interface Proxy ARP is disabled by default Syntax ip proxy arp no ip proxy arp Default Proxy ARP is disabled by default Mode Interface C...

Page 647: ... better route is available to a destination ICMP redirects are used when a packet is routed into the device on the same interface that the packet is routed out of the device ICMP redirects are also used when the subnet or network of the source address is on the same subnet or network as the next hop address for a packet Use the ip redirects command to allow the sending of ICMP redirects whenever t...

Page 648: ... is it not refreshed then the stale neighbors are deleted from the hardware L3 switching table The optimistic neighbor discovery feature enables the device to sustain L3 traffic switching to a neighbor without interruption Without the optimistic neighbor discovery feature enabled L3 traffic is interrupted when a neighbor is stale and is then deleted from the L3 switching table If a neighbor receiv...

Page 649: ... disable the do not fragment bit in the IP header interval 0 128 Specify the time interval in seconds between sending ping packets The default is 1 You can use decimal places to specify fractions of a second For example to ping every millisecond set the interval to 0 001 pattern hex data pattern Specify the hex data pattern repeat Specify the number of ping packets to send 1 2147483647 Specify rep...

Page 650: ...eged Exec Usage Running this command with no additional parameters will display all entries in the ARP routing and forwarding table Example To display all ARP entries in the ARP cache use the following command awplus show arp Output Figure 16 1 Example output from the show arp command awplus show arp IP Address MAC Address Interface Port Type 192 168 10 2 0015 77ad fad8 vlan1 port1 0 1 dynamic 192...

Page 651: ... 28GPX High Availability High Power Video Surveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x IP ADDRESSING AND PROTOCOL COMMANDS SHOW ARP Related Commands arp IP address MAC clear arp cache ...

Page 652: ...dns forwarding command For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging ip dns forwarding Mode User Exec and Privileged Exec Example To display the DNS Relay debugging status use the command awplus show debugging ip dns forwarding Output Figure 16 2 E...

Page 653: ...de User Exec and Privileged Exec Example To display theIP interface debugging statuswhen theterminal monitoroff use the command awplus terminal no monitor awplus show debug ip packet Output Figure 16 3 Example output from the show debugging ip packet command with terminal monitor off Example To display the IP interface debugging status when the terminal monitor is on use the command awplus termina...

Page 654: ... IX5 28GPX High Availability High Power Video Surveillance PoE Switch 645 AlliedWare Plus Operating System Version 5 4 5 0 x IP ADDRESSING AND PROTOCOL COMMANDS SHOW DEBUGGING IP PACKET Related Commands debug ip packet interface terminal monitor ...

Page 655: ...d saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show hosts Mode User Exec and Privileged Exec Example To display the default domain use the command awplus show hosts Output Figure 16 5 Example output from the show hosts command Related Commands ip domain list ip domain lookup ip domain name ip n...

Page 656: ...Overview Use this command to display the DNS Relay status Syntax show ip dns forwarding Mode User Exec and Privileged Exec Examples To display the DNS Relay status use the command awplus show ip dns forwarding Output Figure 16 6 Example output from the show ip dns forwarding command Related Commands ip dns forwarding awplus show ip dns forwarding Max Retry 2 Timeout 3 second s Dead Time 3600 secon...

Page 657: ... dns forwarding cache Mode User Exec and Privileged Exec Example To display the DNS Relay name resolver cache use the command awplus show ip dns forwarding cache Output Figure 16 7 Example output from the show ip dns forwarding cache command awplus show ip dns vrf RED forwarding cache Related Commands ip dns forwarding cache ip name server awplus show ip dns forwarding cache Host Address Expires F...

Page 658: ...s forwarding server Mode User Exec and Privileged Exec Examples To display the status of DNS Relay name servers use the command awplus show ip dns forwarding server Output Figure 16 8 Example output from the show ip dns forwarding server command Related Commands ip dns forwarding ip dns forwarding dead time Parameter Description forwarding server The DNS forwarding name server awplus show ip dns f...

Page 659: ...plete hostnames when sending a DNS inquiry to a DNS server For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip domain list Mode User Exec and Privileged Exec Example To display the list of domains in the domain list use the command awplus show ip domain list Ou...

Page 660: ...is domain to incomplete hostnames when sending a DNS inquiry to a DNS server For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip domain name Mode User Exec and Privileged Exec Example To display the default domain configured on your device use the command awplu...

Page 661: ...and Privileged Exec Examples To show brief information for the assigned IP address for interface port1 0 2 use the command awplus show ip interface port1 0 2 brief To show the IP addresses assigned to vlan2 and vlan3 use the command awplus show ip interface vlan2 3 brief Output Figure 16 11 Example output from the show ip interface brief command Parameter Description interface list The interfaces ...

Page 662: ...igured using the ip name server command For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip name server Mode User Exec and Privileged Exec Example To display the list of DNS servers that your device sends DNS requests to use the command awplus show ip name serv...

Page 663: ...d to receive IP packets with the associated protocol number For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip sockets Mode Privileged Exec Usage Use this command to verify that the socket being used is opening correctly If there is a local and remote endpoint...

Page 664: ... ip sockets command Parameter Description Not showing number local connections This field refers to established sessions between processes internal to the device that are used in its operation and management These sessions are not displayed as they are not useful to the user number is some positive integer Not showing number local listening ports This field refers to listening sockets belonging to...

Page 665: ...iana org assignments protocol numbers Remote Address For TCP and UDP listening sockets this shows the source IP address either IPv4 or IPv6 and source TCP or UDP port number for which the socket will accept packets The address and port are separated by If the socket will accept packets addressed from any IP address the IP address will be 0 0 0 0 for IPv4or for IPv6 This is the usual case for a lis...

Page 666: ...IP traffic sent and received by all interfaces on the device showing totals for IP and IPv6 and then broken down into sub categories such as TCP UDP ICMP and their IPv6 equivalents when appropriate For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip traffic Mod...

Page 667: ... 7 local listening ports 261 active connection openings 247 passive connection openings 14 connection attempts failed 122535 segments received 122535 segments transmitted 14 resets transmitted 227 TCP sockets finished time wait in fast timer 155 delayed acks sent 21187 headers predicted 736 pure ACKs 80497 pure ACKs predicted UDP 139468 datagrams received 139468 datagrams sent UDPLite Table 16 5 P...

Page 668: ...d packets received received packets discarded Received packets discarded received packets delivered Received packets delivered forwarded packets transmitted Forwarded packets transmitted packets transmitted Packets transmitted packets discarded on transmit Packets discarded on transmit packets discarded on transmit due to no route Packets discarded on transmit due to no route fragment reassembly t...

Page 669: ...ms received Datagrams received received for unknown port Received for unknown port datagrams sent Datagrams sent syncookies sent Syncookies sent syncookies received Syncookies received syncookies failed Syncookies failed embryonic resets Embryonic resets sockets pruned Sockets pruned ICMPs out of window ICMPs out of window ICMPs dropped due to lock ICMPs dropped due to lock ARPs filtered ARPs filt...

Page 670: ... undos SACK undos loss undos Loss undos segments lost Segments lost lost retransmits Lost retransmits TCP Reno failures TCP Reno failures SACK failures SACK failures loss failures Loss failures fast retransmits Fast retransmits forward retransmits Forward retransmits retransmits in slow start Retransmits in slow start timeouts Timeouts TCP Reno recovery failures TCP Reno recovery failures SACK rec...

Page 671: ...ssure events SACKs discarded SACKs discarded Old DSACKs ignored Old DSACKs ignored DSACKs ignored without undo DSACKs ignored without undo Spurious RTOs Spurious RTOs TCP MD5 Not Found TCP MD5 Not Found TCP MD5 Unexpected TCP MD5 Unexpected TCP SACKs shifted TCP SACKs shifted TCP SACKs merged TCP SACKs merged TCP SACK shift fallback TCP SACK shift fallback UDP UDP Counters UDPLite UDPLite Counters...

Page 672: ...d to display TCP IP traffic Press ctrl c to stop a running tcpdump Syntax tcpdump line Mode Privileged Exec Example To start a tcpdump running to capture IP packets enter the command awplus tcpdump ip Output Figure 16 15 Example output from the tcpdump command Related Commands debug ip packet interface Parameter Description line Specify the dump options For more information on the options for this...

Page 673: ... IP ADDRESSING AND PROTOCOL COMMANDS TRACEROUTE traceroute Overview Use this command to trace the route to the specified IPv4 host Syntax traceroute ip addr hostname Mode User Exec and Privileged Exec Example awplus traceroute 10 10 0 5 Parameter Description ip addr The destination IPv4 address The IPv4 address uses the format A B C D hostname The destination hostname ...

Page 674: ...gh Power Video Surveillance PoE Switch 665 AlliedWare Plus Operating System Version 5 4 5 0 x IP ADDRESSING AND PROTOCOL COMMANDS UNDEBUG IP PACKET INTERFACE undebug ip packet interface Overview This command applies the functionality of the no debug ip packet interface command ...

Page 675: ...erence for AT IX5 28GPX High Availability High Power Video Surveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x IP ADDRESSING AND PROTOCOL COMMANDS UNDEBUG IP PACKET INTERFACE ...

Page 676: ...pv6 neighbors on page 667 ipv6 address on page 668 ipv6 address autoconfig on page 670 ipv6 enable on page 672 ipv6 forwarding on page 674 ipv6 nd managed config flag on page 675 ipv6 nd minimum ra interval on page 676 ipv6 nd other config flag on page 677 ipv6 nd prefix on page 678 ipv6 nd ra interval on page 680 ipv6 nd ra lifetime on page 681 ipv6 nd raguard on page 682 ipv6 nd reachable time o...

Page 677: ...oE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x IPV6 COMMANDS show ipv6 forwarding on page 691 show ipv6 interface brief on page 692 show ipv6 neighbors on page 693 show ipv6 route on page 694 show ipv6 route summary on page 696 traceroute ipv6 on page 697 ...

Page 678: ...o Surveillance PoE Switch 667 AlliedWare Plus Operating System Version 5 4 5 0 x IPV6 COMMANDS CLEAR IPV6 NEIGHBORS clear ipv6 neighbors Overview Use this command to clear all dynamic IPv6 neighbor entries Syntax clear ipv6 neighbors Mode Privileged Exec Example awplus clear ipv6 neighbors ...

Page 679: ...ugh stateless address autoconfiguration SLAAC if the device received an RA Router Advertisement specifying this prefix See ipv6 address autoconfig for a detailed command description and examples to enable and disable SLAAC For more information see IPv6 EUI 64 Addressing in the IPv6 Feature Overview and Configuration Guide Note that link local addresses are retained in the system until they are neg...

Page 680: ...ing commands awplus configure terminal awplus config interface vlan2 awplus config if no ipv6 address 2001 0db8 a2 64 To assign the eui64 derived address in the prefix 2001 db8 48 to VLAN interface vlan2 use the following commands awplus configure terminal awplus config interface vlan2 awplus config fr subif ipv6 address 2001 0db8 48 eui64 To remove the eui64 derived address in the prefix 2001 db8...

Page 681: ...uter Advertisement RA containing configuration parameters for IPv6 hosts The SLAAC process derives the interface identifier of the IPv6 address from the MAC address of the interface When applying SLAAC to an interface note that the MAC addressof thedefaultVLAN isappliedtotheinterfaceif theinterface doesnot have its own MAC address If SLAAC is not suitable then a network can use stateful configurat...

Page 682: ... Version 5 4 5 0 x IPV6 COMMANDS IPV6 ADDRESS AUTOCONFIG To disable SLAAC on the VLAN interface vlan2 use the following commands awplus configure terminal awplus config interface vlan2 awplus config if no ipv6 address autoconfig Validation Commands show running config show ipv6 interface brief show ipv6 route Related Commands ipv6 address ipv6 enable ...

Page 683: ...or for a point to point connection Routing does not forward packets with link local addresses IPv6 requires that a link local address is assigned to each interface that has the IPv6 protocol enabled and when addresses are assigned to interfaces for routing IPv6 packets Note that link local addresses are retained in the system until they are negated by using the no variant of the command that estab...

Page 684: ...mand Reference for AT IX5 28GPX High Availability High Power Video Surveillance PoE Switch 673 AlliedWare Plus Operating System Version 5 4 5 0 x IPV6 COMMANDS IPV6 ENABLE Related Commands ipv6 address ipv6 address autoconfig ...

Page 685: ...s disabled by default Usage Enable IPv6 unicast forwarding globally for all interface on your device with this command Use the no variant of this command to disable IPv6 unicast forwarding globally for all interfaces on your device IPv6 unicast forwarding allows devices to communicate with devices that are more than one hop away providing that there is a route to the destination address If IPv6 fo...

Page 686: ...sts receiving the advertisements to use a stateless autoconfiguration mechanism to establish their IPv6 addresses The default is flag unset Use the no variant of this command to reset this command to its default of flag unset Syntax ipv6 nd managed config flag no ipv6 nd managed config flag Default Unset Mode Interface Configuration for a VLAN interface Usage Advertisement flags will not be transm...

Page 687: ...seconds Default The RA interval for a VLAN interface is unset by default Mode Interface Configuration for a VLAN interface Examples To set the minimum RA interval for the VLAN interface vlan2 use the following commands awplus configure terminal awplus config interface vlan2 awplus config if ipv6 nd minimum ra interval 60 To remove the minimum RA interval for the VLAN interface vlan2 use the follow...

Page 688: ...onfig flag command implies that the ipv6 nd other config flag will also be set Use no variant of this command to reset the value to the default Syntax ipv6 nd other config flag no ipv6 nd other config flag Default Unset Mode Interface Configuration for a VLAN interface Usage Advertisement flags will not be transmitted unless you have applied the ipv6 nd suppress ra command This step is included in...

Page 689: ...prefix length The prefix to be advertised by the router advertisement message The IPv6 address prefix uses the format X X prefix length The prefix length is usually set between 0 and 64 The default is X X 64 valid lifetime The the period during which the specified IPv6 address prefix is valid This can be set to a value between 0 and 4294967295 seconds The default is 2592000 30 days Note that this ...

Page 690: ... of 5 days awplus configure terminal awplus config interface vlan4 awplus config if ipv6 nd prefix 2001 0db8 64 864000 432000 Thefollowing exampleconfiguresthedevice toissuerouteradvertisementsonthe VLAN interface vlan4 and advertises the address prefix of 2001 0db8 64 with a valid lifetime of 10 days a preferred lifetime of 5 days and no prefix used for autoconfiguration awplus configure terminal...

Page 691: ...ault 600 seconds Mode Interface Configuration for a VLAN interface Usage Advertisement flags will not be transmitted unless you have applied the ipv6 nd suppress ra command as shown in the example below Example To set the advertisements interval on the VLAN interface vlan4 to be 60 seconds use the following commands awplus configure terminal awplus config interface vlan4 awplus config if ipv6 nd r...

Page 692: ...rface Usage This command specifies the lifetime of the current router to be announced in IPv6 Router Advertisements Advertisement flags will not be transmitted unless you have applied the ipv6 nd suppress ra command This instruction is included in the example shown below Examples To set the advertisement lifetime of 8000 seconds on the VLAN interface vlan4 use the following commands awplus configu...

Page 693: ...s and redirect messages RA Guard blocks RAs from untrusted hosts Blocking RAs stops untrusted hosts from flooding malicious RAs and stops any misconfigured hosts from disrupting traffic on the local network Enabling RA Guard on a port blocks RAs from a connected host and indicates the port and host are untrusted Disabling RA Guard on a port allows RAs from a connected host and indicates the port a...

Page 694: ...illance PoE Switch 683 AlliedWare Plus Operating System Version 5 4 5 0 x IPV6 COMMANDS IPV6 ND RAGUARD Output Example output from a show running config interface port1 0 2 to verify RA Guard Related Commands show running config interface interface port1 0 2 switchport mode access ipv6 nd raguard ...

Page 695: ...rtisement flags will not be transmitted unless you have applied the ipv6 nd suppress ra command This instruction is included in the example shown below Example To set the reachable time in router advertisements on the VLAN interface vlan4 to be 1800000 milliseconds enter the following commands awplus configure terminal awplus config interface vlan4 awplus config if ipv6 nd reachable time 1800000 a...

Page 696: ...onds Default 1000 milliseconds 1 second Mode Interface Configuration for a VLAN interface Examples To set the retransmission time of Neighbor Solicitation on the VLAN interface vlan2 to be 800000 milliseconds enter the following commands awplus configure terminal awplus config interface vlan2 awplus config if ipv6 nd retransmission time 800000 To reset the retransmission time of Neighbor Solicitat...

Page 697: ...plying IPv6 stateless auto configuration Use no parameter with this command to enable Router Advertisement transmission Syntax ipv6 nd suppress ra no ipv6 nd suppress ra Default Router Advertisement RA transmission is suppressed by default Mode Interface Configuration for a VLAN interface Example To enable the transmission of router advertisements from the VLAN interface vlan4 on the device use th...

Page 698: ...n Usage Use this command to clear a specific IPv6 neighbor entry To clear all dynamic address entries use the clear ipv6 neighbors command Example To create a static neighbor entry for IPv6 address 2001 0db8 a2 on vlan 4 MAC address 0000 cd28 0880 on port1 0 6 use the command awplus configure terminal awplus config ipv6 neighbor 2001 0db8 a2 vlan4 0000 cd28 0880 port1 0 6 Related Commands clear ip...

Page 699: ...fault Mode Global Configuration Usage When opportunistic neighbor discovery is enabled the device will reply to any received unsolicited ICMPv6 ND packets The source MAC address for the unsolicited ICMPv6 ND packet is added to the IPv6 ND cache so the device forwards the ICMPv6 ND packet When opportunistic neighbor discovery is disabled the source MAC address for the ICMPv6 packet is not added to ...

Page 700: ...length gateway ip gateway name distvalue Mode Global Configuration Example awplus configure terminal awplus config ipv6 route myintname 322001 0db8 1 128 Validation Commands show running config show ipv6 route Parameter Description dest prefix length Specifies the IP destination prefix The IPv6 address prefix uses the format X X prefix length The prefix length is usually set between 0 and 64 gatew...

Page 701: ...name The destination hostname repeat Specify the number of ping packets to send 1 2147483647 Specify repeat count The default is 5 size 10 1452 The number of data bytes to send excluding the 8 byte ICMP header The default is 56 64 ICMP data bytes interface interface list The interface or range of configured IP interfaces to use as the source in the IP header of the ping packet timeout 1 65535 The ...

Page 702: ...verview Use this command to display IPv6 forwarding status For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ipv6 forwarding Mode User Exec and Privileged Exec Example awplus show ipv6 forwarding Output Figure 17 1 Example output from the show ipv6 forwarding co...

Page 703: ...ntrolling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ipv6 interface brief Mode User Exec and Privileged Exec Examples awplus show ipv6 interface brief Output Figure 17 2 Example output from the show ipv6 interface brief command Related Commands show interface brief Parameter Description brief Specify this optional parameter ...

Page 704: ...n 5 4 5 0 x IPV6 COMMANDS SHOW IPV6 NEIGHBORS show ipv6 neighbors Overview Use this command to display all IPv6 neighbors For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ipv6 neighbors Mode User Exec and Privileged Exec ...

Page 705: ...le output of the show ipv6 route command Parameter Description connected Displays only the routes learned from connected interfaces database Displays only the IPv6 routing information extracted from the database static Displays only the IPv6 static routes you have configured summary Displays summary information from the IPv6 routing table ipv6 address Displays the routes for the specified address ...

Page 706: ...6 ROUTE Example 2 To display all database entries for an IP route use the following command awplus show ipv6 route database Output Figure 17 4 Example output of the show ipv6 route database command IPv6 Routing Table Codes C connected S static selected route FIB route p stale info Timers Uptime S 0 1 0 via 2001 a 0 0 c0a8 a01 inactive 6d22h12m 1 0 via 2001 fa 0 0 c0a8 fa01 inactive 6d22h12m ...

Page 707: ...ving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ipv6 route summary Mode User Exec and Privileged Exec Example To display IP route summary use the following command awplus show ipv6 route summary Output Figure 17 5 Example output from the show ipv6 route summary command Related Commands show ip ...

Page 708: ...Use this command to trace the route to the specified IPv6 host Syntax traceroute ipv6 ipv6 addr hostname Mode User Exec and Privileged Exec Example To run a traceroute for the IPv6 address 2001 0db8 a2 use the following command awplus traceroute ipv6 2001 0db8 a2 Related Commands ping ipv6 Parameter Description ipv6 addr The destination IPv6 address The IPv6 address uses the format X X X X hostnam...

Page 709: ...Commands Introduction Overview This chapter provides an alphabetical reference of routing commands that are common across the routing IP protocols For more information seetheRoute SelectionFeatureOverviewandConfiguration Guide Command List ip route on page 698 maximum paths on page 700 show ip route on page 701 show ip route database on page 703 show ip route summary on page 704 ...

Page 710: ...inistrative distance can be modified so static routes do not take priority over other routes Specify a Null interface to add a null or blackhole route to the switch A null or blackhole route is a routing table entry that does not forward packets so any packets sent to it are dropped Examples To add the destination 192 168 3 0 with the mask 255 255 255 0 as a static route available through the devi...

Page 711: ...configure terminal awplus config no ip route 192 168 3 0 255 255 255 0 10 10 0 2 To specify a null or blackhole route 192 168 4 0 24 so packets forwarded to this route are dropped use the commands awplus configure terminal awplus config ip route 192 168 4 0 24 null To add the destination 192 168 3 0 with the mask 255 255 255 0 as a static route available through the device at 10 10 0 2 with an adm...

Page 712: ...bled by default The no variant of this command sets the maximum paths to the default of 4 Syntax maximum paths 1 8 no maximum paths Default By default the maximum number of paths is 4 Mode Global Configuration Examples To set the maximum number of paths for each route in the FIB to 5 use the command awplus configure terminal awplus config maximum paths 5 To set the maximum paths for a route to the...

Page 713: ... static routes in the FIB use the command awplus show ip route static Output Eachentry inthe outputfromthiscommandhasa codepreceding it indicating the source of the routing entry The first few lines of the output list the possible codes that may be seen with the route entries Typically route entries are composed of the following elements code a second label indicating the sub type of the route net...

Page 714: ...rface vlan2 These routes are marked as Connected routes C and always preferred over routes for the same network learned from other routing protocols Related Commands show ip route database Codes C connected S static R RIP O OSPF IA OSPF inter area N1 OSPF NSSA external type 1 N2 OSPF NSSA external type 2 E1 OSPF external type 1 E2 OSPF external type 2 candidate default C 3 3 3 0 24 is directly con...

Page 715: ...ommand awplus show ip route database static Output Figure 18 2 Example output from the show ip route database command The routes added to the FIB are marked with a When multiple routes are available for the same prefix the best route is indicated with the symbol All unselected routes have neither the nor the symbol Related Commands show ip route Parameter Description connected Displays only the ro...

Page 716: ... the lines displayed use the output modifiertoken to save the output to a file use the output redirection token Syntax show ip route summary Mode User Exec and Privileged Exec Example To display a summary of the current RIB entries use the command awplus show ip route summary Output Figure 18 3 Example output from the show ip route summary command Related Commands show ip route show ip route datab...

Page 717: ...embedded RP multicast prefix is ff7x 120 2001 0db8 96 For ASM Any Source Multicast the IPV6 multicastaddressesallocatedfor documentationpurposes areff0x 0db8 0 0 96asper RFC6676 Thisisa 96prefixsothatitcanbeusedwithgroupIDsasperRFC3307 These addresses should not be used for practical networks other than for testing purposes nor should they appear in any public network The IPv6 addresses shown use ...

Page 718: ...MMANDS ip multicast route limit on page 718 ip multicast wrong vif suppression on page 719 ip multicast routing on page 720 ipv6 multicast route on page 721 ipv6 multicast route limit on page 724 ipv6 multicast routing on page 725 multicast on page 726 show ip mroute on page 727 show ip mvif on page 729 show ip rpf on page 730 show ipv6 mroute on page 731 show ipv6 mif on page 733 ...

Page 719: ...rs the IPv4 multicast route entries in its IPv4 multicast route table and removes the entries from the multicast forwarder The MRIB sends a clear message to the multicast protocols Each multicast protocol has its own clear multicast route command The protocol specific clear command clears multicast routes from PIM Sparse Mode and also clears the routes from the MRIB Examples awplus clear ip mroute...

Page 720: ...e multicast route statistics entries from the IP multicast routing table Syntax clear ip mroute statistics ipv4 group addr ipv4 source addr Mode Privileged Exec Example awplus clear ip mroute statistics 225 1 1 2 192 168 4 4 awplus clear ip mroute statistics Parameter Description All multicast route entries ipv4 group addr Group IPv4 address in dotted decimal notation in the format A B C D ipv4 so...

Page 721: ...ormation Base MRIB clears the relevant IPv6 multicast route entries in its IPv6 multicast route table and removes the entries from the multicast forwarder The MRIB sends a clear message to the multicast protocols Each multicast protocol has its own clear multicast route command This command does not remove static routes from the routing table or the configuration Toremove static routes use the no ...

Page 722: ...rdynamicIPv6multicastroutes Use the clear ipv6 mroute command to clear static IPv6 multicast routes and ensure dynamic IPv6 multicast routes cantake over from previous static IPv6 multicast routes Syntax clear ipv6 mroute statistics ipv6 group address ipv6 source address Mode Privileged Exec Examples awplus clear ipv6 mroute statistics 2001 2 ff08 1 awplus clear ipv6 mroute statistics Parameter De...

Page 723: ... terminal awplus config debug nsm mcast fib msg awplus configure terminal awplus config debug nsm mcast mrt awplus configure terminal awplus config debug nsm mcast mtrace awplus configure terminal awplus config debug nsm mcast mtrace detail awplus configure terminal awplus config debug nsm mcast register awplus configure terminal awplus config debug nsm mcast stat awplus configure terminal awplus ...

Page 724: ...lobal Configuration Examples awplus configure terminal awplus config debug nsm mcast6 all awplus configure terminal awplus config debug nsm mcast6 fib msg awplus configure terminal awplus config debug nsm mcast6 mif awplus configure terminal awplus config debug nsm mcast6 mrt awplus configure terminal awplus config debug nsm mcast6 register awplus configure terminal awplus config debug nsm mcast6 ...

Page 725: ...to statically configure the device with multicast routes back to given sources When performing the RPF check on a stream from a given IPv4 source the multicast routing protocol will look at these static entries as well as looking into the unicast routing table The route with the lowest administrative distance whether a static multicast route or a route from the unicast route table will be chosen a...

Page 726: ... router Examples The following example creates a static multicast IPv4 route back to the sources in the 10 10 3 0 24 subnet The multicast route is via the host 192 168 2 3 and has an administrative distance of 2 awplus configure terminal awplus config ip mroute 10 10 3 0 24 static 2 192 168 2 3 2 The following example creates a static multicast IPv4 route back to the sources in the192 168 3 0 24su...

Page 727: ...first packets in a multicast stream that create the multicast route possibly causing degradation in the quality of the multicast stream such as the pixelation of video and audio data NOTE Ifyouusethiscommand ensurethattheipigmpsnoopingcommandisenabled the default setting otherwise the device will not process the first packets of the multicast stream correctly The device will forward the first mult...

Page 728: ... for a static multicast route is configured PIM will not be able to update this multicast route in any way If a dynamic multicast route exists you cannot create a static multicast route with same source IPv4 address group IPv4 address upstream VLAN and downstream VLANs An error message is displayed and logged To add a new static multicast route either wait for the dynamic multicast route to timeou...

Page 729: ... the multicast source IPv4 address 2 2 2 2 and group IPv4 address 224 9 10 11 specifying the upstream VLAN interface as vlan10 use the following commands awplus configure terminal awplus config ip multicast route 2 2 2 2 224 9 10 11 vlan10 To create an IPv4 static multicast route for the multicast source IPv4 address 2 2 2 2 and group IP address 224 9 10 11 specifying the upstream VLAN interface a...

Page 730: ...lue is 2147483647 Mode Global Configuration Usage This command limits the number of multicast IPv4 routes mroutes that can be added to a router and generates an error message when the limit is exceeded If the threshold parameter is set a threshold warning message is generated when this threshold is exceeded and the message continues to occur until the number of mroutes reaches the limit set by the...

Page 731: ...sion Syntax ip ip multicast wrong vif suppression no ip multicast wrong vif suppression Default By default this feature is disabled Mode Global Configuration Usage Use this command if there is excessive CPU load and multicast traffic is enabled To confirm that VIF messages are being sent to the CPU use the debug nsm mcast6 command Examples To enable the suppression of wrong VIF packets use the fol...

Page 732: ...stated below Syntax ip multicast routing no ip multicast routing Default By default IPv4 multicast routing is off Mode Global Configuration Usage When the no variant of this command is used the Multicast Routing Information Base MRIB cleans up Multicast Routing Tables MRT stops IGMP operation and stops relaying multicast forwarder events to multicast protocols When multicast routing is enabled the...

Page 733: ...ce addr ipv6 group addr upstream vlan id downstream vlan id Default By default no static routes exist Mode Global Configuration Usage Only one multicast route entry per IPv6 address and multicast group can be specified Therefore if one entry for an IPv6 static multicast route is configured PIM will not be able to update this multicast route in any way If a dynamic multicast route exists you cannot...

Page 734: ...ic in the event of ring failure or restoration When configuring the EPSR data VLAN statically configure mrouter ports so that the multicast router can be reached in either direction around the EPSR ring For example if port1 0 1 and port1 0 14 are ports on an EPSR data VLAN vlan101 which is the destination for a static IPv6 multicast route then configure both ports as multicast router mrouter ports...

Page 735: ...and group IPv6 address ff08 1 specifying the upstream VLAN interface as vlan10 and the downstream VLAN range as vlan20 25 use the following commands awplus configure terminal awplus config ipv6 multicast route 2001 1 ff08 1 vlan10 vlan20 25 To remove the downstream VLAN 23 from the IPv6 static multicast route created with the above command use the following commands awplus configure terminal awplu...

Page 736: ...value is 2147483647 Mode Global Configuration Usage This command limits the number of multicast IPv6 routes mroutes that can be added to a router and generates an error message when the limit is exceeded If the threshold parameter is set a threshold warning message is generated when this threshold is exceeded and the message continues to occur until the number of mroutes reaches the limit set by t...

Page 737: ... multicast routing no ipv6 multicast routing Default By default IPv6 multicast routing is off Mode Global Configuration Usage When the no variant of this command is used the Multicast Routing Information Base MRIB cleans up Multicast Routing Tables MRT and stops relaying multicast forwarder events to multicast protocols When multicast routing is enabled the MRIB starts processing any MRT addition ...

Page 738: ... Note that this does not affect Layer 2 forwarding of multicast packets If you enter no multicast on a port multicast packets received on that port will not be forwarded to other VLANs but ports in the same VLANs as the receiving port will still receive the multicast packets Syntax multicast no multicast Default By default all device ports route multicast packets Mode Interface Configuration Examp...

Page 739: ... and without specifying the group and source IPv4 address Figure 19 2 Example output from the show ip mroute command Parameter Description ipv4 group addr Group IPv4 address in dotted decimal notation in the format A B C D ipv4 source addr Source IPv4 address in dotted decimal notation in the format A B C D dense Display dense IPv4 multicast routes sparse Display sparse IPv4 multicast routes count...

Page 740: ...erface TTL 10 10 1 52 224 0 1 3 uptime 00 03 24 stat expires 00 01 28 Owner PIM SM Flags TF Incoming interface vlan2 Outgoing interface list vlan3 1 awplus show ip mroute count IP Multicast Statistics Total 1 routes using 132 bytes memory Route limit Route threshold 2147483647 2147483647 Total NOCACHE WRONGVIF WHOLEPKT recv from fwd 1 0 0 Total NOCACHE WRONGVIF WHOLEPKT sent to clients 1 0 0 Immed...

Page 741: ...ple awplus show ip mvif vlan2 Output Figure 19 6 Example output from the show ip mvif command Figure 19 7 Example output from the show ip mvif command with the interface parameter vlan2 specified Parameter Description interface The interface to display information about Interface Vif Owner TTL Local Remote Uptime Idx Module Address Address vlan2 0 PIM SM 1 192 168 1 53 0 0 0 0 00 04 26 Register 1 ...

Page 742: ...MULTICAST COMMANDS SHOW IP RPF show ip rpf Overview Use this command to display Reverse Path Forwarding RPF information for the specified IPv4 source address Syntax show ip rpf source addr Mode User Exec and Privileged Exec Example awplus show ip rpf 10 10 10 50 Parameter Description ipv4 source addr Source IPv4 address in dotted decimal notation in the format A B C D ...

Page 743: ...he IPv6 multicast routing table for a single static IPv6 Multicast route Figure 19 8 Example output from the show ipv6 mroute command The following is a sample output of this command displaying the IPv6 multicast routing count table for a single static IPv6 Multicast route Parameter Description ipv6 group addr Group IPv6 address in hexadecimal notation in the format X X X X ipv6 source addr Source...

Page 744: ...emory Route limit Route threshold 1024 1024 Total NOCACHE WRONGmif WHOLEPKT recv from fwd 6 0 0 Total NOCACHE WRONGmif WHOLEPKT sent to clients 6 0 0 Immediate Timed stat updates sent to clients 0 0 Reg ACK recv Reg NACK recv Reg pkt sent 0 0 0 Next stats poll 00 01 14 Forwarding Counts Pkt count Byte count Other Counts Wrong If pkts Fwd msg counts WRONGmif WHOLEPKT recv Client msg counts WRONGmif...

Page 745: ...vileged Exec Example awplus show ipv6 mif awplus show ipv6 mif vlan2 Output Figure 19 11 Example output from the show ipv6 mif command Figure 19 12 Example output from the show ipv6 mif command with the interface parameter vlan2 specified Parameter Description interface The interface to display information about awplus show ipv6 mif Interface Mif Owner Uptime Idx Module vlan3 0 MLD MLD Proxy Servi...

Page 746: ...mand Command List clear ip igmp on page 735 clear ip igmp group on page 736 clear ip igmp interface on page 737 debug igmp on page 738 ip igmp on page 739 ip igmp access group on page 740 ip igmp immediate leave on page 741 ip igmp last member query count on page 742 ip igmp last member query interval on page 743 ip igmp limit on page 744 ip igmp mroute proxy on page 746 ip igmp proxy service on p...

Page 747: ...gmp snooping tcn query solicit on page 764 ip igmp source address check on page 766 ip igmp ssm on page 767 ip igmp ssm map enable on page 768 ip igmp ssm map static on page 769 ip igmp static group on page 771 ip igmp startup query count on page 773 ip igmp startup query interval on page 774 ip igmp version on page 775 show debugging igmp on page 776 show ip igmp groups on page 777 show ip igmp i...

Page 748: ...AR IP IGMP clear ip igmp Overview Use this command to clear all IGMP group membership records on all VLAN interfaces Syntax clear ip igmp Mode Privileged Exec Usage This command applies to VLAN interfaces configured for IGMP IGMP Snooping or IGMP Proxy Example awplus clear ip igmp Validation Commands show ip igmp interface show running config Related Commands clear ip igmp group clear ip igmp inte...

Page 749: ...s learned by IGMP IGMP Snooping or IGMP Proxy In addition to the group a VLAN interface can be specified Specifying this will mean that only entries with the group learned on the interface will be deleted Examples awplus clear ip igmp group awplus clear ip igmp group 224 1 1 1 vlan1 Validation Commands show ip igmp interface show running config Related Commands clear ip igmp clear ip igmp interfac...

Page 750: ...roup membership records on a particular VLAN interface Syntax clear ip igmp interface interface Mode Privileged Exec Usage This command applies to interfaces configured for IGMP IGMP Snooping or IGMP Proxy Example awplus clear ip igmp interface vlan1 Validation Commands show ip igmp interface show running config Related Commands clear ip igmp clear ip igmp group Parameter Description interface Spe...

Page 751: ...MP Syntax debug igmp all decode encode events fsm tib no debug igmp all decode encode events fsm tib Modes Privileged Exec and Global Configuration Usage This command applies to interfaces configured for IGMP IGMP Snooping or IGMP Proxy Example awplus configure terminal awplus config debug igmp all Related Commands show debugging igmp undebug igmp Parameter Description all Enable or disable all de...

Page 752: ...of this command to return all IGMP related configuration to the default on this interface Syntax ip igmp no ip igmp Default Disabled Mode Interface Configuration for a VLAN interface Usage This command can only be configured on VLAN interfaces and will have no effect on IGMP Proxy or IGMP Snooping configuration NOTE An IP address must be assigned to the VLAN first before this command will work Exa...

Page 753: ... igmp access group access list number access list name no ip igmp access group Default By default there are no access lists configured on any interface Mode Interface Configuration for a VLAN interface Usage This command applies to VLAN interfaces configured for IGMP IGMP Snooping or IGMP Proxy This command applies to VLAN interfaces configured for IGMP or IGMP Snooping Example In the following ex...

Page 754: ...umber expanded access li st name no ip igmp immediate leave Default Disabled by default Mode Interface Configuration for a VLAN interface Usage This command applies to interfaces configured for IGMP IGMP Snooping or IGMP Proxy Example The following example shows how to enable the immediate leave feature on the VLAN interface vlan2 for a specific range of multicast groups awplus configure terminal ...

Page 755: ...ault on an interface Syntax ip igmp last member query count 2 7 no ip igmp last member query count Default The default last member query count value is 2 Mode Interface Configuration for a VLAN interface Usage This command applies to interfaces configured for IGMP IGMP Snooping or IGMP Proxy Example awplus configure terminal awplus config interface vlan2 awplus config if ip igmp last member query ...

Page 756: ...st member query interval Default 1000 milliseconds Mode Interface Configuration for a VLAN interface Usage This command applies to interfaces configured for IGMP IGMP Snooping or IGMP Proxy Example The following example changes the IGMP group specific host query message interval to 2 seconds 2000 milliseconds for VLAN interface vlan1 awplus configure terminal awplus config interface vlan1 awplus c...

Page 757: ...e limit and any specified exception access list Syntax ip igmp limit limitvalue except access list number access list number expanded access li st name no ip igmp limit Default The default limit which is reset by the no variant of this command is the same as maximum number of group membership entries that can be learned with the ip igmp limit command The default limit of group membership entries t...

Page 758: ...PoE Switch 745 AlliedWare Plus Operating System Version 5 4 5 0 x IGMP AND IGMP SNOOPING COMMANDS IP IGMP LIMIT The following example configures an IGMP limit of 100 group membership entries on VLAN interface vlan2 awplus configure terminal awplus config interface vlan2 awplus config if ip igmp limit 100 ...

Page 759: ...roxy service on the upstream interface using the ip igmp proxy service command You can associate one or more downstream mroute proxy interfaces on the device with a single upstream proxy service interface This downstream mroute proxy interface listens for IGMP reports and forwards them to the upstream IGMP proxy service interface IGMP Proxy does not work with other multicast routing protocols such...

Page 760: ...e the designation of the VLAN interface as an upstream proxy service interface Syntax ip igmp proxy service no ip igmp proxy service Mode Interface Configuration for a VLAN interface Usage This command is used with the ip igmp mroute proxy command to enable forwardingof IGMP reports to aproxy serviceinterface forall forwarding entries for thisinterface YoumustalsoenablethedownstreamIGMP mrouteprox...

Page 761: ...t Default The default timeout interval is 255 seconds Mode Interface Configuration for a VLAN interface Usage This command applies to VLAN interfaces configured for IGMP The timeout value should not be less than the current active querier s general query interval Example The following example configures the device to wait 130 seconds from the time it received the last query before it takes over as...

Page 762: ...nd there is a possibility of a DoS Denial of Service attack if a stream of Query Solicitation QS packets are sent to the IGMP Querier eliciting a rapid stream of IGMP Queries This command applies to interfaces on which the device is acting as an IGMP Querier Use the ip igmp query interval command when a delay for IGMP general query messages is required and IGMP general query messages are required ...

Page 763: ...D IGMP SNOOPING COMMANDS IP IGMP QUERY HOLDTIME To reset the IGMP query holdtime to the default 500 ms for vlan10 use the following commands awplus configure terminal awplus config interface vlan10 awplus config if no ip igmp query holdtime Validation Commands show ip igmp interface show running config Related Commands ip igmp query interval ip igmp snooping tcn query solicit ...

Page 764: ...s to interfaces configured for IGMP Note that the IGMP query interval is automatically set to a greater value than the IGMP query max response time For example if you set the IGMP query max response time to 2 seconds using the ip igmp query max response time command and the IGMP query interval is currently less than 3 seconds then the IGMP query interval period will be automatically reconfigured t...

Page 765: ...ERY INTERVAL The following example resets the period between sending IGMP host query messages to the default 125 seconds for VLAN interface vlan20 awplus configure terminal awplus config interface vlan20 awplus config if no ip igmp query interval Validation Commands show ip igmp interface show running config Related Commands ip igmp query holdtime ip igmp query max response time ip igmp startup qu...

Page 766: ...m response time For example if you set the IGMP query interval to 3 seconds using the ip igmp query interval command and the current IGMP query interval is less than 3 seconds then the IGMP query maximum response time will be automatically reconfigured to be 2 seconds so it is less than the IGMP query interval time To get the network to converge faster use the ip igmp query max response time comma...

Page 767: ... Video Surveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x IGMP AND IGMP SNOOPING COMMANDS IP IGMP QUERY MAX RESPONSE TIME Validation Commands show ip igmp interface show running config Related Commands ip igmp query interval ...

Page 768: ...ew Use this command to enable strict Router Alert RA option validation With strict RA option enabled IGMP packets without RA options are ignored Syntax ip igmp ra option no ip igmp ra option Default The default state of RA validation is unset Mode Interface Configuration for a VLAN interface Usage This command applies to interfaces configured for IGMP and IGMP Snooping Example awplus configure ter...

Page 769: ...on an interface Syntax ip igmp robustness variable 1 7 no ip igmp robustness variable Default The default robustness variable value is 2 Mode Interface Configuration for a VLAN interface Usage This command applies to interfaces configured for IGMP and IGMP Snooping Examples awplus configure terminal awplus config interface vlan20 awplus config if ip igmp robustness variable 3 awplus configure term...

Page 770: ...led on the interface first and then disabled globally Syntax ip igmp snooping no ip igmp snooping Default By default IGMP Snooping is enabled both globally and on all VLANs Mode Global Configuration and Interface Configuration for a VLAN interface Usage For IGMP snooping to operate on particular VLAN interfaces it must be enabled both globally by using this command in Global Configuration mode and...

Page 771: ...n IGMP leave group message is received without sending out a group specific query Use the no variant of this command to disable fast leave processing Syntax ip igmp snooping fast leave no ip igmp snooping fast leave Default IGMP Snooping fast leave processing is disabled Mode Interface Configuration for a VLAN interface Usage This IGMP Snooping command can only be configured on VLAN interfaces Exa...

Page 772: ...ommand to remove the static configuration of the port as a multicast router port Syntax ip igmp snooping mrouter interface port no ip igmp snooping mrouter interface port Mode Interface Configuration for a VLAN interface Example This example shows the switch port interface port1 0 2 statically configured to be a multicast router interface for the VLAN interface vlan2 awplus configure terminal awpl...

Page 773: ...nterface Usage The IGMP Snooping querier uses the 0 0 0 0 Source IP address because it only masquerades as a proxy IGMP querier for faster network convergence It does not start or automatically cease the IGMP Querier operation if it detects query message s from a multicast router If an IP address is assigned to a VLAN which has IGMP querier enabled on it then the IGMP Snooping querier uses the VLA...

Page 774: ...rt when there are already downstream ports for this group on this interface Use the no variant of this command to disable report suppression Syntax ip igmp snooping report suppression no ip igmp snooping report suppression Default Report suppression does not apply to IGMPv3 and is turned on by default for IGMPv1 and IGMPv2 reports Mode Interface Configuration for a VLAN interface Example This exam...

Page 775: ...ip multicastrouter address ip address no ip igmp snooping routermode address ip address Parameter Description all All reserved multicast addresses 224 0 0 x Packets from all possible addresses in range 224 0 0 x are set as routers default Default set of reserved multicast addresses Packets from 224 0 0 1 224 0 0 2 224 0 0 4 224 0 0 5 224 0 0 6 224 0 0 9 224 0 0 13 224 0 0 15 and 224 0 0 24 are set...

Page 776: ...ast addresses Mode Global Configuration Examples To set ip igmp snooping routermode for all default reserved addresses enter awplus config ip igmp snooping routermode default To remove the multicast address 224 0 0 5 from the custom list of multicast addresses enter awplus config no ip igmp snooping routermode address 224 0 0 5 Related commands show ip igmp snooping routermode Router mode Def Rese...

Page 777: ...abled by default and cannot be disabled using the Global Configuration mode command However Query Solicitation can be disabled for specified VLANs using this command from the Interface Configuration mode Select the VLAN you want to disable in Interface Configuration mode then issue the no variant of this command to disable the specified VLAN without disabling this feature for other VLANs Mode Glob...

Page 778: ... tcn query solicit This example shows how to disable IGMP Snooping TCN Query Solicitation on a device awplus configure terminal awplus config no ip igmp snooping tcn query solicit This example shows how to enable IGMP Snooping TCN Query Solicitation for the VLAN interface vlan2 awplus configure terminal awplus config interface vlan2 awplus config if ip igmp snooping tcn query solicit This example ...

Page 779: ...terface Configuration for a VLAN interface Usage This is a security feature and should be enabled unless IGMP Reports from outside the local subnet are expected for example if Multicast VLAN Registration is active in the network The no variant of this command is required to disable the IGMP Report source address checkingfeatureinnetworks that use MulticastVLANRegistration to allow IGMP Reports fro...

Page 780: ...M range to be other than the default use one of the access list parameter options Use the no variant of this command to change the SSM range in IGMP back to the default Syntax ip igmp ssm range access list number access list name no ip igmp ssm Default By default the SSM range is 232 8 Mode Global Configuration Examples To configure a non default SSM range to be used in IGMP enter the commands awp...

Page 781: ...verview Use this command to enable Source Specific Multicast SSM mapping on the device Use the no variant of this command to disable SSM mapping Syntax ip igmp ssm map enable no ip igmp ssm map enable Mode Global Configuration Usage This command applies to VLAN interfaces configured for IGMP Example To enable SSM on the device enter the commands awplus configure terminal awplus config ip igmp ssm ...

Page 782: ...onfiguration Usage This command applies to VLAN interfaces configured for IGMP You can use Standard numbered and Standard named ACLs plus Expanded Numbered ACLs Examples This example shows how to configure an SSM static mapping for group address 224 1 1 1 using a standard numbered ACL shown as 10 awplus configure terminal awplus config access list 10 permit 224 1 1 1 0 0 0 0 awplus config ip igmp ...

Page 783: ... 5 0 x IGMP AND IGMP SNOOPING COMMANDS IP IGMP SSM MAP STATIC This example shows how to configure an SSM static mapping for group address 224 1 1 1 using a standard named ACL shown as sales awplus configure terminal awplus config access list sales permit 224 1 1 1 0 0 0 0 awplus config ip igmp ssm map static sales 1 2 3 4 Related Commands ip igmp ssm map enable ...

Page 784: ...is command to delete static group membership entries Syntax ip igmp static group ip address source ip source addr ssm map interface port no ip igmp static group ip address source ip source addr ssm map interface port Mode Interface Configuration for a VLAN interface Parameter Description ip address Standard IP Multicast group address entered in the form A B C D to be configured as a static group m...

Page 785: ...pplies to IGMP operation on a specific interface to statically add group and or source records or to IGMP Snooping on a VLAN interface to statically add group and or source records Example The following example show how to statically add group and source records for IGMP on the VLAN interface vlan3 awplus configure terminal awplus config interface vlan3 awplus config if ip igmp awplus config if ip...

Page 786: ...uery count startup query count no ip igmp startup query count Default The default IGMP startup query count is 2 Mode Interface Configuration for a VLAN interface Examples The following example shows how to configure the IGMP startup query count to 4 for the VLAN interface vlan3 awplus configure terminal awplus config interface vlan3 awplus config if ip igmp startup query count 4 The following exam...

Page 787: ...uarter of the IGMP query interval value NOTE The IGMP startup query interval must be one quarter of the IGMP query interval Mode Interface Configuration for a VLAN interface Examples The following example shows how to configure the IGMP startup query interval to 15 seconds for the VLAN interface vlan2 to be one quarter of the IGMP query interval value of 60 seconds awplus configure terminal awplus...

Page 788: ...1 2 or 3 on an interface Use the no variant of this command to return to the default version Syntax ip igmp version 1 3 no ip igmp version Default The default IGMP protocol version number is 3 Mode Interface Configuration for a VLAN interface Usage This command applies to VLAN interfaces configured for IGMP Example awplus configure terminal awplus config interface vlan5 awplus config if ip igmp ve...

Page 789: ... output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging igmp Mode User Exec and Privileged Exec Example To display the IGMP debugging options set enter the command awplus show debugging igmp Output Figure 20 1 Example output from the show debugging igmp command Related Commands debug igmp IGMP Debugging ...

Page 790: ...ess of the multicast group entered in the form A B C D interface Interface name for which to display local information IGMP Connected Group Membership Group Address Interface Uptime Expires Last Reporter 224 0 1 1 port1 0 1 00 00 09 00 04 17 10 10 0 82 224 0 1 24 port1 0 2 00 00 06 00 04 14 10 10 0 84 224 0 1 40 port1 0 3 00 00 09 00 04 15 10 10 0 91 224 0 1 60 port1 0 3 00 00 05 00 04 15 10 10 0 ...

Page 791: ...are Plus Operating System Version 5 4 5 0 x IGMP AND IGMP SNOOPING COMMANDS SHOW IP IGMP GROUPS Expires Time in hours minutes and seconds until the entry expires Last Reporter Last host to report being a member of the multicast group Table 20 1 Parameters in the output of the show ip igmp groups command Parameter Description ...

Page 792: ...terminal Enter configuration commands one per line End with CNTL Z awplus config interface vlan2 awplus config if ip igmp snooping awplus config if exit awplus config exit awplus show ip igmp interface vlan2 Interface vlan2 Index 202 IGMP Disabled Inactive Version 3 default IGMP interface has 0 group record states IGMP activity 0 joins 0 leaves IGMP robustness variable is 2 IGMP last member query ...

Page 793: ...Strict IGMPv3 ToS checking is disabled on this interface Source Address checking is enabled IGMP Snooping is globally enabled IGMP Snooping query solicitation is globally disabled Num query solicit packets 57 sent 0 recvd IGMP Snooping is not enabled on this interface IGMP Snooping fast leave is not enabled IGMP Snooping querier is not enabled IGMP Snooping report suppression is enabled awplus awp...

Page 794: ...ate that Query Solicitation is enabled and to show the number of query solicit message packets sent and received on a VLAN Related Commands clear ip igmp clear ip igmp group clear ip igmp interface ip igmp ip igmp last member query count ip igmp last member query interval ip igmp querier timeout ip igmp query holdtime ip igmp query interval ip igmp query max response time ip igmp robustness variab...

Page 795: ...etail show ip igmp proxy groups vlan detail show ip igmp proxy groups vlan multicast group detail Mode User Exec and Privileged Exec Example To display the state of IGMP Proxy services for all interfaces enter the command awplus show ip igmp proxy To display the state of IGMP Proxy services for VLAN interface vlan1 enter the command awplus show ip igmp proxy groups vlan1 To display the detailed st...

Page 796: ...ooping mrouter interface interface Mode User Exec and Privileged Exec Example To show all multicast router interfaces use the command awplus show ip igmp snooping mrouter To show the multicast router interfaces in vlan1 use the command awplus show ip igmp snooping mrouter interface vlan1 Output Figure 20 3 Example output from the show ip igmp snooping mrouter command Figure 20 4 Example output fro...

Page 797: ...nformation on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip igmp snooping routermode Mode User Exec and Privileged Exec Example To show the routermode and the list of router multicast addresses use the command awplus show ip igmp snooping routermode Output Figure 20 5 Examp...

Page 798: ...ddress Mode User Exec and Privileged Exec Example To display IGMP statistical information for vlan1 and vlan2 use the command awplus show ip igmp snooping statistics interface vlan1 vlan2 Output Figure 20 6 Example output from the show ip igmp snooping statistics command Parameter Description ip address Optionally specify the address of the multicast group entered in the form A B C D interface Spe...

Page 799: ...ility High Power Video Surveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x IGMP AND IGMP SNOOPING COMMANDS UNDEBUG IGMP undebug igmp Overview This command applies the functionality of the no debug igmp command ...

Page 800: ...t routing command before using PIM SMv6 commands The IPv6 Multicast addresses shown can be derived from IPv6 unicast prefixes as per RFC 3306 The IPv6 unicast prefix reserved for documentation is 2001 0db8 32 as per RFC 3849 Using the base 32 prefix the IPv6 multicast prefix for 2001 0db8 32 is ff3x 20 2001 0db8 64 Where an RP address is 2001 0db8 1 the embedded RP multicast prefix is ff7x 120 200...

Page 801: ...t on page 799 ipv6 mld querier timeout on page 801 ipv6 mld query interval on page 802 ipv6 mld query max response time on page 803 ipv6 mld robustness variable on page 804 ipv6 mld snooping on page 805 ipv6 mld snooping fast leave on page 807 ipv6 mld snooping mrouter on page 808 ipv6 mld snooping querier on page 810 ipv6 mld snooping report suppression on page 811 ipv6 mld static group on page 8...

Page 802: ...D SNOOPING COMMANDS CLEAR IPV6 MLD clear ipv6 mld Overview Use this command to clear all MLD local memberships on all interfaces Syntax clear ipv6 mld Mode Privileged Exec Usage This command applies to interfaces configured for MLD Layer 3 multicast protocols and learned by MLD Snooping Example awplus clear ipv6 mld Related Commands clear ipv6 mld group clear ipv6 mld interface ...

Page 803: ...x clear ipv6 mld group ipv6 address Mode Privileged Exec Usage This command applies to interfaces configured for MLD Layer 3 multicast protocols and learned by MLD Snooping Example awplus clear ipv6 mld group Related Commands clear ipv6 mld clear ipv6 mld interface Parameter Description Clears all groups on all interfaces This is an alias to the clear ipv6 mld command ipv6 address Specify the grou...

Page 804: ... Overview Use this command to clear MLD interface entries Syntax clear ipv6 mld interface interface Mode Privileged Exec Usage This command applies to interfaces configured for MLD Layer 3 multicast protocols and learned by MLD Snooping Example awplus clear ipv6 mld interface vlan2 Related Commands clear ipv6 mld clear ipv6 mld group Parameter Description interface Specifies name of the interface ...

Page 805: ...events fsm tib no debug mld all decode encode events fsm tib Mode Privileged Exec and Global Configuration Usage This command applies to interfaces configured for MLD Layer 3 multicast protocols and learned by MLD Snooping Examples awplus configure terminal awplus config debug mld all awplus configure terminal awplus config debug mld decode awplus configure terminal awplus config debug mld encode ...

Page 806: ...ksum 8511 MsgLen 60 05 15 01 awplus NSM 1406 MLD ENCODE Send Group Source Query Sent G S Query on port2 0 1 05 15 01 awplus NSM 1406 MLD FSM State Change Include 1 Exclude 2 05 15 01 awplus NSM 1406 MLD TIB Source Rec Del S 2002 3 Intf vlan1 05 15 01 awplus NSM 1406 MLD ENCODE Send Group Report HST IF vlan1 No Router Ports found 05 15 01 awplus NSM 1406 MLD DECODE Socket Read Ignoring MLD Message ...

Page 807: ...ppmond 1244 monitoring rmond memory usage max 51200000 kB 05 15 06 awplus appmond 1244 monitoring lldpd memory usage max 51200000 kB 05 15 06 awplus NSM 1406 MLD EVENTS Querier Timer Exipry on port2 0 1 Send ing General Query 05 15 06 awplus NSM 1406 MLD ENCODE MLD Enc Hdr MLD Listener Query Checksum 14706 MsgLen 28 05 15 06 awplus NSM 1406 MLD ENCODE Send Gen Query Sent General Query on port2 0 1...

Page 808: ...required multicast structures added to the interfaces that allow multicast routing The device has a 512 MLD group limit for G and S G entries Syntax ipv6 mld no ipv6 mld Default MLD is disabled by default Mode Interface Configuration for a specified VLAN interface or a range of VLAN interfaces Usage MLD requires memory for storing data structures as well as the hardware tables to implement hardwar...

Page 809: ...joins for groups in the range ff1e 0db8 0001 64 awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing awplus config ipv6 access list standard group1 permit ff1e 0db8 0001 64 awplus config interface vlan2 awplus config if ipv6 enable awplus config if ipv6 mld access group group1 In the following example the VLAN interfaces vlan2 vlan4 will only accept MLD join...

Page 810: ...ollowing example shows how to enable the immediate leave feature on an interface for a specific range of multicast groups In this example the router assumes that the group access list consists of groups that have only one node membership at a time per interface awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing awplus config interface vlan2 awplus config i...

Page 811: ...s command to return to the default on an interface Syntax ipv6 mld last member query count value no ipv6 mld last member query count Default The default last member query count value is 2 Mode Interface Configuration for a specified VLAN interface or a range of VLAN interfaces Example awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing awplus config interfa...

Page 812: ...r query interval milliseconds no ipv6 mld last member query interval Default 1000 milliseconds Mode Interface Configuration for a specified VLAN interface or a range of VLAN interfaces Example The following example changes the MLD group specific host query message interval to 2 seconds awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing awplus config interf...

Page 813: ...oup membership entries that can be learned with the ipv6 mld limit command The default limit of group membership entries that can be learned is 512 entries Mode Global Configuration and Interface Configuration for a specified VLAN interface or a range of VLAN interfaces Usage This command applies to interfaces configured for MLD Layer 3 multicast protocols and learned by MLD Snooping Examples The ...

Page 814: ...n2 awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing awplus config interface vlan2 awplus config if ipv6 enable awplus config if ipv6 mld limit 100 The following example configures an MLD limit of 100 group membership states on the VLAN interfaces vlan2 vlan4 awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing awpl...

Page 815: ...terface Configuration for a specified VLAN interface or a range of VLAN interfaces Usage This command applies to interfaces configured for MLD Layer 3 multicast protocols Example The following example configures the router to wait 120 seconds from the time it received the last query before it takes over as the querier for the interface awplus configure terminal awplus config ipv6 forwarding awplus...

Page 816: ...erval is 125 seconds Mode Interface Configuration for a specified VLAN interface or a range of VLAN interfaces Usage This command applies to interfaces configured for MLD Layer 3 multicast protocols Example The following example changes the frequency of sending MLD host query messages to 2 minutes awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing awplus c...

Page 817: ...time seconds no ipv6 mld query max response time Default 10 seconds Mode Interface Configuration for a specified VLAN interface or a range of VLAN interfaces Usage This command applies to interfaces configured for MLD Layer 3 multicast protocols Example The following example configures a maximum response time of 8 seconds awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 m...

Page 818: ... default on an interface Syntax ipv6 mld robustness variable value no ipv6 mld robustness variable Default The default robustness variable value is 2 Mode Interface Configuration for a specified VLAN interface or a range of VLAN interfaces Usage This command applies to interfaces configured for MLD Layer 3 multicast protocols Example awplus configure terminal awplus config ipv6 forwarding awplus c...

Page 819: ... required multicast structures added to the interfaces that allow multicast routing The device has a 512 MLD group limit for G and S G entries Syntax ipv6 mld snooping no ipv6 mld snooping Default By default MLD Snooping is enabled both globally and on all VLANs Mode Global Configuration and Interface Configuration for a specified VLAN interface or a range of VLAN interfaces Usage For MLD Snooping...

Page 820: ...rminal awplus config interface vlan2 vlan4 awplus config if ipv6 mld snooping To disable MLD Snooping for the VLAN interface vlan2 enter the following commands awplus configure terminal awplus config interface vlan2 awplus config no ipv6 mld snooping To disable MLD Snooping for the VLAN interfaces vlan2 vlan4 enter the following commands awplus configure terminal awplus config interface vlan2 vlan...

Page 821: ...variant of this command to disable fast leave processing Syntax ipv6 mld snooping fast leave no ipv6 mld snooping fast leave Default MLD Snooping fast leave processing is disabled Mode Interface Configuration for a specified VLAN interface or a range of VLAN interfaces Usage This MLD Snooping command can only be configured on VLAN interfaces Examples This example shows how to enable fast leave pro...

Page 822: ...switch port as a Multicast Router interface Note that if static IPv6 multicast routing is being used with EPSR and the destination VLAN is an EPSR data VLAN then multicast router mrouter ports must be statically configured This minimizes disruption for multicast traffic in the event of ring failure or restoration When configuring the EPSR data VLAN statically configure mrouter ports so that the mu...

Page 823: ...y the next hop interface to the multicast router for VLAN interface vlan2 awplus configure terminal awplus config interface vlan2 awplus config if ipv6 mld snooping mrouter interface port1 0 5 This example shows how to specify the next hop interface to the multicast router for VLAN interfaces vlan2 vlan4 awplus configure terminal awplus config interface vlan2 vlan4 awplus config if ipv6 mld snoopi...

Page 824: ...snooping querier Mode Interface Configuration for a specified VLAN interface Usage This command can only be configured on a single VLAN interface not on multiple VLANs The MLD Snooping querier uses the 0 0 0 0 Source IP address because it only masquerades as an MLD querier for faster network convergence The MLD Snooping querier does not start or automatically cease the MLD Querier operation if it ...

Page 825: ...n VLAN interfaces MLDv1 Snooping maybe configured to suppress reports from hosts When a querier sends a query only the first report for particular set of group s from a host will be forwarded to the querier by the MLD Snooping device Similar reports to the same set of groups from other hosts which would not change group memberships in the querier will be suppressed by the MLD Snooping device to pr...

Page 826: ...re Plus Operating System Version 5 4 5 0 x MLD AND MLD SNOOPING COMMANDS IPV6 MLD SNOOPING REPORT SUPPRESSION This example shows how to disable report suppression for MLD reports on VLAN interfaces vlan2 vlan4 awplus configure terminal awplus config interface vlan2 vlan4 awplus config if no ipv6 mld snooping report suppression ...

Page 827: ... VLAN interface Usage This command applies to MLD Snooping on a VLAN interface to statically add groups and or source records Parameter Description ipv6 group address Specify a standard IPv6 Multicast group address to be configured as a static group member The IPv6 address uses the format X X X X ipv6 source address Optional Specify a standard IPv6 source address to be configured as a static sourc...

Page 828: ...llowing examples show how to statically add group and or source records for MLD Snooping on VLAN interface vlan2 awplus configure terminal awplus config interface vlan2 awplus config if ipv6 mld static group ff1e 10 awplus configure terminal awplus config interface vlan2 awplus config if ipv6 mld static group ff1e 10 source fe80 2fd 6cff fe1c b awplus configure terminal awplus config interface vla...

Page 829: ...n number is 2 Mode Interface Configuration for a VLAN interface Usage This command applies to interfaces configured for MLD Layer 3 multicast protocols MLD Snooping Note this command is intended for use where there is another querier when there is another device with MLD enabled on the same link that can only operate with MLD version 1 Otherwise the default MLD version 2 is recommended for perform...

Page 830: ...d with the debug mld command For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging mld Mode Privileged Exec Example awplus show debugging mld Output Related Commands debug mld show debugging mld MLD Debugging status MLD Decoder debugging is on MLD Encoder ...

Page 831: ...mmand displays local membership information for all interfaces awplus show ipv6 mld groups Output The following command displays local membership information for all interfaces awplus show ipv6 mld groups detail Output Parameter Description ipv6 address Optional Specify Address of the multicast group in format X X X X interface Optional Specify the Interface name for which to display local informa...

Page 832: ...ng command displays MLD interface status on all interfaces enabled for MLD awplus show ipv6 mld interface Output Parameter Description interface Interface name awplus show ipv6 mld interface Interface vlan1 Index 301 MLD Enabled Active Querier Version 2 default Internet address is fe80 215 77ff fec9 7468 MLD interface has 0 group record states MLD activity 0 joins 0 leaves MLD robustness variable ...

Page 833: ...ow ipv6 mld snooping mrouter interface Mode User Exec and Privileged Exec Examples The following command displays the multicast router interfaces in vlan2 awplus show ipv6 mld snooping mrouter vlan2 Output The following command displays the multicast router interfaces for all VLAN interfaces awplus show ipv6 mld snooping mrouter Output Parameter Description interface Optional Specify the name of t...

Page 834: ...w and Configuration Guide Syntax show ipv6 mld snooping statistics interface interface Mode User Exec and Privileged Exec Example The following command displays MLDv2 statistical information for vlan1 awplus show ipv6 mld snooping statistics interface vlan1 Output Parameter Description interface The name of the VLAN interface awplus show ipv6 mld snooping statistics interface vlan1 MLD Snooping st...

Page 835: ...e not keyword entry For example access list hardware named indicates named IPv4 hardware ACLs entered as access list hardware name where name is a placeholder not a keyword Parenthesis surrounding ACL filters indicates the type of ACL filter not the keyword entry in the CLI such as access list standard numbered filter represents command entry in the format shown in the syntax sequence number deny ...

Page 836: ...filter on page 848 access list hardware TCP UDP filter on page 851 commit IPv4 on page 854 show access list IPv4 Hardware ACLs on page 855 show interface access group on page 857 access group Global Configuration awplus config access list hardware IP numbered Global Configuration awplus config access list hardware MAC numbered Global Configuration awplus config access list hardware named Global Co...

Page 837: ...stthatappliestheappropriatepermit denyrequirements with the access list hardware IP numbered command the access list hardware MAC numbered command or the access list hardware named command Then use this command to apply this hardware access list to a specific port or port range Note that this command will apply the access list only to incoming data packets To apply ACLs to an LACP aggregated link ...

Page 838: ...llowing commands awplus configure terminal awplus config interface port1 0 2 awplus config if access group hw acl To apply an ACL to static channel group 2 containing switch port1 0 5 and port1 0 6 use the commands awplus configure terminal awplus config interface port1 0 5 1 0 6 awplus config if static channel group 2 awplus config interface sa2 awplus config if access group 3000 Related Commands...

Page 839: ...e access list Syntax ip access list 3000 3699 deny permit copy to cpu copy to mirror send to mirror send to cpu ip source destination Syntax icmp access list 3000 3699 deny permit copy to cpu copy to mirror send to mirror send to cpu icmp source destination icmp type type number no access list 3000 3699 Table 22 2 Parameters in the access list hardware IP numbered command ip icmp Parameter Descrip...

Page 840: ...imal format For example entering 192 168 1 1 0 0 0 255 is the same as entering 192 168 1 1 24 destination The destination address of the packets You can specify a single host a subnet or all destinations The following are the valid formats for specifying the destination any Matches any destination IP address host ip addr Matches a single destination host with the IP address given by ip addr in dot...

Page 841: ... 4 Source quench messages 5 Redirect change route messages 8 Echo requests 11 Time exceeded messages 12 Parameter problem messages 13 Timestamp requests 14 Timestamp replies 15 Information requests 16 Information replies 17 Address mask requests 18 Address mask replies Table 22 2 Parameters in the access list hardware IP numbered command ip icmp cont Parameter Description Table 22 3 Parameters in ...

Page 842: ...ively you can enter a reverse mask in dotted decimal format For example entering 192 168 1 1 0 0 0 255 is the same as entering 192 168 1 1 24 destination The destination address of the packets You can specify a single host a subnet or all destinations The following are the valid formats for specifying the destination any Matches any destination IP address host ip addr Matches a single destination ...

Page 843: ...than the port number specified immediately after this parameter gt Matches port numbers that are greater than the port number specified immediately after this parameter ne Matches port numbers that are not equal to the port number specified immediately after this parameter Table 22 3 Parameters in the access list hardware IP numbered command tcp udp cont Parameter Description Table 22 4 Parameters...

Page 844: ...enter a reverse mask in dotted decimal format For example entering 192 168 1 1 0 0 0 255 is the same as entering 192 168 1 1 24 destination The destination address of the packets You can specify a single host a subnet or all destinations The following are the valid formats for specifying the destination any Matches any destination IP address host ip addr Matches a single destination host with the ...

Page 845: ...on RFC Reference 1 Internet Control Message RFC792 2 Internet Group Management RFC1112 3 Gateway to Gateway RFC823 4 IP in IP RFC2003 5 Stream RFC1190 RFC1819 6 TCP Transmission Control Protocol RFC793 8 EGP Exterior Gateway Protocol RFC888 9 IGP Interior Gateway Protocol IANA 11 Network Voice Protocol RFC741 17 UDP User Datagram Protocol RFC768 20 Host monitoring RFC869 27 RDP Reliable Data Proto...

Page 846: ... 50 ESP Encap Security Payload RFC2406 51 AH Authentication Header RFC2402 54 NARP NBMA Address Resolution Protocol RFC1735 88 EIGRP Enhanced Interior Gateway Routing Protocol 89 OSPFIGP RFC1583 97 Ethernet within IP Encapsulation RFC3378 98 Encapsulation Header RFC1241 108 IP Payload Compression Protocol RFC2393 112 Virtual Router Redundancy Protocol RFC3768 134 RSVP E2E IGNORE RFC3175 135 Mobili...

Page 847: ...ist that will permit ICMP packets with a source address of 192 168 1 0 24 with any destination address and an ICMP type of 5 enter the below commands awplus configure terminal awplus config access list 3000 permit icmp 192 168 1 0 24 any icmp type 5 To destroy the access list with an access list identity of 3000 enter the below commands awplus configure terminal awplus config no access list 3000 I...

Page 848: ...py to mirror Example To create an access list that will copy to mirror TCP packets with a destination address of 192 168 1 1 a destination port of 80 and any source address and source port for use with the mirror interface command enter the commands awplus configure terminal awplus config access list 3000 copy to mirror tcp any 192 168 1 1 32 eq 80 Related Commands access group mirror interface sh...

Page 849: ...arameter Description 4000 4699 Hardware MAC access list copy to cpu Specify packets to copy to the CPU copy to mirror Specify packets to copy to the mirror port deny Access list rejects packets that match the source and destination filtering permit Access list permits packets that match the source and destination filtering send to cpu Specify packets to send to the CPU source mac address The sourc...

Page 850: ...ess of 0000 00ab 1234 and any destination address enter the commands awplus configure terminal awplus config access list 4000 permit 0000 00ab 1234 0000 0000 0000 any To create an access list that will permit packets with an initial MAC address component of 0000 00ab and any destination address enter the commands awplus configure terminal awplus config access list 4001 permit 0000 00ab 1234 0000 0...

Page 851: ... packets with an initial MAC address component of 0000 00ab and any destination address for use with the mirror interface command enter the commands awplus configure terminal awplus config access list 4001 copy to mirror 0000 00ab 1234 0000 0000 FFFF any To destroy the access list with an access list identity of 4000 enter the commands awplus configure terminal awplus config no access list 4000 Re...

Page 852: ...ist it will be created after entry If the named hardware ACL does exist then you can enter IPv4 Hardware ACL Configuration mode for that existing ACL Entering this command with the hardware ACL name moves you to the config ip hw acl prompt for the IPv4 Hardware ACL Configuration mode so you can enter ACL filters with sequence numbers From this prompt configure the filters for the ACL See the ACL F...

Page 853: ...are Plus Operating System Version 5 4 5 0 x IPV4 HARDWARE ACCESS CONTROL LIST ACL COMMANDS ACCESS LIST HARDWARE NAMED Related Commands access group access list hardware ICMP filter access list hardware IP protocol filter access list hardware TCP UDP filter access list standard named filter show access list IPv4 Hardware ACLs ...

Page 854: ... list You can specify the ICMP filter entry for removal by entering either its sequence number e g no 10 or by entering its ICMP filter profile without specifying its sequence number Note that the sequence number can be found by running the command the show access list IPv4 Hardware ACLs command Syntax icmp sequence number deny permit send to cpu copy to cpu copy to mirror icmp source destination ...

Page 855: ...ngth This matches any source IP address within the specified subnet ip addr reverse mask Alternatively you can enter a reverse mask in dotted decimal format For example entering 192 168 1 1 0 0 0 255 is the same as entering 192 168 1 1 24 host ip addr Matches a single source host with the IP address given by ip addr in dotted decimal notation any Matches any source IP address destination The desti...

Page 856: ...st hardware named command and entering an appropriate access list name Hardware ACLs will permit access unless explicitly denied by an ACL action Examples To add an access list filter entry with a sequence number of 100 to the access list named my list that will permit ICMP packets with a source address of 192 168 1 0 24 any destination address and an icmp type of 5 use the commands awplus configu...

Page 857: ...ing either its sequence number e g no 10 or by entering its IP protocol type filter profile without specifying its sequence number Notethat thesequence numbercanbefound by running theshowaccess list IPv4 Hardware ACLs command Syntax any ip proto sequence number deny permit send to cpu copy to cpu copy to mirror any ip proto ip protocol source dhcpsnooping any destination any mac mac source address...

Page 858: ...Group Management RFC1112 3 Gateway to Gateway RFC823 4 IP in IP RFC2003 5 Stream RFC1190 RFC1819 6 TCP Transmission Control Protocol RFC793 8 EGP Exterior Gateway Protocol RFC888 9 IGP Interior Gateway Protocol IANA 11 Network Voice Protocol RFC741 17 UDP User Datagram Protocol RFC768 20 Host monitoring RFC869 27 RDP Reliable Data Protocol RFC908 28 IRTP Internet Reliable Transaction Protocol RFC9...

Page 859: ...88 EIGRP Enhanced Interior Gateway Routing Protocol 89 OSPFIGP RFC1583 97 Ethernet within IP Encapsulation RFC3378 98 Encapsulation Header RFC1241 108 IP Payload Compression Protocol RFC2393 112 Virtual Router Redundancy Protocol RFC3768 134 RSVP E2E IGNORE RFC3175 135 Mobility Header RFC3775 136 UDPLite RFC3828 137 MPLS in IP RFC4023 138 MANET Protocols RFC ietf manet iana 07 txt 139 252 Unassign...

Page 860: ...68 1 1 0 0 0 255 is the same as entering 192 168 1 1 24 destination The destination address of the packets You can specify a single host a subnet or all destinations The following are the valid formats for specifying the destination any Matches any destination IP address host ip addr Matches a single destination host with the IP address given by ip addr in dotted decimal notation ip addr prefix An...

Page 861: ...configured is selected by running the access list hardware named command with the required access control list number or name but with no further parameters selected Hardware ACLs will permit access unless explicitly denied by an ACL action Examples To add an access list filter entry to the access list named my list that will permit any type of IP packet with a source address of 192 168 1 1 and an...

Page 862: ...TOCOL FILTER To add an access list filter entry to the access list named my list a filter that will deny all IGMP packets protocol 2 from the 192 168 0 0 network with sequence number 50 in access list use the commands awplus configure terminal awplus config access list hardware my list awplus config ip hw acl 50 deny proto 2 192 168 0 0 16 any Related Commands access list hardware named show runni...

Page 863: ...befound by running theshowaccess list IPv4 Hardware ACLs command Syntax mac sequence number deny permit send to cpu copy to cpu copy to mirror mac source mac address source mac mask any destination mac address destination mac mask any no deny permit send to cpu copy to cpu copy to mirror mac source mac address source mac mask any destination mac address destination mac mask any no sequence number ...

Page 864: ... access control list number or name but with no further parameters selected Hardware ACLs will permit access unless explicitly denied by an ACL action Examples To add an access list filter entry to the access list named my list that will permit packets with a source MAC address of 0000 00ab 1234 and any destination MAC address use the commands awplus configure terminal awplus config access list ha...

Page 865: ... Power Video Surveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x IPV4 HARDWARE ACCESS CONTROL LIST ACL COMMANDS ACCESS LIST HARDWARE MAC FILTER Related Commands access group access list hardware named show running config ...

Page 866: ...ing its sequence number Notethat thesequence numbercanbefound by running theshowaccess list IPv4 Hardware ACLs command Syntax tcp udp sequence number deny permit send to cpu copy to cpu copy to mirror tcp udp source eq sourceport gt sourceport lt sourceport ne sourceport range start range end range destination eq destport gt destport lt destport ne destport range start range end range no deny perm...

Page 867: ...ter a reverse mask in dotted decimal format For example entering 192 168 1 1 0 0 0 255 is the same as entering 192 168 1 1 24 sourceport The source TCP or UDP port number specified as an integer between 0 and 65535 destination The destination address of the packets You can specify a single host a subnet or all destinations The following are the valid formats for specifying the destination any Matc...

Page 868: ...f an existing list by specifying the appropriate sequence number NOTE The access control list being configured is selected by running the access list hardware named command with the required access control list number or name but with no further parameters selected Hardware ACLs will permit access unless explicitly denied by an ACL action Example To add anaccess listfilter entrytoaccess listnamed ...

Page 869: ... new configuration state of the IPv4 ACL is not written to hardware until you exit IPv4 Hardware ACL Configuration mode By entering this command you can ensure that the current state of a hardware access list that is being edited is written to hardware immediately Scripts typically do not include the exit command to exit configuration modes potentially leading to IPv4 ACL filters in hardware not b...

Page 870: ...configured on the switch awplus show access list To show the access list with an ID of 20 awplus show access list 20 Parameter Description 1 99 IP standard access list 100 199 IP extended access list 1300 1999 IP standard access list standard expanded range 2000 2699 IP extended access list extended expanded range 3000 3699 Hardware IP access list 4000 4499 Hardware MAC access list access list nam...

Page 871: ...ng System Version 5 4 5 0 x IPV4 HARDWARE ACCESS CONTROL LIST ACL COMMANDS SHOW ACCESS LIST IPV4 HARDWARE ACLS Note the below error message if you attempt to show an undefined access list awplus show access list 2 Related Commands access list extended named access list hardware MAC numbered access list hardware named Can t find access list 2 ...

Page 872: ... Syntax show interface port list access group 3000 3699 4000 4699 Mode User Exec and Privileged Exec Example To show all access lists attached to port1 0 1 use the command awplus show interface port1 0 1 access group Output Figure 22 1 Example output from the show interface access group command Related Commands access group Parameter Description port list Specify the ports to display information A...

Page 873: ...ndividual switch ports in the channel group To apply ACLs to a static channel group apply it to the static channel group itself For more information on link aggregation see the following references the Link Aggregation Feature Overview and Configuration Guide Link Aggregation Commands NOTE Text in parenthesis in command names indicates usage not keyword entry For example access list hardware named...

Page 874: ...efix list on page 892 dos on page 893 Table 23 1 IPv4 Software Access List Commands and Prompts Command Name Command Mode Prompt show ip access list Privileged Exec awplus access group Global Configuration awplus config access list extended numbered Global Configuration awplus config access list standard named Global Configuration awplus config access list standard numbered Global Configuration aw...

Page 875: ...eillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x IPV4 SOFTWARE ACCESS CONTROL LIST ACL COMMANDS maximum access list on page 897 show access list IPv4 Software ACLs on page 898 show dos interface on page 900 show ip access list on page 903 ...

Page 876: ...s list Syntax list name access list extended list name no access list extended list name Syntax icmp access list extended list name deny permit icmp source destination icmp type type number log no access list extended list name deny permit icmp source destination icmp type type number log Parameter Description list name A user defined name for the access list Table 23 2 Parameters in the access li...

Page 877: ...erse mask Alternatively you can enter a reverse mask in dotted decimal format For example entering 192 168 1 1 0 0 0 255 is the same as entering 192 168 1 1 24 destination The destination address of the packets You can specify a single host a subnet or all destinations The following are the valid formats for specifying the destination any Matches any destination IP address host ip addr Matches a s...

Page 878: ...er for the ICMP message type 0 Echo replies 3 Destination unreachable messages 4 Source quench messages 5 Redirect change route messages 8 Echo requests 11 Time exceeded messages 12 Parameter problem messages 13 Timestamp requests 14 Timestamp replies 15 Information requests 16 Information replies 17 Address mask requests 18 Address mask replies log Logs the results Table 23 2 Parameters in the ac...

Page 879: ...cify a single host a subnet or all destinations The following are the valid formats for specifying the destination any Matches any destination IP address host ip addr Matches a single destination host with the IP address given by ip addr in dotted decimal notation ip addr prefix An IPv4 address followed by a forward slash then the prefix length This matches any destination IP address within the sp...

Page 880: ...s list deny The access list rejects packets that match the type source and destination filtering specified with this command permit The access list permits packets that match the type source and destination filtering specified with this command proto Matches only a specified type of IP Protocol any The access list matches any type of IP packet ip The access list matches only IP packets source The ...

Page 881: ...er a reverse mask in dotted decimal format For example entering 192 168 1 1 0 0 0 255 is the same as entering 192 168 1 1 24 log Logs the results ip protocol The IP protocol number as defined by IANA Internet Assigned Numbers Authority www iana org assignments protocol numbers Protocol Number Protocol Description RFC Reference 1 Internet Control Message RFC792 2 Internet Group Management RFC1112 3...

Page 882: ...ription RFC Reference 33 Datagram Congestion Control Protocol RFC4340 48 DSR Dynamic Source Routing Protocol RFC4728 50 ESP Encap Security Payload RFC2406 51 AH Authentication Header RFC2402 54 NARP NBMA Address Resolution Protocol RFC1735 88 EIGRP Enhanced Interior Gateway Routing Protocol 89 OSPFIGP RFC1583 97 Ethernet within IP Encapsulation RFC3378 98 Encapsulation Header RFC1241 108 IP Payloa...

Page 883: ...ge 859 shows the prompts at which ACL commands are entered Note that packets must match both the source and the destination details NOTE Software ACLs will deny access unless explicitly permitted by an ACL action Examples You can enter the extended named ACL in the Global Configuration mode together with the ACL filter entry on the same line as shown below awplus configure terminal awplus config a...

Page 884: ...99 deny permit ip source destination no access list 100 199 2000 2699 deny permit ip source destination Parameter Description 100 199 IP extended access list 2000 2699 IP extended access list expanded range Parameter Description 100 199 IP extended access list 2000 2699 IP extended access list expanded range deny Access list rejects packets that match the source and destination filtering specified...

Page 885: ...t match both the source and the destination details NOTE Software ACLs will deny access unless explicitly permitted by an ACL action Examples You can enter the extended named ACL in the Global Configuration mode together with the ACL filter entry on the same line as in previous software releases as shown below awplus configure terminal awplus config access list 101 deny ip 172 16 10 0 0 0 0 255 an...

Page 886: ...alue log no deny permit icmp source destination icmp type icmp value log no sequence number Parameter Description sequence number 1 65535 The sequence number for the filter entry of the selected access control list deny Access list rejects packets that match the source and destination filtering specified with this command permit Access list permits packets that match the source and destination fil...

Page 887: ...d by running the access list extended numbered command or the access list extended named command with the required access control list number or name but with no further parameters selected Software ACLs will deny access unless explicitly permitted by an ACL action Examples To add a new entry in access list called my listthatwill reject ICMP packets from 10 0 0 1 to 192 168 1 1 use the commands aw...

Page 888: ...tethat thesequence numbercanbefound by running theshowaccess list IPv4 Software ACLs command Syntax ip sequence number deny permit ip source destination no deny permit ip source destination no sequence number Parameter Description sequence number 1 65535 The sequence number for the filter entry of the selected access control list deny Access list rejects packets that match the source and destinati...

Page 889: ...ple 1 list number First use the following commands to enter the IPv4 Extended ACL Configuration mode and define a numbered extended access list 101 awplus configure terminal awplus config access list 101 awplus config ip ext acl Then use the following commands to add a new entry to the numbered extended access list 101 that will reject packets from 10 0 0 1 to 192 168 1 1 awplus config ip ext acl ...

Page 890: ...s config ip ext acl deny ip host 10 0 0 1 host 192 168 1 1 awplus config ip ext acl 20 permit ip any any Example 3 list number Use the following commands to remove the access list filter entry with sequence number 20 from extended numbered access list 101 awplus configure terminal awplus config access list 101 awplus config ip ext acl no 20 Example 4 list name Use the following commands to remove ...

Page 891: ...ess list You can specify the IP filter entry for removal by entering either its sequence number e g no 10 or by entering its IP filter profile without specifying its sequence number Notethat thesequence numbercanbefound by running theshowaccess list IPv4 Software ACLs command Syntax proto sequence number deny permit proto ip protocol source destination log no deny permit proto ip protocol source d...

Page 892: ...rotocol number as defined by IANA Internet Assigned Numbers Authority www iana org assignments protocol numbers Protocol Number Protocol Description RFC Reference 1 Internet Control Message RFC792 2 Internet Group Management RFC1112 3 Gateway to Gateway RFC823 4 IP in IP RFC2003 5 Stream RFC1190 RFC1819 6 TCP Transmission Control Protocol RFC793 8 EGP Exterior Gateway Protocol RFC888 9 IGP Interio...

Page 893: ...on Control Protocol RFC4340 48 DSR Dynamic Source Routing Protocol RFC4728 50 ESP Encap Security Payload RFC2406 51 AH Authentication Header RFC2402 54 NARP NBMA Address Resolution Protocol RFC1735 88 EIGRP Enhanced Interior Gateway Routing Protocol 89 OSPFIGP RFC1583 97 Ethernet within IP Encapsulation RFC3378 98 Encapsulation Header RFC1241 108 IP Payload Compression Protocol RFC2393 112 Virtual...

Page 894: ...e ACLs will deny access unless explicitly permitted by an ACL action Example 1 creating a list Use the following commands to add a new access list filter entry to the access list named my list that will reject IP packets from source address 10 10 1 1 32 to destination address 192 68 1 1 32 awplus configure terminal awplus config access list extended my list awplus config ip ext acl deny ip 10 10 1...

Page 895: ... ACCESS LIST EXTENDED IP PROTOCOL FILTER Example 2 adding to a list Use the following commands to add a new access list filter entry at sequence position 5 in the access list named my list that will accept packets from source address 10 10 1 1 24 to destination address 192 68 1 1 24 awplus configure terminal awplus config access list extended my list awplus config ip ext acl 5 permit ip 10 10 1 1 ...

Page 896: ...mit tcp udp source eq sourceport lt sourceport gt sourceport ne sourceport destination eq destport lt destport gt destport ne destport log no sequence number deny permit tcp udp source eq sourceport lt sourceport gt sourceport ne sourceport destination eq destport lt destport gt destport ne destport log no sequence number Parameter Description sequence number 1 65535 The sequence number for the fi...

Page 897: ...by an ACL action Example 1 creating a list To add a new entry to the access list named my list that will reject TCP packets from 10 0 0 1on TCP port 10 to 192 168 1 1 on TCP port 20 use the commands awplus configure terminal awplus config access list extended my list awplus config ip ext acl deny tcp 10 0 0 1 32 eq 10 192 168 1 1 32 eq 20 destination The destination address of the packets You can ...

Page 898: ...ACL COMMANDS ACCESS LIST EXTENDED TCP UDP FILTER Example 2 adding to a list To insert a new entry with sequence number 5 of the access list named my list that will accept UDP packets from 10 1 1 0 24 network to 192 168 1 0 24 network on UDP port 80 use the commands awplus configure terminal awplus config access list extended my list awplus config ip ext acl 5 permit udp 10 1 1 0 24 192 168 1 0 24 ...

Page 899: ...access list name Syntax deny permit access list standard standard access list name deny permit source no access list standard standard access list name deny permit source Mode Global Configuration Default Any traffic controlled by a software ACL that does not explicitly match a filter is denied Parameter Description standard access list name Specify a name for the standard access list Parameter De...

Page 900: ... the deny or permit filters for this selected standard named access list See the table IPv4 Software Access List Commands and Prompts which shows the prompts at which ACL commands are entered See the relevant links shown for the Related Commands NOTE Software ACLs will deny access unless explicitly permitted by an ACL action Examples To define a standard access list named my list and deny any pack...

Page 901: ... 1 99 1300 1999 deny permit source Mode Global Configuration Default Any traffic controlled by a software ACL that does not explicitly match a filter is denied Usage Use this command when configuring a standard numbered access list for filtering IP software packets For backwards compatibility you can either create the access list from within this command or you can enter this command followed by P...

Page 902: ...st Commands and Prompts shows the prompts at which ACL commands are entered NOTE Software ACLs will deny access unless explicitly permitted by an ACL action Examples To create ACL number 67 that will deny packets from subnet 172 16 10 use the commands awplus configure terminal awplus config access list 67 deny 172 16 10 0 0 0 0 255 Alternatively to enter the IPv4 Standard ACL Configuration mode to...

Page 903: ...s sequence number Notethat thesequence numbercanbefound by running theshowaccess list IPv4 Software ACLs command Syntax sequence number deny permit source exact match any no deny permit source exact match any no sequence number Mode IPv4 Standard ACL Configuration Default Any traffic controlled by a software ACL that does not explicitly match a filter is denied Parameter Description sequence numbe...

Page 904: ...d is selected by running the access list standard named command with the required access control list number or name but with no further parameters selected Software ACLs will deny access unless explicitly permitted by an ACL action Examples Use the following commands to add a new filter entry to access list my list that will reject IP address 10 1 1 1 awplus configure terminal awplus config acces...

Page 905: ...quence number Notethat thesequence numbercanbefound by running theshowaccess list IPv4 Software ACLs command Syntax sequence number deny permit source host host address any no deny permit source host host address any no sequence number Mode IPv4 Standard ACL Configuration Default Any traffic controlled by a software ACL that does not explicitly match a filter is denied Parameter Description sequen...

Page 906: ... inserted into the middle of an existing list by specifying the appropriate sequence number NOTE The access control list being configured is selected by running the access list standard named command with the required access control list number or name but with no further parameters selected Software ACLs will deny access unless explicitly permitted by an ACL action Example To add a new entry acce...

Page 907: ...L LIST ACL COMMANDS CLEAR IP PREFIX LIST clear ip prefix list Overview Use this command to reset the hit count to zero in the prefix list entries Syntax clear ip prefix list list name ip address mask Mode Privileged Exec Example To clear a prefix list named List1 awplus clear ip prefix list List1 Parameter Description list name The name of the prefix list ip address mask The IP prefix and length ...

Page 908: ...ort for one minute Cause an SNMP trap Send traffic to the mirror port Syntax dos ipoptions land ping of death smurf broadcast ip address synflood teardrop action shutdown trap mirror Mode Interface Configuration for a switch port interface Default DoS attack detection is not configured by default on any switch port interface Parameter Description dos Denial Of Service ipoptions IP Options attack l...

Page 909: ...s with the same source and destination addresses should never occur these packets are dropped when this attack is enabled This defense does not require the CPU to monitor packets so does not put extra load on the switch s CPU ping of death This type of attack results from a fragmented packet which when reassembled would exceed the maximum size of a valid IP datagram To detect this attack the final...

Page 910: ...1 and shutdown the interface if an attack is detected use the commands awplus configure terminal awplus config interface port1 0 1 awplus config if dos ping of death action shutdown synflood In this type of attack an attacker seeking to overwhelm a victim with TCP connection requests sends a large number of TCP SYN packets with bogus source addresses to the victim The victim responds with SYN ACK ...

Page 911: ...tion on port1 0 1 and shutdown the interface if an attack is detected use the commands awplus configure terminal awplus config interface port1 0 1 awplus config if dos synflood action shutdown To configure teardrop DoS detection on port1 0 1 and shutdown the interface if an attack is detected use the commands awplus configure terminal awplus config interface port1 0 1 awplus config if dos teardrop...

Page 912: ...ed to any access list These are access lists within the ranges 1 199 1300 1999 and 2000 2699 and named standard and extended access lists The no variant of this command removes the limit on the number of filters that can be added to a software access list Syntax maximum access list 1 4294967294 no maximum access list Mode Global Configuration Example To set the maximum number of software filters t...

Page 913: ...configured on the switch awplus show access list To show the access list with an ID of 20 awplus show access list 20 Parameter Description 1 99 IP standard access list 100 199 IP extended access list 1300 1999 IP standard access list standard expanded range 2000 2699 IP extended access list extended expanded range 3000 3699 Hardware IP access list 4000 4499 Hardware MAC access list access list nam...

Page 914: ...ng System Version 5 4 5 0 x IPV4 SOFTWARE ACCESS CONTROL LIST ACL COMMANDS SHOW ACCESS LIST IPV4 SOFTWARE ACLS Note the below error message if you attempt to show an undefined access list awplus show access list 2 Related Commands access list standard named access list standard numbered access list extended numbered Can t find access list 2 ...

Page 915: ...vileged Exec Output Figure 23 1 Example output from the show dos interface command prior to a DoS attack Parameter Description port list Specify the switch port or port list to display DoS configuration options set with the dos command awplus configure terminal Enter configuration commands one per line End with CTNTL Z awplus config interface port1 0 1 awplus config if dos synflood action shutdown...

Page 916: ...gured as being administratively down with the shutdown command ipoptions Displays Enabled when the ipoptions parameter is configured with thedos command plus the action Shutdown port Mirror port or Trap port and the number of instances of any ipoptions DoS attacks that have occurred on the interface Displays Disabled when the ipoptions parameter is not configured with the dos command land Displays...

Page 917: ... dos command synflood Displays Enabled when the synflood parameter is configured with the dos command plus the action Shutdown port Mirror port or Trap port and the number of instances of any synflood DoS attacks that have occurred on the interface Displays Disabled when the synflood parameter is not configured with the dos command teardrop Displays Enabled when the teardrop parameter is configure...

Page 918: ...ss list 1 99 100 199 1300 1999 2000 2699 access list name Mode User Exec and Privileged Exec Example awplus show ip access list Output Figure 23 3 Example output from the show ip access list command Parameter Description 1 99 IP standard access list 100 199 IP extended access list 1300 1999 IP standard access list expanded range 2000 2699 IP extended access list expanded range access list name IP ...

Page 919: ... switch ports in the channel group To apply ACLs to a static channel group apply it to the static channel group itself For more information on link aggregation see the following references the Link Aggregation Feature Overview and Configuration Guide Link Aggregation Commands Note that text in parenthesis in command names indicates usage not keyword entry For example ipv6 access list named indicat...

Page 920: ...er on page 917 ipv6 traffic filter on page 921 show ipv6 access list IPv6 Hardware ACLs on page 923 Table 24 1 IPv6 Hardware Access List Commands and Prompts Command Name Command Mode Prompt show ipv6 access list IPv6 Hardware ACLs Privileged Exec awplus ipv6 access list named Global Configuration awplus config ipv6 access list named ICMP filter Global Configuration awplus config ipv6 traffic filt...

Page 921: ...ited the new configuration state of the IPv6 ACL is not written to hardware until you exit IPv6 Hardware ACL Configuration mode By entering this command you can ensure that the current state of a hardware access list that is being edited is written to hardware immediately Scripts typically do not include the exit command to exit configuration modes potentially leading to IPv6 ACL filters in hardwa...

Page 922: ...n of IPv6 packets on an interface and restrict the content of routing updates The switch stops checking the IPv6 hardware named access list when a match is encountered For backwards compatibility you can either create IPv6 hardware named access lists from within this command or you can enter ipv6 access listfollowed by only the IPv6 hardware named access list name This latter and preferred method ...

Page 923: ... 907 AlliedWare Plus Operating System Version 5 4 5 0 x IPV6 HARDWARE ACCESS CONTROL LIST ACL COMMANDS IPV6 ACCESS LIST NAMED Related Commands ipv6 access list named ICMP filter ipv6 access list named protocol filter ipv6 access list named TCP UDP filter ipv6 traffic filter show ipv6 access list IPv6 Hardware ACLs ...

Page 924: ...Protocol packets from the current named IPv6 access list You can specify the filter entry for removal by entering either its sequence number or its filter entry profile NOTE Hardware ACLs will permit access unless explicitly denied by an ACL action Syntax ip icmp sequence number deny permit send to cpu send to mirror copy to cpu copy to mi rror ipv6 icmp ipv6 source address prefix length ipv6 sour...

Page 925: ...lly set between 0 and 64 ipv6 source address Specifies the IPv6 source address The IPv6 address uses the format X X X X ipv6 source wildcard Specifies source wildcard bits in IPv6 format X X X X Note that binary 1 represents a don t care condition and binary 0 represents a match host ipv6 source host Specifies a single source host address The IPv6 address uses the format X X X X any Specifies any ...

Page 926: ...that blocks all ICMP6 echo requests on the default VLAN vlan1 enter the following commands awplus configure terminal awplus config ipv6 access list my acl2 awplus config ipv6 hw acl deny icmp any any icmp type 128 vlan 1 To remove an ACL filter entry that blocks all ICMP6 echo requests from he hardware IPv6 access list named my acl1 enter the following commands awplus configure terminal awplus con...

Page 927: ...try profile Syntax sequence number deny permit send to cpu send to mirror copy to cpu copy to mi rror ipv6 proto ip protocol ipv6 source prefix prefix length ipv6 source address ipv6 source wildcard host ipv6 source host any ipv6 destination prefix prefix length ipv6 destination add ress ipv6 destination wildcard host ipv6 destination host any sequence number no deny permit send to cpu send to mir...

Page 928: ...190 RFC1819 6 TCP Transmission Control Protocol RFC793 8 EGP Exterior Gateway Protocol RFC888 9 IGP Interior Gateway Protocol IANA 11 Network Voice Protocol RFC741 17 UDP User Datagram Protocol RFC768 20 Host monitoring RFC869 27 RDP Reliable Data Protocol RFC908 28 IRTP Internet Reliable Transaction Protocol RFC938 29 ISO TP4 ISO Transport Protocol Class 4 RFC905 30 Bulk Data Transfer Protocol RF...

Page 929: ...ipv6 source address Specifies the source address The IPv6 address uses the format X X X X ipv6 source wildcard Specifies the source wildcard bits in IPv6 format X X X X host ipv6 source host Specifies a single source host The IPv6 address uses the format X X X X any Specifies any source host An abbreviation for the IPv6 prefix 0 ipv6 dest prefix prefix length Specifies a destination address and ma...

Page 930: ...er any may be specified if an address does not matter NOTE Hardware ACLs will permit access unless explicitly denied by an ACL action Examples To add an ACL filter entry to block IP traffic from network 2001 0db8 0 64 to the hardware IPv6 access list named my acl use the commands awplus configure terminal awplus config ipv6 access list my acl awplus config ipv6 hw acl deny ipv6 2001 0db8 0 64 To r...

Page 931: ...e filter entry for removal by entering either its sequence number or its filter entry profile Syntax sequence number deny permit send to cpu send to mirror cop y to cpu copy to mirror tcp udp ipv6 source prefix prefix length ipv6 source address ipv6 source wildcard host ipv6 source host any eq sourceport lt sourceport gt sourceport ne sourceport range start range end range ipv6 destination prefix ...

Page 932: ...4 ipv6 source address Specifies the source address The IPv6 address uses the format X X X X ipv6 source wildcard Specifies the source wildcard bits in IPv6 format X X X X host ipv6 source host Specifies the a single source host The IPv6 address uses the format X X X X any Specifies any Source host An abbreviation for the IPv6 prefix 0 eq Equal to lt Less than gt Greater than ne Not equal to source...

Page 933: ...plus configure terminal awplus config ipv6 access list my acl awplus config ipv6 hw acl deny tcp 2001 0db8 0 64 any eq 22 To add an ACL filter entry that blocks all SSH traffic from network 2001 0db8 0 64 on the default VLAN vlan1 to the hardware IPv6 access list named my acl use the commands awplus configure terminal awplus config ipv6 access list my acl awplus config ipv6 hw acl deny tcp 2001 0d...

Page 934: ...EV A AlliedWare Plus Operating System Version 5 4 5 0 x IPV6 HARDWARE ACCESS CONTROL LIST ACL COMMANDS IPV6 ACCESS LIST NAMED TCP UDP FILTER Related Commands ipv6 access list named ipv6 access list named ICMP filter ipv6 access list named protocol filter ipv6 traffic filter show ipv6 access list IPv6 Hardware ACLs ...

Page 935: ...Usage This command adds an IPv6 hardware based access list to an interface The number of access lists that can be added is determined by the amount of available space in the hardware based packet classification tables To apply the access list to all ports on the switch execute the command in the Global Configuration mode To apply the access list to a Layer 2 interface or Layer 2 interface range ap...

Page 936: ...dWare Plus Operating System Version 5 4 5 0 x IPV6 HARDWARE ACCESS CONTROL LIST ACL COMMANDS IPV6 TRAFFIC FILTER Related Commands ipv6 access list named ipv6 access list named ICMP filter ipv6 access list named protocol filter ipv6 access list named TCP UDP filter ipv6 traffic filter show ipv6 access list IPv6 Hardware ACLs ...

Page 937: ...rom the ipv6 access list named command Syntax show ipv6 access list access list name show ipv6 access list standard access list name Mode User Exec and Privileged Exec Examples To show the standard named ipv6 access list acl_name use the following command awplus show ipv6 access list standard acl_name Output Figure 24 1 Example output from the show ipv6 access list standard command To show all con...

Page 938: ...EV A AlliedWare Plus Operating System Version 5 4 5 0 x IPV6 HARDWARE ACCESS CONTROL LIST ACL COMMANDS SHOW IPV6 ACCESS LIST IPV6 HARDWARE ACLS Related Commands ipv6 access list named ipv6 access list named ICMP filter ipv6 access list named protocol filter ipv6 access list named TCP UDP filter ipv6 traffic filter ...

Page 939: ... Reference for AT IX5 28GPX High Availability High Power Video Surveillance PoE Switch 923 AlliedWare Plus Operating System Version 5 4 5 0 x IPV6 HARDWARE ACCESS CONTROL LIST ACL COMMANDS SHOW IPV6 ACCESS LIST IPV6 HARDWARE ACLS ...

Page 940: ...T IX5 28GPX High Availability High Power Video Surveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x IPV6 HARDWARE ACCESS CONTROL LIST ACL COMMANDS SHOW IPV6 ACCESS LIST IPV6 HARDWARE ACLS ...

Page 941: ...vidual switch ports in the channel group To apply ACLs to a static channel group apply it to the static channel group itself For more information on link aggregation see the following references the Link Aggregation Feature Overview and Configuration Guide Link Aggregation Commands Note that text in parenthesis in command names indicates usage not keyword entry For example ipv6 access list named i...

Page 942: ...st extended TCP UDP filter on page 937 ipv6 access list standard named on page 939 ipv6 access list standard filter on page 941 show ipv6 access list IPv6 Software ACLs on page 943 Table 25 1 IPv6 Software Access List Commands and Prompts Command Name Command Mode Prompt show ipv6 access list IPv6 Software ACLs Privileged Exec awplus ipv6 access list extended named Global Configuration awplus conf...

Page 943: ...ngth any ipv6 destination address prefix length any icmp type icmp type log Syntax tcp udp ipv6 access list extended list name deny permit tcp udp ipv6 source address prefix length any eq sourceport lt sourceport gt sourceport ne sourceport ipv6 destination address prefix length any eq destport lt destport gt destport ne destport log no ipv6 access list extended list name deny permit tcp udp ipv6 ...

Page 944: ...address prefix length Specifies a destination address and prefix length The IPv6 address uses the format X X X X Prefix Length The prefix length is usually set between 0 and 64 any Matches any IPv6 address sourceport For TCP UDP The source port number specified as an integer between 0 and 65535 destport For TCP UDP The destination port number specified as an integer between 0 and 65535 icmp type F...

Page 945: ...mand or you can enter ipv6 access list extended followed by only the IPv6 extended access list name This latter and preferred method moves you to the config ipv6 ext acl prompt for the selected IPv6 extended access list number and from here you can configure the filters for this selected access list NOTE Software ACLs will deny access unless explicitly permitted by an ACL action icmp type For ICMP...

Page 946: ...4 Example 2 adding to a list To insert a new filter at sequence number 5 of the access list named my listthat will accept ICMP type 8 packets from the 2001 0db8 0 64 network to the 2001 0db8 f 64 network use the commands awplus configure terminal awplus config ipv6 access list extended my list awplus config ipv6 ext acl 5 icmp 2001 0db8 0 64 2001 0db8 f 64 Example 3 list with filter To create the ...

Page 947: ...rmit proto ip protocol ipv6 source address prefix any ipv6 destination address prefix any log Parameter Description list name A user defined name for the IPv6 software extended access list deny Specifies the packets to reject permit Specifies the packets to accept proto The IP Protocol type specified by it protocol number 1 255 ip protocol The IP protocol number as defined by IANA Internet Assigne...

Page 948: ...IPv6 RFC1883 60 Destination Options for IPv6 RFC1883 88 EIGRP Enhanced Interior Gateway Routing Protocol 89 OSPFIGP RFC1583 97 Ethernet within IP Encapsulation RFC3378 98 Encapsulation Header RFC1241 108 IP Payload Compression Protocol RFC2393 112 Virtual Router Redundancy Protocol RFC3768 134 RSVP E2E IGNORE RFC3175 135 Mobility Header RFC3775 136 UDPLite RFC3828 137 MPLS in IP RFC4023 138 MANET ...

Page 949: ...E Software ACLs will deny access unless explicitly permitted by an ACL action Examples To create the IPv6 access list named ACL 1 to deny IP protocol 9 packets from 2001 0db8 1 1 128 to 2001 0db8 f 1 128 use the commands awplus configure terminal awplus config ipv6 access list extended ACL 1 deny proto 9 2001 0db8 1 1 128 2001 0db8 f 1 128 To remove the IPv6 access list named ACL 1 to deny IP prot...

Page 950: ...d prefix with or without an IP protocol filter entry from the current extended IPv6 access list You can specify the ACL filter entry by entering either its sequence number or its filter entry profile Syntax ip proto sequence number deny permit ip any proto ip protocol ipv6 source address prefix any ipv6 destination address prefix any log no deny permit ip any proto ip protocol ipv6 source address ...

Page 951: ... IPV6 ACCESS LIST EXTENDED IP PROTOCOL FILTER ip protocol con t Protocol Number9 11 17 20 27 28 29 30 33 48 50 51 54 58 59 60 88 89 97 98 108 112 134 135 136 137 138 139 252 253 254 255 ipv6 source address prefix IPv6 source address or local address The IPv6 address uses the format X X X X Prefix Length The prefix length is usually set between 0 and 64 any Any source address or local address Param...

Page 952: ...dd a new ACL filter entry to the extended IPv6 access list named my list with sequence number 5 rejecting the IPv6 packet from 2001 db8 1 1 to 2001 db8 f 1 use the commands awplus configure terminal awplus config ipv6 access list extended my list awplus config ipv6 ext acl 5 deny ip 2001 db8 1 1 128 2001 db8 f 1 128 To remove the ACL filter entry to the extended IPv6 access list named my list with...

Page 953: ...specify the filter entry for removal by entering either its sequence number or its filter entry profile Syntax tcp udp sequence number deny permit tcp udp ipv6 source address prefix any eq sourceport lt sourceport gt sourceport ne sourceport IPv6 destination address prefix any eq destport lt destport gt destport ne destport log no deny permit tcp udp ipv6 source address prefix any eq sourceport lt...

Page 954: ...erminal awplus config ipv6 access list extended my list awplus config ipv6 ext acl 5 deny tcp 2001 0db8 0 64 eq 10 2001 0db8 f 64 eq 20 To add a new filter entry with sequence number 5 to the extended IPv6 access list named my list to reject UDP packets from 2001 0db8 0 64 port 10 to 2001 0db8 f 64 port 20 use the following commands awplus configure terminal awplus config ipv6 access list extended...

Page 955: ...n Default Any traffic controlled by a software ACL that does not explicitly match a filter is denied Usage Use IPv6 standard access lists to control the transmission of IPv6 packets on an interface and restrict the content of routing updates The switch stops checking the IPv6 standard access list when a match is encountered Parameter Description ipv6 acl list name A user defined name for the IPv6 ...

Page 956: ...d access list name This latter and preferred method moves you to the config ipv6 std acl prompt for the selected IPv6 standard access list and from here you can configure the filters for this selected IPv6 standard access list NOTE Software ACLs will deny access unless explicitly permitted by an ACL action Example To enter the IPv6 Standard ACL Configuration mode for the access list named my list ...

Page 957: ...efix length any no deny permit ipv6 source address prefix length any no sequence number Mode IPv6 Standard ACL Configuration Default Any traffic controlled by a software ACL that does not explicitly match a filter is denied Usage The filter entry will match on any IPv6 packet that has the specified IPv6 source address and prefix length The parameter any may be specified if an address does not matt...

Page 958: ...e standard IPv6 access list named my list enter the commands awplus configure terminal awplus config ipv6 access list standard my list awplus config ipv6 std acl no deny any Alternately to remove the ACL filter entry with sequence number 5 to the standard IPv6 access list named my list enter the commands awplus configure terminal awplus config ipv6 access list standard my list awplus config ipv6 s...

Page 959: ...ommand Syntax show ipv6 access list standard access list name Mode User Exec and Privileged Exec Example To show the ipv6 access list specified with the name acl_name use the following command awplus show ipv6 access list standard acl_name Output Figure 25 1 Example output from the show ipv6 access list standard command Related Commands ipv6 access list extended named ipv6 access list extended IP ...

Page 960: ...nd Configuration Guide Command List class on page 946 class map on page 947 clear mls qos interface policer counters on page 948 default action on page 949 description QoS policy map on page 950 egress rate limit on page 951 match access group on page 952 match cos on page 954 match dscp on page 955 match eth format protocol on page 956 match inner cos on page 959 match inner vlan on page 960 matc...

Page 961: ...et ip next hop PBR on page 982 show class map on page 983 show mls qos on page 984 show mls qos interface on page 985 show mls qos interface policer counters on page 988 show mls qos interface queue counters on page 990 show mls qos interface storm status on page 991 show mls qos maps cos queue on page 992 show mls qos maps premark dscp on page 993 show policy map on page 994 storm action on page ...

Page 962: ...tion on class maps and policy maps see the the QoS Feature Overviewand Configuration Guide If your class map does not exist you can create it by using the class map command Syntax class name default no class name Mode Policy Map Configuration Example The following example creates the policy map pmap1 using the policy map command then associates this to an already existing class map named cmap1 use...

Page 963: ...ass map Overview Use this command to create a class map Use the no variant of this command to delete the named class map Syntax class map name no class map name Mode Global Configuration Example This example creates a class map called cmap1 use the commands awplus configure terminal awplus config class map cmap1 awplus config cmap Parameter Description name Name of the class map to be created ...

Page 964: ...p or you can clear all class maps by not specifying a class map Syntax clear mls qos interface port policer counters class map class map Mode Privileged Exec Example To reset the policy counters to zero for all class maps for port1 0 1 use the command awplus clear mls qos interface port1 0 1 policer counters Related Commands show mls qos interface policer counters Parameter Description port The po...

Page 965: ...s command to reset to the default action of permit Syntax default action permit deny send to cpu copy to cpu copy to mirror send to mirror no default action Default The default is permit Mode Policy Map Configuration Examples To set the action for the default class map to deny use the command awplus config pmap default action deny To set the action for the default class map to copy to mirror for u...

Page 966: ...licy map Overview Adds a textual description of the policy map This can be up to 80 characters long Use the no variant of this command to remove the current description from the policy map Syntax description line no description Mode Policy Map Configuration Example To add the description VOIP traffic use the command awplus config pmap description VOIP traffic Parameter Description line Up to 80 ch...

Page 967: ... configure terminal awplus config interface port1 0 1 awplus config if egress rate limit 64k Egress rate limit has been set to 64 Kb To disable egress rate limiting on a port use the commands awplus configure terminal awplus config interface port1 0 1 awplus config if no egress rate limit Parameter Description bandwidth Bandwidth 1 10000000 units per second usable units k m g The egress rate limit...

Page 968: ... the access list matching only to incoming data packets Examples Toconfigureaclass mapnamedcmap1withonematchcriterion access list 3001 which allows IP traffic from any source to any destination use the commands awplus configure terminal awplus config access list 3001 permit ip any any awplus config class map cmap1 awplus config cmap match access group 3001 Toconfigureaclass mapnamedcmap2withonemat...

Page 969: ...DS MATCH ACCESS GROUP Toconfigureaclass mapnamedcmap3withonematchcriterion access list hw_acl which allows IP traffic from any source to any destination use the commands awplus configure terminal awplus config access list hardware hw_acl awplus config ip hw acl permit ip any any awplus config class map cmap3 awplus config cmap match access group hw_acl Related Commands class map ...

Page 970: ...st incoming packets Use the no variant of this command to remove CoS Syntax match cos 0 7 no match cos Mode Class Map Configuration Examples To set the class map s CoS to 4 use the commands awplus configure terminal awplus config class map cmap1 awplus config cmap match cos 4 To remove CoS from a class map use the commands awplus configure terminal awplus config class map cmap1 awplus config cmap ...

Page 971: ...dscp Mode Class Map Configuration Usage Use the match dscp command to define the match criterion after creating a class map Examples To configure a class map named cmap1 with criterion that matches DSCP 56 use the commands awplus configure terminal awplus config class map cmap1 awplus config cmap match dscp 56 To remove a previously defined DSCP from a class map named cmap1 use the commands awplus...

Page 972: ...hii tagged EthII Tagged Packets enter the parameter name ethii untagged EthII Untagged Packets enter the parameter name ethii any EthII Tagged or Untagged Packets enter the parameter name netwareraw tagged Netware Raw Tagged Packets enter the parameter name netwareraw untagged Netware Raw Untagged Packets enter the parameter name snap tagged SNAP Tagged Packets enter the parameter name snap untagg...

Page 973: ...number xns compat Protocol Number 0807 enter the parameter name or its number banyan systems Protocol Number 0BAD enter the parameter name or its number bbn simnet Protocol Number 5208 enter the parameter name or its number dec mop dump ld Protocol Number 6001 enter the parameter name or its number dec mop rem cdons Protocol Number 6002 enter the parameter name or its number dec decnet Protocol Nu...

Page 974: ...ure terminal awplus config class map cmap1 awplus config cmap no match eth format protocol appletalk Protocol Number 809B enter the parameter name or its number ibm sna Protocol Number 80D5 enter the parameter name or its number appletalk aarp Protocol Number 80F3 enter the parameter name or its number snmp Protocol Number 814CV ethertalk 2 Protocol Number 809B enter the parameter name or its numb...

Page 975: ... the no variant of this command to remove CoS Syntax match inner cos 0 7 no match inner cos Mode Class Map Configuration Examples To set the class map s inner cos to 4 use the commands awplus configure terminal awplus config class map cmap1 awplus config cmap match inner cos 4 To remove CoS from the class map use the commands awplus configure terminal awplus config class map cmap1 awplus config cm...

Page 976: ...ation Usage This command is used in double tagged networks to match on a VLAN ID belonging to the client network For more information on VLAN double tagged networks see the VLAN Feature Overview and Configuration Guide Examples To configure a class mapnamedcmap1to matchtraffic frominner VLAN3 use the commands awplus configure terminal awplus config class map cmap1 awplus config cmap match inner vl...

Page 977: ...ence values as match criteria Use the no variant of this command to remove IP precedence values from a class map Syntax match ip precedence 0 7 no match ip precedence Mode Class Map Configuration Example To configure a class map named cmap1 to match all IPv4 packets with a precedence value of 5 use the commands awplus configure terminal awplus config class map cmap1 awplus config cmap match ip pre...

Page 978: ...entry Syntax match mac type l2bcast l2mcast l2ucast no match mac type Mode Class Map Configuration Examples To set the class map s MAC type to Layer 2 multicast use the commands awplus configure terminal awplus config class map cmap1 awplus config cmap match mac type l2mcast To remove the class map s MAC type entry use the commands awplus configure terminal awplus config class map cmap1 awplus con...

Page 979: ...gs for a class map to match on Syntax match tcp flags ack fin psh rst syn urg no match tcp flags ack fin rst syn urg Mode Class Map Configuration Examples To set the class map s TCP flags to ack and syn use the commands awplus configure terminal awplus config class map awplus config cmap match tcp flags ack syn To remove the TCP flags ack and rst use the commands awplus configure terminal awplus c...

Page 980: ...he VLAN ID used as match criteria Syntax match vlan 1 4094 no match vlan Mode Class Map Configuration Examples To configure a class map named cmap1 to include traffic from VLAN 3 use the commands awplus configure terminal awplus config class map cmap1 awplus config cmap match vlan 3 To disable the configured VLAN ID as a match criteria for the class map named cmap1 use the commands awplus configur...

Page 981: ...f this command to return the interface to the default CoS setting for untagged frames entering the interface Syntax mls qos cos 0 7 no mls qos cos Default By default all untagged frames are assigned a CoS value of 0 Note that for tagged frames the default behavior is not to alter the CoS value Mode Interface Configuration Example To assign a CoS user priority value of 2 to all untagged packets ent...

Page 982: ...h or stack Use the no variant of this command to globally disable QoS and remove all QoS configuration The no variant of this command removes all class maps policy maps and policers that have been created Running the no mls qos command will therefore remove all pre existing QoS configurations on the switch Mode Global Configuration Syntax mls qos enable no mls qos Example To enable QoS on the swit...

Page 983: ...s queue map back to its default setting The default mappings for this command are Syntax mls qos map cos queue cos priority to queue number no mls qos map cos queue Mode Global Configuration Examples To map CoS 2 to queue 0 use the command awplus configure terminal awplus config mls qos map cos queue 2 to 0 To set the cos queue map back to its defaults use the command awplus configure terminal awp...

Page 984: ...ation Usage With the trust dscp command set this command mls qos map premark dscp enables you to make the following changes remap the DSCP leaving the other settings unchanged remap any or all of CoS outputqueue or bandwidth class values leaving the DSCP unchanged NOTE If you attempt to remap both the DSCP and another setting only the DSCP remap will take effect Parameter Description premark dscp ...

Page 985: ...S MAP PREMARK DSCP TO Example To set the entry for DSCP 1 to use a new DSCP of 2 a new CoS of 3 and a new bandwidth class of yellow use the command awplus configure terminal awplus config mls qos map premark dscp 1 to new dscp 2 new cos 3 new bandwidth class yellow Example To reset the entry for DSCP 1 use the command awplus configure terminal awplus config no mls qos map premark dscp 1 ...

Page 986: ...e Overview Use this command to disable any policer previously configured on the class map Syntax no police Mode Policy Map Class Configuration Usage This command disables any policer previously configured on the class map Example To disable policing on a class map use the command awplus configure terminal awplus config policy map name awplus config pmap class classname awplus config pmap c no poli...

Page 987: ...ackets classed as red are discarded NOTE This command will not take effect when applied to a class map that attaches to a channel group whose ports span processor instances Note that the remark map does not only apply to red traffic If a remark map is configured on the same class map as the policer then the remark map will apply Parameter Description cir Specify the Committed Information Rate CIR ...

Page 988: ...raffic So the action parameter only applies to red colored traffic If action is set to drop red then red traffic is dropped if action is set to remark transmit then the red traffic has the action of the remark map applied to it and is then transmitted Example To configure a single rate meter measuring traffic of 10 Mbps that drops a sustained burst of traffic over this rate use the commands awplus...

Page 989: ... as red will be discarded Parameter Description cir Specify the Committed Information Rate CIR 1 40000000 kbps pir Specify the Peak Information Rate PIR 1 40000000 kbps cbs Specify the Committed Burst Size CBS 0 16777216 bytes pbs Specify the Peak Burst Size PBS 0 16777216 bytes action Specify the action if rate is exceeded drop red Drop the red packets remark transmit Modify the packets using the...

Page 990: ...lue configured on the action parameter of the policer So even if action is configured to drop red the remark map will be applied to green and yellow traffic So the action parameter only applies to red colored traffic If action is set to drop red then red traffic is dropped if action is set to remark transmit then the red traffic has the action of the remark map applied to it and is then transmitte...

Page 991: ... policy map and to enter Policy Map Configuration mode to configure the specified policy map Use the no variant of this command to delete an existing policy map Syntax policy map name no policy map name Mode Global Configuration Example To create a policy map called pmap1 use the commands awplus configure terminal awplus config policy map pmap1 awplus config pmap Related Commands class map Paramet...

Page 992: ...rr queue weight queues command You can then use the priority queue command to reset the selected queues to priority queuing Note that the emptying sequence for priority queuing is always highest queue number to lowest queue number Example To apply priority based scheduling to egress queues 1 and 2 use the commands awplus configure terminal awplus config interface port1 0 1 awplus config if priorit...

Page 993: ...sses are reset to their defaults Syntax remark map bandwidth class green yellow red to new dscp 0 63 new bandwidth class green yellow red no remark map bandwidth class green yellow red to new dscp 0 63 new bandwidth class green yellow red Mode Policy Map Class Configuration Examples To remark the policed green traffic to a new DSCP of 2 and a new bandwidth class of yellow use the commands awplus c...

Page 994: ...P of 2 use the commands awplus configure terminal awplus config policy map pmap1 awplus config pmap class cmap1 awplus config pmap c remark map bandwidth class green to new dscp 2 To reset the DSCP for all bandwidth classes use the commands awplus configure terminal awplus config policy map pmap1 awplus config pmap class cmap1 awplus config pmap c no remark map to new dscp Related Commands police ...

Page 995: ...rnal external both no remark new cos internal external both Mode Policy Map Class Configuration Usage The default CoS to Queue mappings are shown in the following table The relationship between this command and the CoS to queue map is shown in the following figure Parameter Description 0 7 The new value for the CoS flag and or the input into the CoS to queue map external Remarks the CoS flag in th...

Page 996: ...s input from the Existing CoS value With the remark new cos command set to internal or both the queue mapping takes its input from the value set by the command remark new cos Note that although the CoS to Queue map applies to the whole switch the remark new cos command applies per individual class map Existing CoS value New CoS internal Egress queue value CoSValue Egress Queue 0 2 1 3 5 6 7 4 2 1 ...

Page 997: ...d to remove a policy map and interface association Syntax service policy input policy map no service policy input policy map Mode Interface Configuration Usage This command can be applied to switch ports or static channel groups but not to dynamic LACP channel groups Example To apply a policy map named pmap1 to interface port1 0 2 use the commands awplus configure terminal awplus config interface ...

Page 998: ...raffic will be conventionally routed according to the rules set for the default class providing that this is not subject to the set ip next hop PBR The situation becomes a little more complex where the traffic requiring normal routing is a subset of the traffic to be policy routed In this situation the policy map would need to contain one or more classes that match the requirement for normal routi...

Page 999: ...y the QoS class maps criteria for classifying traffic Syntax show class map class map name Mode User Exec and Privileged Exec Example To display a QoS class map s match criteria for classifying traffic use the command awplus show class map cmap1 Output Figure 26 2 Example output from the show class map command Related Commands class map Parameter Description class map name Name of the class map CL...

Page 1000: ...S SHOW MLS QOS show mls qos Overview Use this command to display whether QoS is enabled or disabled on the switch Syntax show mls qos Mode User Exec and Privileged Exec Example To display whether QoS is enabled or disabled use the command awplus show mls qos Output Figure 26 3 Example output from the show mls qos command Related Commands mls qos enable awplus show mls qos Enable ...

Page 1001: ...s interface Overview Displays the current settings for the interface This includes its default CoS and queue scheduling used for each queue and any policies maps that are attached Syntax show mls qos interface port Mode User Exec and Privileged Exec Example To display current CoS and queue settings for interface port1 0 1 use the command awplus show mls qos interface port1 0 1 Parameter Descriptio...

Page 1002: ...it 12 Egress Rate Limit 0 Kb Egress Queue 3 Status Enabled Scheduler Wrr Group 2 Weight 10 Queue Limit 12 Egress Rate Limit 0 Kb Egress Queue 4 Status Enabled Scheduler Wrr Group 1 Weight 10 Queue Limit 12 Egress Rate Limit 0 Kb Egress Queue 5 Status Enabled Scheduler Strict Priority Queue Limit 12 Egress Rate Limit 0 Kb Egress Queue 6 Status Enabled Scheduler Strict Priority Queue Limit 12 Egress...

Page 1003: ...e X Number of this egress queue Status Queue can either be enabled or disabled Scheduler The scheduling mode being used for servicing the transmission of packets on this port Queue Limit The percentage of the port s buffers that have been allocated to this queue Egress Rate Limit The amount of traffic that can be transmitted via this queue per second 0 Kb means there is currently no rate limiting ...

Page 1004: ...marked Red but are not dropped and is shown with a value of 0 for the Dropped field and a non 0 value for the Red Bytes field Syntax show mls qos interface port policer counters class map class map Mode User Exec and Privileged Exec Usage Note that the hardware does not record distinct counters for the number of Green or Yellow bytes so the field marked Green Yellow is the summation of bytes that ...

Page 1005: ...edWare Plus Operating System Version 5 4 5 0 x QOS COMMANDS SHOW MLS QOS INTERFACE POLICER COUNTERS This output shows a policer configured with remarking through action remark transmit so although bytes are marked as Red none are dropped Therefore the Non dropped Bytes field shows a summation of Green Yellow and Red bytes ...

Page 1006: ...ress queues Syntax show mls qos interface port queue counters queue 0 7 Mode User Exec and Privileged Exec Example To show the counters for all queues on port1 0 1 use the command awplus show mls qos interface port1 0 1 queue counters Output Figure 26 6 Example output from the show mls qos interface queue counters command Parameter Description port Switch port 0 7 Queue Interface port1 0 4 Queue C...

Page 1007: ...erface port storm status Mode User Exec and Privileged Exec Example To see the QSP status on port1 0 1 use command awplus show mls qos interface port1 0 1 storm status Output Figure 26 7 Example output from the show mls qos interface storm status command Related Commands storm action storm downtime storm protection storm rate storm window Parameter Description port Switch port Interface port1 0 1 ...

Page 1008: ...queue Overview Show the current configuration of the cos queue map Syntax show mls qos maps cos queue Mode User Exec and Privileged Exec Example To display the current configuration of the cos queue map use the command awplus show mls qos maps cos queue Output Figure 26 8 Example output from the show mls qos maps cos queue command Related Commands mls qos map cos queue to COS TO QUEUE MAP COS 0 1 ...

Page 1009: ... s class map to replace the DSCP CoS and or bandwidth class of a packet matching the class map based on a lookup DSCP value Syntax show mls qos maps premark dscp 0 63 Mode User Exec and Privileged Exec Example To display the premark dscp map for DSCP 1 use the command awplus show mls qos maps premark dscp 1 Output Figure 26 9 Example output from the show mls qos maps premark dscp command Related C...

Page 1010: ...port attached detached and shows their associated class maps Syntax show policy map name Mode User Exec and Privileged Exec Example To display a listing of the policy maps configured on the switch use the command awplus show policy map Output Figure 26 10 Example output from the show policy map command Related Commands service policy input Parameter Description name The name of a specific policy m...

Page 1011: ...orm action command Syntax storm action portdisable vlandisable linkdown no storm action Mode Policy Map Class Configuration Examples To apply the storm protection of vlandisable to the policy map named pmap2 and the class map named cmap1 use the following commands awplus configure terminal awplus config policy map pmap2 awplus config pmap class cmap1 awplus config pmap c storm action vlandisable T...

Page 1012: ...time to the default value of 10 seconds Syntax storm downtime 1 86400 no storm downtime Default 10 seconds Mode Policy Map Class Configuration Examples To re enable the port in 1 minute use the following commands awplus configure terminal awplus config policy map pmap2 awplus config pmap class cmap1 awplus config pmap c storm downtime 60 To re set the port to the default 10 seconds use the followi...

Page 1013: ...window have been set The no variant of this command disables Policy Based Storm Protection Syntax storm protection no storm protection Default By default storm protection is disabled Mode Policy Map Class Configuration Examples To enable QSP on cmap2 in pmap2 use the following commands awplus configure terminal awplus config policy map pmap2 awplus config pmap class cmap2 awplus config pmap c stor...

Page 1014: ...rm rate 1 40000000 no storm rate Default No default Mode Policy Map Class Configuration Usage This setting is made in conjunction with the storm window command Examples To limit the data rate to 100Mbps use the following commands awplus configure terminal awplus config policy map pmap2 awplus config pmap class cmap2 awplus config pmap c storm rate 100000 To negate the limit set previously use the ...

Page 1015: ...0 no storm window Default No default Mode Policy Map Class Configuration Usage This command should be set in conjunction with the storm rate command Examples To set the QSP window size to 5000 ms use the following commands awplus configure terminal awplus config policy map pmap2 awplus config pmap class cmap2 awplus config pmap c storm window 5000 To negate the QSP window size set previously use t...

Page 1016: ... selected class map QoS components of the packet existing either at ingress or applied by the class map will pass unchanged Syntax trust dscp no trust Mode Policy Map Configuration Because policy maps are applied to ports you can think of trust dscp as a per port setting Examples To enable the premark dscp map lookup for policy map pmap1 use the commands awplus configure terminal awplus config pol...

Page 1017: ...t traffic Syntax wrr queue disable queues 0 1 2 3 4 5 6 7 no wrr queue disable queues 0 1 2 3 4 5 6 7 Mode Interface Configuration Examples To disable queue 1 from transmitting traffic use the commands awplus configure terminal awplus config interface port1 0 1 awplus config if wrr queue disable queues 1 To enable queue 1 to transmit traffic use the commands awplus configure terminal awplus config...

Page 1018: ...ied The minimum is 651Kb Syntax wrr queue egress rate limit bandwidth queues 0 1 2 3 4 5 6 7 no wrr queue egress rate limit bandwidth queues 0 1 2 3 4 5 6 7 Mode Interface Configuration Example To limit the egress rate of queues 0 1 and 2 use the commands awplus configure terminal awplus config interface port1 0 1 awplus config if wrr queue egress rate limit 500M queues 0 1 2 Related Commands show...

Page 1019: ...es for example awplus config interface port1 0 2 You cannot apply weighted round robin based scheduling to static aggregated interfaces for example awplus config interface sa2 Attempting to apply weighted round robin based scheduling on aggregated interfaces will display the console error shown below awplus configure terminal awplus config interface sa2 awplus config if wrr queue weight Invalid in...

Page 1020: ...e 1006 dot1x eapol version on page 1007 dot1x initialize interface on page 1008 dot1x initialize supplicant on page 1009 dot1x keytransmit on page 1010 dot1x max auth fail on page 1011 dot1x max reauth req on page 1013 dot1x port control on page 1014 dot1x timeout tx period on page 1016 show debugging dot1x on page 1017 show dot1x on page 1018 show dot1x diagnostics on page 1021 show dot1x interfa...

Page 1021: ... Configuration Usage This command without any parameters turns on normal 802 1X debug information awplus debug dot1x awplus show debugging dot1x Examples awplus debug dot1x awplus debug dot1x all Related Commands show debugging dot1x undebug dot1x Parameter Description all Used with the no variant of this command exclusively turns off all debugging for 802 1X auth web Specifies debugging for 802 1...

Page 1022: ...e direction of the filter to both The port will then discard both ingress and egress traffic Syntax dot1x control direction in both no dot1x control direction Default The authentication port direction is set to both by default Mode Interface Configuration for a static channel a dynamic LACP channel group or a switch port Example s To set the port direction to the default both for port1 0 2 use the...

Page 1023: ... all ports on the switch use the commands awplus configure terminal awplus config dot1x eap forward To set the transmit mode of EAP packet to discard to discard EAP packets use the commands awplus configure terminal awplus config dot1x eap discard To set the transmit mode of EAP packet to forward untagged vlan to forward EAP packets to ports with the same untagged vlan use the commands awplus conf...

Page 1024: ...sion 1 2 no dot1x eapol version Default The EAP version for 802 1X authentication is set to 1 by default Mode Interface Configuration for a static channel a dynamic LACP channel group or a switch port Examples To set the EAPOL protocol version to 2 for port1 0 2 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if dot1x eapol version 2 To set the EAPOL prot...

Page 1025: ...cation on the interface port1 0 2 use the command awplus dot1x initialize interface port1 0 2 To unauthorize switch port1 0 1 and attempt reauthentication on switch port1 0 1 use the command awplus dot1x initialize interface port1 0 1 To unauthorize all switch ports for a 24 port device and attempt reauthentication use the command awplus dot1x initialize interface port1 0 1 port1 0 24 Validation C...

Page 1026: ...zationattemptisnottriggeredbythiscommand Theattemptistriggered by the first packet from the supplicant trying to access the network resources Syntax dot1x initialize supplicant macadd username Mode Privileged Exec Example To initialize the supplicant authentication use the commands awplus configure terminal awplus config dot1x initialize supplicant 0090 99ab a020 awplus config dot1x initialize sup...

Page 1027: ...for a static channel a dynamic LACP channel group or a switch port Usage Use this command to enable key transmission over an Extensible Authentication Protocol EAP packet between the authenticator and supplicant Use the no variant of this command to disable key transmission Examples To enable the key transmit feature on interface port1 0 2 after it has been disabled by negation use the commands aw...

Page 1028: ...his command sets the maximum number of login attempts for supplicants on an interface The supplicant is moved to the auth fail VLAN from the Guest VLAN after the number of failed login attempts using 802 1X authentication is equal to the number set with this command See the Authentication Feature Overview and Configuration Guide for information about the auth fail VLAN feature and restrictions reg...

Page 1029: ...h Power Video Surveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x 802 1X COMMANDS DOT1X MAX AUTH FAIL Validation Commands show running config Related Commands auth auth fail vlan dot1x max reauth req show dot1x interface ...

Page 1030: ... a dynamic LACP channel group or a switch port Usage Use this command to set the maximum reauthentication attempts after failure Examples To configure the maximum number of reauthentication attempts for interface port1 0 2 to a single 1 reauthentication request use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if dot1x max reauth req 1 To configure the maxi...

Page 1031: ...ration for a static channel a dynamic LACP channel group or a switch port Usage Use this command to force a port state Note that all dot1x commands can only be applied to switch ports They cannot be applied to dynamic LACP or static channel groups Examples To enable port authentication on the interface port1 0 2 use the commands awplus configure terminal awplus config interface port1 0 2 awplus co...

Page 1032: ...Plus Operating System Version 5 4 5 0 x 802 1X COMMANDS DOT1X PORT CONTROL To disable port authentication on the interface port1 0 2 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if no dot1x port control Validation Commands show dot1x interface Related Commands aaa authentication dot1x ...

Page 1033: ...mit period for port authentication is 30 seconds Mode Interface Configuration for a static channel a dynamic LACP channel group or a switch port Usage Use this command to set the interval between successive attempts to request an ID Examples To set the transmit timeout period to 5 seconds on interface port1 0 2 use the commands awplus configure terminal awplus config interface port1 0 2 awplus con...

Page 1034: ...nd saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging dot1x Mode User Exec and Privileged Exec Usage This is a sample output from the show debugging dot1x command awplus debug dot1x awplus show debugging dot1x Example awplus show debugging dot1x Related Commands debug dot1x 802 1X debu...

Page 1035: ...on If you specify the optional all parameter then this command also displays all authentication information for each port available on the switch For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show dot1x all Mode Privileged Exec Example awplus show dot1x all Param...

Page 1036: ...erface port1 0 6 portEnabled true portControl Auto portStatus Authorized reAuthenticate disabled reAuthPeriod 3600 PAE quietPeriod 60 maxReauthReq 2 txPeriod 30 PAE connectTimeout 30 BE suppTimeout 30 serverTimeout 30 CD adminControlledDirections in KT keyTxEnabled false critical disabled guestVlan disabled dynamicVlanCreation single dynamic vlan assignFailActionRule deny hostMode multi supplicant...

Page 1037: ...goff Frames Rx 0 EAP Rsp Id Frames Rx 3 EAP Response Frames Rx 2 EAP Req Id Frames Tx 8 EAP Request Frames Tx 2 Invalid EAPOL Frames Rx 0 EAP Length Error Frames Rx 0 EAPOL Last Frame Version Rx 1 EAPOL Last Frame Src 00d0 59ab 7037 Authentication session statistics for interface port1 0 6 session user name manager session authentication method Remote server session time 19440 secs session termina...

Page 1038: ...d with AlliedWare Plus Feature Overview and Configuration Guide Syntax show dot1x diagnostics interface interface list Mode Privileged Exec Example See the sample output below showing 802 1X authentication diagnostics for port1 0 5 awplus show dot1x diagnostics interface port1 0 5 Parameter Description interface Specify a port to show interface list The interfaces or ports to configure An interfac...

Page 1039: ...stics for interface port1 0 5 Supplicant address 00d0 59ab 7037 authEnterConnecting 2 authEaplogoffWhileConnecting 1 authEnterAuthenticating 2 authSuccessWhileAuthenticating 1 authTimeoutWhileAuthenticating 1 authFailWhileAuthenticating 0 authEapstartWhileAuthenticating 0 authEaplogoggWhileAuthenticating 0 authReauthsWhileAuthenticated 0 authEapstartWhileAuthenticated 0 authEaplogoffWhileAuthentic...

Page 1040: ...plicant state for the specified interfaces For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show dot1x interface interface list diagnostics sessionstatistics statistics supplicant brief Mode Privileged Exec Parameter Description interface list The interfaces or port...

Page 1041: ...tControl Auto portStatus Authorized reAuthenticate disabled reAuthPeriod 3600 PAE quietPeriod 60 maxReauthReq 2 txPeriod 30 PAE connectTimeout 30 BE suppTimeout 30 serverTimeout 30 CD adminControlledDirections in KT keyTxEnabled false critical disabled guestVlan disabled dynamicVlanCreation single dynamic vlan assignFailActionRule deny hostMode multi supplicant maxSupplicant 1024 dot1x enabled pro...

Page 1042: ...rtWhileAuthenticating 0 authEaplogoggWhileAuthenticating 0 authReauthsWhileAuthenticated 0 authEapstartWhileAuthenticated 0 authEaplogoffWhileAuthenticated 0 BackendResponses 2 BackendAccessChallenges 1 BackendOtherrequestToSupplicant 3 BackendAuthSuccess 1 awplus show dot1x interface port1 0 6 supplicant authenticationMethod dot1x totalSupplicantNum 1 authorizedSupplicantNum 1 macBasedAuthenticat...

Page 1043: ...nterface Parameter Description portEnabled Interface operational status Up true down false portControl Current control status of the port for 802 1X control portStatus 802 1X status of the port authorized unauthorized reAuthenticate Reauthentication enabled disabled status on port reAuthPeriod Value holds meaning only if reauthentication is enabled abort Indicates that authentication should be abo...

Page 1044: ...meout Server timeout maxReq Maximum requests to be sent CD Controlled Directions State machine adminControlledDi r ections Administrative value Both In operControlledDir e ctions Operational Value Both In KR Key receive state machine rxKey True when EAPOL Key message is received by supplicant or authenticator false when key is transmitted KT Ket Transmit State machine keyAvailable False when key h...

Page 1045: ...le See sample output below showing 802 1X dot1x authentication session statistics for port1 0 6 awplus show dot1x sessionstatistics interface port1 0 6 Parameter Description interface Specify a port to show interface list The interfaces or ports to configure An interface list can be an interface e g vlan2 a switch port e g port1 0 6 a static channel group e g sa2 or a dynamic LACP channel group e ...

Page 1046: ...cation statistics for port1 0 6 awplus show dot1x statistics interface port1 0 6 Parameter Description interface list The interfaces or ports to configure An interface list can be an interface e g vlan2 a switch port e g port1 0 6 a static channel group e g sa2 or a dynamic LACP channel group e g po2 a continuous range of interfaces ports static channel groups or dynamic LACP channel groups separa...

Page 1047: ...witch awplus show dot1x supplicant Parameter Description macadd MAC hardware address of the Supplicant brief Brief summary of the Supplicant state authenticationMethod dot1x totalSupplicantNum 1 authorizedSupplicantNum 1 macBasedAuthenticationSupplicantNum 0 dot1xAuthenticationSupplicantNum 1 webBasedAuthenticationSupplicantNum 0 Supplicant name manager Supplicant address 00d0 59ab 7037 authentica...

Page 1048: ... output is as follows Related Commands show dot1x supplicant interface Interface port1 0 6 authenticationMethod dot1x totalSupplicantNum 1 authorizedSupplicantNum 1 macBasedAuthenticationSupplicantNum 0 dot1xAuthenticationSupplicantNum 1 webBasedAuthenticationSupplicantNum 0 Interface VID Mode MAC Address Status IP Address Username port1 0 6 2 D 00d0 59ab 7037 Authenticated 192 168 2 201 manager I...

Page 1049: ...output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show dot1x supplicant interface interface list brief Mode Privileged Exec Parameter Description interface list The interfaces or ports to configure An interface list can be aninterface e g vlan2 aswitchport e g port1 0 6 a static channel group e g sa2 or a dynamic ...

Page 1050: ... name VCSPCVLAN10 Supplicant address 0000 cd07 7b60 authenticationMethod 802 1X Two Step Authentication firstAuthentication Pass Method mac secondAuthentication Pass Method dot1x portStatus Authorized currentId 3 abort F fail F start F timeout F success T PAE state Authenticated portMode Auto PAE reAuthCount 0 rxRespId 0 PAE quietPeriod 60 maxReauthReq 2 BE state Idle reqCount 0 idFromServer 2 CD ...

Page 1051: ...ot1x interface sa1 supplicant brief Related Commands show dot1x supplicant awplus show dot1x interface sa1 supplicant brief Interface sa1 authenticationMethod dot1x Two Step Authentication firstMethod mac secondMethod dot1x totalSupplicantNum 1 authorizedSupplicantNum 1 macBasedAuthenticationSupplicantNum 0 dot1xAuthenticationSupplicantNum 1 webBasedAuthenticationSupplicantNum 0 otherAuthenticatio...

Page 1052: ...PX High Availability High Power Video Surveillance PoE Switch 1035 AlliedWare Plus Operating System Version 5 4 5 0 x 802 1X COMMANDS UNDEBUG DOT1X undebug dot1x Overview This command applies the functionality of the no variant of the debug dot1x command ...

Page 1053: ...h guest vlan on page 1046 auth host mode on page 1048 auth log on page 1050 auth max supplicant on page 1052 auth reauthentication on page 1053 auth roaming disconnected on page 1054 auth roaming enable on page 1056 auth supplicant mac on page 1058 auth timeout connect timeout on page 1060 auth timeout quiet period on page 1061 auth timeout reauth period on page 1062 auth timeout server timeout on...

Page 1054: ...n page 1087 auth web server mode deleted on page 1088 auth web server page logo on page 1089 auth web server page sub title on page 1090 auth web server page success message on page 1091 auth web server page title on page 1092 auth web server page welcome message on page 1093 auth web server ping poll enable on page 1094 auth web server ping poll failcount on page 1095 auth web server ping poll in...

Page 1055: ...tics on page 1114 show auth mac interface on page 1115 show auth mac sessionstatistics on page 1117 show auth mac statistics interface on page 1118 show auth mac supplicant on page 1119 show auth mac supplicant interface on page 1121 show auth web on page 1122 show auth web diagnostics on page 1124 show auth web interface on page 1126 show auth web sessionstatistics on page 1129 show auth web stat...

Page 1056: ...r and the auth fail vlan feature enables assignment to a different VLAN if a supplicant fails authentication To enable the auth fail vlan feature with Web Authentication you need to set Web Authentication Server virtual IP address by using the auth web server ipaddress command or the auth web server dhcp ipaddress command When using 802 1X port authentication use a dot1x max auth fail command to s...

Page 1057: ...onfiguration Guide For more information about ACL commands see Examples To enable auth fail vlan for port1 0 2and assign VLAN 100 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth auth fail vlan 100 To disable the auth fail vlan feature for port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awp...

Page 1058: ...port feature on the interface Syntax auth critical no auth critical Default The critical port of port authentication is disabled Mode Interface Configuration for a static channel a dynamic LACP channel group or a switch port Examples To enable the critical port feature on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if aut...

Page 1059: ...nd configured VLANs are assigned to ports Dynamic VLANs may be associated with authenticated MAC addresses if the type parameter is applied with the rule parameter The rule parameter deals with the case where there are multiple supplicants attached to a port and the type parameter has been set to single vlan The parameter specifies how the switch should act if different VLAN IDs end up being assig...

Page 1060: ...signed to the MAC address of the authenticated supplicant The VLAN ID assigned for the MAC Base VLAN is displayed using the show platform table vlan command To configure Dynamic Vlan with Web Authentication you need to set Web Authentication Server virtual IP address by using the auth web server ipaddress command or the auth web server dhcp ipaddress command You also need to create a hardware acce...

Page 1061: ...n 5 4 5 0 x AUTHENTICATION COMMANDS AUTH DYNAMIC VLAN CREATION To disable the Dynamic VLAN assignment feature on interface port1 0 2 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if no auth dynamic vlan creation Validation Commands show dot1x show dot1x interface show running config Related Commands auth host mode ...

Page 1062: ...s in multi supplicant mode with per port dynamic VLAN configuration after the first successful authentication subsequent hosts cannot use the guest VLAN due to the change in VLAN ID This may be avoided by using per user dynamic VLAN assignment When using the Guest VLAN feature with the multi host mode a number of supplicants can communicate via a guest VLAN before authentication A supplicant s tra...

Page 1063: ...nd restrictions regarding combinations of authentication enhancements working together Examples To define vlan100 and assign the guest VLAN feature to vlan100 on interface port1 0 2 and enable routing from the guest vlan to other VLANs use the following commands awplus configure terminal awplus config vlan database awplus config vlan vlan 100 awplus config vlan exit awplus config interface port1 0...

Page 1064: ... feature is used all hosts do not need to be authenticated Parameter Description single host Single host mode In this mode only one host may be authorized with the port If other hosts out the interface attempt to authenticate the authenticator blocks the attempt multi host Multi host mode In this mode multiple hosts may be authorized with the port however only one host must be successfully authent...

Page 1065: ... to multi supplicant on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth host mode multi supplicant To set the host mode to default single host on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if no auth host mode Validation Commands show dot1x ...

Page 1066: ...ication failures to the log file for supplicants client devices connected to interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth log auth mac failure Parameter Description dot1x Specify only 802 1X Authentication log messages are output to the log file auth mac Specify only MAC Authentication log messages are output to th...

Page 1067: ...sion 5 4 5 0 x AUTHENTICATION COMMANDS AUTH LOG To configure the logging of all types of authentication log messages to the log file for supplicants client devices connected to interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if no auth log all Validation Commands show running config ...

Page 1068: ...x supplicant 2 1024 no auth max supplicant Default The max supplicant of port authentication is 1024 Mode Interface Configuration for a static channel a dynamic LACP channel group or a switch port Examples To set the maximum number of supplicants to 10 on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth max supplicant ...

Page 1069: ...c or LACP channel group or a switch port Use the no variant of this command to disables reauthentication on the interface Syntax auth reauthentication no auth reauthentication Default Reauthentication of port authentication is disabled by default Mode Interface Configuration for a static channel a dynamic LACP channel group or a switch port Examples To enable reauthentication on interface port1 0 ...

Page 1070: ...een interfaces See the Authentication Feature Overview and Configuration Guide for further information about this feature Syntax auth roaming disconnected no auth roaming disconnected Default The Roaming Authentication disconnected feature is disabled by default on an interface Authentication status for a roaming supplicant is deleted by default when an interface goes down Mode Interface Configura...

Page 1071: ...the commands awplus configure terminal awplus config interface port1 0 2 awplus config if dot1x port control auto awplus config if auth roaming enable awplus config if auth roaming disconnected To disable Roaming Authentication disconnected feature for port1 0 2 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if no auth roaming disconnected Validation Com...

Page 1072: ...oving between interfaces See the Authentication Feature Overview and Configuration Guide for further information about this feature Syntax auth roaming enable no auth roaming enable Default The Roaming Authentication enable feature is disabled by default on an interface Authentication status for a roaming supplicant is deleted by default when an interface goes down Mode Interface Configuration for...

Page 1073: ...hod is required use the following commands awplus configure terminal awplus config interface port1 0 4 awplus config if dot1x port control auto awplus config if auth roaming enable To disable Roaming Authentication enable for port1 0 4 use the following commands awplus configure terminal awplus config interface port1 0 4 awplus config if no auth roaming enable Validation Commands show running conf...

Page 1074: ...tion Parameter Description mac addr MAC hardware address of the Supplicant entry in HHHH HHHH HHHH MAC address hexadecimal format port control Port control commands auto Allow port client to negotiate authentication force authorized Force port state to authorized force unauthorized Force port state to unauthorized skip second auth Skip the second authentication quiet period Quiet period in the HEL...

Page 1075: ... authorized port control for interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth supplicant mac 0009 41A4 5943 port control force authorized To delete the supplicant MAC address 0009 41A4 5943 for interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if no...

Page 1076: ... switch port Usage This command is used for MAC and Web Authentication If the connect timeout has lapsed and the supplicant has the state connecting then the supplicant is deleted When auth web server session keep or auth two step enableis enabled we recommend you configure a longer connect timeout period Examples To set the connect timeout period to 3600 for interface port1 0 2 use the following ...

Page 1077: ... default 60 seconds Syntax auth timeout quiet period 1 65535 no auth timeout quiet period Default The quiet period of port authentication is 60 seconds Mode Interface Configuration for a static channel a dynamic LACP channel group or a switch port Examples To set the quiet period to 10 for interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 aw...

Page 1078: ...th timeout reauth period Default The default reauthentication period for port authentication is 3600 seconds when reauthentication is enabled on the port Mode Interface Configuration for a static channel a dynamic LACP channel group or a switch port Examples To set the reauthentication period to 1 day for interface port1 0 2 use the following commands awplus configure terminal awplus config interf...

Page 1079: ...rver timeout Default The server timeout for port authentication is 30 seconds Mode Interface Configuration for a static channel a dynamic LACP channel group or a switch port Examples To set the server timeout to 120 seconds for interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth timeout server timeout 120 To set the serve...

Page 1080: ...out supp timeout Default The supplicant timeout of port authentication is 30 seconds Mode Interface Configuration for a static channel a dynamic LACP channel group or a switch port Examples To set the server timeout to 2 seconds for interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth timeout supp timeout 2 To reset the se...

Page 1081: ... Default Mode Interface Configuration for a port Usage Thesinglestepauthenticationmethods eitheruserordeviceauthentication have a potential security risk an unauthorized user can access the network with an authorized device or an authorized user can access the network with an unauthorized device Two step authentication solves this problem by authenticating both the user and the device The supplica...

Page 1082: ... enable MAC Authentication followed by Web Authentication use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if switchport mode access awplus config if auth mac enable awplus config if auth web enable awplus config if auth dynamic vlan creation awplus config if auth two step enable To enable 802 1X Authentication followed by Web Authentication use ...

Page 1083: ...edWare Plus Operating System Version 5 4 5 0 x AUTHENTICATION COMMANDS AUTH TWO STEP ENABLE Related Commands show auth two step supplicant brief show auth mac show auth mac interface show auth mac supplicant show auth web show auth web interface show auth web supplicant show dot1x show dot1x interface show dot1x supplicant ...

Page 1084: ...portstatechanges which does not happen when spanning tree edgeport is enabled Note that re authentication is correct behavior without spanning tree edgeport enabled Applying switchport mode access on ports is also good practice to set the ports to access mode with ingress filtering turned on whenever ports for MAC Authentication are in a VLAN Examples To enable MAC Authentication on interface port...

Page 1085: ... High Power Video Surveillance PoE Switch 1069 AlliedWare Plus Operating System Version 5 4 5 0 x AUTHENTICATION COMMANDS AUTH MAC ENABLE Related Commands aaa accounting auth mac default aaa authentication auth mac spanning tree edgeport RSTP and MSTP switchport mode access ...

Page 1086: ...mac method eap md5 pap no auth mac method Default The MAC Authentication method is PAP Mode Interface Configuration for a static channel a dynamic LACP channel group or a switch port Examples To set the MAC Authentication method to pap on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth mac method pap To set the MAC Au...

Page 1087: ... for an attacker to discover This is particularly important if some MAC based supplicants on the network are intelligent devices such as computers and or you are using two step authentication see the Ensuring Authentication Methods Require Different Usernames and Passwords section of the Authentication Feature Overview and Configuration Guide Examples To change the password to verySecurePassword u...

Page 1088: ...mac reauth relearning no auth mac reauth relearning Default Re learning for port authentication is disabled by default Mode Interface Configuration for a static channel a dynamic LACP channel group or a switch port Examples To enable the re authentication re learning feature on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config ...

Page 1089: ... using the service dhcp snooping command and vice versa You need to configure an IPv4 address for the VLAN interface on which Web Authentication is running Examples To enable Web Authentication on static channel group 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if static channel group 2 awplus config if exit awplus config interface sa2 awp...

Page 1090: ...5 udp 1 65535 Default Packet forwarding for port authentication is disabled by default Mode Interface Configuration for a static channel a dynamic LACP channel group or a switch port Usage For more information about the ip address parameter and an example see the auth web forward section in the Alliedware Plus Technical Tips and Tricks Examples To enable the ARP forwarding feature on interface por...

Page 1091: ...ode access awplus config if auth web enable awplus config if auth dynamic vlan creation awplus config if auth web forward 192 168 1 10 dns To disable the ARP forwarding feature on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if no auth web forward arp To delete the TCP forwarding port 137 on interface port1 0 2 use the fol...

Page 1092: ...ult three authentication failures Syntax auth web max auth fail 0 10 no auth web max auth fail Default The max auth fail lock counter is set to three authentication failures by default Mode Interface Configuration for a static channel a dynamic LACP channel group or a switch port Examples To set the lock count to 5 on interface port1 0 2 use the following commands awplus configure terminal awplus ...

Page 1093: ...tion is also used with the RADIUS authentication method Syntax auth web method eap md5 pap no auth web method Default The Web Authentication method is set to PAP by default Mode Interface Configuration for a static channel a dynamic LACP channel group or a switch port Example To set the Web Authentication method to eap md5 on interface port1 0 2 use the following commands awplus configure terminal...

Page 1094: ...on server Syntax auth web server blocking mode no auth web server blocking mode Default By default blocking mode is disabled for the Web Authentication server Mode Global Configuration Example To enable blocking mode for the Web Authentication server use the following commands awplus configure terminal awplus config auth web server blocking mode To disable blocking mode for the Web Authentication ...

Page 1095: ...ation server is set by default Mode Global Configuration Usage See the Authentication Feature Overview and Configuration Guide for information about using DHCP with web authentication and restrictions regarding combinations of authentication enhancements working together Examples To assign the IP address 10 0 0 1 to the Web Authentication server use the following commands awplus configure terminal...

Page 1096: ...onds Mode Global Configuration Usage See the Authentication Feature Overview and Configuration Guide for information about using DHCP with web authentication and restrictions regarding combinations of authentication enhancements working together Examples To set the DHCP lease time to 1 minute for supplicants using the DHCP service on the Web Authentication server use the following commands awplus ...

Page 1097: ... If the supplicant is configured to use WPAD the supplicant s web browser will use TCP port 80 as usual Therefore the packet can be intercepted by Web Authentication as normal and the Web Authentication Login page can be sent However after authentication the browser does not know where to get the WPAD file and so cannot access external web pages The WPAD file is usually named proxy pac file and te...

Page 1098: ...ailability High Power Video Surveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x AUTHENTICATION COMMANDS AUTH WEB SERVER GATEWAY DELETED auth web server gateway deleted Overview This command has been deleted ...

Page 1099: ...b authentication server uses HTTPS protocol the web browser will validate the certificate If the certificate is invalid the web page gives a warning message before displaying server content However the web page will not give warning message if the server has a hostname same as the one stored in the installed certificate Examples To set the auth example com as the hostname of the web authentication...

Page 1100: ...lity High Power Video Surveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x AUTHENTICATION COMMANDS AUTH WEB SERVER HTTP REDIRECT DELETED auth web server http redirect deleted Overview This command has been deleted ...

Page 1101: ...he Web Authentication Login page However if the supplicant is configured to use a web proxy then it will usually be using TCP port 8080 or another user configured port number In this case Web Authentication cannot intercept the connection To overcome this limitation you can now use this command to tell the switch which additional port it should intercept and then send the Web Authentication Login ...

Page 1102: ...address no auth web server ipaddress Default The Web Authentication server address on the system is not set by default Mode Global Configuration Examples To set the IP address 10 0 0 1 to the Web Authentication server use the following commands awplus configure terminal awplus config auth web server ipaddress 10 0 0 1 To delete the IP address from the Web Authentication server use the following co...

Page 1103: ...mmand to delete the set URL Syntax auth web server login url URL no auth web server login url Default The built in login page is set by default Mode Global Configuration Examples To set http example com login html as the login page use the commands awplus configure terminal awplus config auth web server login url http example com login html To unset the login page URL use the commands awplus confi...

Page 1104: ... Availability High Power Video Surveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x AUTHENTICATION COMMANDS AUTH WEB SERVER MODE DELETED auth web server mode deleted Overview This command has been deleted ...

Page 1105: ...eb server page logo auto default hidden no auth web server page logo Default Logo type is auto by default Mode Global Configuration Examples To display the default logo with ignoring installed custom logo use the commands awplus configure terminal awplus config auth web server page logo default To set back to the default logo type auto use the commands awplus configure terminal awplus config no au...

Page 1106: ...den text sub title no auth web server page sub title Default Allied Telesis is displayed by default Mode Global Configuration Examples To set the custom sub title use the commands awplus configure terminal awplus config auth web server page sub title text Web Authentication To hide the sub title use the commands awplus configure terminal awplus config auth web server page sub title hidden To chang...

Page 1107: ...eb server page success message text success message no auth web server page success message Default No success message is set by default Mode Global Configuration Examples To set the success message on the web authentication page use the commands awplus configure terminal awplus config auth web server page success message text Your success message To unset the success message on the web authentica...

Page 1108: ... title Default Web Access Authentication Gateway is displayed by default Mode Global Configuration Examples To set the custom title on the web authentication page use the commands awplus configure terminal awplus config auth web server page title text Login To hide the title on the web authentication page use the commands awplus configure terminal awplus config auth web server page title hidden To...

Page 1109: ...eb server page welcome message text welcome message no auth web server page welcome message Default No welcome message is set by default Mode Global Configuration Examples To set the welcome message on the web authentication page use the commands awplus configure terminal awplus config auth web server page welcome message text Your welcome message To remove the welcome message on the web authentic...

Page 1110: ... the supplicant that is authenticated by Web Authentication Syntax auth web server ping poll enable no auth web server ping poll enable Default The ping polling feature for Web Authentication is disabled by default Mode Global Configuration Examples To enable the ping polling feature for Web Authentication use the following commands awplus configure terminal awplus config auth web server ping poll...

Page 1111: ...count set with this command Use the no variant of this command to resets the fail count for the ping polling feature to the default 5 pings Syntax auth web server ping poll failcount 1 100 no auth web server ping poll failcount Default The default failcount for ping polling is 5 pings Mode Global Configuration Examples To set the failcount of ping polling to 10 pings use the following commands awp...

Page 1112: ... to the default period for ping polling 30 seconds Syntax auth web server ping poll interval 1 65535 no auth web server ping poll interval Default The interval for ping polling is 30 seconds by default Mode Global Configuration Examples To set the interval of ping polling to 60 seconds use the following commands awplus configure terminal awplus config auth web server ping poll interval 60 To set t...

Page 1113: ...t device is received Use the no variant of this command to reset the reauth timer refresh parameter to the default setting disabled Syntax auth web server ping poll reauth timer refresh no auth web server ping poll reauth timer refresh Default The reauth timer refresh parameter is disabled by default Mode Global Configuration Examples To enable the reauth timer refresh timer use the following comm...

Page 1114: ...o variant of this command to reset the timeout of ping polling to the default 1 second Syntax auth web server ping poll timeout 1 30 no auth web server ping poll timeout Default The default timeout for ping polling is 1 second Mode Global Configuration Examples To set the timeout of ping polling to 2 seconds use the command awplus configure terminal awplus config auth web server ping poll timeout ...

Page 1115: ... server port Default The Web Authentication server HTTP port number is set to 80 by default Mode Global Configuration Examples To set the HTTP port number 8080 for the Web Authentication server use the following commands awplus configure terminal awplus config auth web server port 8080 To reset to the default HTTP port number 80 for the Web Authentication server use the following commands awplus c...

Page 1116: ...60 no auth web server redirect delay time Default The default redirect delay time is 5 seconds Mode Global Configuration Examples To set the delay time to 60 seconds for the Web Authentication server use the following commands awplus configure terminal awplus config auth web server redirect delay time 60 To reset the delay time use the following commands awplus configure terminal awplus config no ...

Page 1117: ...tax auth web server redirect url url no auth web server redirect url Default The redirect URL for the Web Authentication server feature is not set by default null Mode Global Configuration Examples To enable and set redirect a URL string www alliedtelesis com for the Web Authentication server use the following commands awplus configure terminal awplus config auth web server redirect url http www a...

Page 1118: ...ult The session keep feature is disabled by default Mode Global Configuration Usage This function doesn t ensure to keep session information in all cases Authenticated supplicant may be redirected to unexpected page when session keep is enabled This issue occurred by supplicant sending HTTP packets automatically after authentication page is displayed and the URL is written Examples To enable the s...

Page 1119: ... Web Authentication server Syntax auth web server ssl no auth web server ssl Default HTTPS functionality for the Web Authentication server feature is disabled by default Mode Global Configuration Examples To enable HTTPS functionality for the Web Authentication server feature use the following commands awplus configure terminal awplus config auth web server ssl To disable HTTPS functionality for t...

Page 1120: ...ailability High Power Video Surveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x AUTHENTICATION COMMANDS AUTH WEB SERVER SSLPORT DELETED auth web server sslport deleted Overview This command has been deleted ...

Page 1121: ...rcept port numbers Use the no variant of this command to delete registered port number Syntax auth web server ssl intercept port 1 65535 no auth web server ssl intercept port 1 65535 Default 443 TCP is registered by default Mode Global Configuration Examples To register HTTPS port number 3128 use the commands awplus configure terminal awplus config auth web server ssl intercept port 3128 To delete...

Page 1122: ...mmand to download the proxy auto configuration PAC file to your switch The Web Authentication supplicant can get the downloaded file from the system web server Syntax copy filename proxy autoconfig file Mode Privileged Exec Example To download the PAC file to this device use the command awplus copy tftp server proxy pac proxy autoconfig file Related Commands show proxy autoconfig file erase proxy ...

Page 1123: ...d authentication The file must be in PEM Privacy Enhanced Mail format and contain the private key and the server certificate Syntax copy filename web auth https file Mode Privileged Exec Example To download the server certificate file veriSign_cert pem from the TFTP server directory server use the command awplus copy tftp server veriSign_cert pem web auth https file Related Commands auth web serve...

Page 1124: ...ENTICATION COMMANDS ERASE PROXY AUTOCONFIG FILE erase proxy autoconfig file Overview Use this command to remove the proxy auto configuration file Syntax erase proxy autoconfig file Mode Privileged Exec Example To remove the proxy auto configuration file use the command awplus erase proxy autoconfig file Related Commands show proxy autoconfig file copy proxy autoconfig file ...

Page 1125: ...WEB AUTH HTTPS FILE erase web auth https file Overview Use this command to remove the SSL server certificate for web based authentication Syntax erase web auth https file Mode Privileged Exec Example To remove the SSL server certificate file for web based authentication use the command awplus erase web auth https file Related Commands auth web server ssl copy web auth https file show auth web serv...

Page 1126: ...table This can happen when more than four different IP addresses produce the same hash key A work around when this situation occurs can sometimes be applied by changing the hashing algorithm from its default of crc32l Several different algorithms may need to be tried to rectify the problem You must restart the switch for this command to take effect Note that this command is intended for technical ...

Page 1127: ... different MAC addresses produce the same hash key A work around when this situation occurs can sometimes be applied by changing the hashing algorithm from its default of crc32l Several different algorithms may need to be tried to rectify the problem You must restart the switch for this command to take effect Note that this command is intended for technical support staff or advanced end users Exam...

Page 1128: ...command awplus show two step supplicant interface port1 0 6 brief Output Figure 28 1 Example output from the show auth two step supplicant brief command Related Commands auth two step enable Parameter Description interface The interface selected for display ifrange The interface types which can be specified as ifrange Switch port e g port1 0 6 Static channel group e g sa3 Dynamic LACP channel grou...

Page 1129: ...thentication Syntax show auth mac all Mode Privileged Exec Example To display all MAC based authentication information enter the command awplus show auth mac all Output Figure 28 2 Example output from the show auth mac command Related Commands show dot1x show auth web Parameter Description all Display all authentication information for each interface available on the switch 802 1X Port Based Authe...

Page 1130: ...Specify an interface to show interface list The interfaces or ports to configure An interface list can be an interface e g vlan2 a switch port e g port1 0 6 a static channel group e g sa2 or a dynamic LACP channel group e g po2 a continuous range of interfaces ports static channel groups or dynamic LACP channel groups separated by a hyphen e g vlan2 8 or port1 0 1 1 0 4 or sa1 2 or po1 2 a comma s...

Page 1131: ... the supplicant state for the specified interface Syntax show auth mac interface interface list diagnostics sessionstatistics statistics supplicant brief Mode Privileged Exec Examples To display MAC based authentication status for port1 0 2 enter the command awplus show auth mac interface port1 0 2 Parameter Description interface list The interfaces or ports to configure An interface list can be a...

Page 1132: ...how auth mac interface port1 0 6 supplicant Related Commands show auth web diagnostics show dot1x sessionstatistics show dot1x statistics interface show dot1x supplicant interface Authentication Diagnostics for interface port1 0 2 Supplicant address 00d0 59ab 7037 authEnterConnecting 2 authEaplogoffWhileConnecting 1 authEnterAuthenticating 2 authSuccessWhileAuthenticating 1 authTimeoutWhileAuthent...

Page 1133: ...ionstatistics interface port1 0 2 Output Figure 28 4 Example output from the show auth mac sessionstatistics command Parameter Description interface Specify an interface to show interface list The interfaces or ports to configure An interface list can be aninterface e g vlan2 a switchport e g port1 0 6 a static channel group e g sa2 or a dynamic LACP channel group e g po2 a continuous range of int...

Page 1134: ...xec Example To display MAC Authentication statistics for port1 0 2 enter the command awplus show auth mac statistics interface port1 0 2 Related Commands show dot1x interface Parameter Description interface Specify ports to show interface list The interfaces or ports to configure An interface list can be an interface e g vlan2 a switch port e g port1 0 6 a static channel group e g sa2 or a dynamic...

Page 1135: ... the MAC authenticated supplicant for MAC address 00d0 59ab 7037 enter the command awplus show auth mac supplicant 00d0 59ab 7037 Example To display a brief summary output for a MAC authenticated supplicant enter the command awplus show auth mac supplicant brief Parameter Description macadd Mac hardware address of the Supplicant Entry format is HHHH HHHH HHHH hexadecimal brief Brief summary of the...

Page 1136: ...ionMethod dot1x mac Two Step Authentication firstMethod mac secondMethod dot1x totalSupplicantNum 1 authorizedSupplicantNum 1 macBasedAuthenticationSupplicantNum 0 dot1xAuthenticationSupplicantNum 1 webBasedAuthenticationSupplicantNum 0 otherAuthenticationSupplicantNum 0 Interface VID Mode MAC Address Status IP Address Username port1 0 6 5 D 0008 0d5e c216 Authenticated dot1x Interface port1 0 6 a...

Page 1137: ...rface list brief Mode Privileged Exec Examples To display the MAC authenticated supplicant on the interface port1 0 2 enter the command awplus show auth mac supplicant interface port1 0 2 Parameter Description interface Specify ports to show interface list The interfaces or ports to configure An interface list can be an interface e g vlan2 a switch port e g port1 0 6 a static channel group e g sa2...

Page 1138: ...e a static channel or static aggregator or a dynamic or LACP channel group or a switch port awplus show auth web all 802 1X Port Based Authentication Enabled MAC based Port Authentication Disabled WEB based Port Authentication Enabled RADIUS server address auth 150 87 17 192 1812 Last radius message id 4 Authentication Info for interface port1 0 1 portEnabled true portControl Auto portStatus Autho...

Page 1139: ... oha Supplicant address 000d 6013 5398 authenticationMethod WEB based Authentication Two Step Authentication firstAuthentication Pass Method dot1x secondAuthentication Pass Method web portStatus Authorized currentId 3 abort F fail F start F timeout F success T PAE state Authenticated portMode Auto PAE reAuthCount 0 rxRespId 0 PAE quietPeriod 60 maxReauthReq 2 BE state Idle reqCount 0 idFromServer ...

Page 1140: ...e Specify ports to show interface list The interfaces or ports to configure An interface list can be an interface e g vlan2 a switch port e g port1 0 6 a static channel group e g sa2 or a dynamic LACP channel group e g po2 a continuous range of interfaces ports static channel groups or dynamic LACP channel groups separated by a hyphen e g vlan2 8 orport1 0 1 1 0 4 orsa1 2 or po1 2 a comma separate...

Page 1141: ...Reference for AT IX5 28GPX High Availability High Power Video Surveillance PoE Switch 1125 AlliedWare Plus Operating System Version 5 4 5 0 x AUTHENTICATION COMMANDS SHOW AUTH WEB DIAGNOSTICS Related Commands show dot1x interface ...

Page 1142: ... parameter to show the supplicant state for the specified interface Syntax show auth web interface interface list diagnostics sessionstatistics statistics supplicant brief Mode Privileged Exec Example To display the Web based authentication status for port1 0 6 enter the command awplus show auth web interface port1 0 6 Parameter Description interface list The interfaces or ports to configure An in...

Page 1143: ...serverTimeout 30 CD adminControlledDirections in KT keyTxEnabled false critical disabled guestVlan disabled authFailVlan disabled dynamicVlanCreation disabled hostMode single host dot1x enabled protocolVersion 1 authMac disabled authWeb enabled method PAP maxAuthFail 3 packetForwarding 10 0 0 1 80 tcp dns dhcp twoStepAuthentication configured enabled actual enabled supplicantMac none Authenticatio...

Page 1144: ...uthentication statistics for port1 0 6 enter the command awplus show auth web statistics interface port1 0 6 To display the Web Authenticated supplicant on interface port1 0 6 enter the command awplus show auth web interface port1 0 6 supplicant Related Commands show auth web diagnostics show dot1x sessionstatistics show dot1x statistics interface show dot1x supplicant interface Authentication ses...

Page 1145: ... interface port1 0 6 Output Figure 28 7 Example output from the show auth web sessionstatistics command Parameter Description interface Specify ports to show interface list The interfaces or ports to configure An interface list can be an interface e g vlan2 a switch port e g port1 0 6 a static channel group e g sa2 or a dynamic LACP channel group e g po2 a continuous range of interfaces ports stat...

Page 1146: ...Mode Privileged Exec Example To display Web Authentication statistics for port1 0 4 enter the command awplus show dot1x statistics interface port1 0 4 Related Commands show dot1x interface Parameter Description interface list The interfaces or ports to configure An interface list can be an interface e g vlan2 a switch port e g port1 0 6 a static channel group e g sa2 or a dynamic LACP channel grou...

Page 1147: ...client device state when Web Authentication is configured for the switch This command shows a summary when the optional brief parameter is used Syntax show auth web supplicant macadd brief Mode Privileged Exec Examples To display Web authenticated supplicant information on the switch enter the command awplus show auth web supplicant Parameter Description macadd Mac hardware address of the supplica...

Page 1148: ... To display the Web authenticated supplicant on the interface port1 0 3 enter the command awplus show auth web supplicant interface port1 0 3 To display brief summary output for the Web authenticated supplicant enter the command awplus show auth web supplicant brief Parameter Description interface list The interfaces or ports to configure An interface list can be an interface e g vlan2 a switch po...

Page 1149: ...om the show auth web server command Related Commands auth web server gateway deleted auth web server http redirect deleted auth web server ipaddress auth web server port auth web server redirect delay time auth web server redirect url auth web server session keep auth web server ssl auth web server sslport deleted Web authentication server Server status enabled Server mode none Server address 192 ...

Page 1150: ...eged Exec Examples To show the web authentication page information use the command awplus show auth web server page Related Commands auth web forward auth web server page logo auth web server page sub title auth web server page success message auth web server page title auth web server page welcome message Table 28 1 Example output from the show auth web server page command on the console awplus s...

Page 1151: ...y auto configuration PAC file Syntax show proxy autoconfig file Mode Privileged Exec Example To display the contents of the proxy auto configuration PAC file enter the command awplus show auth proxy autoconfig file Output Figure 28 9 Example output from the show proxy autoconfig file Related Commands copy proxy autoconfig file erase proxy autoconfig file function FindProxyForURL url host if isPlai...

Page 1152: ...e 1140 aaa accounting commands on page 1142 aaa accounting dot1x on page 1144 aaa accounting login on page 1146 aaa accounting update on page 1149 aaa authentication auth mac on page 1151 aaa authentication auth web on page 1152 aaa authentication dot1x on page 1153 aaa authentication enable default group tacacs on page 1154 aaa authentication enable default local on page 1156 aaa authentication l...

Page 1153: ...or AT IX5 28GPX High Availability High Power Video Surveillance PoE Switch 1137 AlliedWare Plus Operating System Version 5 4 5 0 x AAA COMMANDS show aaa local user locked on page 1167 show debugging aaa on page 1168 undebug aaa on page 1169 ...

Page 1154: ...aaa accounting auth mac default Default RADIUS accounting for MAC based Authentication is disabled by default Mode Global Configuration Usage There are two ways to define servers where RADIUS accounting messages are sent group radius use all RADIUS servers configured by radius server host command group group name use the specified RADIUS server group configured with the aaa group server command Th...

Page 1155: ...LT Examples To enable RADIUS accounting for MAC based Authentication and use all available RADIUS Servers use the commands awplus configure terminal awplus config aaa accounting auth mac default start stop group radius To disable RADIUS accounting for MAC based Authentication use the commands awplus configure terminal awplus config no aaa accounting auth mac default Related Commands aaa authentica...

Page 1156: ...g for Web based Port Authentication is disabled by default Mode Global Configuration Usage There are two ways to define servers where RADIUS accounting messages are sent group radius use all RADIUS servers configured by radius server host command group group name use the specified RADIUS server group configured with the aaa group server command Configure the accounting event to be sent to the RADI...

Page 1157: ...oE Switch 1141 AlliedWare Plus Operating System Version 5 4 5 0 x AAA COMMANDS AAA ACCOUNTING AUTH WEB DEFAULT To disable RADIUS accounting for Web based Authentication use the commands awplus configure terminal awplus config no aaa accounting auth web default Related Commands aaa authentication auth web ...

Page 1158: ...mand has stopped executing Note that up to four TACACS servers can be configured for accounting The servers are checked for reachability in the order they are configured and only the first reachable server is used If no server is found the accounting message is dropped Use the no variant of this command to disable command accounting Syntax aaa accounting commands 1 15 default stop only group tacac...

Page 1159: ...nd accounting for privilege level 15 commands use the following commands awplus configure terminal awplus config aaa accounting commands 15 default stop only group tacacs To disable command accounting for privilege level 15 commands use the following commands awplus configure terminal awplus config no aaa accounting commands 15 default Related Commands aaa authentication login aaa accounting login...

Page 1160: ...oup group name radius no aaa accounting dot1x default Default RADIUS accounting for 802 1X based Port Authentication is disabled by default there is no default server set by default Mode Global Configuration Usage There are two ways to define servers where RADIUS accounting messages will be sent group radius use all RADIUS servers configured by radius server host command group group name use the s...

Page 1161: ...r 802 1X based Authentication and use all available RADIUS Servers use the commands awplus configure terminal awplus config aaa accounting dot1x default start stop group radius To disable RADIUS accounting for 802 1X based Authentication use the commands awplus configure terminal awplus config no aaa accounting dot1x default Related Commands aaa accounting update aaa authentication dot1x aaa group...

Page 1162: ...ll sessions configured by an aaa accounting login command If the method list being deleted isalready applied toa console orvty line accounting onthatlinewill be disabled If the default method list name is removed by this command it will disable accounting on every line that has the default accounting configuration Syntax aaa accounting login default list name start stop stop only none group radius...

Page 1163: ...the specified RADIUS server group configured with the aaa group server command There is one way to define servers where TACACS accounting messages are sent group tacacs use all TACACS servers configured by tacacs server host command The accounting event to send to the RADIUS or TACACS server is configured with the following options start stop sends a start accounting message at the beginning of a ...

Page 1164: ...ance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x AAA COMMANDS AAA ACCOUNTING LOGIN Related Commands aaa accounting commands aaa authentication login aaa accounting login aaa accounting update accounting login radius server host tacacs server host ...

Page 1165: ...pdate is disabled by default Mode Global Configuration Usage Use this command to enable the device to send periodic AAA login accounting reports to the accounting server When periodic accounting report is enabled interim accounting records are sent according to the interval specified by the periodic parameter The accounting updates are start messages If the no variant of this command is used to di...

Page 1166: ...tem Version 5 4 5 0 x AAA COMMANDS AAA ACCOUNTING UPDATE To disable periodic accounting update wherever accounting has been configured use the following commands awplus configure terminal awplus config no aaa accounting update Related Commands aaa accounting auth mac default aaa accounting auth web default aaa accounting dot1x aaa accounting login ...

Page 1167: ...ere are two ways to define servers where RADIUS accounting messages are sent group radius use all RADIUS servers configured by radius server host command group group name use the specified RADIUS server group configured with the aaa group server command All configured RADIUS Servers are automatically members of the server group radius If a server is added to a named group group name it also remain...

Page 1168: ...sabled by default Mode Global Configuration Usage There are two ways to define servers where RADIUS accounting messages are sent group radius use all RADIUS servers configured by radius server host command group group name use the specified RADIUS server group configured with the aaa group server command Note that you need to configure an IPv4 address for the VLAN interface on which We Authenticat...

Page 1169: ...ch ports with 802 1X enabled Use the no variant of this command to reset the authentication method list for 802 1X to its default i e to use the group radius containing all RADIUS servers configured by the radius server host command There are two ways to define servers where RADIUS accounting messages are sent group radius use all RADIUS servers configured by radius server host command group group...

Page 1170: ...ssword is correct and the specified privilege level is equal to or less than the users maximum privilege level then they are granted access to that level If the user attempts to access a privilege level that is higher than their maximum configured privilege level then the authentication session will fail and they will remain at their current privilege level NOTE If both local and none are specifie...

Page 1171: ...en they enter enable via the CLI Examples To enable a privilege level authentication method that will not allow the user to access Privileged Exec mode if the TACACS server goes offline or is not reachable during enable password authentication use the following commands awplus configure terminal awplus config aaa authentication enable default group tacacs To enable a privilege level authentication...

Page 1172: ... default Mode Global Configuration Usage The privilege level configured for a particular user in the local user database is the privilege threshold above which the user is prompted for an enable Privileged Exec mode command Examples To enable local privilege level authentication command use the following commands awplus configure terminal awplus config aaa authentication enable default local To di...

Page 1173: ...ult command does not remove the default method list This will return the default method list to its default state local is the default Syntax aaa authentication login default list name local group radius tacacs group name no aaa authentication login default list name Default If the default server is not configured using this command user login authentication uses the local user database only If th...

Page 1174: ...ult authentication method list for user login to first use all available RADIUS servers for user login authentication and then use the local user database use the following commands awplus configure terminal awplus config aaa authentication login default group radius local To configure a user login authentication method list called USERS to first use the RADIUS servergroup RAD_GROUP1 foruserlogina...

Page 1175: ...ver radius group name Mode Global Configuration Usage Use this command to create an AAA group of RADIUS servers and to enter Server Group Configurationmode inwhich you canadd servers to thegroup Use a server groupto specify a subset of RADIUS servers in AAA commands Each RADIUS server must be configured by the radius server host command To add RADIUS servers to a server group use the server comman...

Page 1176: ...s Operating System Version 5 4 5 0 x AAA COMMANDS AAA GROUP SERVER Related Commands aaa accounting auth mac default aaa accounting auth web default aaa accounting dot1x aaa accounting login aaa authentication auth mac aaa authentication auth web aaa authentication dot1x aaa authentication login radius server host server Server Group ...

Page 1177: ... lockout time Mode Global Configuration Default The default for the lockout time is 300 seconds 5 minutes Usage While locked out all attempts to login with the locked account will fail The lockout can be manually cleared by another privileged account using the clear aaa local user lockout command Examples To configure the lockout period to 10 minutes 600 seconds use the commands awplus configure t...

Page 1178: ...n attempts Usage When the failed login counter reaches the limit configured by this command that user account is locked out for a specified duration configured by the aaa local authentication attempts lockout time command When a successful login occurs the failed login counter is reset to 0 When a user account is locked out all attempts to login using that user account will fail Examples To config...

Page 1179: ...ant of this command resets AAA Authentication Authorization Accounting Accounting applied to console or vty lines for local or remote login default login accounting is applied after issuing the no accounting login command Accounting is disabled with default Syntax accounting login default list name no accounting login Default By default login accounting is disabled in the default accounting server...

Page 1180: ...or all user accounts Syntax clear aaa local user lockout username username all Mode Privileged Exec Examples To unlock the user account bob use the following command awplus clear aaa local user lockout username bob To unlock all user accounts use the following command awplus clear aaa local user lockout all Related Commands aaa local authentication attempts lockout time Parameter Description usern...

Page 1181: ...on authorization no debug aaa accounting all authentication authorization Default AAA debugging is disabled by default Mode Privileged Exec Examples To enable authentication debugging for AAA use the command awplus debug aaa authentication To disable authentication debugging for AAA use the command awplus no debug aaa authentication Related Commands show debugging aaa undebug aaa Parameter Descrip...

Page 1182: ...t method list for login authentication on these console or VTY lines Command Syntax login authentication default list name no login authentication Default The default login authentication method list as specified by the aaa authentication login command is used to authenticate user login If this has not been specified the default is to use the local user database Mode Line Configuration Examples To...

Page 1183: ...al user lockout command or a locked account successfully logs into the system after waiting for the lockout time this command will display nothing for that particular account Syntax show aaa local user locked Mode User Exec and Privileged Exec Example To display the current failed attempts for local users use the command awplus show aaa local user locked Output Figure 29 1 Example output from the ...

Page 1184: ...ing aaa Overview This command displays the current debugging status for AAA Authentication Authorization Accounting Syntax show debugging aaa Mode User Exec and Privileged Exec Example To display the current debugging status of AAA use the command awplus show debug aaa Output Figure 29 2 Example output from the show debug aaa command AAA debugging status Authentication debugging is on Accounting d...

Page 1185: ...r AT IX5 28GPX High Availability High Power Video Surveillance PoE Switch 1169 AlliedWare Plus Operating System Version 5 4 5 0 x AAA COMMANDS UNDEBUG AAA undebug aaa Overview This command applies the functionality of the no debug aaa command ...

Page 1186: ...gure the device to use RADIUS servers Command List deadtime RADIUS server group on page 1170 debug radius on page 1171 ip radius source interface on page 1172 radius server deadtime on page 1173 radius server host on page 1174 radius server key on page 1177 radius server retransmit on page 1178 radius server timeout on page 1180 server Server Group on page 1182 show debugging radius on page 1184 s...

Page 1187: ...p The global deadtime for the RADIUS server is set to 0 minutes by default Syntax deadtime 0 1440 no deadtime Default The deadtime is set to 0 minutes by default Mode Server Group Configuration Usage If the RADIUS server does not respond to a request packet the packet is retransmitted the number of times configured for the retransmit parameter after waiting for a timeout period to expire The serve...

Page 1188: ...l no debug radius packet event all Default RADIUS debugging is disabled by default Mode Privileged Exec Examples To enable debugging for RADIUS packets use the command awplus debug radius packet To enable debugging for RADIUS events use the command awplus debug radius event To disable debugging for RADIUS packets use the command awplus no debug radius packet To disable debugging for RADIUS events ...

Page 1189: ...are sent Syntax ip radius source interface interface ip address no ip radius source interface Default Source IP address of outgoing RADIUS packets depends on the interface the packets leave Mode Global Configuration Examples To configure all outgoing RADIUS packets to use the IP address of the interface vlan1 for the source IP address use the following commands awplus configure terminal awplus con...

Page 1190: ...time Default The default RADIUS deadtime configured on the system is 0 seconds Mode Global Configuration Usage The RADIUS client considers a RADIUS server to be dead if it fails to respond to a request after it has been retransmitted as often as specified globally by the radius server retransmit command or for the server by the radius server host command To improve RADIUS response times when some ...

Page 1191: ...ost name ip address acct port 0 65535 auth port 0 65535 key key string retransmit 0 100 timeout 1 1000 no radius server host host name ip address acct port 0 65535 auth port 0 65535 Parameter Description host name Server host name The DNS name of the RADIUS server host ip address The IP address of the RADIUS server host acct port Accounting port Specifies the UDP destination port for RADIUS accoun...

Page 1192: ...s set to 5 seconds by default The time interval in seconds to wait for the RADIUS server to reply before retransmitting a request or considering the server dead This setting overrides the global value set by the radius server timeout command If no timeout value is specified for this server the global value is used retransmit Specifies the number of retries before skip to the next server If this pa...

Page 1193: ...lied To delete the RADIUS server 10 0 0 20 use the following commands awplus configure terminal awplus config no radius server host 10 0 0 20 To configure rad1 company com for authentication only use the following commands awplus configure terminal awplus config radius server host rad1 company com acct port 0 To remove the RADIUS server rad1 company com configured for authentication only use the f...

Page 1194: ...ommand to set the global secret key shared between this client and its RADIUS servers If no secret key is specified for a particular RADIUS server using the radius server host c ommand this global key is used After enabling AAA authentication with the aaa authentication login command set the authentication and encryption key using the radius server key command so the key entered matches the key us...

Page 1195: ...ver retransmit Default The default RADIUS retransmit count on the device is 3 Mode Global Configuration Examples To set the RADIUS retransmit count to 1 use the following commands awplus configure terminal awplus config radius server retransmit 1 To set the RADIUS retransmit count to the default 3 use the following commands awplus configure terminal awplus config no radius server retransmit To con...

Page 1196: ...IX5 28GPX High Availability High Power Video Surveillance PoE Switch 1179 AlliedWare Plus Operating System Version 5 4 5 0 x RADIUS COMMANDS RADIUS SERVER RETRANSMIT Related Commands radius server deadtime radius server host show radius statistics ...

Page 1197: ...ransmit timeout on the system is 5 seconds Mode Global Configuration Examples To globally set the device to wait 20 seconds before retransmitting a RADIUS request to unresponsive RADIUS servers use the following commands awplus configure terminal awplus config radius server timeout 20 To set the RADIUS timeout parameter to 1 second use the following commands awplus configure terminal awplus config...

Page 1198: ...perating System Version 5 4 5 0 x RADIUS COMMANDS RADIUS SERVER TIMEOUT To reset the global timeout period for RADIUS servers to the default use the following command awplus configure terminal awplus config no radius server timeout Related Commands radius server deadtime radius server host radius server retransmit show radius statistics ...

Page 1199: ...rt specifies the UDP destination port for accounting requests to the server To disable accounting for the server set acct port to 0 If the accounting port is missing the default port number is 1812 Use the no variant of this command to remove a RADIUS server from the server group Syntax server hostname ip address auth port 0 65535 acct port 0 65535 no server hostname ip address auth port 0 65535 a...

Page 1200: ...s awplus configure terminal awplus config aaa group server radius RAD_AUTH1 awplus config sg server 192 168 1 1 acct port 0 awplus config sg server 192 168 2 1 auth port 1000 acct port 0 To create a RADIUS server group RAD_ACCT1 for accounting use the following commands awplus configure terminal awplus config aaa group server radius RAD_ACCT1 awplus config sg server 192 168 2 1 auth port 0 acct po...

Page 1201: ...g radius Overview This command displays the current debugging status for the RADIUS servers Syntax show debugging radius Mode User Exec and Privileged Exec Example To display the current debugging status of RADIUS servers use the command awplus show debugging radius Output Figure 30 1 Example output from the show debugging radiuscommand RADIUS debugging status RADIUS event debugging is off RADIUS ...

Page 1202: ...ure 30 2 Example output from the show radius command showing RADIUS servers Example See the sample output below showing RADIUS client status and RADIUS configuration awplus show radius RADIUS Global Configuration Source Interface not configured Secret Key secret Timeout 5 sec Retransmit Count 3 Deadtime 20 min Server Host 192 168 1 10 Authentication Port 1812 Accounting Port 1813 Secret Key secret...

Page 1203: ...nse Deadtime A time interval in minutes to mark a RADIUS server as dead Interim Update A time interval in minutes to send Interim Update Accounting report Group Deadtime The deadtime configured for RADIUS servers within a server group Server Host The RADIUS server hostname or IP address Authentication Port The destination UDP port for RADIUS authentication requests Accounting Port The destination ...

Page 1204: ...tistics Mode User Exec and Privileged Exec Example See the sample output below showing RADIUS client statistics and RADIUS configuration awplus show radius statistics Output Figure 30 4 Example output from the show radius statistics command RADIUS statistics for Server 150 87 18 89 Access Request Tx 5 Retransmit 0 Access Accept Rx 1 Access Reject Rx 2 Access Challenge Rx 2 Unknown Type 0 Bad Authe...

Page 1205: ...vailability High Power Video Surveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x RADIUS COMMANDS UNDEBUG RADIUS undebug radius Overview This command applies the functionality of the no debug radius command ...

Page 1206: ...1 authentication on page 1194 clear radius local server statistics on page 1195 copy fdb radius users to file on page 1196 copy local radius user db from file on page 1198 copy local radius user db to file on page 1199 crypto pki enroll local on page 1200 crypto pki enroll local local radius all users on page 1201 crypto pki enroll local user on page 1202 crypto pki export local pem on page 1203 c...

Page 1207: ... page 1216 show crypto pki certificates on page 1217 show crypto pki certificates local radius all users on page 1219 show crypto pki certificates user on page 1221 show crypto pki trustpoints on page 1223 show radius local server group on page 1224 show radius local server nas on page 1225 show radius local server statistics on page 1226 show radius local server user on page 1228 user RADIUS serv...

Page 1208: ...s RADIUS attributes to the user group If the specified attribute is already defined then it is replaced with the new value Use the no variant of this command to delete an attribute from the local RADIUS server user group Syntax attribute attribute name attribute id help attribute attribute name attribute id value no attribute attribute name attribute id Default By default no attributes are configu...

Page 1209: ...le defined RADIUS attribute names use the following commands awplus configure terminal awplus config radius server local awplus config radsrv group Admin awplus config radsrv group attribute help A list of Vendor specific Attributes displays after the list of defined Standard Attributes To get help for valid RADIUS attribute values for the attribute Service Type use the following commands awplus c...

Page 1210: ...RADIUS User Group Admin use the following commands awplus configure terminal awplus config radius server local awplus config radsrv group Admin awplus config radsrv group attribute Service Type 6 To delete the attribute Service Type from the RADIUS User Group Admin use the following commands awplus configure terminal awplus config radius server local awplus config radsrv group Admin awplus config ...

Page 1211: ...All authentication methods are enabled by default Mode RADIUS Server Configuration Examples The following commands enable EAP MD5 authentication methods on the local RADIUS server awplus configure terminal awplus config radius server local awplus config radsrv authentication eapmd5 The following commands disable EAP MD5 authentication methods on Local RADIUS server awplus configure terminal awplus...

Page 1212: ...ics while the user parameter clears the number of successful and failed logins for each local RADIUS server user Examples To clear the NAS Network Access Server statistics stored on the device use the command awplus clear radius local server statistics nas To clear the local RADIUS server statistics stored on the device use the command awplus clear radius local server statistics server To clear th...

Page 1213: ...ed to the local RADIUS server flash Copy the local RADIUS server users created to Flash memory nvs Copy the local RADIUS server users created to NVS memory usb Copy the local RADIUS server users created to USB storage device debug Copy the local RADIUS server users created to debug tftp Copy the local RADIUS server users created to the TFTP destination scp Copy the local RADIUS server users create...

Page 1214: ... the specified interface and on the specified VLAN Examples To register the local RADIUS server users from the local FDB directly to the local RADIUS server use the command awplus copy fdb radius users local radius user db To register the local RADIUS server users from the interface port1 0 1 to the local RADIUS server use the command awplus copy fdb radius users local radius user db interface por...

Page 1215: ...deletes all contents of the local RADIUS server user database before copying the contents of specified file Syntax copy source url local radius user db add replace Default When no copy method is specified with this command the replace option is applied Mode Privileged Exec Examples To replace the current local RADIUS server user data to the contents of http datahost user csv use the following comm...

Page 1216: ...produced is CSV Comma Separated Values format Syntax copy local radius user db flash nvs usb tftp scp destination url Mode Privileged Exec Example Copy the current local RADIUS server user data to http datahost user csv awplus copy local radius user db http datahost user csv Related Commands copy fdb radius users to file copy local radius user db from file Parameter Description flash Copy to flash...

Page 1217: ...ertificates created by a Local CA Certificate Authority Syntax crypto pki enroll local no crypto pki enroll local Default The system certificate is not available until this command is issued Mode Global Configuration Examples The following command obtains the system certificate from the Local CA Certificate Authority awplus configure terminal awplus config crypto pki enroll local The following com...

Page 1218: ...red in the local RADIUS server These certificates are created by the Local Certificate Authority CA on the device Syntax crypto pki enroll local local radius all users Default By default there are no certificates for users in the local RADIUS server Mode Global Configuration Example The following command obtains the local RADIUS server certificates for the user from the Local CA Certificate Author...

Page 1219: ...CA Certificate Authority Syntax crypto pki enroll local user user name no crypto pki enroll local user user name Default By default there is no user certificate Mode Global Configuration Examples The following command obtains Tom s certificate from the Local CA Certificate Authority awplus configure terminal awplus config crypto pki enroll local user Tom The following command deletes Tom s certifi...

Page 1220: ...t local pem Overview Use this command to export the certificate associated with the Local CA to a PEM format file Syntax crypto pki export local pem url url Mode Global Configuration Example The following command exports the Local CA certificate to a PEM format file awplus configure terminal awplus config crypto pki export local pem url tftp 192 168 1 1 cacert pem Related Commands crypto pki enrol...

Page 1221: ... the local system Syntax crypto pki export local pkcs12 user name destination url Mode Global Configuration Examples The following commands exports a certificate for a user named client to a PKCS12 format file awplus configure terminal awplus config crypto pki export local pkcs12 client tftp 192 168 1 1 cacert pem To export Tom s certificate to PKSC12 format file use the commands awplus configure ...

Page 1222: ...e trustpoint Syntax crypto pki trustpoint local no crypto pki trustpoint local Default Local CA is not a trustpoint Mode Global Configuration Examples Use the following commands to declare the Local CA as the trustpoint awplus configure terminal awplus config crypto pki trustpoint local Use the following commands to delete all information and certificates associated with the Local CA awplus config...

Page 1223: ...ed the PKI module starts generating diagnostic messages to the system log Use the no variant of this command to disable Public Key Infrastructure PKI debugging When PKI debugging is disabled the PKI module stops generating diagnostic messages to the system log Syntax debug crypto pki no debug crypto pki Default PKI debugging is disabled by default Mode Privileged Exec Examples To enable the PKI de...

Page 1224: ...ver Configuration Usage When both domain styles are enabled the first domain style configured has the highest priority A username login string is matched against the first domain style enabled Then if the username login string is not decoded it is matched against the second domain style enabled Examples To enable NT domain style on the local RADIUS server use the commands awplus configure terminal...

Page 1225: ...d Use either the egress vlan id command or the egress vlan name command and specify the tagged parameter Examples To set the Egress VLANID attribute for the NormalUsers local RADIUS server user group to VLAN identifier 200 with tagged frames use the commands awplus configure terminal awplus config radius server local awplus config radsrv group NormalUsers awplus config radsrv group egress vlan id ...

Page 1226: ...or AT IX5 28GPX High Availability High Power Video Surveillance PoE Switch 1209 AlliedWare Plus Operating System Version 5 4 5 0 x LOCAL RADIUS SERVER COMMANDS EGRESS VLAN ID Related Commands attribute egress vlan name switchport voice vlan ...

Page 1227: ...ully authenticated Use either the egress vlan id command or the egress vlan name command and specify the tagged parameter Examples To configure the Egress VLAN Name attribute for the RADIUS server user group NormalUsers with the VLAN name vlan2 and all frames on this VLAN tagged use the commands awplus configure terminal awplus config radius server local awplus config radsrv group NormalUsers awpl...

Page 1228: ...or AT IX5 28GPX High Availability High Power Video Surveillance PoE Switch 1211 AlliedWare Plus Operating System Version 5 4 5 0 x LOCAL RADIUS SERVER COMMANDS EGRESS VLAN NAME Related Commands attribute egress vlan id switchport voice vlan ...

Page 1229: ...the local RADIUS server user group Syntax group user group name no group user group name Mode RADIUS Server Configuration Examples The following command creates the user group NormalUsers awplus configure terminal awplus config radius server local awplus config radsrv group NormalUsers The following command deletes user group NormalUsers awplus configure terminal awplus config radius server local ...

Page 1230: ...cal RADIUS server Syntax nas ip address key nas keystring no nas ip address Mode RADIUS Server Configuration Examples The following commands add the NAS with an IP address of 192 168 1 2 to the list of clients that may send authentication requests to the local RADIUS server Note the shared key that this NAS will use to establish its identify is NAS_PASSWORD awplus configure terminal awplus config ...

Page 1231: ...er local Mode Global Configuration Example Local RADIUS Server commands are available from config radsrv configuration mode To change mode from User Exec mode to the Local RADIUS Server mode config radsrv use the commands awplus configure terminal awplus config radius server local awplus config radsrv Output Related Commands server enable show radius local server group show radius local server nas...

Page 1232: ... port 1 65535 no server auth port Default The default local RADIUS server UDP authentication port number is 1812 Mode RADIUS Server Configuration Examples The following commands set the RADIUS server authentication port to 10000 awplus configure terminal awplus config radius server local awplus config radsrv server auth port 10000 The following commands reset the RADIUS server authentication port ...

Page 1233: ... When this command is issued the local RADIUS server stops operating Syntax server enable no server enable Default The local RADIUS server is disabled by default and must be enabled for use with this command Mode RADIUS Server Configuration Examples To enable the local RADIUS server use the following commands awplus configure terminal awplus config radius server local awplus config radsrv server e...

Page 1234: ...mand Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show crypto pki certificates local ca local Mode User Exec and Privileged Exec Examples The following command displays Local CA Certificate Authority certificate information awplus show crypto pki certificates local ca The following command displays Local System certificate information awplus sh...

Page 1235: ...CN AlliedwarePlusCA Validity Not Before Oct 8 07 50 55 2009 GMT Not After Oct 6 07 50 55 2019 GMT Subject O Allied Telesis CN Tom Certificate Local CA Data Version 3 0x2 Serial Number 0 0x0 Signature Algorithm sha1WithRSAEncryption Issuer O Allied Telesis CN AlliedwarePlusCA Validity Not Before Oct 8 07 55 55 2009 GMT Not After Oct 6 07 55 55 2019 GMT Subject O Allied Telesis CN Tom Table 31 2 Par...

Page 1236: ...ng command displays information of all local RADIUS server user certificates awplus show crypto pki certificates local radius all users Output Table 31 3 Example output from the show crypto pki certificates local radius all users command awplus show crypto pki certificates local radius all users Certificate Data Version 3 0x2 Serial Number 2 0x2 Signature Algorithm sha1WithRSAEncryption Issuer O A...

Page 1237: ... Version 5 4 5 0 x LOCAL RADIUS SERVER COMMANDS SHOW CRYPTO PKI CERTIFICATES LOCAL RADIUS ALL USERS Related Commands crypto pki enroll local local radius all users Validity Validity period Subject Subject of the certificate Table 31 4 Parameters in the output of the show crypto pki certificates local radius all users command cont Parameter Description ...

Page 1238: ...The following command displays Tom s certificate information awplus show crypto pki certificates user Tom Output Parameter Description user name User name Table 31 5 Example output from the show crypto pki certificates user command to show certificate information for user Tom awplus show crypto pki certificates user Tom Certificate Data Version 3 0x2 Serial Number 2 0x2 Signature Algorithm sha1Wit...

Page 1239: ...em Version 5 4 5 0 x LOCAL RADIUS SERVER COMMANDS SHOW CRYPTO PKI CERTIFICATES USER Related Commands crypto pki enroll local user Issuer Subject of issuer creating the certificate Validity Validity period Subject Subject of the certificate Table 31 6 Parameters in the output of the show crypto pki certificates user command cont Parameter Description ...

Page 1240: ...ng Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show crypto pki trustpoints Mode User Exec and Privileged Exec Example The following command displays trustpoint information awplus show crypto pki trustpoint Output Related Commands crypto pki enroll local Table 31 7 Example output from the show crypto pki trustpoints command Trustpoint local Subject Name CN Alliedwar...

Page 1241: ...ith AlliedWare Plus Feature Overview and Configuration Guide Syntax show radius local server group user group name Mode User Exec and Privileged Exec Example The following command displays Local RADIUS server user group information awplus show radius local server group Output Related Commands group Parameter Description user group name User group name string Table 31 9 Example output from the show...

Page 1242: ...n the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show radius local server nas ip address Mode User Exec and Privileged Exec Example The following command displays NAS information awplus show radius local server nas Output Related Commands nas Parameter Description ip address Specify NAS IP address for show output Table 31 11 Example output from the show ra...

Page 1243: ... statistics about the local RADIUS server For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show radius local server statistics Mode User Exec and Privileged Exec Usage Both unknown usernames and invalid passwords will display as failed logins in the show output Exam...

Page 1244: ... 0 Failed Logins 0 Invalid packet from NAS 0 Internal Error 0 Unknown Error 0 NAS 127 0 0 1 Successes 0 Shared key mismatch 0 Failed Logins 0 Unknown RADIUS message 0 Unknown EAP message 0 Unknown EAP auth type 0 Corrupted packet 0 NAS 192 168 1 61 Successes 0 Shared key mismatch 0 Failed Logins 0 Unknown RADIUS message 0 Unknown EAP message 0 Unknown EAP auth type 0 Corrupted packet 0 NAS 192 168...

Page 1245: ...ration Guide Syntax show radius local server user user name show radius local server user user name format csv Mode User Exec and Privileged Exec Examples The following command displays Local RADIUS server user information for user Tom awplus show radius local server user Tom The following command displays all Local RADIUS server information for all users awplus show radius local server user Param...

Page 1246: ...or Tom in CSV format awplus show radius local server user Tom format csv Related Commands group user RADIUS server Table 31 15 Example output from the show radius local server user csv command true NetworkOperators Tom abcd 0 2099 01 01 1 ManagementNet false 3600 false 0 false Table 31 16 Parameters in the output from the show radius local server user command Parameter Description User Name User n...

Page 1247: ... supplicant MAC address to configure the user name and user password parameters to use local RADIUS server for MAC Authentication See the AAA Feature Overview and Configuration Guide for a sample MAC configuration See also the command user 00 db 59 ab 70 37 password 00 db 59 ab 70 37 as shown in the command examples Parameter Description radius user name RADIUS user name This can also be a MAC add...

Page 1248: ...terminal awplus config radius server local awplus config radsrv user Tom password QwerSD group NormalUsers The following commands remove user Tom from the local RADIUS server awplus configure terminal awplus config radius server local awplus config radsrv no user Tom The following commands add the supplicant MAC address 00 d0 59 ab 70 37 to the local RADIUS server awplus configure terminal awplus ...

Page 1249: ...elocal RADIUS server user group Syntax vlan vid vlan name no vlan Default VLAN information is not set by default Mode RADIUS Server Group Configuration Examples The following commands set VLAN ID 200 to the group named NormalUsers awplus configure terminal awplus config radius server local awplus config radsrv group NormalUsers awplus config radsrv group vlan 200 The following commands remove VLAN...

Page 1250: ...TACACS Commands Introduction Overview This chapter provides an alphabetical reference for commands used to configure the device to use TACACS servers For more information about TACACS see the TACACS Feature Overview and Configuration Guide Command List show tacacs on page 1233 tacacs server host on page 1234 tacacs server key on page 1236 tacacs server timeout on page 1237 ...

Page 1251: ...tput from the show tacacs command TACACS Global Configuration Timeout 5 sec Server Host Server IP Address Status 192 168 1 10 Alive 192 168 1 11 Unknown Table 32 1 Parameters in the output of the show tacacs command Output Parameter Meaning Timeout A time interval in seconds Server Host IP Address TACACS server hostname or IP address Server Status The status of the authentication port Alive The se...

Page 1252: ...d accounting The first server configured is regarded as the primary server and if the primary server fails then the backup servers are consulted in turn A backup server is consulted if the primary server fails not if a login authentication attempt is rejected The reasons a server would fail are it is not network reachable it is not currently TACACS capable Parameter Description host name Server ho...

Page 1253: ... TACACS server host use the following commands awplus configure terminal awplus config tacacs server host tac1 company com To set the secret key to secret on the TACACS server 192 168 1 1 use the following commands awplus configure terminal awplus config tacacs server host 192 168 1 1 key secret To remove the TACACS server tac1 company com use the following commands awplus configure terminal awplu...

Page 1254: ...l secret key shared between this client and its TACACS servers If no secret key is specified for a particular TACACS server using the tacacs server host command this global key is used Examples To set the global secret key to secret for TACACS server use the following commands awplus configure terminal awplus config tacacs server key secret To delete the global secret key for TACACS server use the...

Page 1255: ...r for TACACS servers globally The no variant of this command resets the transmit timeout to the default 5 seconds Syntax tacacs server timeout seconds no tacacs server timeout Default The default timeout value is 5 seconds Mode Global Configuration Examples To set the timeout value to 3 seconds use the following commands awplus configure terminal awplus config tacacs server timeout 3 To reset the ...

Page 1256: ...n page 1241 crypto key destroy hostkey on page 1242 crypto key destroy userkey on page 1243 crypto key generate hostkey on page 1244 crypto key generate userkey on page 1245 crypto key pubkey chain knownhosts on page 1246 crypto key pubkey chain userkey on page 1248 debug ssh client on page 1250 debug ssh server on page 1251 service ssh on page 1252 show banner login on page 1254 show crypto key h...

Page 1257: ...e 1264 show ssh server allow users on page 1266 show ssh server deny users on page 1267 ssh on page 1268 ssh client on page 1270 ssh server on page 1272 ssh server allow users on page 1274 ssh server authentication on page 1276 ssh server deny users on page 1278 ssh server resolve host on page 1280 ssh server scp on page 1281 ssh server sftp on page 1282 undebug ssh client on page 1283 undebug ssh...

Page 1258: ...and spaces Use Ctrl D at the end of your message to save the text and re enter the normal command line mode The banner message is preserved if the device restarts The no variant of this command deletes the login banner from the device Syntax banner login no banner login Default No banner is defined by default Mode Global Configuration Examples To set a login banner message use the commands awplus ...

Page 1259: ...sessions are closed You can only delete an SSH session if you are a system manager or the user who initiated the session If all is specified then all active SSH sessions are deleted Syntax clear ssh 1 65535 all Mode Privileged Exec Examples To stop the current SSH session 123 use the command awplus clear ssh 123 To stop all SSH sessions active on the device use the command awplus clear ssh all Rel...

Page 1260: ...hostkeys configured before an SSH server is started Syntax crypto key destroy hostkey dsa rsa rsa1 Mode Global Configuration Example To destroy the RSA host key used for SSH version 2 connections use the commands awplus configure terminal awplus config crypto key destroy hostkey rsa Related Commands crypto key generate hostkey service ssh Parameters Description dsa Deletes the existing DSA public ...

Page 1261: ...tion Example To destroy the RSA user key for the SSH user remoteuser use the commands awplus configure terminal awplus config crypto key destroy userkey remoteuser rsa Related Commands crypto key generate hostkey show ssh show crypto key hostkey Parameters Description username Name of the user whose userkey you are destroying The username must begin with a letter Valid characters are all numbers l...

Page 1262: ...rated by this command in the non volatile memory Syntax crypto key generate hostkey dsa rsa rsa1 768 32768 Default 1024 bits is the default key length The DSA algorithm supports 1024 bits Mode Global Configuration Examples To generate an RSA host key for SSH version 2 connections that is 2048 bits in length use the commands awplus configure terminal awplus config crypto key generate hostkey rsa 20...

Page 1263: ...ate a 2048 bits RSA user key for SSH version 2 connections for the user bob use the commands awplus configure terminal awplus config crypto key generate userkey bob rsa 2048 To generate a DSA user key for the user lapo use the commands awplus configure terminal awplus config crypto key generate userkey lapo dsa Related Commands crypto key pubkey chain userkey show crypto key userkey Parameters Des...

Page 1264: ... Default If no cryptography algorithm is specified then rsa is used as the default cryptography algorithm Mode Privilege Exec Usage This command adds a public key of the specified SSH server to the known host database on the device The key is retrieved from the server The remote SSH server is verified by using this public key The user is requested to check the key is correct before adding it to th...

Page 1265: ...ANDS CRYPTO KEY PUBKEY CHAIN KNOWNHOSTS Examples To add the RSA host key of the remote SSH host IPv4 address 192 0 2 11 to the known host database use the command awplus crypto key pubkey chain knownhosts 192 0 2 11 To delete the second entry in the known host database use the command awplus no crypto key pubkey chain knownhosts 2 Validation Commands show crypto key pubkey chain knownhosts ...

Page 1266: ...in userkey username and hit Enter Enter the key as text Note that the key you enter as text must be a valid SSH RSA key not random ASCII text Use Ctrl D after entering it to save the text and re enter the normal command line mode Note you can generate a valid SSH RSA key on the device first using the crypto key generatehostrsacommand Viewthe SSHRSAkey generatedonthedeviceusing the show crypto host...

Page 1267: ...W6FZ2t5360O5M29EpKBmGqlkQaz5V0mU9IQe66 5YyD4Ux OKSDtTI 7jtjDcoGWHb2u4sFwRpXwJZcgYrXW16 6NvNbk h c pqGDijj4Svf ZZfeITzvvyZW4 I4pbN8 control D awplus config To add a public key for the user graydon from the file key pub use the commands awplus configure terminal awplus config crypto key pubkey chain userkey graydon key pub To add a public key for the user tamara from the terminal use the commands aw...

Page 1268: ...t debugging facility This stops the SSH client from generating diagnostic debugging message Syntax debug ssh client brief full no debug ssh client Default SSH client debugging is disabled by default Mode Privileged Exec and Global Configuration Examples To start SSH client debugging use the command awplus debug ssh client To start SSH client debugging with extended output use the command awplus de...

Page 1269: ...ommand disables the SSH server debugging facility This stops the SSH server from generating diagnostic debugging messages Syntax debug ssh server brief full no debug ssh server Default SSH server debugging is disabled by default Mode Privileged Exec and Global Configuration Examples To start SSH server debugging use the command awplus debug ssh server To start SSH server debugging with extended ou...

Page 1270: ...ear ssh command Syntax service ssh ip ipv6 no service ssh ip ipv6 Default The Secure Shell server is disabled by default Both IPv4 and IPv6 Secure Shell server are enabled when you issue service ssh without specifying the optional ip or ipv6 parameters Mode Global Configuration Examples To enable both the IPv4 and the IPv6 Secure Shell server use the commands awplus configure terminal awplus confi...

Page 1271: ...lity High Power Video Surveillance PoE Switch 1253 AlliedWare Plus Operating System Version 5 4 5 0 x SECURE SHELL SSH COMMANDS SERVICE SSH Related Commands crypto key generate hostkey show running config ssh show ssh server ssh server allow users ssh server deny users ...

Page 1272: ... banner login Overview This command displays the banner message configured on the device The banner message is displayed to the remote user before user authentication starts Syntax show banner login Mode User Exec Privileged Exec Global Configuration Interface Configuration Line Configuration Example To display the current login banner message use the command awplus show banner login Related Comma...

Page 1273: ...and awplus show crypto key hostkey To display the RSA public key of the SSH server use the command awplus show crypto key hostkey rsa Output Figure 33 1 Example output from the show crypto key hostkey command Related Commands crypto key destroy hostkey crypto key generate hostkey Parameter Description dsa Displays the DSA algorithm public key rsa Displays the RSA algorithm public key for SSH versi...

Page 1274: ...ntry in the known host data use the command awplus show crypto key pubkey chain knownhosts 1 Output Figure 33 2 Example output from theshow crypto key public chain knownhosts command Related Commands crypto key pubkey chain knownhosts Parameter Description 1 65535 Key identifier for a specific key Displays the public key of the entry if specified No Hostname Type Fingerprint 1 172 16 23 1 rsa c8 3...

Page 1275: ...keys for the user manager that are registered with the SSH server use the command awplus show crypto key pubkey chain userkey manager Output Figure 33 3 Example output from the show crypto key public chain userkey command Related Commands crypto key pubkey chain userkey Parameter Description username User name of the remote SSH user whose keys you wish to display The username must begin with a let...

Page 1276: ...erkey manager rsa manager rsa pub Output Figure 33 4 Example output from the show crypto key userkey command Related Commands crypto key generate userkey Parameter Description username User name of the local SSH user whose keys you wish to display The username must begin with a letter Valid characters are all numbers letters and the underscore hyphen and full stop symbols dsa Displays the DSA publ...

Page 1277: ... server allow users manager 192 168 1 ssh server allow users john ssh server deny user john a company com ssh server Table 33 5 Parameters in the output of the show running config ssh command Parameter Description ssh server SSH server is enabled ssh server v2 SSH server is enabled and only support SSHv2 ssh server port SSH server is enabled and listening on the specified TCP port no ssh server sc...

Page 1278: ...ystem Version 5 4 5 0 x SECURE SHELL SSH COMMANDS SHOW RUNNING CONFIG SSH Related Commands service ssh show ssh server ssh server allow users Add the user and hostname to the allow list ssh server deny users Add the user and hostname to the deny list Table 33 5 Parameters in the output of the show running config ssh command Parameter Description ...

Page 1279: ...ample output from the show ssh command Secure Shell Sessions ID Type Mode Peer Host Username State Filename 414 ssh server 172 16 23 1 root open 456 ssh client 172 16 23 10 manager user auth 459 scp client 172 16 23 12 root download 550dev_ awd 463 ssh client 5ffe 33fe 5632 ffbb bc35 ddee 0101 ac51 manager user auth Table 33 6 Parameters in the output of the show ssh command Parameter Description ...

Page 1280: ...mote server accepted The device has accepted a new session host auth host to host authentication is in progress user auth User authentication is in progress authenticated User authentication is complete open The session is in progress download The user is downloading a file from the device upload The user is uploading a file from the device closing The user is terminating the session closed The se...

Page 1281: ...e command awplus show ssh client Output Figure 33 7 Example output from the show ssh client command Related Commands show ssh server Secure Shell Client Configuration Port 22 Version 2 1 Connect Timeout 30 seconds Session Timeout 0 off Debug NONE Table 33 7 Parameters in the output of the show ssh client command Parameter Description Port SSH server TCP port where the SSH client connects to The de...

Page 1282: ...n SSH Server Enabled Port 22 Version 2 Services scp sftp User Authentication publickey password Idle Timeout 60 seconds Maximum Startups 10 Debug NONE Table 33 8 Parameters in the output of the show ssh server command Parameter Description SSH Server Whether the Secure Shell server is enabled or disabled Port TCP port where the Secure Shell server listens for connections The default is port 22 Ver...

Page 1283: ...ersion 5 4 5 0 x SECURE SHELL SSH COMMANDS SHOW SSH SERVER Related Commands show ssh show ssh client Maximum Startups The maximum number of concurrent connections that are waiting authentication The default is 10 Debug Whether debugging is active on the server Table 33 8 Parameters in the output of the show ssh server command cont Parameter Description ...

Page 1284: ...he allow list of the SSH server use the command awplus show ssh server allow users Output Figure 33 9 Example output from the show ssh server allow users command Related Commands ssh server allow users ssh server deny users Username Remote Hostname pattern awplus 192 168 john manager alliedtelesis com Table 33 9 Parameters in the output of the show ssh server allow users command Parameter Descript...

Page 1285: ...er Exec Privileged Exec and Global Configuration Example To display the user entries in the deny list of the SSH server use the command awplus show ssh server deny users Output Figure 33 10 Example output from the show ssh server deny users command Related Commands ssh server allow users ssh server deny users Username Remote Hostname pattern john b company com manager 192 168 2 Table 33 10 Paramet...

Page 1286: ...e is used for login to the remote SSH server when user authentication is required Otherwise the current user name is used username User name to login on the remote server port SSH server port If port is specified the SSH client connects to the remote SSH server with the specified TCP port Other wise the client port configured by ssh client command or the default TCP port 22 is used 1 65535 TCP por...

Page 1287: ...ote SSH server at 192 0 2 5 as user manager use the command awplus ssh ip user manager 192 0 2 5 To login to the remote SSH server at 192 0 2 5 that is listening TCP port 2000 use the command awplus ssh port 2000 192 0 2 5 To login to the remote SSH server with example_host using IPv6 session use the command awplus ssh ipv6 example_host To run the cmd command on the remote SSH server at 192 0 2 5 ...

Page 1288: ... connect timeout Parameter Description port The default TCP port of the remote SSH server If an SSH client specifies an explicit port of the server it overrides the default TCP port Default 22 1 65535 TCP port number version The SSH version used by the client for SSH sessions The SSH client supports both version 2 and version 1 Default version 2 Note SSH version 2 is the default SSH version SSH cl...

Page 1289: ...d Exec Examples To configure the default TCP port for SSH clients to 2200 and the session timer to 10 minutes use the command awplus ssh client port 2200 session timeout 600 To configure the connect timeout of SSH client to 10 seconds use the command awplus ssh client connect timeout 10 To restore the connect timeout to its default use the command awplus no ssh client connect timeout Related Comma...

Page 1290: ...Parameter Description v1v2 Supports both SSHv2 and SSHv1client connections Default v1v2 v2only Supports SSHv2 client connections only 1 65535 The TCP port number that the server listens to for incoming SSH sessions Default 22 session timeout There is a maximum time period that the server waits before deciding that a session is inactive and should be terminated The server considers the session inac...

Page 1291: ... the number of SSH client connections waiting authentication from SSH server to 3 use the commands awplus configure terminal awplus config ssh server max startups To set max startups parameters of SSH server to the default configuration use the commands awplus configure terminal awplus config no ssh server max startups To support the Secure Shell server with TCP port 2200 use the commands awplus c...

Page 1292: ...should match exactly with the existing entry Syntax ssh server allow users username pattern hostname pattern no ssh server allow users username pattern hostname pattern Mode Global Configuration Examples To allow the user john to create an SSH session from any host use the commands awplus configure terminal awplus config ssh server allow users john To allow the user john to create an SSH session f...

Page 1293: ...perating System Version 5 4 5 0 x SECURE SHELL SSH COMMANDS SSH SERVER ALLOW USERS To delete the existing user entry john 192 168 1 in the allow list use the commands awplus configure terminal awplus config no ssh server allow users john 192 168 1 Related Commands show running config ssh show ssh server allow users ssh server deny users ...

Page 1294: ...cation for users Syntax ssh server authentication password publickey no ssh server authentication password publickey Default Both RSA public key authentication and password authentication are enabled by default Mode Global Configuration Usage For password authentication to authenticate a user password authentication for a user must be registered in the local user database or on an external RADIUS ...

Page 1295: ...NTICATION To disable password authentication for users connecting through SSH use the commands awplus configure terminal awplus config no ssh server authentication password To disable publickey authentication for users connecting through SSH use the commands awplus configure terminal awplus config no ssh server authentication publickey Related Commands crypto key pubkey chain userkey service ssh s...

Page 1296: ...ern hostname pattern no ssh server deny users username pattern hostname pattern Mode Global Configuration Examples To deny the user john to access SSH login from any host use the commands awplus configure terminal awplus config ssh server deny users john To deny the user john to access SSH login from a range of IP address from 192 168 2 1 to 192 168 2 255 use the commands awplus configure terminal...

Page 1297: ...Operating System Version 5 4 5 0 x SECURE SHELL SSH COMMANDS SSH SERVER DENY USERS To delete the existing user entry john 192 168 2 in the deny list use the commands awplus configure terminal awplus config no ssh server deny users john 192 168 2 Related Commands show running config ssh show ssh server deny users ssh server allow users ...

Page 1298: ...lve hosts no ssh server resolve hosts Default This feature is disabled by default Mode Global Configuration Usage Your device has a DNS Client that is enabled automatically when you add a DNS server to your device Use the ip name server command to add a DNS server to the list of servers that the device queries For information about configuring DNS see the Internet Protocol Feature Overview and Con...

Page 1299: ...well as this service before the device accepts SCP connections The SCP service is enabled by default as soon as the SSH server is enabled The no variant of this command disables the SCP service on the SSH server Once disabled SCP requests from remote clients are rejected Syntax ssh server scp no ssh server scp Mode Global Configuration Examples To enable the SCP service use the commands awplus con...

Page 1300: ... device accepts SFTP connections The SFTP service is enabled by default as soon as the SSH server is enabled If the SSH server is disabled SFTP service is unavailable The no variant of this command disables SFTP service on the SSH server Once disabled SFTP requests from remote clients are rejected Syntax ssh server sftp no ssh server sftp Mode Global Configuration Examples To enable the SFTP servi...

Page 1301: ...gh Availability High Power Video Surveillance PoE Switch 1283 AlliedWare Plus Operating System Version 5 4 5 0 x SECURE SHELL SSH COMMANDS UNDEBUG SSH CLIENT undebug ssh client Overview This command applies the functionality of the no debug ssh client command ...

Page 1302: ... High Power Video Surveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x SECURE SHELL SSH COMMANDS UNDEBUG SSH SERVER undebug ssh server Overview This command applies the functionality of the no debug ssh server command ...

Page 1303: ...gators e g po2 as well as on switch ports e g port1 0 2 Command List arp security on page 1286 arp security violation on page 1287 clear arp security statistics on page 1289 clear ip dhcp snooping binding on page 1290 clear ip dhcp snooping statistics on page 1291 debug arp security on page 1292 debug ip dhcp snooping on page 1293 ip dhcp snooping on page 1294 ip dhcp snooping agent option on page...

Page 1304: ...07 ip source binding on page 1308 service dhcp snooping on page 1310 show arp security on page 1312 show arp security interface on page 1313 show arp security statistics on page 1315 show debugging arp security on page 1318 show debugging ip dhcp snooping on page 1319 show ip dhcp snooping on page 1320 show ip dhcp snooping acl on page 1321 show ip dhcp snooping agent option on page 1324 show ip d...

Page 1305: ...the no variant of this command to disable ARP security on the VLANs Syntax arp security no arp security Default Disabled Mode Interface Configuration VLANs Usage Enable ARP security to provide protection against ARP spoofing DHCP snooping mustalso be enabled on the switch service dhcp snoopingcommand and on the VLANs ip dhcp snooping command Example To enable ARP security on VLANs 2 to 4 use the c...

Page 1306: ... untrusted port in a VLAN that has ARP security enabled it drops the packet This command sets the switch to perform additional actions in response to ARP violations If a port has been shut down in response to a violation to bring it back up again after any issues have been resolved use the shutdown command Example To send SNMP notifications for ARP security violations on ports 1 0 1 to 1 0 6 use t...

Page 1307: ...r Video Surveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x DHCP SNOOPING COMMANDS ARP SECURITY VIOLATION Related Commands arp security show arp security interface show arp security statistics show log snmp server enable trap ...

Page 1308: ...ed ports or for all ports Syntax clear arp security statistics interface port list Mode Privileged Exec Example To clear statistics for ARP security on interface port1 0 1 use the command awplus clear arp security statistics interface port1 0 1 Related Commands arp security violation show arp security show arp security statistics Parameter Description port list The ports to clear statistics for If...

Page 1309: ...nterface port list vlan vid list Mode Privileged Exec Usage This command removes dynamic entries from the database Note that dynamic entries can also be deleted by using the novariant of theip dhcp snooping binding command Dynamic entries can individually restored by using the ip dhcp snooping binding command To remove static entries use the no variant of the ip source binding command Example To r...

Page 1310: ...r all ports Syntax clear ip dhcp snooping statistics interface port list Mode Privileged Exec Example To clear statistics for the DHCP snooping on interface port1 0 1 use the command awplus clear ip dhcp snooping statistics interface port1 0 1 Related Commands clear arp security statistics show ip dhcp snooping show ip dhcp snooping statistics Parameter Description port list The ports to clear sta...

Page 1311: ...P SECURITY debug arp security Overview Use this command to enable ARP security debugging Use the no variant of this command to disable debugging for ARP security Syntax debug arp security no debug arp security Default Disabled Mode Privileged Exec Example To enable ARP security debugging use the commands awplus debug arp security Related Commands show debugging arp security show log terminal monit...

Page 1312: ... dhcp snooping all acl db packet detail no debug ip dhcp snooping all acl db packet detail Default Disabled Mode Privileged Exec Example To enable access list debugging for DHCP snooping use the commands awplus debug ip dhcp snooping acl Related Commands debug arp security show debugging ip dhcp snooping show log terminal monitor Parameter Description all All DHCP snooping debug acl DHCP snooping ...

Page 1313: ... snooping command have at least one port connected to a DHCP server configured as a trusted port by using the ip dhcp snooping trust command Any ACLs on a port that permit traffic matching DHCP snooping entries and block other traffic will block all traffic if DHCP snooping is disabled on the port If you disable DHCP snooping on particular VLANs using this command you must also remove any DHCP sno...

Page 1314: ...82 insertion Syntax ip dhcp snooping agent option no ip dhcp snooping agent option Default DHCP Relay Agent Option 82 insertion is enabled by default when DHCP snooping is enabled Mode Global Configuration Usage DHCP snooping must also be enabled on the switch service dhcp snooping command and on the VLANs ip dhcp snooping command If a subscriber ID is configured for the port ip dhcp snooping subs...

Page 1315: ...Mode Global Configuration Usage If the switch is connected via untrusted ports to edge switches that insert DHCP Relay Agent Option 82 information into DHCP packets you may need to allow these DHCP packets through the untrusted ports by using this command When this is disabled default the switch treats incoming DHCP packets on untrusted ports that contain DHCP Relay Agent Option 82 information as ...

Page 1316: ... VLAN ID and Ifindex interface number Mode Interface Configuration for a VLAN interface Usage The Circuit ID sub option is included in the DHCP Relay Agent Option 82 field of forwarded client DHCP packets DHCP snooping Option 82 information insertion is enabled ip dhcp snooping agent option command enabled by default and DHCPsnoopingisenabled onthe switch servicedhcp snooping and onthe VLAN to whi...

Page 1317: ...D sub option is included in the DHCP Relay Agent Option 82 field of forwarded client DHCP packets DHCP snooping Option 82 information insertion is enabled ip dhcp snooping agent option command enabled by default and DHCPsnoopingisenabled onthe switch servicedhcp snooping and onthe VLAN to which the port belongs ip dhcp snooping Examples To set the Remote ID to myid for client DHCP packets received...

Page 1318: ...ectivity Syntax ip dhcp snooping binding ipaddr macaddr vlan vid interface port expiry expiry time no ip dhcp snooping binding ipaddr Mode Privileged Exec Usage Note that dynamic entries can also be deleted from the DHCP snooping database by using the clear ip dhcp snooping binding command To add or remove static entries from the database use the ip source binding command Example To restore an ent...

Page 1319: ... device on the stack master it is only synchronized across stack members that also have USB storage devices installed If the location of the backup file is changed by using this command a new file is created in the new location and the old version of the file remains in the old location This can be removed if necessary hidden file dhcp dsn gz Example To set the location of the DHCP snooping databa...

Page 1320: ...lt DHCP lease entries are deleted from the DHCP snooping database when matching DHCP release messages are received Mode Global Configuration Usage DHCP clients send a release message when they no longer wish to use the IP address they have been allocated by a DHCP server Use this command to enable DHCP snooping to use the information in these messages to remove entries from its database immediatel...

Page 1321: ...linkdown no ip dhcp snooping delete by linkdown Default Disabled by default DHCP Snooping bindings are not deleted when an interface goes down Mode Global Configuration Usage If this command is enabled in a stack and the master goes down and is replaced by a new master entries in the DHCP snooping database for ports on the master are removed unless they are part of link aggregators that are still ...

Page 1322: ...DHCP snooping use the show ip dhcp snooping acl command In general the default 1 will work well on an edge port with a single directly connected DHCP client If the port is on an aggregation switch that is connected to an edge switch with multiple DHCP clients connected through it then use this command to increase the number of lease entries for the port If there are multiple VLANs configured on th...

Page 1323: ...t using this command and DHCP snooping Option 82 information insertion is enabled ip dhcp snooping agent option command enabled by default and DHCPsnoopingisenabled onthe switch servicedhcp snooping and onthe VLAN to which the port belongs ip dhcp snooping Examples To set the Subscriber ID for port 1 0 3 to room_534 use the commands awplus configure terminal awplus config interface port1 0 3 awplu...

Page 1324: ...p dhcp snooping trust no ip dhcp snooping trust Default All ports are untrusted by default Mode Interface Configuration port Usage Typically ports connecting the switch to trusted elements in the network towards the core are set as trusted ports while ports connecting untrusted network elements are set as untrusted Configure ports connected to DHCP servers as trusted ports Example To set switch po...

Page 1325: ...ping verify mac address Default Enabled source MAC addresses are verified by default Mode Global Configuration Usage When MAC address verification is enabled the switch treats DHCP packets with source MAC address and client hardware address that do not match as DHCP snooping violations it drops them and applies any other violation action specified by the ip dhcp snooping violation command To bring...

Page 1326: ...been resolved use the shutdown command IP packets dropped by DHCP snooping filters do not resultin other DHCP snooping violation actions Example To set the switch to send an SNMP notification and set the link status to link down if it detects a DHCP snooping violation on switch ports 1 0 1 to 1 0 4 use the commands awplus configure terminal awplus config snmp server enable trap dhcpsnooping awplus...

Page 1327: ...hcp snooping binding command Examples To add a static entry to the DHCP snooping database for a client with the IP address 192 168 1 2 MAC address 0001 0002 0003 on port1 0 6 of vlan6 use the command awplus configure terminal awplus config ip source binding 192 168 1 2 0001 0002 0003 vlan 6 interface port1 0 6 To remove the static entry for IP address 192 168 1 2 from the database use the commands...

Page 1328: ...ility High Power Video Surveillance PoE Switch 1309 AlliedWare Plus Operating System Version 5 4 5 0 x DHCP SNOOPING COMMANDS IP SOURCE BINDING Related Commands clear ip dhcp snooping binding ip dhcp snooping binding show ip dhcp snooping binding show ip source binding ...

Page 1329: ...ly on the switch by using this command be enabled on the particular VLAN by using the ip dhcp snooping command have at least one port connected to a DHCP server configured as a trusted port by using the ip dhcp snooping trust command If you disable the DHCP snooping service by using the no variant of this command all DHCP snooping configuration including ARP security but excluding maximum bindings...

Page 1330: ...ping ACLs from the ports to maintain connectivity no access group command Examples To enable DHCP snooping on the switch use the command awplus configure terminal awplus config service dhcp snooping To disable DHCP snooping on the switch use the command awplus configure terminal awplus config no service dhcp snooping Related Commands ip dhcp snooping ip dhcp snooping database ip dhcp snooping max ...

Page 1331: ...rp security show arp security interface show arp security statistics Table 34 1 Example output from the show arp security command awplus show arp security ARP Security Information Total VLANs enabled 2 Total VLANs disabled 11 vlan1 Disabled vlan2 Disabled vlan3 Disabled vlan4 Disabled vlan5 Disabled vlan100 Disabled vlan101 Disabled vlan102 Disabled vlan103 Disabled vlan104 Disabled vlan105 Enable...

Page 1332: ... ports to display ARP security information about The port list can include switch ports and static or dynamic aggregated links Table 34 3 Example output from the show arp security interface command awplus show arp security interface Arp Security Port Status and Configuration Port Provisioned ports marked with brackets e g portx y z KEY LG Log TR Trap LD Link down Port Action port1 0 1 port1 0 2 po...

Page 1333: ... 4 5 0 x DHCP SNOOPING COMMANDS SHOW ARP SECURITY INTERFACE Related Commands arp security violation show arp security show arp security statistics show log snmp server enable trap TR Trap Generate an SNMP notification trap LD Link down Shut down the link Table 34 4 Parameters in the output from the show arp security interface command cont Parameter Description ...

Page 1334: ...G COMMANDS SHOW ARP SECURITY STATISTICS show arp security statistics Overview Use this command to display ARP security statistics for the specified ports or all ports Syntax show arp security statistics detail interface port list Mode User Exec and Privileged Exec Parameter Description detail Display detailed statistics interface port list Display statistics for the specified ports ...

Page 1335: ...how arp security statistics command awplus show arp security statistics DHCP Snooping ARP Security Statistics In In Interface Packets Discards port1 0 3 20 20 port1 0 4 30 30 port1 0 12 120 0 Table 34 6 Parameters in the output from the show arp security statistics command Parameter Description Interface A port name Parentheses indicate that ports are configured for provisioning In Packets The tot...

Page 1336: ... show arp security interface show log Table 34 7 Example output from the show arp security statistics detail command awplus show arp security statistics detail DHCP Snooping ARP Security Statistics Interface port1 0 3 In Packets 20 In Discards 20 No Lease 20 Bad Vlan 0 Bad Port 0 Source Ip Not Allocated 0 Interface port1 0 4 In Packets 30 In Discards 30 No Lease 30 Bad Vlan 0 Bad Port 0 Source Ip ...

Page 1337: ...mmand to display the ARP security debugging configuration Syntax show debugging arp security Mode User and Privileged Exec Example To display the debugging settings for ARP security on the switch use the command awplus show debugging arp security Related Commands arp security violation debug arp security Table 34 8 Example output from the show debugging arp security command awplus show debugging a...

Page 1338: ...g Mode User Exec and Privileged Exec Example To display the DHCP snooping debugging configuration use the command awplus show debugging ip dhcp snooping Related Commands debug ip dhcp snooping show log Table 34 9 Example output from the show debugging ip dhcp snooping command awplus show debugging ip dhcp snooping DHCP snooping debugging status DHCP snooping debugging is off DHCP snooping all debu...

Page 1339: ...rity show ip dhcp snooping acl show ip dhcp snooping agent option show ip dhcp snooping binding show ip dhcp snooping interface Table 34 10 Example output from the show ip dhcp snooping command DHCP Snooping Information DHCP Snooping service Enabled Option 82 insertion Enabled Option 82 on untrusted ports Not allowed Binding delete by client Disabled Binding delete by link down Disabled Verify MAC...

Page 1340: ...ormation use the command awplus show ip dhcp snooping acl Parameter Description detail Detailed DHCP Snooping ACL information hardware DHCP Snooping hardware ACL information interface ACL Interface information interface list The interfaces to display information about Table 34 11 Example output from the show ip dhcp snooping acl command awplus show ip dhcp snooping acl DHCP Snooping Based Filters ...

Page 1341: ... dhcpsn1 20 20 20 20 0000 aaaa bbbb port1 0 2 dhcpsn1 0 0 0 0 0000 0000 0000 port1 0 2 dhcpsn1 0 0 0 0 0000 0000 0000 port1 0 2 dhcpsn1 0 0 0 0 0000 0000 0000 port1 0 2 dhcpsn1 0 0 0 0 0000 0000 0000 port1 0 3 dhcpsn2 cmap1 30 30 30 30 aaaa bbbb dddd port1 0 3 dhcpsn2 cmap1 40 40 40 40 0000 aaaa cccc port1 0 3 dhcpsn2 cmap1 50 50 50 50 0000 aaaa dddd port1 0 3 dhcpsn2 cmap1 60 60 60 60 0000 aaaa e...

Page 1342: ...cp snooping acl detail interface port1 0 4 DHCP Snooping Based Filters Information port1 0 4 Maximum Bindings 2 port1 0 4 Template filters 7 port1 0 4 Attached hardware filters 14 port1 0 4 Current bindings 1 1 free port1 0 4 Client 1 120 120 120 120 port1 0 4 Templates cheese via class map cmap2 port1 0 4 10 permit ip dhcpsnooping 100 0 0 0 8 port1 0 4 Template dhcpsn2 via class map cmap1 port1 0...

Page 1343: ...P snooping Option 82 information for all interfaces use the command awplus show ip dhcp snooping agent option To display DHCP snooping Option 82 information for port1 0 1 use the command awplus show ip dhcp snooping agent option interface port1 0 1 To display DHCP snooping Option 82 information for vlan1 use the command awplus show ip dhcp snooping agent option interface vlan1 To display DHCP snoo...

Page 1344: ...on DHCP Snooping Option 82 Configuration Key C Id Circuit Id Format R Id Remote Id S Id Subscriber Id Option 82 insertion Enabled Option 82 on untrusted ports Not allowed vlan1 C Id vlanifindex R Id Access Island 01 M1 vlan2 C Id vlantriplet R Id Access Island 01 M1 vlan3 C Id vlantriplet R Id Access Island 01 M3 vlan4 C Id vlantriplet R Id 0000 cd28 074c vlan5 C Id vlantriplet R Id 0000 cd28 074c...

Page 1345: ...hcp snooping agent option DHCP Snooping Option 82 Configuration Key C Id Circuit Id Format R Id Remote Id S Id Subscriber Id Option 82 insertion Enabled Option 82 on untrusted ports Not allowed vlan1 C Id vlanifindex R Id Access Island 01 M1 vlan2 C Id vlantriplet R Id Access Island 01 M1 vlan3 C Id vlantriplet R Id Access Island 01 M3 vlan4 C Id vlantriplet R Id 0000 cd28 074c vlan5 C Id vlantrip...

Page 1346: ...s IP Address VLAN Port sec Type 1 2 3 4 aaaa bbbb cccc 7 1 0 6 Infinite Stat 1 2 3 6 any 4077 1 0 6 Infinite Stat 1 3 4 5 any 1 sa1 Infinite Stat 111 111 100 101 0000 0000 0001 111 112 1 1 1 1 0 6 4076 Dyna 111 111 101 108 0000 0000 0108 111 112 1 1 1 1 0 6 4084 Dyna 111 111 101 109 0000 0000 0109 111 112 1 1 1 1 0 6 4085 Dyna 111 211 100 101 1 1 0 2 2147483325 Dyna 111 211 100 109 00b0 0000 0009 ...

Page 1347: ...bindings show ip source binding Type The source of the entry Dyna dynamically entered by snooping DHCP traffic configured by the ip dhcp snooping binding command or loaded from the database backup file Stat added statically by the ip source binding command Total number of bindings in database The total number of dynamic and static lease entries in the DHCP snooping database Table 34 15 Parameters ...

Page 1348: ...rts to display DHCP snooping configuration information for If no ports are specified information for all ports is displayed Table 34 16 Example output from the show ip dhcp snooping interface command awplus show ip dhcp snooping interface DHCP Snooping Port Status and Configuration Port Provisioned ports marked with brackets e g portx y z Action LG Log TR Trap LD Link down Full Max Port Status Lea...

Page 1349: ... ip dhcp snooping interface command Parameter Description Port The port interface name Status The port status untrusted default or trusted Full Leases The number of entries in the DHCP snooping database for the port Max Leases The maximum number of entries that can be stored in the database for the port Action The DHCP snooping violation actions for the port Subscriber ID The subscriber ID for the...

Page 1350: ...w ip dhcp snooping statistics Overview Use this command to display DHCP snooping statistics Syntax show ip dhcp snooping statistics detail interface interface list Mode User Exec and Privileged Exec Parameter Description detail Display detailed statistics interface interface list Display statistics for the specified interfaces The interface list can contain switch ports static or dynamic link aggr...

Page 1351: ...0 0 0 0 port1 0 4 0 0 0 0 port1 0 5 0 0 0 0 port1 0 6 58 0 58 0 Table 34 19 Example output from the show ip dhcp snooping statistics detail command awplus show ip dhcp snooping statistics detail DHCP Snooping Statistics Interface port1 0 1 All counters 0 Interface port1 0 2 All counters 0 Interface port1 0 3 All counters 0 Interface port1 0 4 In Packets 50 In BOOTP Requests 25 In BOOTP Replies 25 ...

Page 1352: ...cline message was discarded for reasons such as mismatch between received interface and current binding information Invalid IP UDP Header A problem was detected in the IP or UDP header of the packet Max Bindings Exceeded Accepting the packet would cause the maximum number of bindings on a port to be exceeded Option 82 Insert Error An error occurred while trying to insert DHCP Relay Agent Option 82...

Page 1353: ...igh Power Video Surveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x DHCP SNOOPING COMMANDS SHOW IP DHCP SNOOPING STATISTICS Related Commands clear ip dhcp snooping statistics ip dhcp snooping ip dhcp snooping violation ...

Page 1354: ...plus show ip source binding Related Commands ip source binding show ip dhcp snooping binding Table 34 21 Example output from the show ip source binding command awplus show ip source binding IP Source Bindings Client MAC Expires IP Address Address VLAN Port sec Type 1 1 1 1 0000 1111 2222 1 port1 0 1 Infinite Static Table 34 22 Parameters in the output from the show ip source binding command Parame...

Page 1355: ... Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Command List advertisement interval on page 1337 circuit failover on page 1339 debug vrrp on page 1341 debug vrrp events on page 1342 debug vrrp packet on page 1343 disable VRRP on page 1344 enable VRRP on page 1345 preempt mode on page 1346 priority on page 1348 router vrrp interf...

Page 1356: ... 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x VRRP COMMANDS show vrrp session on page 1361 transition mode on page 1363 undebug vrrp on page 1365 undebug vrrp events on page 1366 undebug vrrp packet on page 1367 virtual ip on page 1368 virtual ipv6 on page 1370 vrrp vmac on page 1372 ...

Page 1357: ...efault The default advertisement interval is 1 second Mode Router Configuration Usage Note when using VRRP with VCStacking ensure the VRRP advertisement interval is larger than the VCStacking failover time to avoid VCStacking failovers causing VRRP failovers See the VRRP Feature Overview and Configuration Guide for more information about setting the advertisement interval when configuring VRRP usi...

Page 1358: ...lus config router advertisement interval 6 The example below shows you how to reset the advertisement interval to the default of 1 second for the VRRP IPv4 session with VR ID 5 on interface vlan2 awplus configure terminal awplus config router vrrp 5 vlan2 awplus config router no advertisement interval The example below shows you how to configure the advertisement interval to 6 seconds for the VRRP...

Page 1359: ...th VR ID 1 on interface vlan2 awplus configure terminal awplus config router vrrp 1 vlan2 awplus config router no circuit failover The example below shows you how to configure circuit failover on interface vlan2 for the VRRPv3 IPv6 session with VR ID 2 where interface vlan2 is considered the monitored interface awplus configure terminal awplus config router ipv6 vrrp 2 vlan2 awplus config router c...

Page 1360: ...ersion 5 4 5 0 x VRRP COMMANDS CIRCUIT FAILOVER The example below shows you how to remove all configured circuit failovers for the VRRPv3 IPv6 session with VR ID 1 on interface vlan2 awplus configure terminal awplus config router ipv6 vrrp 1 vlan2 awplus config router no circuit failover Related Commands router vrrp interface router ipv6 vrrp interface ...

Page 1361: ... of this command to disable this function Syntax debug vrrp all no debug vrrp all Mode Privileged Exec and Global Configuration Usage See the VRRP Feature Overview and Configuration Guide for more information about VRRPv3 debugging details Examples The example below shows you how to enable all debugging for VRRP awplus configure terminal awplus config debug vrrp all The example below shows you how...

Page 1362: ...bug vrrp events Mode Privileged Exec and Global Configuration Usage The debug vrrp events command enables the display of debug information related to VRRP internal events See the VRRP Feature Overview and Configuration Guide for more information about VRRPv3 debugging details Examples The example below shows you how to enable events debugging for VRRP awplus configure terminal awplus config debug ...

Page 1363: ...Configuration Guide for more information about VRRPv3 debugging details Examples The example belowshows youhow to enablereceived and sentpacket debugging for VRRP awplus configure terminal awplus config debug vrrp packet The example below shows you how to enable only received packet debugging for VRRP awplus configure terminal awplus config debug vrrp packet recv The example below shows you how to...

Page 1364: ...and to enable a VRRP IPv4 session or a VRRPv3 IPv6 session on the router Syntax disable Mode Router Configuration Usage See the VRRP Feature Overview and Configuration Guide for more information about VRRPv3 IPv4 and IPv6 configuration details Examples The example below shows you how to disable the VRRP session for VRRP VR ID 5 on vlan2 awplus configure terminal awplus config router vrrp 5 vlan2 a...

Page 1365: ...nterface for the VRRP session using the virtual ip or virtual ipv6 and the router vrrp interface or router ipv6 vrrp interface commands before using this command See the VRRP Feature Overview and Configuration Guide for more information about VRRPv3 IPv4 and IPv6 configuration details Examples The example below shows you how to enable the VRRP session for VRRP VR ID 5 on vlan2 awplus configure ter...

Page 1366: ...e allows a higher priority backup router to relieve a lower priority backup router By default a preemptive scheme is enabled whereby a higher priority backup virtual router that becomes available take over for the backup virtual router that was elected to become the master virtual router This preemptive scheme can be disabled using the preempt mode false command If preemption is disabled the backu...

Page 1367: ...rp 5 vlan2 awplus config router preempt mode false The example below shows you how to configure preempt mode as true for VRRPv3 VR ID 3 on vlan1 awplus configure terminal awplus config router ipv6 vrrp 3 vlan1 awplus config router preempt mode true The example below shows you how to configure preempt mode as false for VRRPv3 VR ID 3 on vlan1 awplus configure terminal awplus config router ipv6 vrrp...

Page 1368: ...d the IP address of the interface then this VRRP router functions as the master virtual router Priority also determines whether a VRRP router functions as a backup virtual router and the order of ascendancy to becoming a master virtual router if the master virtual router fails Configure the priority of each backup virtual router with a a value of 1 through 254 See the VRRP Feature Overview and Con...

Page 1369: ...shows you how to configure 101 as the priority for VRRPv3 VR ID 3 on vlan1 awplus configure terminal awplus config router ipv6 vrrp 3 vlan1 awplus config router priority 101 The example below shows you how to remove the configured priority for VRRPv3 VR ID 3 on vlan1 awplus configure terminal awplus config router ipv6 vrrp 3 vlan1 awplus config router no priority Related Commands circuit failover ...

Page 1370: ... is used for two purposes to send receive advertisement messages and to forward on behalf of the virtual router when in master state See the VRRP Feature Overview and Configuration Guide for more information about VRRPv3 IPv4 configuration details Examples The example below shows you how to enable a VRRP session with VR ID 5 on vlan1 awplus configure terminal awplus config router vrrp 5 vlan1 awpl...

Page 1371: ...uting This interface is used for two purposes to send receive advertisement messages and to forward on behalf of the virtual router when in master state See the VRRP Feature Overview and Configuration Guide for more information about VRRPv3 IPv6 configuration details Examples The example below shows you how to enable a VRRPv3 session with VR ID 3 on vlan2 awplus configure terminal awplus config ro...

Page 1372: ...console otherwise debug output is in the log file For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide See the VRRP Feature Overview and Configuration Guide for more information about VRRPv3 debugging details Syntax show debugging vrrp Mode User Exec and Privileged Exec Exampl...

Page 1373: ...Getting Started with AlliedWare Plus Feature Overview and Configuration Guide See the VRRP Feature Overview and Configuration Guide for more information about VRRPv3 IPv4 configuration details Syntax show running config router vrrp Mode Privileged Exec Global Configuration Line Configuration and Interface Configuration Example The example below shows you how to display the running configuration fo...

Page 1374: ...iedWare Plus Feature Overview and Configuration Guide See the VRRP Feature Overview and Configuration Guide for more information about VRRPv3 IPv6 configuration details Syntax show running config router vrrp Mode Privileged Exec Global Configuration Line Configuration and Interface Configuration Example The example below shows you how to display the running configuration for VRRPv3 IPv6 awplus sho...

Page 1375: ... IPv4 sessions enter the command awplus show vrrp To display brief summary output about VRRP IPv4 sessions enter the command awplus show vrrp brief Output Figure 35 3 Example output from the show vrrp command Figure 35 4 Example output from the show vrrp brief command Parameter Description brief Brief summary of VRRP sessions awplus show vrrp VMAC enabled Address family IPv4 VRRP Id 1 on interface...

Page 1376: ...rence for AT IX5 28GPX High Availability High Power Video Surveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x VRRP COMMANDS SHOW VRRP Related Commands enable VRRP disable VRRP ...

Page 1377: ...ature Overview and Configuration Guide for more information about VRRPv3 IPv6 configuration details Syntax show vrrp ipv6 interface Mode User Exec and Privileged Exec Example To display information about all VRRPv3 IPv6 sessions enter the command awplus show vrrp ipv6 Output Figure 35 5 Example output from the show vrrp ipv6 vlan2 command Related Commands enable VRRP disable VRRP Parameter Descrip...

Page 1378: ...iew and Configuration Guide For VRRPv3 IPv4 configuration details see the VRRP Feature Overview and Configuration Guide Syntax show vrrp counters Mode User Exec and Privileged Exec Usage The output has a section for global counters and a section of counters for each VRRP instance configured See the descriptions of the counters below the sample output as per RFC2787 NOTE Note that the counters disp...

Page 1379: ... Advertisements 1614 Internal Errors 0 TTL Errors 0 Received Priority 0 Pkt 0 Sent Priority 0 Pkt 0 Received Invalid Type 0 Address List Errors 0 Packet Length Errors 0 Monitored Circuit Up 0 Monitored Circuit Down 2 Table 35 1 Global counters with descriptions for the show vrrp counters command Counter Description Checksum Errors The total number of VRRP packets received with an invalid VRRP chec...

Page 1380: ...ty of 0 Sent Priority 0 Pkt The total number of VRRP packets sent by the virtual router with a priority of 0 Received Invalid Type The number of VRRP packets received by the virtual router with an invalid value in the type field Address List Errors The total number of packets received for which the address list does not match the locally configured list for the virtual router Packet Length Errors ...

Page 1381: ...uration Guide for more information about VRRPv3 IPv4 configuration details Syntax show vrrp vrid interface Mode User Exec and Privileged Exec Usage See the below sample output from the show vrrp command displaying information about VRRP session 1 configured on vlan2 Output shows that a Virtual IP address has been set awplus show vrrp 1 vlan2 Parameter Description vrid 1 255 The virtual router ID f...

Page 1382: ... command displaying information about VRRP session 1 configured on vlan3 Output shows a Virtual IP address has not been set awplus show vrrp 1 vlan3 Example The following command shows information about VRRP session 5 for interface vlan2 awplus show vrrp 5 vlan2 awplus show vrrp 1 vlan3 Address family IPv4 VrId 1 Interface is vlan3 State is Initialize Virtual IP address is unset Priority is 100 Ad...

Page 1383: ...figured to less than 1 second when using transition mode VRRPv2 can only use advertisements in whole second intervals Syntax transition mode true false Default The default is false Mode Router Configuration Usage See the VRRP Feature Overview and Configuration Guide for more information VRRPv3 IPv4 configuration details VRRPv3 IPv6 configuration details further information about configuring transi...

Page 1384: ...lliedWare Plus Operating System Version 5 4 5 0 x VRRP COMMANDS TRANSITION MODE The example below shows you how to configure IPv4 transition mode as false for VRRP VR ID 5 on vlan2 awplus configure terminal awplus config router vrrp 5 vlan2 awplus config router transition mode false Related Commands router vrrp interface ...

Page 1385: ...365 AlliedWare Plus Operating System Version 5 4 5 0 x VRRP COMMANDS UNDEBUG VRRP undebug vrrp Overview Use this command to disable all VRRP debugging Syntax undebug vrrp all Mode Privileged Exec Example The example below shows you how to disable all VRRP debugging awplus undebug vrrp all Related Commands debug vrrp ...

Page 1386: ...System Version 5 4 5 0 x VRRP COMMANDS UNDEBUG VRRP EVENTS undebug vrrp events Overview Use this command to disable debugging options for VRRP event troubleshooting Syntax undebug vrrp events Mode Privileged Exec Example The example below shows you how to disable VRRP event debugging awplus undebug vrrp events Related Commands debug vrrp events ...

Page 1387: ...p packet send recv Mode Privileged Exec Examples The example below shows you how to disable VRRP sent packet debugging awplus undebug vrrp packet send The example below shows you how to disable VRRP received packet debugging awplus undebug vrrp packet recv The example below shows you how to disable all VRRP packet debugging awplus undebug vrrp packet Related Commands debug vrrp packet Parameter De...

Page 1388: ...d disable this feature See the VRRP Feature Overview and Configuration Guide for more information about VRRPv3 IPv4 configuration details Examples The example below shows you how to set the virtual IP address for VRRP VR ID 5 and the router as the VRRP master awplus configure terminal awplus config router vrrp 5 vlan2 awplus config router virtual ip 192 0 2 30 master The example below shows you ho...

Page 1389: ...virtual IPv4 address for VRRP VR ID 5 and the router as owner of the virtual IPv4 address awplus configure terminal awplus config router vrrp 5 vlan2 awplus config router virtual ip 192 0 2 30 owner The example below shows you how to disable the virtual IPv4 address for VRRP VR ID 5 awplus configure terminal awplus config router vrrp 5 vlan2 awplus config router no virtual ip Related Commands rout...

Page 1390: ...3 implementation supports one IPv6 virtual link local address per virtual router ID Note that in the command examples fe80 1 is an IPv6 link local address An IPv6 link local address is used because IPv6 link local addresses are used by IPv6 ND Neighbor Discovery A host s default route to a router points to the IPv6 link local address not a specific global IPv6 address for the router For the host s...

Page 1391: ...config router ipv6 vrrp 3 vlan1 awplus config router virtual ipv6 fe80 1 master The example below shows you how to set the virtual IPv6 address for VRRPv3 VR ID 3 and the router as the VRRPv3 backup awplus configure terminal awplus config router ipv6 vrrp 3 vlan1 awplus config router virtual ipv6 fe80 1 backup The example below shows you disable the virtual IPv6 address for VRRPv3 VR ID 3 awplus c...

Page 1392: ...will use the virtual MAC address for any ARP responses associated with the virtual IP address or any gratuitous ARPs sent on behalf of the virtual IP address All VRRP advertisements are sent using this virtual MAC address as the source MAC address The virtual MAC address has the form 00 00 5e 00 01 VRID where VRID is the ID of the Virtual Router Syntax vrrp vmac enable disable Mode Global Configur...

Page 1393: ... in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Command List debug epsr on page 1374 epsr on page 1375 epsr configuration on page 1377 epsr datavlan on page 1378 epsr enhancedrecovery enable on page 1379 epsr mode master controlvlan primary port on page 1380 epsr mode transit controlvlan on page 1381 epsr priority on page 1382 epsr state on page 1383 epsr trap...

Page 1394: ... Command Reference for AT IX5 28GPX High Availability High Power Video Surveillance PoE Switch 1373 AlliedWare Plus Operating System Version 5 4 5 0 x EPSR COMMANDS show epsr summary on page 1398 undebug epsr on page 1399 ...

Page 1395: ...ve information from being sent to the console msg Send the decoded received and transmitted EPSR packets to the console Using this parameter with the no debug epsr command will explicitly exclude the above packets from being sent to the console pkt Send the received and transmitted EPSR packets as raw ASCII text to the console Using this parameter with the no debug epsr command will explicitly exc...

Page 1396: ...r the EPSR instance called blue use the command awplus config epsr epsr blue hellotime 5 NOTE When stacking is used with EPSR the EPSR failovertime should be at least 5 seconds To delete the EPSR instance called blue use the command awplus config epsr Parameter Description epsr instance Name of the EPSR instance hellotime 1 32767 The number of seconds between the transmission of health check messa...

Page 1397: ...rveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x EPSR COMMANDS EPSR Related Commands epsr mode master controlvlan primary port epsr mode transit controlvlan epsr configuration epsr datavlan epsr state epsr trap reboot rolling show epsr ...

Page 1398: ...n 5 4 5 0 x EPSR COMMANDS EPSR CONFIGURATION epsr configuration Overview Use this command to enter EPSR Configuration mode so that EPSR can be configured Syntax epsr configuration Mode Global Configuration Example To change to EPSR mode use the command awplus config epsr configuration Related Commands epsr mode master controlvlan primary port epsr show epsr ...

Page 1399: ...ween 3 and 4094 using the epsr datavlan command Examples To add vlan3 to the EPSR instance called blue use the command awplus config epsr epsr blue datavlan vlan3 To add vlan2 and vlan3 to the EPSR instance called blue use the command awplus config epsr epsr blue datavlan vlan2 vlan3 To remove vlan3 from the EPSR instance called blue use the command awplus config epsr no epsr blue datavlan vlan3 T...

Page 1400: ...ring with more than one break partially mends For more information see the EPSR Feature Overview and Configuration Guide The no variant of this command disables the enhanced recovery mode Syntax epsr epsr instance enhancedrecovery enable no epsr epsr instance enhancedrecovery enable Default Default is that enhanced recovery mode disabled Mode EPSR Configuration Example To apply enhanced recovery o...

Page 1401: ... we advise against this because in certain situations it can produce unpredictable results Mode EPSR Configuration Example To create a master EPSR instance called blue with vlan2 as the control VLAN and port1 0 1 as the primary port use the command awplus config epsr epsr blue mode master controlvlan vlan2 primaryport port1 0 1 Related Commands epsr mode transit controlvlan show epsr Parameter Des...

Page 1402: ...n two ports or static channels an algorithm selects the two ports or channels with the lowest number to be the ring ports However if the switch has only one channel group is defined to the control vlan EPSR will not operate on the secondary port EPSR does not support Dynamic link aggregation LACP Mode EPSR Configuration Example To create a transit EPSR instance called blue with vlan2 as the contro...

Page 1403: ...loop prevention Syntax epsr epsr instance priority 0 127 no epsr instance priority Default The default priority of an EPSR instance on an EPSR node is 0 The negated form of this command resets the priority of an EPSR instance on an EPSR node to the default value Mode EPSR Configuration Example To set the priority of the EPSR instance called blue to the highest priority 127 use the command awplus c...

Page 1404: ...SR instance Syntax epsr epsr instance state enabled disabled Mode EPSR Configuration Example To enable the EPSR instance called blue use the command awplus config epsr epsr blue state enabled Related Commands epsr mode master controlvlan primary port epsr mode transit controlvlan Parameter Description epsr instance The name of the EPSR instance state The operational state of the ring enabled EPSR ...

Page 1405: ...r an EPSR instance The traps will no longer be sent when the EPSR instance changes state Syntax epsr epsr instance trap no epsr epsr instance trap Mode EPSR Configuration Example To enable traps for the EPSR instance called blue use the command awplus config epsr epsr blue trap To disable traps for the EPSR instance called blue use the command awplus config epsr no epsr blue trap Related Commands ...

Page 1406: ...us Operating System Version 5 4 5 0 x EPSR COMMANDS SHOW DEBUGGING EPSR show debugging epsr Overview This command shows the debugging modes enabled for EPSR Syntax show debugging epsr Mode User Exec and Privileged Exec Example To show the enabled debugging modes use the command awplus show debugging epsr Related Commands debug epsr ...

Page 1407: ...57 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x EPSR COMMANDS SHOW EPSR show epsr Overview This command displays information about all EPSR instances Syntax show epsr Mode User Exec and Privileged Exec Example To show the current settings of all EPSR instances use the command awplus show epsr ...

Page 1408: ...ormation Name test2 Mode Transit Status Enabled State Links Up Control Vlan 2 Data VLAN s 10 Interface Mode Ports Only First Port port1 0 1 First Port Status Down First Port Direction Unknown Second Port port1 0 2 Second Port Status Down Second Port Direction Unknown Trap Enabled Master Node Unknown Enhanced Recovery Disabled Table 36 2 Example output from the show epsr command run on a master nod...

Page 1409: ...running the switch as an EPSR Master Table 36 3 Example output from the show epsr command run on a Master Node EPSR Information Name test4 Mode Master Status Enabled State Complete Control Vlan 4 Data VLAN s 20 Interface Mode Ports Only Primary Port port1 0 3 Status Forwarding logically blocking Is On Common Segment No Blocking Control Physical Secondary Port port1 0 4 Status Blocked Is On Common ...

Page 1410: ...ap Enabled Enhanced Recovery Disabled SLP Priority 12 Table 36 5 Parameters displayed in the output of the show epsr command Parameter on Master Node Parameter on Transit Node Description Name Name The name of the EPSR instance Mode Mode The mode in which the EPSR instance is configured either Master or Transit Status Status Indicates whether the EPSR instance is enabled or disabled State State In...

Page 1411: ...s not have physical control of it Note that on a master configured for SuperLoop Prevention non zero priority its secondary ring port can be physically forwarding but logically blocking This situation arises when it is not the highest priority node in the topology and so does not receive LINKS DOWN messages upon common segment breaks and a break on a common segment in its ring is preventing recept...

Page 1412: ...ds epsr mode master controlvlan primary port epsr mode transit controlvlan show epsr counters Enhanced Recovery Enhanced Recovery Whether the EPSR instance has enhanced recovery mode enabled SLP Priority SLP Priority The EPSR instance s priority for SuperLoop Prevention Table 36 5 Parameters displayed in the output of the show epsr command cont Parameter on Master Node Parameter on Transit Node De...

Page 1413: ...n segment ports on the switch use the command awplus show epsr common segments Related Commands show epsr show epsr summary show epsr counters Table 36 6 Example output from the show epsr common segments command EPSR Common Segments Common Seg EPSR Port Phys Ctrl Ring Ring Port Instance Mode Prio Type of Port Port Status port1 0 24 test_inst_Red Transit 127 Second Yes Fwding test_inst_Blue Transit...

Page 1414: ...master that shares a common segment with a higher priority instance The instance is a master that shares a common segment with another master The instance is a master with its secondary port on a common segment Syntax show epsr instance config check Mode User Exec and Privileged Exec Example To check the configuration of all EPSR instances and display the results use the command awplus show epsr c...

Page 1415: ...erence for AT IX5 28GPX High Availability High Power Video Surveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x EPSR COMMANDS SHOW EPSR CONFIG CHECK Related Commands show epsr ...

Page 1416: ...stance Overview This command displays information about the specified EPSR instance Syntax show epsr epsr instance Mode User Exec and Privileged Exec Example To show the current settings of the EPSR instance called blue use the command awplus show epsr blue Related Commands epsr mode master controlvlan primary port epsr mode transit controlvlan show epsr counters Parameter Description epsr instanc...

Page 1417: ...e counters Overview This command displays counter information about the specified EPSR instance Syntax show epsr epsr instance counters Mode User Exec and Privileged Exec Example To show the counters of the EPSR instance called blue use the command awplus show epsr blue counters Related Commands epsr mode master controlvlan primary port epsr mode transit controlvlan show epsr Parameter Description...

Page 1418: ... COMMANDS SHOW EPSR COUNTERS show epsr counters Overview This command displays counter information about all EPSR instances Syntax show epsr counters Mode User Exec and Privileged Exec Example To show the counters of all EPSR instances use the command awplus show epsr counters Related Commands epsr mode master controlvlan primary port epsr mode transit controlvlan show epsr ...

Page 1419: ... Example output from the show epsr summary command EPSR Summary Information Abbreviations M Master node T Transit node C is on a common segment with other instances P instance on a common segment has physical control of the shared port s data VLAN blocking LB ring port is Logically Blocking applicable to master only EPSR Ctrl Primary 1st Secondary 2nd Instance Mode Status State VLAN Prio Port Stat...

Page 1420: ...8GPX High Availability High Power Video Surveillance PoE Switch 1399 AlliedWare Plus Operating System Version 5 4 5 0 x EPSR COMMANDS UNDEBUG EPSR undebug epsr Overview This command applies the functionality of the no variant of the debug epsr command ...

Page 1421: ... example a device whose MAC address is 0016 76b1 7a5e will have the name host_0016_76b1_7a5e assigned to it To efficiently manage your network using AMF we strongly advise that you devise a naming convention for your network devices and accordingly apply an appropriate hostname to each device in your AMF network Command List atmf area on page 1402 atmf area password on page 1403 atmf backup on pag...

Page 1422: ...e 1435 atmf provision node configure boot config on page 1437 atmf provision node configure boot system on page 1439 atmf provision node create on page 1441 atmf provision node delete on page 1443 atmf provision node license cert on page 1445 atmf provision node locate on page 1447 atmf reboot rolling on page 1448 atmf recover on page 1452 atmf recover led off on page 1454 atmf remote login on pag...

Page 1423: ...ers on page 1491 show atmf links on page 1493 show atmf links detail on page 1494 show atmf links statistics on page 1502 show atmf memory on page 1507 show atmf nodes on page 1509 show atmf provision nodes on page 1510 show atmf tech on page 1511 show atmf working set on page 1514 show debugging atmf on page 1515 show debugging atmf packet on page 1516 show running config atmf on page 1517 switch...

Page 1424: ...mber of areas supported on a controller depends on the license installed on that controller You must give each area in an AMF network a unique name and ID number Only one local area can be configured on a device You must specify a local area on each controller remote AMF master and gateway node Example To create the AMF area named New Zealand with an ID of 1 and specify that it is the local area u...

Page 1425: ...he password identically on both of the area that locally contains the controller and the remote area The command show running config atmf will display the encrypted version of this password The encryption keys will match between the controller and the remote AMF master If multiple controller and masters exist in an area they must all have the same area configuration Example To give the AMF area na...

Page 1426: ...h Power Video Surveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x AMF COMMANDS ATMF AREA PASSWORD Related Commands atmf area show atmf area show atmf area summary show atmf area nodes switchport atmf arealink remote area ...

Page 1427: ... to begin at 11 am and execute twice per day 11 am and 11 pm use the following command node_1 configure terminal node_1 config atmf backup 11 00 frequency 2 CAUTION File names that comprise identical text but with differing case such as Test txt and test txt will not be recognized as being different on a FAT32 based backup media such as a USB storage device However these filenames will be recogniz...

Page 1428: ... specified area This command is only valid on AMF controllers Syntax atmf backup area masters delete area area name node node name Mode Privileged Exec Example To delete the backup of the remote area master named well gate in the area Wellington use the command controller 1 atmf backup area masters delete area Wellington node well gate Related Commands show atmf backup area Parameter Description a...

Page 1429: ...mf backup area masters enable Mode Global configuration Default Remote area backups are disabled by default Usage Use the following commands to configure the remote area master backups atmf backup to configure when the backups begin and how often they run atmf backup server to configure the backup server Example To enable scheduled backups of AMF remote area masters use the commands controller 1 c...

Page 1430: ...e name Mode Privileged Exec Example To back up all local master nodes in all areas controlled by controller 1 use the command controller 1 atmf backup area masters now To back up all local masters in the Wellington area use the command controller 1 atmf backup area masters now area Wellington To back up the local master well master in the Wellington area use the command controller 1 atmf backup ar...

Page 1431: ...master files between the active remote file server and the backup remote file server Files are copied from the active server to the remote server This command is only valid on AMF controllers Syntax atmf backup area masters synchronize Mode Privileged Exec Example To synchronize backed up files between the remote file servers for all area masters use the command controller 1 atmf backup area maste...

Page 1432: ...h can exceed the maximum configurable speed of 1000 kBps In effect zero means unlimited Use the no variant of this command to reset to its default value of zero the maximum bandwidth in kilobytes per second kBps available when initiating an AMF backup A value of zero tells the backup process to transfer files using unlimited bandwidth Syntax atmf backup bandwidth 0 1000 no atmf backup bandwidth De...

Page 1433: ...up delete Overview This command removes the backup file from the external media of a specified AMF node Syntax atmf backup delete node name Mode Privileged Exec Example To delete the backup file from node2 use the following command Node_1 atmf backup delete node2 Related Commands show atmf backup atmf backup now atmf backup stop Parameter Description node name The AMF node name of the backup file ...

Page 1434: ...nd previously enabled Syntax atmf backup enable no atmf backup enable Default Automatic AMF backup functionality is enabled on the AMF master when it is configured and external media i e an SD card or a USB storage device or remote server is detected Mode Global Configuration Usage A warning message will appear if you run the atmf backup enable command with either insufficient or marginal memory a...

Page 1435: ...rking set This is shown in Example 4 below Example 1 In this example an AMF member has not been assigned a host name The following command is run on the AMF_Master_2 node to immediately backup the device that is identified by its MAC address of 0016 76b1 7a5e AMF_Master_2 atmf backup now host_0016_76b1_7a5e NOTE When a host name is derived from its MAC address the syntax format entered changes fro...

Page 1436: ...following process From the AMF_master_1 set the working set to comprise only of the automatic group master nodes AMF_Master_1 atmf working set group master This command returns the following display Backup the AMF member with the host name office_annex on both the master nodes as defined by the working set AMF_Master 2 atmf backup now office_annex Note that the 2 shown in the command prompt indica...

Page 1437: ...p1 use the commands AMF_Master_1 configure terminal AMF_Master_1 config atmf backup server id 1 192 168 1 1 username backup1 Parameter Description id Remote server backup server identifier 1 2 The backup server identifier number 1 or 2 Note that there can be up to two backup servers numbered 1 and 2 respectively and you would need to run this command separately for each server hostlocation Either ...

Page 1438: ...igure server 2 with a hostname and username use the command AMF_Master_1 configure terminal AMF_Master_1 config atmf backup server id 2 www example com username backup2 To configure server 2 with a hostname and username in addition to the optional path and port parameters use the command AMF_Master_1 configure terminal AMF_Master_1 config atmf backup server id 2 www example com username backup2 pa...

Page 1439: ...t to stop both then you can either run this command separately on each master node or add both masters to a working set and issue this command to the working set Syntax atmf backup stop Mode Privileged Exec Usage This command is used to halt an AMF backup that is in progress In this situation the backup process will finish on its current node and then stop Example To stop a backup that is currentl...

Page 1440: ...ckup of files from the node s active remote file server to its backup remote file server Note that this process happens automatically each time the network is backed up Syntax atmf backup synchronize Mode Privileged Exec Example When connected to the master node AMF_Master_1 the following command will initiate a backup of all system related files from its active remote file server to its backup re...

Page 1441: ...e file and flash backup file v1 license files flash configs swfeature lic v2 license files flash configs sw_v2 lic It then reboots to put the device in a clean state ready to be used as a replacement node on a provisioned port Syntax atmf cleanup Mode Privileged Exec Usage This command is an alias to the erase factory default command Example To erase data use the command Node_1 atmf cleanup This c...

Page 1442: ...s supported on a controller depends on the license installed on that controller Syntax atmf controller no atmf controller Mode Global configuration Usage A valid AMF license must be available before this command can be applied Example To configure the node named controller 1 as an AMF controller use the commands controller 1 configure terminal controller 1 config atmf controller To stop the node n...

Page 1443: ...eisupdatedusingthe bootsystemcommand Theold release will become the backup release file If a release file exists in a remote device such as TFTP or HTTP for example then the URL should specify the exact release filename without using a wild card character The command will continue to upgrade software until all nodes are upgraded At the end of the upgrade cycle the reboot command should be used on ...

Page 1444: ...m1 x510 main 20140204 2 rel Release ready SW_Team2 x610 main 20140204 2 rel Release ready SW_Team3 x610 main 20140204 2 rel Release ready Continue the rolling reboot y n y Copying Release x510 main 20140204 2 rel to SW_Team1 Updating Release x510 main 20140204 2 rel information on SW_Team1 Copying Release x610 main 20140204 2 rel to SW_Team2 Updating Release x610 main 20140204 2 rel information on...

Page 1445: ... to ports that form uplinks downlinks If you assign a VLAN ID to this VLAN i e changing its value from the default of 4091 then you will need to do this separately on every device within the AMF network The AMF domain subnet will then be applied to this new VID when all devices within the AMF network are next rebooted Use the no variant of this command to reset the VLAN ID to its default value of ...

Page 1446: ...perating System Version 5 4 5 0 x AMF COMMANDS ATMF DOMAIN VLAN Examples To change the AMF domain VLAN to 4000 use the following commands node 1 configure terminal node 1 config atmf domain vlan 4000 To reset the AMF domain VLAN to its default of 4091 use the following commands node 1 configure terminal node 1 config no atmf domain vlan ...

Page 1447: ...t Once AMF is configured the AMF feature starts automatically when the device starts up Mode Global Configuration Usage The device does not auto negotiate AMF domain specific settings such as the Network Name You should therefore configure your device with any domain specific non default settings before enabling AMF Examples To turn off AMF use the command MyNode config terminal MyNode config no a...

Page 1448: ...Similarly nodes that are configured as masters are automatically assigned to the master group Use the no variant of this command to remove the membership Syntax atmf group group list no atmf group group list Mode Global Configuration Usage You can use this command to define your own arbitrary groups of AMF members based on your own network s configuration requirements Applying a node to a non exis...

Page 1449: ... building1 and sales first add the nodes to the working set master_node atmf working set member_node_1 member_node_2 This command returns the following output confirming that the nodes member_node_1 and member_node_2 are now part of the working set Then add the members of the working set to the groups atmf net 2 configure terminal atmf net 2 config atmf group building1 sales atmf net 2 config exit...

Page 1450: ...ntly logged Syntax atmf log verbose 1 3 no atmf log verbose Default The default log display is 3 Usage This command is intended for use in large networks where verbose output can make the console unusable for periods of time while nodes are joining and leaving Mode Global Configuration Example To set the log verbose to noise level 2 use the command node 1 configure terminal node 1 config atmf log ...

Page 1451: ... 172 31 0 0 Asubnet mask of 255 255 0 0 will automatically be applied Mode Global Configuration Usage Typically a network administrator would use this command to change the default subnet address to match local network requirements As previously mentioned running this command will result in the creation of a further two subnets within the class B address space assigned and the mask will extend fro...

Page 1452: ...llance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x AMF COMMANDS ATMF MANAGEMENT SUBNET To change the AMF management subnet address on node node 1 back to its default of 172 31 0 0 node 1 configure terminal node 1 config no atmf management subnet ...

Page 1453: ...ternal VLANs that are used to communicate information about the state of the AMF network between nodes AMF uses its internal VLANS such as the management VLAN and the domain VLAN to communicate its inter nodal network status information These VLANs must be reserved for AMF and not used for other purposes If you assign a VLAN ID to this VLAN i e change its value from the default of 4092 then you wi...

Page 1454: ...MF master nodes may exist in a network and they must be connected by an AMF crosslink NOTE Master nodes are an essential component of an AMF network In order to run AMF an AMF License is required for each master node If the crosslink between two AMF masters fails then one of the masters will become isolated from the rest of the AMF network Use the no variant of this command to remove the device as...

Page 1455: ...de see atmf master Use the no variant of this command to remove the AMF network name Syntax atmf network name name no atmf network name Mode Global Configuration Usage This is one of the essential commands when configuring AMF and must be entered on each node that is to be part of the AMF This command will not take effect until the particular node is rebooted A switching node master or member may ...

Page 1456: ...ove the provisioning on the node Syntax atmf provision nodename no atmf provision Default No provision Mode Interface Configuration Usage The port should be configured as an AMF link or cross link and should be down to add or remove a provisioned node Example To provision an AMF node named node1 for port1 0 1 use the command host1 config interface port1 0 1 host1 config if atmf provision node1 Rel...

Page 1457: ... specified node name If a backup or provisioned node already exists for the specified node then you must delete it before using the atmf provision node clone command When using this command it is important to be aware of the following A copy of media atmf atmf_name nodes source_node flash will be made for the provisioned node and stored in the backup media The directory node_backup_dir flash confi...

Page 1458: ...ow atmf backup The output from this command is shown in the following figure and shows the details of the new provisioned node device3 Figure 37 2 Sample output from the show atmf backup command device1 atmf provision node device3 clone device2 Copying Successful operation device1 show atmf backup Scheduled Backup Enabled Schedule 1 per day starting at 03 00 Next Backup Time 01 Jan 2014 03 00 Back...

Page 1459: ...the provisioned node Mode Privileged Exec Usage When using this command to set a backup configuration file the specified AMF provisioned node must exist The specified file must exist in the flash directory created for the provisioned node in the AMF remote backup media Examples To set the configuration file branch cfg on the AMF provisioned node node1 use the command MasterNodeName atmf provision ...

Page 1460: ...ity High Power Video Surveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x AMF COMMANDS ATMF PROVISION NODE CONFIGURE BOOT CONFIG Related Commands atmf provision node configure boot system show atmf provision nodes ...

Page 1461: ...s are specified for the provisioned node Mode Privileged Exec Usage When using this command to set a backup release file the specified AMF provisioned node must exist The specified file must exist in the flash directory created for the provisioned node in the AMF remote backup media Examples To set the release file x610 5 4 4 1 rel on the AMF provisioned node node1 use the command MasterNodeName a...

Page 1462: ...ity High Power Video Surveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x AMF COMMANDS ATMF PROVISION NODE CONFIGURE BOOT SYSTEM Related Commands atmf provision node configure boot config show atmf provision nodes ...

Page 1463: ...and or atmf provision node clone must be executed before you can use other atmf provision node commands with the specified node name If a backup or provisioned node already exists for the specified node name then you must delete it before using this command A date and time is assigned to the new provisioning directory reflecting when this command was executed If there is a backup or provisioned no...

Page 1464: ...node see the AMF Feature Overview and Configuration Guide Related commands atmf provision node clone device1 show atmf backup Scheduled Backup Enabled Schedule 1 per day starting at 03 00 Next Backup Time 02 Jan 2014 03 00 Backup Bandwidth Unlimited Backup Media USB Total 7446 0MB Free 7315 2MB Server Config Synchronization Unsynchronized Last Run 1 Unconfigured 2 Unconfigured Current Action Idle ...

Page 1465: ...s run You may want to use the atmf provision node delete command to delete a provisioned node that was created in error or that is no longer needed This command cannot be used to delete backups created by the AMF backup procedure In this case use the command atmf backup delete to delete the files NOTE This command allows provisioned entries to be deleted even if they have been referenced by the at...

Page 1466: ...commands atmf provision node create device1 show atmf backup Scheduled Backup Enabled Schedule 1 per day starting at 03 00 Next Backup Time 01 Jan 2014 03 00 Backup Bandwidth Unlimited Backup Media USB Total 7446 0MB Free 7297 0MB Server Config Synchronization Unsynchronized Last Run 1 Unconfigured 2 Unconfigured Current Action Idle Started Current Node Node Name Date Time In ATMF On Media Status ...

Page 1467: ...s been resurrected on the network and the certificate file has been downloaded to the provisioned node the hidden copy of the certificate file is deleted from AMF backup media Use the no variant of this command to set it back to the default This command can only be run on AMF master nodes Syntax atmf provision node nodename license cert file path URL no atmf provision node nodename license cert De...

Page 1468: ...low and displays license certification details in the last line Figure 37 5 Sample output from the show atmf provision nodes command Related commands show atmf provision nodes device1 show atmf provision nodes ATMF Provisioned Node Information Backup Media SD Total 3827 0MB Free 3481 1MB Node Name device2 Date Time 06 May 2014 23 25 44 Provision Path card atmf nodes Boot configuration Current boot...

Page 1469: ...e specified in the command has already been set up Otherwise an error message is shown when the command is run NOTE We advise that after running this command you return to a known working directory typically flash Example To change the working directory that happens to be on device1 to the directory of provisioned node device2 use the following command device1 atmf provision node device2 locate Th...

Page 1470: ...boot the next node in the sequence This command can take a significant amount of time to complete Syntax atmf reboot rolling force url Mode Privileged Exec Usage You can load the software from a variety of locations The latest compatible release for a node will be selected from your selected location based on the parameters and URL you have entered For example card 5 4 3 x 5 4 3 rel will select fr...

Page 1471: ...r HTTP for example to access a file on a remote device then the URL should specify the exact release filename without using wild card characters On bootup the software release is verified Should an upgrade fail the upgrading unit will revert back to its previous software version At the completion of this command a report is run showing the release upgrade status of each node NOTE Take care when re...

Page 1472: ... x 5 4 3 rel Bld2_Floor_1 atmf working set group x510 SW_Team1 SW_Team2 SW_Team3 Working set join ATMF_NETWORK 3 atmf reboot rolling ATMF Rolling Reboot Nodes Timeout Node Name Minutes SW_Team1 14 SW_Team2 8 SW_Team3 8 Continue the rolling reboot y n y ATMF Rolling Reboot Rebooting SW_Team1 SW_Team1 has left the working set Reboot of SW_Team1 has completed ATMF Rolling Reboot Rebooting SW_Team2 SW...

Page 1473: ...LLING ATMF Rolling Reboot Nodes Timeout Node Name Minutes New Release File Status SW_Team1 8 x510 5 4 3 0 5 rel Release Ready SW_Team2 10 x510 5 4 3 0 5 rel Release Ready SW_Team3 8 Not Supported HW_Team1 6 Incompatible Bld1_Floor_2 2 x610 5 4 3 0 5 rel Release Ready Bld1_Floor_1 4 Incompatible Building_1 2 Incompatible Building_2 2 x908 5 4 3 0 5 rel Release Ready Continue upgrading releases y n ...

Page 1474: ... then the device will poll all known AMF masters and controllers and execute an election process based on the last successful backup and its timestamp to determine which to use If no valid backup master or controller is found then this command will fail No error checking occurs when this command is run Regardless of the last backup status the recovering node will attempt to load its configuration ...

Page 1475: ... Switch 1453 AlliedWare Plus Operating System Version 5 4 5 0 x AMF COMMANDS ATMF RECOVER Example To recover the AMF node named Node_10 from the AMF master node named Master_2 use the following command Master_2 atmf recover Node_10 master Master_2 Related Commands atmf backup stop show atmf backup show atmf ...

Page 1476: ... the LED s function to their normal operational mode and in doing so assists with resolving the recovery problem You can repeat this process until the recovery failure has been resolved For more information see the AMF Feature Overview and Configuration Guide Syntax atmf recover led off Default Normal operational mode Mode Privileged Exec Example To revert the LEDs on Node1 from recovery mode disp...

Page 1477: ...he new device If the remote login session exits for any reason i e device reboot you will be returned to the originating node The software will not allow you to run multiple remote login sessions You must exit an existing session before starting a new one Example 1 To remotely login from node Node10 to Node20 use the following command Node10 atmf remote login node20 Example 2 In this example user ...

Page 1478: ...on the AMF network This allows access to the atmf working set command from any node in the AMF network Syntax atmf restricted login no atmf restricted login Mode Privileged Exec Default Master nodes operate with atmf restricted login disabled Member nodes operate with atmf restricted login enabled NOTE The default conditions of this command vary from those applied by its no variant Thisisbecauseth...

Page 1479: ...ect area Mode Privileged Exec Usage After running this command use the atmf working set command to select the set of nodes you want to access in the remote area Example To access nodes in the area Canterbury use the command controller 1 atmf select area Canterbury This displays the following output To return to the local area for controller 1 use the command controller 1 atmf select area local Alt...

Page 1480: ... to each other If the tunnel is configured to connect a head office and branch office over the Internet typically this would involve using some type of managed WAN service such as a site to site VPN Tunnels are only supported using IPv4 Configuration involves creating a local tunnel ID a local IP address a remote tunnel ID and a remote IP address A reciprocal configuration is also required on thec...

Page 1481: ...te id 2 remote ip 192 168 2 1 Node_20 config atmf virtual link id 2 ip 192 168 2 1 remote id 1 remote ip 192 168 1 1 Example 2 To set up an area virtual link to a remote site assuming IP connectivity between the sites already one site must run the following commands SiteA configure terminal SiteA config atmf virtual link id 5 ip 192 168 100 1 remote id 10 remote ip 192 168 200 1 remote area SiteB ...

Page 1482: ...mmand Reference for AT IX5 28GPX High Availability High Power Video Surveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x AMF COMMANDS ATMF VIRTUAL LINK show atmf links ...

Page 1483: ...current All nodes that comprise the current working set all All nodes in the AMF Automatic Groups These can be defined by hardware architecture e g x510 x610 x8100 AR3050S or AR4050S or by certain AMF nodal designations such as master Note that the Implicit Groups do not appear in show group output If a node is an AMF master it will be automatically added to the master group Syntax atmf working se...

Page 1484: ...working set where all comprises all nodes in the AMF This command displays an output screen similar to the one shown below Example 2 To return to the local prompt and connectivity to only the local node use the command ATMF_NETWORK_Name 6 atmf working set group local node1 node1 node2 node3 node4 node5 node6 Working set join ATMF_NETWORK_Name 6 Parameter Description node1 node2 The name of the nod...

Page 1485: ... 5 0 x AMF COMMANDS CLEAR ATMF LINKS STATISTICS clear atmf links statistics Overview This command resets the values of all AMF link port and global statistics to zero Syntax clear atmf links statistics Mode Privilege Exec Example To reset the AMF link statistics values use the command node_1 clear atmf links statistics Related Commands show atmf links statistics ...

Page 1486: ... atmf link crosslink arealink database neighbor error all Default All debugging facilities are disabled Mode User Exec and Global Configuration Usage If no additional parameters are specified then the command output will display all AMF debugging information including link events topology discovery messages and all notable AMF events NOTE An alias to the no variant of this command is undebug atmf ...

Page 1487: ...01 REV A Command Reference for AT IX5 28GPX High Availability High Power Video Surveillance PoE Switch 1465 AlliedWare Plus Operating System Version 5 4 5 0 x AMF COMMANDS DEBUG ATMF Related Commands no debug all ...

Page 1488: ...Default Level 1 both Tx and Rx a timeout of 60 seconds with no filters applied NOTE An alias to the no variant of this command undebug atmf can be found elsewhere in this chapter Mode User Exec and Global Configuration Usage If no additional parameters are specified then the command output will apply a default selection of parameters shown below debug atmf packet direction rx tx both level 1 2 3 t...

Page 1489: ...e local node ifname Interface port or virtual link pkt type Sets the filter on packets with a particular AMF packet type 1 Crosslink Hello BPDU packet with crosslink links information Enter 1 to select this packet type 2 Crosslink Hello BPDU packet with downlink domain information Enter 2 to select this packet type 3 Crosslink Hello BPDU packet with uplink information Enter 3 to select this packet...

Page 1490: ...BUG ATMF PACKET To enable send and receive 500 packets only on vlink1 for packet types 1 7 and 11 use the command node_1 debug atmf packet num pkts 500 filter interface vlink1 pkt type 1 7 11 This example applies the debug atmf packet command and combines many of its options node_1 debug atmf packet direction rx level 1 num pkts 60 filter node x610 interface port1 0 1 pkt type 4 7 10 ...

Page 1491: ...flash backup file v1 license files flash configs swfeature lic v2 license files flash configs sw_v2 lic The device is then rebooted and returns the device to its factory default condition The device can then be used for automatic node recovery Syntax erase factory default Mode Global Configuration Usage This command is an alias to the atmf cleanup command Example To erase data use the command Node...

Page 1492: ... Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Example 1 To show summary information on AMF node_1 use the following command node_1 show atmf summary The following figure shows some example output from running this command for a specific AMF node Example 2 To show information specific to AMF nodes use the following command node...

Page 1493: ... command when you want to see an overview of the AMF network Table 37 2 Output from the show atmf session command node_1 show atmf session CLI Session Neighbors Session ID 73518 Node Name node_1 PID 7982 Link type Broadcast cli MAC Address 0000 0000 0000 Options 0 Our bits 0 Link State Full Domain Controller 0 Backup Domain Controller 0 Database Description Sequence Number 00000000 First Adjacency...

Page 1494: ...ller node_1 Backup Domain Controller node2 Domain controller MAC 0014 2299 137d Parent Domain Parent Domain Controller Parent Domain Controller MAC 0000 0000 0000 Number of Domain Events 0 Crosslink Ports Blocking 0 Uplink Ports Waiting on Sync 0 Crosslink Sequence Number 7 Domains Sequence Number 28 Uplink Sequence Number 2 Number of Crosslink Ports 1 Number of Domain Nodes 2 Number of Neighbors ...

Page 1495: ...agement VLAN The VLAN created for traffic between Nodes of different domain up down links VLAN ID In this example VLAN 4092 is configured as the Management VLAN Management Subnet Network prefix for the subnet Management IP Address The IP address allocated for this traffic Management Mask The subnet mask used to create a subnet for this traffic 255 255 128 0 Domain VLAN The VLAN assigned for traffi...

Page 1496: ...o show information about all areas use the command controller 1 show atmf area The following figure shows example output from running this command on a controller Parameter Description detail Displays detailed information area name Displays information about master and gateway nodes in the specified area only Table 37 5 Example output from the show atmf area command on a Controller controller 1 sh...

Page 1497: ...r not This is one of the following Reachable if the link has been established Unreachable if a link to the remote area has not been established This could meanthat a port or vlan is down or that inconsistent VLANs have been configured using the switchport atmf arealink remote area command N A for the area of the controller or remote master on which the command is being run because the gateway node...

Page 1498: ...f areas controlled by the controller Area Node Count The total number of nodes in the area Table 37 7 Parameter definitions from the show atmf area command cont Parameter Definition Table 37 8 Output from the show atmf area detail command controller 1 show atmf area detail ATMF Area Detail Information Controller distance 0 Controller Id 21 Backup Available FALSE Area Id 2 Gateway Node Name control...

Page 1499: ... 1 show atmf area summary The following figure shows example output from running this command Related Commands show atmf area show atmf area nodes show atmf area nodes detail Parameter Description area name Displays information for the specified area only Table 37 9 Output from the show atmf area summary command controller 1 show atmf area summary ATMF Area Summary Information Management Informati...

Page 1500: ...ised information about all the nodes the controller is aware of use the command controller 1 show atmf area nodes The following figure shows partial example output from running this command Parameter Description area name Displays information about nodes in the specified area node name Displays information about the specified node Table 37 10 Output from the show atmf area nodes command controller...

Page 1501: ...mf area nodes detail ATMF Master Whether the node is an AMF master node for its area Y if it is and N if it is not SC The device configuration one of C Chassis SBx8100 series S Stackable VCS or N Standalone Parent The node to which the current node has an active uplink Node Depth The number of nodes in the path from this node to the master node Table 37 11 Parameter definitions from the show atmf ...

Page 1502: ... atmf area nodes detail area name node name Mode Privileged Exec Usage If you do not limit the output to a single area or node this command displays information about all remote nodes that the controller is aware of This can be a very large number of nodes Example To show information about all the nodes the controller is aware of use the command controller 1 show atmf area nodes detail Parameter D...

Page 1503: ... type 368 Distance to core 1 Flags 50 Extra flags 0x00000006 MAC Address 001a eb56 9020 Node name well master Parent node name none Domain id well master s domain Board type 333 Distance to core 0 Flags 51 Extra flags 0x0000000c MAC Address eccd 6d3f fef7 Table 37 13 Parameter definitions from the show atmf area nodes detail command Parameter Definition Node name The name assigned to a particular ...

Page 1504: ...p status for all the nodes in an AMF network It can only be run on AMF master and controller nodes Syntax show atmf backup logs server status synchronize logs Mode Privileged Exec Parameter Description logs Displays detailed log information server status Displays connectivity diagnostics information for each configured remote file server synchronize Display the file server synchronization status l...

Page 1505: ...atmf backup logs Log File Location card atmf office logs rsync_ nodename log Node Name Log Details atmf_testbox2 2014 05 22 03 41 32 30299 File list size 6199 2014 05 22 03 41 32 30299 File list generation time 0 011 seconds 2014 05 22 03 41 32 30299 File list transfer time 0 000 seconds 2014 05 22 03 41 32 30299 Total bytes sent 696 2014 05 22 03 41 32 30299 Total bytes received 16 03K 2014 02 20...

Page 1506: ...de The name of the node that is currently being backed up Node Name The name of the node that is storing backup data on its backup media Date The data of the last backup in the format DD MMM YYYY Time The time of the last backup in the format HH MM SS In ATMF Whether the node shown is active in the AMF network Yes or No Status The output can contain one of four values meaning that the status file ...

Page 1507: ...nformation for the master nodes in one or more areas This command is only available on AMF controllers Syntax show atmf backup area logs area name node name Mode Privileged Exec Example To show information about backups for an area use the command controller 1 show atmf backup area Parameter Description logs Displays the logs for the last backup of each node area name Displays information about no...

Page 1508: ...mf backup area Scheduled Backup Enabled Schedule 12 per day starting at 14 30 Next Backup Time 15 Apr 2015 04 30 Backup Bandwidth Unlimited Backup Media FILE SERVER 1 Total 128886 5MB Free 26234 2MB Server Config 1 Configured Mounted Active Host 10 37 74 1 Username root Path tftpboot backups_from_controller 1 Port 2 Configured Unmounted Host 10 37 142 1 Username root Path Port Current Action Idle ...

Page 1509: ... Displays output in greater depth controller 1 show atmf detail ATMF Detail Information Network Name Test_network Node Name controller 1 Node Address controller 1 atmf Node ID 342 Node Depth 0 Domain State BackupDomainController Recovery State None Log Verbose Setting Verbose Management VLAN VLAN ID 4000 Management Subnet 172 31 0 0 Management IP Address 172 31 1 86 Management Mask 255 255 128 0 M...

Page 1510: ...r None Management VLAN The VLAN created for traffic between Nodes of different domain up down links VLAN ID In this example VLAN 4092 is configured as the Management VLAN Management Subnet Network prefix for the subnet Management IP Address The IP address allocated for this traffic Management Mask The subnet mask used to create a subnet for this traffic 255 255 128 0 Domain VLAN The VLAN assigned ...

Page 1511: ... then assign commands collectively to any of these groups Syntax show atmf group user defined automatic Default All groups are displayed Mode Privileged Exec Example 1 To display group membership of node2 use the following command node2 show atmf group A typical output screen from this command is shown below This screen shows that node2 contains the groups master and x510 Note that although the no...

Page 1512: ...e is AMF_NETWORK 6 ATMF group information master poe x8100 node1 node2 node3 node4 node5 node6 ATMF group information sysadmin x8100 AMF_NETWORK 6 Table 37 17 Sample output from the show atmf group command for a working set AMF_NETWORK 6 show atmf group node3 node4 node5 node6 ATMF group information edge_switches x510 Table 37 18 Parameter definitions from the show atmf group command for a working...

Page 1513: ... in the AMF working set is automatically added to automatic groups which are defined by hardware architecture e g x510 x610 Nodes that are configured as masters are automatically assigned to the master group Users can define arbitrary groupings of AMF members based on their own criteria which can be used to select groups of nodes Syntax show atmf group members user defined automatic Mode Privilege...

Page 1514: ...rs Members master 1 Building_1 poe 1 HW_Team1 x510 3 SW_Team1 SW_Team2 SW_Team3 x610 1 HW_Team1 x8100 2 Building_1 Building_2 ATMF Group membership User defined Total Groups Members Members marketing 1 Bld1_Floor_1 software 3 SW_Team1 SW_Team2 SW_Team3 Table 37 20 Parameter definitions from the show atmf group members command Parameter Definition Automatic Groups Lists the Automatic Groups and the...

Page 1515: ...MF links brief details use the following command controller 1 show atmf links brief Figure 37 8 Sample output from the show atmf links command For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Related Commands no debug all clear atmf links statistics show atmf show atmf nod...

Page 1516: ...W ATMF LINKS DETAIL show atmf links detail Overview This command displays detailed information on all the links configured in the AMF network It can only be run on AMF master and controller nodes Syntax show atmf links detail Mode User Exec Example To display the AMF link details use this command device1 show atmf links detail Parameter Description detail Detailed AMF links information ...

Page 1517: ...ent Ifindex 4501 Adjacent VR ID 0 Adjacent MAC 0014 2299 137d Port Last Message Response 0 Port port2 0 2 Ifindex 6002 VR ID 0 Port Status Down Port State Init Port BPDU Receive Count 0 Link State Entries Node Ifindex Building_2 4501 Building_1 4501 Transaction ID 3 3 MAC Address 0014 2299 137d eccd 6d03 10e3 Link State Full Full Domain Nodes Tree Node Building_2 Links on Node 1 Link 0 Building_2 ...

Page 1518: ...tion ID 3 Flags 32 Domain Controller Domain Controller MAC 0000 0000 0000 Downlink Domain Information Domain Bld2_Floor_1 s domain Domain Controller Bld2_Floor_1 Domain Controller MAC eccd 6d3f fef7 Number of Links 2 Number of Links Up 2 Number of Links on This Node 1 Links are Blocked 0 Node Transaction List Node Building_2 Transaction ID 7 Domain List Domain Bld2_Floor_1 s domain Node Building_2...

Page 1519: ...nse 0 Port port1 3 2 Ifindex 7002 VR ID 0 Port Status Up Port State Full Adjacent Node Bld2_Floor_1 Adjacent Internal ID 3 Adjacent Ifindex 5001 Adjacent Board ID 333 Adjacent VR ID 0 Adjacent MAC eccd 6d3f fef7 Adjacent Domain Controller Bld2_Floor_1 Adjacent Domain Controller MAC eccd 6d3f fef7 Port Forwarding State Blocking Port BPDU Receive Count 0 Port Sequence Number 15 Port Adjacent Sequenc...

Page 1520: ...djacent MAC MAC address of the adjacent node in the domain Port Last Message Response Response from the remote neighbor to our AMF last hello packet Link State Entries Show all the link state database entries Node Ifindex Shows adjacent Node names and Interface index Transaction ID Shows transaction id of the current crosslink transaction MAC Address Shows adjacent Node MAC addresses Link State Sh...

Page 1521: ...on identifier for the neighbor in crosslink Flags Used in domain messages to exchange the state ATMF_DOMAIN_FLAG_DOWN 0 ATMF_DOMAIN_FLAG_UP 1 ATMF_DOMAIN_FLAG_BLOCK 2 ATMF_DOMAIN_FLAG_NOT_PRESENT 4 ATMF_DOMAIN_FLAG_NO_NODE 8 ATMF_DOMAIN_FLAG_NOT_ACTIVE_PARENT 16 ATMF_DOMAIN_FLAG_NOT_LINKS 32 ATMF_DOMAIN_FLAG_NO_CONFIG 64 Domain Controller Domain Controller in the uplink domain Domain Controller MA...

Page 1522: ...dex of the local port VR ID Virtual router id for the local port Port Status Shows status of the local port on the Node as UP DOWN Port State AMF state of the local port Adjacent Node nodename of the adjacent node Adjacent Internal ID Unique node identifier of the remote node Adjacent Ifindex Interface index for the port of adjacent AMF node Adjacent Board ID Product identifier for the adjacent no...

Page 1523: ...e for AT IX5 28GPX High Availability High Power Video Surveillance PoE Switch 1501 AlliedWare Plus Operating System Version 5 4 5 0 x AMF COMMANDS SHOW ATMF LINKS DETAIL Related Commands no debug all clear atmf links statistics show atmf ...

Page 1524: ...ration and packet exchange statistics for a specified interface This command can only be run on AMF master and controller nodes Syntax show atmf links statistics interface port_number Mode User Exec Parameter Description interface Specifies that the command applies to a specific interface port or range of ports Where both the interface and port number are unspecified full statistics not just those...

Page 1525: ...Hello 124082 124052 Crosslink Hello 20665 20666 Crosslink Hello Domain 10336 10338 Crosslink Hello Uplink 10333 10338 Hello Link 41313 82649 Hello Neighbor 0 0 Hello Stack 82652 82659 Hello Gateway 165168 165281 Database Description 42 43 Database Request 16 3 Database Update 2885 5496 Database Update Bitmap 0 115 Database Acknowledge 5331 2746 Transmit Fails 0 38 Discards 4 0 Total ATMF Packets 4...

Page 1526: ...m the show atmf links statistics command output device1 show atmf links statistics interface port1 0 5 ATMF Port Statistics Transmit Receive port1 0 5 Crosslink Hello 231 232 port1 0 5 Crosslink Hello Domain 116 116 port1 0 5 Crosslink Hello Uplink 116 115 port1 0 5 Hello Link 0 0 Parameter Definition Receive Shows a count of AMF protocol packets received per message type Transmit Shows the number...

Page 1527: ...um Type7 The number of discarded crosslink hello msgs received on a non crosslink port Type8 The number of discarded crosslink hello msg received on a port that is not in the correct state Type9 The number of discarded crosslink domain hello msgs received on a non crosslink port Type10 The number of discarded crosslink domain hello msgs received on a port that is not in the correct state Type11 Th...

Page 1528: ...X High Availability High Power Video Surveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x AMF COMMANDS SHOW ATMF LINKS STATISTICS Related Commands no debug all clear atmf links statistics show atmf ...

Page 1529: ...7 Line 1238 number 1 memory 28 bytes Line 244 number 2 memory 88 bytes Line 3753 number 2 memory 1872 bytes Line 1616 number 8 memory 320 bytes Line 1391 number 1 memory 60 bytes Line 1837 number 15 memory 600 bytes Line 288 number 1 memory 17716 bytes Line 3916 number 1 memory 1520 bytes Line 1623 number 8 memory 320 bytes Line 4477 number 1 memory 1520 bytes Line 659 number 2 memory 512 bytes Li...

Page 1530: ...1247 number 1 memory 52 bytes Line 876 number 2 memory 80 bytes Line 166 number 1 memory 232 bytes Line 415 number 7 memory 587 bytes Line 418 number 3 memory 300 bytes Line 822 number 2 memory 80 bytes Line 2341 number 4 memory 160 bytes Line 3025 number 2 memory 88 bytes Line 144 number 3 memory 1596 bytes Line 146 number 6 memory 312 bytes Line 2349 number 4 memory 160 bytes Line 1111 number 1 ...

Page 1531: ...rrently in the running configuration Syntax show atmf nodes Mode Privileged Exec Example To display AMF information for all nodes in the AMF use the command node_1 show atmf nodes Table 37 25 Sample output from the show atmf nodes command node1 show atmf nodes Node Information Local device SC Switch Configuration C Chassis S Stackable N Standalone Node Device ATMF Node Name Type Master SC Parent D...

Page 1532: ...command is run Example To show the details of all the provisioned nodes in the backup use the command NodeName show atmf provision nodes Figure 37 11 Sample output from the show atmf provision nodes command Related commands atmf provision node create atmf provision node clone atmf provision node configure boot config atmf provision node configure boot system show atmf backup device1 show atmf prov...

Page 1533: ...e PoE Switch 1511 AlliedWare Plus Operating System Version 5 4 5 0 x AMF COMMANDS SHOW ATMF TECH show atmf tech Overview This command collects and displays all the AMF command output The command can thus be used to display a complete picture of an AMF network Syntax show atmf tech Mode Privileged Exec ...

Page 1534: ...Domain Controller node1 Backup Domain Controller node2 Domain controller MAC 0014 2299 137d Parent Domain Parent Domain Controller Parent Domain Controller MAC 0000 0000 0000 Number of Domain Events 0 Crosslink Ports Blocking 0 Uplink Ports Waiting on Sync 0 Crosslink Sequence Number 7 Domains Sequence Number 28 Uplink Sequence Number 2 Number of Crosslink Ports 1 Number of Domain Nodes 2 Number o...

Page 1535: ... nodes of different domains up down links VLAN ID In this example VLAN 4092 is configured as the Management VLAN Management Subnet the Network prefix for the subnet Management IP Address the IP address allocated for this traffic Management Mask the Netmask used to create a subnet for this traffic 255 255 128 0 prefix 17 Domain VLAN The VLAN assigned for traffic between Nodes of same domain crossli...

Page 1536: ... This command displays the nodes that form the current AMF working set Syntax show atmf working set Mode Privileged Exec Example To show current members of the working set use the command ATMF_NETWORK 6 show atmf working set Related Commands atmf working set show atmf show atmf group Table 37 28 Sample output from the show atmf working set command ATMF Working Set Nodes node1 node2 node3 node4 nod...

Page 1537: ...show debugging atmf Mode User Exec and Global Configuration Example To display the AMF debugging status use the command node_1 show debugging atmf Figure 37 12 Sample output from the show debugging atmf command Related Commands debug atmf packet node1 show debugging atmf ATMF debugging status ATMF arealink debugging is on ATMF link debugging is on ATMF crosslink debugging is on ATMF database debug...

Page 1538: ...Example To display the AMF packet debugging status use the command node_1 show debug atmf packet Figure 37 13 Sample output from the show debugging atmf packet command Related Commands debug atmf debug atmf packet ATMF packet debugging is on ATMF Packet Debugging Parameters Node Name x908 Port name port1 1 1 Limit 500 packets Direction TX Info Level Level 2 Packet Type Bitmap 2 Crosslink Hello BPD...

Page 1539: ... the running system information that is specific to AMF Syntax show running config atmf Mode User Exec and Global Configuration Example To display the current configuration of AMF use the following commands node_1 show running config atmf For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Confi...

Page 1540: ...th ends of the link Each area must have the area name configured and the same area password must exist on both ends of the link Running this command will automatically place the port or static aggregator into trunk mode i e switchport mode trunk and will synchronize the area information stored on the two nodes You can configure multiple arealinks between two area nodes but only one arealink at any...

Page 1541: ... remove any crosslink that may exist for the selected port or aggregated link Syntax switchport atmf crosslink no switchport atmf crosslink Mode Interface Configuration Usage Crosslinks can be used anywhere within an AMF network They have the effect of separating the AMF network into separate domains Where this command is used it is also good practice to use the switchport trunk native vlan comman...

Page 1542: ...Node_1 configure terminal Node_1 config interface sa1 Node_1 config if switchport atmf crosslink Node_1 config if switchport trunk allowed vlan add 2 Node_1 config if switchport trunk native vlan none In this example VLAN 2 is assigned to the static aggregator and the native VLAN VLAN 1 is explicitly excluded from the aggregated ports and the crosslink assigned to it NOTE The AMF management and do...

Page 1543: ...r to be an AMF uplink downlink Running this command will automatically place the port or aggregator into trunk mode Use the no variant of this command to remove any AMF link that may exist for the selected port or aggregated link Syntax switchport atmf link no switchport atmf link Mode Interface Configuration Example To make a switchport 1 0 1 an AMF uplink downlink use the following commands Node...

Page 1544: ... is entered on node 1 node1 config trigger 5 node1 config trigger type atmf node leave Example 2 The following commands will configure trigger 5 to activate if an AMF node join event occurs on any node within the working set node1 atmf working set group all This command returns the following display Note that the running the above command changes the prompt from the name of the local node to the n...

Page 1545: ...splay Display the triggers configured on each of the nodes in the AMF Network AMF Net 3 show running config trigger This command returns the following display node1 TR Type Details Description Ac Te Tr Repeat Scr Days Date 001 Periodic 2 min Periodic Status Chk Y N Y Continuous 1 smtwtfs 005 ATMF node leave E mail on ATMF Exit Y N Y Continuous 1 smtwtfs Node2 Node3 TR Type Details Description Ac T...

Page 1546: ...h Power Video Surveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x AMF COMMANDS TYPE ATMF NODE Related Commands show trigger Node2 Node3 trigger 5 type atmf node leave description E mail on ATMF Exit script 1 email_me scp ...

Page 1547: ...T IX5 28GPX High Availability High Power Video Surveillance PoE Switch 1525 AlliedWare Plus Operating System Version 5 4 5 0 x AMF COMMANDS UNDEBUG ATMF undebug atmf Overview This command is an alias for the no variant of the debug atmf command ...

Page 1548: ...rview and Configuration Guide For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Command List ntp access group on page 1526 ntp authenticate on page 1527 ntp authentication key on page 1528 ntp broadcastdelay on page 1529 ntp master on page 1530 ntp peer on page 1531 ntp ser...

Page 1549: ...ended IP access list use the commands awplus configure terminal awplus config ntp access group peer 1998 To disable the NTP peer access group created above use the commands awplus configure terminal awplus config no ntp access group peer Parameter Description peer Allows time requests and NTP control queries and allows the system to synchronize itself to a system whose address passes the access li...

Page 1550: ...authentication This allows NTP to authenticate the associations with other systems for security purposes The no variant of this command disables NTP authentication Syntax ntp authenticate no ntp authenticate Mode Global Configuration Examples To enable NTP authentication use the commands awplus configure terminal awplus config ntp authenticate To disable NTP authentication use the commands awplus ...

Page 1551: ...ication key assigned previously using ntp authentication key Syntax ntp authentication key keynumber md5 key no ntp authentication key keynumber md5 key Mode Global Configuration Examples To define an authentication key number 134343 and a key value mystring use the commands awplus configure terminal awplus config ntp authentication key 134343 md5 mystring To disable the authentication key number ...

Page 1552: ... of 0 microseconds Syntax ntp broadcastdelay delay no ntp broadcastdelay Default 0 microsecond offset which can only be applied with the no variant of this command Mode Global Configuration Examples To set the estimated round trip delay to 23464 microseconds for broadcast packets use these commands awplus configure terminal awplus config ntp broadcastdelay 23464 To reset the estimated round trip d...

Page 1553: ...ge The stratum number is null by default and must be set using this command The stratum levels define the distance from the reference clock and exist to prevent cycles in the hierarchy Stratum 1 is used to indicate time servers which are more accurate than Stratum 2 servers For more information on the Network Time Protocol go to www ntp org Examples To stop the device from being the designated NTP...

Page 1554: ... peer with an IPv4 address of 192 0 2 23 awplus configure terminal awplus config ntp peer 192 0 2 23 awplus config ntp peer 192 0 2 23 prefer awplus config ntp peer 192 0 2 23 prefer version 4 awplus config ntp peer 192 0 2 23 prefer version 4 key 1234 awplus config ntp peer 192 0 2 23 version 4 key 1234 awplus config ntp peer 192 0 2 23 version 4 awplus config ntp peer 192 0 2 23 key 1234 To remo...

Page 1555: ...g ntp peer 2001 0db8 010d 1 awplus config ntp peer 2001 0db8 010d 1 prefer awplus config ntp peer 2001 0db8 010d 1 prefer version 4 awplus config ntp peer 2001 0db8 010d 1 prefer version 4 key 1234 awplus config ntp peer 2001 0db8 010d 1 version 4 key 1234 awplus config ntp peer 2001 0db8 010d 1 version 4 awplus config ntp peer 2001 0db8 010d 1 key 1234 To remove an NTP peer association for this p...

Page 1556: ...us configure terminal awplus config ntp server 192 0 1 23 awplus config ntp server 192 0 1 23 prefer awplus config ntp server 192 0 1 23 prefer version 4 awplus config ntp server 192 0 1 23 prefer version 4 key 1234 awplus config ntp server 192 0 1 23 version 4 key 1234 awplus config ntp server 192 0 1 23 version 4 awplus config ntp server 192 0 1 23 key 1234 To remove an NTP peer association for ...

Page 1557: ...tp server 2001 0db8 010e 2 awplus config ntp server 2001 0db8 010e 2 prefer awplus config ntp server 2001 0db8 010e 2 prefer version 4 awplus config ntp server 2001 0db8 010e 2 prefer version 4 key 1234 awplus config ntp server 2001 0db8 010e 2 version 4 key 1234 awplus config ntp server 2001 0db8 010e 2 version 4 awplus config ntp server 2001 0db8 010e 2 key 1234 To remove an NTP peer association...

Page 1558: ...e When selecting a source IP address to use for NTP messages to the peer if the configured NTP client source IP address is unavailable then default behavior will apply and an alternative source IP address is automatically selected This IP address is based on the most appropriate egress interface used to reach the NTP peer The configured NTP client source IP may be unavailable if the interface is d...

Page 1559: ...ce PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x NTP COMMANDS NTP SOURCE To remove a configured address for the NTP source interface use the following commands awplus configure terminal awplus config no ntp source Related Commands ntp peer ntp server ...

Page 1560: ...this key in its NTP packets Use the no variant of this command to remove aconfigured trusted authentication key Syntax ntp trusted key 1 4294967295 no ntp trusted key 1 4294967295 Mode Global Configuration Examples To define a trusted authentication key numbered 234675 use the following commands awplus configure terminal awplus config ntp trusted key 234676 To remove the trusted authentication key...

Page 1561: ... number of NTP client and server packets sent by your device Pkts Received Total number of NTP client and server packets received by your device Pkts Processed The number of packets processed by NTP NTP processes a packet once it has determined that the packet is valid by checking factors such as the packet s authentication format access rights and version Pkts current version The number of versio...

Page 1562: ...he number of NTP packets received that do not conform to the standard packet length NTP drops these packets Pkts bad auth The number of NTP packets received that failed authentication NTP drops these packets Packets can only fail authentication if NTP authentication is enabled with the ntp authenticate command Pkts rate exceed The number of packets dropped because the packet rate exceeded its limi...

Page 1563: ...ations detail command awplus show ntp associations detail 192 0 2 23 configured sane valid leap_sub stratum 16 ref ID INIT time 00000000 00000000 06 28 16 000 UTC Thu Feb 7 2036 our mode client peer mode unspec our poll intvl 512 peer poll intvl 1024 root delay 0 00 msec root disp 0 00 reach 000 delay 0 00 msec offset 0 0000 msec dispersion 0 00 precision 2 19 org time 00000000 00000000 06 28 16 0...

Page 1564: ...ystem Version 5 4 5 0 x NTP COMMANDS SHOW NTP ASSOCIATIONS delay Round trip delay between the device and the server offset Difference between the device clock and the server clock disp Lowest measure of error associated with peer offset based on delay Table 38 4 Parameters in the output from the show ntp associations command Parameter Description ...

Page 1565: ...ntp status Mode User Exec and Privileged Exec Example See the sample output of the show ntp status command displaying information about the Network Time Protocol Figure 38 2 Example output from the show ntp status command awplus sh ntp status Clock is synchronized stratum 3 reference is 127 127 1 0 actual frequency is 0 0000 Hz precision is 2 19 reference time is cf11f3f2 c7c081a1 00 44 34 780 UTC...

Page 1566: ...mmand Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Command List bootfile on page 1545 clear ip dhcp binding on page 1546 default router on page 1547 dns server on page 1548 domain name on page 1549 host on page 1550 ip address dhcp on page 1551 ip dhcp bootp ignore on page 1553 ip dhcp leasequery enable on page 1554 ip dhcp option on page 1555 ip dhcp...

Page 1567: ...robe enable on page 1575 probe packets on page 1576 probe timeout on page 1577 probe type on page 1578 range on page 1579 route on page 1580 service dhcp relay on page 1581 service dhcp server on page 1582 show counter dhcp client on page 1583 show counter dhcp relay on page 1584 show counter dhcp server on page 1587 show dhcp lease on page 1589 show ip dhcp binding on page 1591 show ip dhcp pool ...

Page 1568: ...CP server pool This is the name of the boot file that the client should use in its bootstrap process It may need to include a path The no variant of this command removes the boot filename from a DHCP server pool Syntax bootfile filename no bootfile Mode DHCP Configuration Example To configure the boot filename for a pool P2 use the command awplus configure terminal awplus config ip dhcp pool P2 aw...

Page 1569: ...essage is displayed If all pool or range are specified and one or more static DHCP bindings exist within those addresses any dynamic entries within those addresses are cleared but any static entries are not cleared Examples To clear the specific IP address binding 192 168 1 1 use the command awplus clear ip dhcp binding ip 192 168 1 1 To clear all dynamic DHCP entries use the command awplus clear ...

Page 1570: ...removes either the specified default router or all default routers from the DHCP pool Syntax default router ip address no default router ip address Mode DHCP Configuration Examples To add a router with an IP address 192 168 1 2 to the DHCP pool named P2 use the following commands awplus configure terminal awplus config ip dhcp pool P2 awplus dhcp config default router 192 168 1 2 To remove a route...

Page 1571: ... or all DNS servers from the DHCP pool Syntax dns server ip address no dns server ip address Mode DHCP Configuration Examples To add the DNS server with the assigned IP address 192 168 1 1 to the DHCP pool named P1 use the following commands awplus configure terminal awplus config ip dhcp pool P2 awplus dhcp config dns server 192 168 1 1 To remove the DNS server with the assigned IP address 192 16...

Page 1572: ...gs created with this command The no variant of this command removes the domain name from the address pool Syntax domain name domain name no domain name Mode DHCP Configuration Examples To add the domain name Nerv_Office to DHCP pool P2 use the commands awplus configure terminal awplus config ip dhcp pool P2 awplus dhcp config domain name Nerv_Office To remove the domain name Nerv_Office from DHCP ...

Page 1573: ...Note that a network mask must be configured using a network command before issuing a host command Also note that a host address must match a network to add a static host address Examples To add the host at 192 168 1 5 with the MAC address 000a 451d 6e34 to DHCP pool 1 use the commands awplus configure terminal awplus config ip dhcp pool 1 awplus dhcp config network 192 168 1 0 24 awplus dhcp confi...

Page 1574: ...e DNS servers set on your device with the ip name server command Option 15 a domain name used to resolve host names This option replaces the domain name set with the ip domain name command Your device ignores this domain name if it has a domain list set using the ip domain list command Option 51 lease expiration time The no variant of this command stops the interface from obtaining IP configuratio...

Page 1575: ...m Version 5 4 5 0 x DYNAMIC HOST CONFIGURATION PROTOCOL DHCP COMMANDS IP ADDRESS DHCP To stop the interface vlan10 from using DHCP to obtain its IP address use the commands awplus configure terminal awplus config interface vlan10 awplus config if no ip address dhcp Related Commands ip address Validation Commands show running config show ip interface ...

Page 1576: ...HCP server accepts BOOTP requests by default The no variant of this command configures the DHCP server to accept BOOTP requests This is the default setting Syntax ip dhcp bootp ignore no ip dhcp bootp ignore Mode Global Configuration Examples To configure the DHCP server to ignore BOOTP requests use the commands awplus configure terminal awplus config ip dhcp bootp ignore To configure the DHCP ser...

Page 1577: ...rver using DHCPLEASEQUERY messages Use the no variant of this command to disable the support of DHCPLEASEQUERY packets For more information see the DHCP Feature Overview and Configuration Guide Syntax ip dhcp leasequery enable no ip dhcp leasequery enable Default DHCP leasequery support is disabled by default Mode Global Configuration Examples To enable DHCP leasequery support use the commands awp...

Page 1578: ...nfiguration Parameter Description 1 254 The option number of the option Options with the same number as one of the standard options overrides the standard option definition option name Option name used to identify the option You cannot use a number as the option name Valid characters are any printable character If the name contains spaces then you must enclose it in quotation marks Default no defa...

Page 1579: ...node type hex To define a user defined IP address option as option 175 with the name special address use the commands awplus configure terminal awplus config ip dhcp option 175 name special address ip To remove the specific user defined option with the option number 12 use the commands awplus configure terminal awplus config no ip dhcp option 12 To remove the specific user defined option with the ...

Page 1580: ...e DHCP pools on devices with multiple interfaces This allows the device to act as a DHCP server on multiple interfaces to distribute different information to clients on the different networks The no variant of this command deletes the specific DHCP pool Syntax ip dhcp pool pool name no ip dhcp pool pool name Mode Global Configuration Example To create the DHCP pool named P2 and enter DHCP Configur...

Page 1581: ...P Relay Agent and DHCP Relay Agent Option 82 introductory information see the DHCP Feature Overview and Configuration Guide NOTE The DHCP relay service might alter the content of the DHCP Relay Agent Option 82 field if the commands ip dhcp relay agent option and ip dhcp relay information policy have been configured Syntax ip dhcp relay agent option no ip dhcp relay agent option Default DHCP Relay ...

Page 1582: ...rveillance PoE Switch 1559 AlliedWare Plus Operating System Version 5 4 5 0 x DYNAMIC HOST CONFIGURATION PROTOCOL DHCP COMMANDS IP DHCP RELAY AGENT OPTION Related Commands ip dhcp relay agent option remote id ip dhcp relay information policy ip dhcp relay max message length service dhcp relay ...

Page 1583: ...option and DHCP Relay Agent is enabled on the device service dhcp relay For DHCP Relay Agent and DHCP Relay Agent Option 82 introductory information see the DHCP Feature Overview and Configuration Guide Syntax ip dhcp relay agent option checking no ip dhcp relay agent option checking Mode Interface Configuration for a VLAN interface Examples To make the DHCP Relay Agent listening on vlan10 check t...

Page 1584: ...remote id remote id no ip dhcp relay agent option remote id Default The Remote ID is set to the device s MAC address by default Mode Interface Configuration for a VLAN interface Usage The Remote ID sub option is included in the DHCP Relay Agent Option 82 field of relayed client DHCP packets if DHCP Relay Agent Option 82 is enabled ip dhcp relay agent option and DHCP Relay Agent is enabled on the d...

Page 1585: ...lay Agent replaces any existing DHCP Relay Agent Option 82 field with its own DHCP Relay Agent field This is equivalent to the functionality of the replace parameter The no variant of this command returns the policy to the default behavior i e replacing the existing DHCP Relay Agent Option 82 field For DHCP Relay Agent and DHCP Relay Agent Option 82 introductory information see the DHCP Feature Ov...

Page 1586: ...y client requests that already contain DHCP Relay Agent Option 82 information use the commands awplus configure terminal awplus config interface vlan15 awplus config if ip dhcp relay information policy drop To reset the DHCP relay information policy to the default policy for interface vlan15 use the commands awplus configure terminal awplus config interface vlan15 awplus config if no ip dhcp relay...

Page 1587: ...et to 10 hops by default Use the no variant of this command to reset the hop count to the default For DHCP Relay Agent and DHCP Relay Agent Option 82 introductory information see the DHCP Feature Overview and Configuration Guide Syntax ip dhcp relay maxhops 1 255 no ip dhcp relay maxhops Default The default hop count threshold is 10 hops Mode Interface Configuration for a VLAN interface Example To...

Page 1588: ...guration for a VLAN interface Usage When a DHCP Relay Agent that has DHCP Relay Agent Option 82 insertion enabled receives a request packet from a DHCP client it will append the DHCP Relay Agent Option 82 component data and forward the packet to the DHCP server The DHCP client will sometimes issue packets containing pad option fields that can be overwritten with Option 82 data Where there are insu...

Page 1589: ... 4 5 0 x DYNAMIC HOST CONFIGURATION PROTOCOL DHCP COMMANDS IP DHCP RELAY MAX MESSAGE LENGTH To reset the maximum DHCP message length to the default of 1400 bytes for packets arriving in interface vlan7 use the commands awplus configure terminal awplus config interface vlan7 awplus config if no ip dhcp relay max message length Related Commands service dhcp relay ...

Page 1590: ...tion for a VLAN interface Usage For a DHCP server with an IPv6 address you must specify the interface for the DHCP server See examples below for configuration differences between IPv4 and IPv6 DHCP relay servers See also the service dhcp relay command to enable the DHCP Relay Agent on your device The ip dhcp relay server address command defines a relay destination on an interface on the device nee...

Page 1591: ...s config if no ip dhcp relay server address192 0 2 200 To enable the DHCP Relay Agent on your device to relay DHCP packets on interface vlan10 to the DHCP server with the IPv6 address 2001 0db8 010d 1 on interface vlan20 use the commands awplus configure terminal awplus config service dhcp relay awplus config interface vlan10 awplus config if ip dhcp relay server address 2001 0db8 010d 1 vlan20 aw...

Page 1592: ... Use the infinite parameter to set the lease expiry time to infinite leases never expire Use the no variant of this command to return the lease expiration time back to the default of one day Syntax lease days hours minutes seconds lease infinite no lease Default The default lease time is 1 day Mode DHCP Configuration Examples To set the lease expiration time for address pool P2 to 35 minutes use t...

Page 1593: ...ds awplus configure terminal awplus config ip dhcp pool Nerv_Office awplus dhcp config lease 1 5 30 To set the lease expiration time for the address pool P3 to 20 seconds use the commands awplus configure terminal awplus config ip dhcp pool P3 awplus dhcp config lease 0 0 0 20 To set the lease expiration time for the pool to never expire use the command awplus dhcp config lease infinite To return ...

Page 1594: ... fail if ranges still exist in the pool You must remove all ranges in the pool before issuing a no network command to remove a network from the pool Examples To configure a network for the address pool P2 where the subnet is 192 0 2 5 and the mask is 255 255 255 0 use the commands awplus configure terminal awplus config ip dhcp pool P2 awplus dhcp config network 192 0 2 5 24 or you can use dotted ...

Page 1595: ...ol It is the address of the next server that the client should use in its bootstrap process The no variant of this command removes the next server address from the DHCP address pool Syntax next server ip address no next server Mode DHCP Configuration Example To set the next server address for the address pool P2 use the commands awplus configure terminal awplus config ip dhcp pool P2 awplus dhcp c...

Page 1596: ... no variant of this command removes the specified user defined option from the DHCP pool or all user defined options from the DHCP pool Syntax option 1 254 option name option value no option 1 254 option value Mode DHCP Configuration Parameter Description 1 254 The option number of the option Options with the same number as one of the standard options overrides the standard option definition optio...

Page 1597: ...dhcp pool P2 awplus dhcp config option tcpip node type 08af To add multiple IP addresses for the ip type option 175 use the command awplus dhcp config option 175 192 0 2 6 awplus dhcp config option 175 192 0 2 12 awplus dhcp config option 175 192 0 2 33 To add the option 179 to a pool and give the option the value 123456 use the command awplus dhcp config option 179 123456 To add a user defined fl...

Page 1598: ...se to a client is already being used by another host The no variant of this command disables probing for a DHCP pool Syntax probe enable no probe enable Default Probing is enabled by default Mode DHCP Pool Configuration Examples To enable probing for pool P2 use the commands awplus configure terminal awplus config ip dhcp pool P2 awplus dhcp config probe enable To disable probing for pool P2 use t...

Page 1599: ...t of this command sets the number of probe packets sent to the default of 5 Syntax probe packets 0 10 no probe packets Default The default is 5 Mode DHCP Pool Configuration Examples To set the number of probe packets to 2 for pool P2 use the commands awplus configure terminal awplus config ip dhcp pool P2 awplus dhcp config probe packets 2 To set the number of probe packets to the default 5 for po...

Page 1600: ...imeout value to the default setting 200 milliseconds Syntax probe timeout 50 5000 no probe timeout Default The default timeout interval is 200 milliseconds Mode DHCP Pool Configuration Examples To set the probe timeout value to 500 milliseconds for pool P2 use the commands awplus configure terminal awplus config ip dhcp pool P2 awplus dhcp config probe timeout 500 To set the probe timeout value fo...

Page 1601: ... ping is specified the server will send an ICMP Echo Request ping The no variant of this command sets the probe type to the default setting ping Syntax probe type arp ping no probe type Default The default probe type is ping Mode DHCP Pool Configuration Examples To set the probe type to arp for the pool P2 use the commands awplus configure terminal awplus config ip dhcp pool P2 awplus dhcp config ...

Page 1602: ... range all command to remove all address ranges from the DHCP pool Syntax range ip address ip address no range ip address ip address no range all Mode DHCP Configuration Examples To add an address range of 192 0 2 5 to 192 0 2 16 to the pool Nerv_Office use the command awplus configure terminal awplus config ip dhcp pool Nerv_Office awplus dhcp config range 192 0 2 5 192 0 2 16 To add the individu...

Page 1603: ... A B C D both opt249 rfc3442 Mode DHCP Configuration Examples To distribute static routes for route 0 0 0 0 0 whose next hop is 192 16 1 1 to clients using both opt249 and rfc3442 use the command awplus configure terminal awplus config ip dhcp pool pubic awplus dhcp config route 0 0 0 0 0 192 16 1 1 both Related Commands ip dhcp pool Parameter Description A B C D M Subnet for the route A B C D Nex...

Page 1604: ...ll interfaces Syntax service dhcp relay no service dhcp relay Mode Global Configuration Usage A maximum number of 400 DHCP Relay Agents one per interface can be configured on the device Once this limit has been reached any further attempts to configure DHCP Relay Agents will not be successful Default The DHCP relay service is enabled by default Examples To enable the DHCP relay global function use...

Page 1605: ...mmand enables the DHCP server on your device The server then listens for DHCP requests on all IP interfaces It will not run if there are no IP interfaces configured The no variant of this command disables the DHCP server Syntax service dhcp server no service dhcp server Mode Global Configuration Example To enable the DHCP server use the commands awplus configure terminal awplus config service dhcp...

Page 1606: ...counter dhcp client Output Figure 39 1 Example output from the show counter dhcp client command Related Commands ip address dhcp show counter dhcp client DHCPDISCOVER out 10 DHCPREQUEST out 34 DHCPDECLINE out 4 DHCPRELEASE out 0 DHCPOFFER in 22 DHCPACK in 18 DHCPNAK in 0 Table 39 1 Parameters in the output of the show counter dhcp client command Parameter Description DHCPDISCOVER out The number of...

Page 1607: ...the following command awplus show counter dhcp relay Output Figure 39 2 Example output from the show counter dhcp relay command awplus show counter dhcp relay DHCP relay counters Requests In 4 Replies In 4 Relayed To Server 4 Relayed To Client 4 Out To Server Failed 0 Out To Client Failed 0 Invalid hlen 0 Bogus giaddr 0 Corrupt Agent Option 0 Missing Agent Option 0 Bad Circuit ID 0 Missing Circuit...

Page 1608: ...ent option command Missing Agent Option The number of incoming DHCP Reply messages dropped due to a missing relay agent information option field Note that Agent Option counters only increment on errors occurring if the ip dhcp relay agent option command is configured for an interface Messages generating the errors are only dropped if the ip dhcp relay agent option checking command is configured on...

Page 1609: ...enerating the errors are only dropped if the ip dhcp relay agent option checking command is configured on the interface as well as the ip dhcp relay agent option command Option Insert Failed The number of incoming DHCP Request messages dropped due to an error adding the DHCP Relay Agent information option 82 This counter increments when the DHCP Relay Agent is set to drop packets with the DHCP Rel...

Page 1610: ...r dhcp server Output Figure 39 3 Example output from the show counter dhcp server command DHCP server counters DHCPDISCOVER in 20 DHCPREQUEST in 12 DHCPDECLINE in 1 DHCPRELEASE in 0 DHCPINFORM in 0 DHCPOFFER out 8 DHCPACK out 4 DHCPNAK out 0 BOOTREQUEST in 0 BOOTREPLY out 0 Table 39 2 Parameters in the output of the show counter dhcp server command Parameter Description DHCPDISCOVER in The number ...

Page 1611: ...Negative Acknowledgement messages sent by the DHCP server The server sends these after receiving a request that it cannot fulfil because either there are no available IP addresses in the related address pool or the request has come from a client that doesn t fit the network setting for an address pool BOOTREQUEST in The number of bootp messages received by the DHCP server from bootp clients BOOTRE...

Page 1612: ...CP server for interfaces on the device For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show dhcp lease interface Mode User Exec and Privileged Exec Example To show the current lease expiry times for all interfaces use the command awplus show dhcp lease To show the ...

Page 1613: ... 22 4 Expires 13 Mar 2007 20 10 19 Renew 13 Mar 2007 18 37 06 Rebind 13 Mar 2007 19 49 29 Server Options subnet mask 255 255 255 0 routers 19 18 2 100 12 16 2 17 dhcp lease time 3600 dhcp message type 5 domain name servers 192 168 100 50 19 88 200 33 dhcp server identifier 192 168 22 1 domain name alliedtelesis com Interface vlan2 IP Address 100 8 16 4 Expires 13 Mar 2007 20 15 39 Renew 13 Mar 200...

Page 1614: ... leased IP address 172 16 2 16 use the command awplus show ip dhcp binding 172 16 2 16 To display the leases from the address pool MyPool use the command awplus show ip dhcp binding MyPool Output Figure 39 5 Example output from the show ip dhcp binding command Parameter Description ip address IPv4 address of a leased IP address in dotted decimal notation This displays the lease information for the...

Page 1615: ...ideo Surveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x DYNAMIC HOST CONFIGURATION PROTOCOL DHCP COMMANDS SHOW IP DHCP BINDING Related Commands clear ip dhcp binding ip dhcp pool lease range service dhcp server show ip dhcp pool ...

Page 1616: ...nfiguration Guide Syntax show ip dhcp pool address pool Mode User Exec and Privileged Exec Example awplus show ip dhcp pool Output Figure 39 6 Example output from the show ip dhcp pool command Parameter Description address pool Name of a specific address pool This displays the configuration of the specified address pool only Pool p1 network 192 168 1 0 24 address ranges addr 192 168 1 10 to 192 16...

Page 1617: ...tal 8 Leased 2 Utilization 25 0 Static host addresses Total 1 Leased 1 Table 39 3 Parameters in the output of the show ip dhcp pool command Parameter Description Pool Name of the pool network Subnet and mask length of the pool address ranges Individual IP addresses and address ranges configured for the pool The DHCP server can offer clients an IP address from within the specified ranges only Any o...

Page 1618: ... the range 50 to 5000 dns servers The DNS server addresses sent to by the pool to clients default router s The default router addresses sent by the pool to clients user defined options The list of user defined options sent by the pool to clients Dynamic addresses Total The total number of IP addresses that have been configured in the pool for dynamic allocation to DHCP clients Dynamic addresses Le...

Page 1619: ...veillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x DYNAMIC HOST CONFIGURATION PROTOCOL DHCP COMMANDS SHOW IP DHCP POOL Related Commands ip dhcp pool probe enable probe packets probe timeout probe type range service dhcp server subnet mask ...

Page 1620: ...y the DHCP Relay Agent s configuration on the interface vlan100 use the command awplus show ip dhcp relay interface vlan100 Output Figure 39 8 Example output from the show ip dhcp relay command Related Commands ip dhcp relay agent option ip dhcp relay agent option checking ip dhcp relay information policy ip dhcp relay maxhops ip dhcp relay server address Parameter Description interface name Name ...

Page 1621: ...p server statistics Mode User Exec and Privileged Exec Example To display the server statistics use the command awplus show ip dhcp server statistics Output Figure 39 9 Example output from the show counter dhcp server statistics command DHCP server counters DHCPDISCOVER in 20 DHCPREQUEST in 12 DHCPDECLINE in 1 DHCPRELEASE in 0 DHCPINFORM in 0 DHCPOFFER out 8 DHCPACK out 4 DHCPNAK out 0 BOOTREQUEST...

Page 1622: ...ends these after receiving a request that it cannot fulfil because either there are no available IP addresses in the related address pool or the request has come from a client that doesn t fit the network setting for an address pool BOOTREQUEST in The number of bootp messages received by the DHCP server from bootp clients BOOTREPLY out The number of bootp messages sent by the DHCP server to bootp ...

Page 1623: ...CP address pools currently configured This show command does not include any configuration details of the address pools You can display these using the show ip dhcp pool command For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip dhcp server summary Mode User E...

Page 1624: ...bnet mask using this command then the pool s network mask specified using the next server command is applied The no variant of this command removes a subnet mask option from a DHCP pool The pool reverts to using the pool s network mask Syntax subnet mask mask no subnet mask Mode DHCP Configuration Examples To set the subnet mask option to 255 255 255 0 for DHCP pool P2 use the commands awplus conf...

Page 1625: ...sses and IPv6 prefixes DHCPv6 Prefix Delegation provides automatic configuration of IPv6 addresses and IPv6 prefixes For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide NOTE The IPv6 addresses shown use the address space 2001 0db8 32 defined in RFC 3849 for documentation purp...

Page 1626: ...e 1621 ipv6 dhcp option on page 1623 ipv6 dhcp pool on page 1625 ipv6 dhcp server on page 1627 ipv6 local pool on page 1628 ipv6 nd prefix DHCPv6 on page 1630 link address on page 1632 option DHCPv6 on page 1634 prefix delegation pool on page 1636 show counter ipv6 dhcp client on page 1638 show counter ipv6 dhcp server on page 1640 show ipv6 dhcp on page 1642 show ipv6 dhcp binding on page 1643 sh...

Page 1627: ...n IPv6 address from the range available allocated by the IPv6 prefix randomly generating the suffix of the IPv6 address with the specified preferred and valid lifetime leases Leased IPv6 address are found in the Parameter Description ipv6 prefix prefix length Specify an IPv6 prefix and prefix length The prefix length indicates the length of the IPv6 prefix assigned to the pool The IPv6 address use...

Page 1628: ... address or prefix but packets sent from deprecated addresses or prefixes are delivered as expected An IPv6 address or prefix becomes invalid and is not available to an interface when the valid lifetime timer expires Invalid addresses or prefixes should not appear as the source or destination for a packet Examples To add IPv6 address prefix 2001 0db8 1 48 for DHCPv6 server pool configuration use t...

Page 1629: ...re discouraged but not forbidden A deprecated address or prefix should not be used as a source address or prefix but packets sent from deprecated addresses or prefixes are delivered as expected Parameter Description first ipv6 address Specify the first IPv6 address of the IPv6 address range in hexadecimal notation in the format X X X X last ipv6 address Specify the last IPv6 address of the IPv6 ad...

Page 1630: ...stination for a packet Examples To add the IPv6 address range 2001 0db8 1 1 to 2001 0db8 1fff 1 for DHCPv6 server pool configuration use the following commands awplus configure terminal awplus config ipv6 dhcp pool pool1 awplus config dhcp6 address range 2001 0db8 1 1 2001 0db8 1fff 1 To remove a configured IPv6 address range for DHCPv6 server pool configuration use the following commands awplus c...

Page 1631: ...OR IPV6 DHCPV6 COMMANDS CLEAR COUNTER IPV6 DHCP CLIENT clear counter ipv6 dhcp client Overview Use this command in Privileged Exec mode to clear DHCPv6 client counters Syntax clear counter ipv6 dhcp client Mode Privileged Exec Example To clear DHCPv6 client counters use the following command awplus clear counter ipv6 dhcp client Related Commands show counter ipv6 dhcp client ...

Page 1632: ...OR IPV6 DHCPV6 COMMANDS CLEAR COUNTER IPV6 DHCP SERVER clear counter ipv6 dhcp server Overview Use this command in Privileged Exec mode to clear DHCPv6 server counters Syntax clear counter ipv6 dhcp server Mode Privileged Exec Example To clear DHCPv6 server counters use the following command awplus clear counter ipv6 dhcp server Related Commands show counter ipv6 dhcp server ...

Page 1633: ...tatic entries are not cleared The clear ipv6 dhcp binding command is used as a server function A binding table entry on the DHCPv6 server is automatically Created whenever a prefix is delegated to a client from the configuration pool Updated when the client renews rebinds or confirms the prefix delegation Deleted when the client releases all the prefixes in the binding all prefix lifetimes have ex...

Page 1634: ...h C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x DHCP FOR IPV6 DHCPV6 COMMANDS CLEAR IPV6 DHCP BINDING Output Figure 40 1 Example output from the clear ipv6 dhcp binding all command Related Commands show ipv6 dhcp binding awplus clear ipv6 dhcp binding all Deleted 1 entries ...

Page 1635: ...T clear ipv6 dhcp client Overview Use this command in Privileged Exec mode to restart a DHCPv6 client on an interface Syntax clear ipv6 dhcp client interface Mode Privileged Exec Example To restart a DHCPv6 client on interface vlan1 use the following command awplus clear ipv6 dhcp client vlan1 Related Commands show ipv6 dhcp binding Parameter Description interface Specify the interface name to res...

Page 1636: ...HCPv6 Configuration Examples To add the DNS server with the assigned IPv6 address 2001 0db8 3000 3000 32 to the DHCPv6 server pool named P2 use the following commands awplus configure terminal awplus config ipv6 dhcp pool P2 awplus dhcpv6 config dns server 2001 0db8 3000 3000 32 To remove the DNS server with the assigned IPv6 address 2001 0db8 3000 3000 32 from the DHCPv6 server pool named P2 use ...

Page 1637: ... AT IX5 28GPX High Availability High Power Video Surveillance PoE Switch 1613 AlliedWare Plus Operating System Version 5 4 5 0 x DHCP FOR IPV6 DHCPV6 COMMANDS DNS SERVER DHCPV6 Related Commands ipv6 dhcp pool option DHCPv6 show ipv6 dhcp pool ...

Page 1638: ...s the domain name details using the pre defined option 15 Note that if you add a user defined option 15 using the option DHCPv6 command then you will override any settings created with this command Examples To add the domain name Engineering to DHCPv6 server pool P2 use the commands awplus configure terminal awplus config ipv6 dhcp pool P2 awplus dhcpv6 config domain name Engineering Toremovethedo...

Page 1639: ... instead of a MAC address This is generated by the operating system when DHCP first starts If the OS is reinstalled the DUID LLT can change and any multiple operating systems on the machine will all have different DUIDs Configuring the subscriber id auto mac option causes the relay agent to insert the requesting client s MAC address into a subscriber ID field in the relay header A suitably configu...

Page 1640: ...n for a PPP interface Usage When specifying the eui64 parameter the interface identifier of the IPv6 address is derived from the MAC address of the device For more information about EUI64 see the IPv6 Feature Overview and Configuration Guide Examples To configure a PD prefix named prefix1 on interface vlan1 and then add an IPv6 address use the following commands awplus configure terminal awplus co...

Page 1641: ...ce for the last 64 bits To assign the IPv6 address 2001 0db8 a2 48 to the VLAN interface vlan2 use the following commands awplus configure terminal awplus config interface vlan2 awplus config if ipv6 address 2001 0db8 a2 48 To remove the IPv6 address 2001 0db8 a2 48 from the VLAN interface vlan2 use the following commands awplus configure terminal awplus config interface vlan2 awplus config if no ...

Page 1642: ...ived address in the prefix 2001 db8 32 from VLAN interface vlan2 use the following commands awplus configure terminal awplus config interface vlan2 awplus config interface vlan2 awplus config if no ipv6 address 2001 0db8 64 eui64 Validation Commands show running config show ipv6 dhcp binding show ipv6 interface brief show ipv6 route Related Commands ipv6 dhcp client pd ipv6 dhcp pool ipv6 local po...

Page 1643: ...st of DNS servers This list appends the DNS servers set on your device with the dns server DHCPv6 command Option 15 a domain name used to resolve host names This option replaces any domain name that you have set with the domain name DHCPv6 command Option 51 lease expiration time Syntax ipv6 address dhcp no ipv6 address dhcp Mode Interface Configuration for a VLAN interface or a local loopback inte...

Page 1644: ...erating System Version 5 4 5 0 x DHCP FOR IPV6 DHCPV6 COMMANDS IPV6 ADDRESS DHCP To stop to the PPP interface ppp0 from using DHCPv6 to obtain its IPv6 address use the commands awplus configure terminal awplus config interface ppp0 awplus config if no ipv6 address dhcp Related Commands ipv6 address Validation Commands show running config ...

Page 1645: ... dhcp client pd command starts the DHCPv6 client process if not already running and enables requests for prefix delegation through the interface on which the command is configured When prefix delegation is enabled and a prefix is acquired the prefix is stored in the IPv6 prefix pool with an internal name defined by the required prefix name placeholder parameter The ipv6 address command can then re...

Page 1646: ...Power Video Surveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x DHCP FOR IPV6 DHCPV6 COMMANDS IPV6 DHCP CLIENT PD Related Commands clear ipv6 dhcp client ipv6 address DHCPv6 PD ipv6 nd prefix DHCPv6 show ipv6 dhcp binding ...

Page 1647: ...ation Parameter Description 1 254 The option number of the option Options with the same number as one of the standard options overrides the standard option definition option name Option name used to identify the option You cannot use a number as the option name Valid characters are any printable character If the name contains spaces then you must enclose it in quotation marks Default no default op...

Page 1648: ... configure terminal awplus config ipv6 dhcp option 46 name tcpip node type hex To define a user defined IP address option as option 175 with the name special address use the following commands awplus configure terminal awplus config ipv6 dhcp option 175 name special address ip To remove the specific user defined option with the option number 12 use the following commands awplus configure terminal ...

Page 1649: ...se the no variant of this command to delete the specific DHCPv6 pool Syntax ipv6 dhcp pool DHCPv6 poolname no ipv6 dhcp pool DHCPv6 poolname Mode Global Configuration Usage All DHCPv6 prefix pool names must be unique IPv6 prefix pools have a similar function to IPv4 address pools Contrary to IPv4 a block of IPv6 addresses an IPv6 address prefix are assigned and not single IPv6 addresses IPv6 prefi...

Page 1650: ...Power Video Surveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x DHCP FOR IPV6 DHCPV6 COMMANDS IPV6 DHCP POOL Related Commands ipv6 local pool option DHCPv6 prefix delegation pool show ipv6 dhcp binding show ipv6 dhcp pool ...

Page 1651: ...e using the pool for prefix delegation and configuration through the specified interface Note that DHCPv6 client DHCPv6 server and DHCPv6 relay are mutually exclusive on an interface When one of the DHCPv6 functions is enabled on an interface then another DHCPv6 function cannot be enabled on the same interface Examples To enable the DHCPv6 server service and use the DHCPv6 pool named P2 on VLAN in...

Page 1652: ...to IPv4 a block of IPv6 addresses an IPv6 address prefix areassignedandnotsingleIPv6addresses IPv6prefixpoolsarenotallowed to overlap Parameter Description DHCPv6 poolname Description used to identify this DHCPv6 server pool Valid characters are any printable character If the name contains spaces then you must enclose it in quotation marks delegated prefix name Description used to identify the del...

Page 1653: ...stremovethen recreatea IPv6 prefixpool All IPv6prefixesalready allocated are also freed Examples To create alocalDHCPv6 local pool named P2 withtheIPv6 prefixand prefixlength 2001 0db8 32 with an assigned length of 64 use the following commands awplus configure terminal awplus config ipv6 local pool P2 2001 0db8 32 64 To remove a configured DHCPv6 local pool use the following commands awplus confi...

Page 1654: ...efix length The prefix length is usually set between 0 and 64 valid lifetime The the period during which the specified IPv6 address prefix is valid This can be set to a value between 5 and 315360000 seconds Note that this period should be set to a value greater than that set for the prefix preferred lifetime See the Usage notes after this parameter table for a description of valid lifetime and how...

Page 1655: ... and is not available to an interface when the valid lifetime timer expires Invalid addresses or prefixes should not appear as the source or destination for a packet Examples The following example configures the device to issue RAs Router Advertisements on the VLAN interface vlan4 and advertises the DHCPv6 prefix name prefix1 and the IPv6 address prefix of 2001 0db8 32 awplus configure terminal aw...

Page 1656: ... PD Prefix Delegation clients received via an intermediate relay to a configured delegation pool When an address on the incoming interface of the DHCPv6 server or a link address set in the incoming delegation request packet from the prefix delegation client matches the link address prefix configured in the delegation pool the DHCPv6 server is able to match and use the appropriate delegation pool f...

Page 1657: ... prefix and prefix length 2001 0db8 1 48 as the link address for pool P2 use the following commands awplus configure terminal awplus config ipv6 dhcp pool P2 awplus config dhcp6 address prefix 2001 0db8 2 48 awplus config dhcp6 link address 2001 0db8 1 48 To remove the link address use the commands awplus configure terminal awplus config ipv6 dhcp pool P2 awplus config dhcp6 no link address Relate...

Page 1658: ... entries that have theX X X X address format so if the option already exists in the pool then the new IP address is added to the list of existing IPv6 prefixes Also note options with the same number as one of the pre defined options override the standard option definition The pre defined options use the option numbers 1 3 6 15 and 51 Parameter Description 1 254 The option number of the option Opti...

Page 1659: ...l P2and give the option the value 08af use the following commands awplus configure terminal awplus config ipv6 dhcp pool P2 awplus config dhcp6 option tcpip node type 08af To add multiple IP addresses for the ip type option 175 use the following commands awplus config dhcp6 option 175 2001 0db8 3001 64 awplus config dhcp6 option 175 2001 0db8 3002 64 awplus config dhcp6 option 175 2001 0db8 3003 6...

Page 1660: ...froma client it attempts to obtain unassignedprefixes fromthe pool After the client releases the previously assigned prefixes the server returns the prefixes to the pool for reassignment Preferred IPv6 addresses or prefixes are available to interfaces for unrestricted use and are deprecated when the preferred timer expires Deprecated IPv6 addresses and prefixes are available for use and are discou...

Page 1661: ... IPv6 address or prefix becomes invalid and is not available to an interface when the valid lifetime timer expires Invalid addresses or prefixes should not appear as the source or destination for a packet Example This example adds DHCPv6 Prefix Delegation pool pd_pool1 to DHCPv6 pool pool1 awplus configure terminal awplus config ipv6 local pool pd_pool1 2001 0db8 48 56 awplus config ipv6 dhcp pool...

Page 1662: ...Exec Example To display the DHCPv6 client counter information use the command awplus show counter ipv6 dhcp client Output Figure 40 2 Example output from the show counter ipv6 dhcp client command awplus show counter ipv6 dhcp client SOLICIT out 20 ADVERTISE in 12 REQUEST out 1 CONFIRM out 0 RENEW out 0 REBIND out 0 REPLY in 0 RELEASE out 0 DECLINE out 0 INFORMATION REQUEST out 0 Table 40 1 Paramet...

Page 1663: ...ys the count of REBIND messages sent by the DHCPv6 client REPLY in Displays the count of REPLY messages received by the DHCPv6 client RELEASE out Displays the count of RELEASE messages sent by the DHCPv6 client DECLINE out Displays the count of DECLINE messages sent by the DHCPv6 client INFORMATION REQUEST out Displays the count of INFORMATION REQUEST messages sent by the DHCPv6 client Table 40 1 ...

Page 1664: ...Exec Example To display the DHCPv6 server counter information use the command awplus show counter ipv6 dhcp server Output Figure 40 3 Example output from the show counter ipv6 dhcp servercommand awplus show counter ipv6 dhcp server SOLICIT in 20 ADVERTISE out 12 REQUEST in 1 CONFIRM in 0 RENEW in 0 REBIND in 0 REPLY out 0 RELEASE in 0 DECLINE in 0 INFORMATION REQUEST in 0 Table 40 2 Parameters in ...

Page 1665: ... count of REBIND messages received by the DHCPv6 server REPLY out Displays the count of REPLY messages sent by the DHCPv6 server RELEASE in Displays the count of RELEASE messages received by the DHCPv6 server DECLINE in Displays the count of DECLINE messages received by the DHCPv6 server INFORMATION REQUEST in Displays the count of INFORMATION REQUEST messages received by the DHCPv6 server Table 4...

Page 1666: ...w ipv6 dhcp Mode User Exec and Privileged Exec Usage The DUID is based on the link layer address for both DHCPv6 client and DHCPv6 server identifiers The device uses the MAC address from the lowest interface number for the DUID The DUID is used by a DHCPv6 client to obtain an IPv6 address from a DHCPv6 server A DHCPv6 server compares the DUID with its database of DUIDs and sends configuration data...

Page 1667: ...x show ipv6 dhcp binding summary Mode User Exec and Privileged Exec Example 1 To display the total DHCPv6 leasing address entries for all pools use the command awplus show ipv6 dhcp binding summary Output Figure 40 5 Example output from the show ipv6 dhcp binding summary command Parameter Description summary Optional Specify the summary keyword to display summarized information for DHCPv6 server l...

Page 1668: ... below for further information DUID DHCPv6 unique identifier DUID see RFC 3315 Each DHCPv6 client has as DUID DHCPv6 servers use DUIDs to identify clients for the association of IAs Identity Associations with DHCPv6 clients DHCPv6 clients use DUIDs to identify a DHCPv6 server IAID Identify Association Identifier IAID see RFC 3315 IAIDs are identifiers for IAs Identity Associations where an IA is a...

Page 1669: ...5 4 5 0 x DHCP FOR IPV6 DHCPV6 COMMANDS SHOW IPV6 DHCP BINDING Related Commands clear ipv6 dhcp binding ipv6 dhcp pool show ipv6 dhcp pool starts at The date and time at which the valid lifetime expires expires at The date and time at which the valid lifetime expires Table 40 4 Parameters in the output of the showipv6 dhcp binding command Parameter Description ...

Page 1670: ...c and Privileged Exec Example1 To display DHCPv6 information for all interfaces DHCPv6 is configured on use the command awplus show ipv6 dhcp interface Output Figure 40 7 Example output from the show ipv6 dhcp interface command Parameter Description interface name Optional Specify the name of the interface to show DHCPv6 information about Omit this optional parameter to display DHCPv6 information ...

Page 1671: ...ation mode Prefix name pd1 prefix 2002 0 3c0 42 preferred lifetime 604800 valid lifetime 2592000 starts at 20 Aug 2012 09 21 33 expires at 19 Sep 2012 09 21 33 Table 40 5 Parameters in the output of the show counter dhcp client command Parameter Description interface is in server client Prefix Delegation mode Displays whether the specified interface is in server or client mode and whether prefix d...

Page 1672: ...Mode User Exec and Privileged Exec Example awplus show ipv6 dhcp pool Output Figure 40 9 Example output from the show ipv6 dhcp pool command Parameter Description DHCPv6 address pool name Name of a specific DHCPv6 address pool This displays the configuration of the specified DHCPv6 address pool only awplus show ipv6 dhcp pool DHCPv6 Pool ia na Address Prefix 1001 64 Lifetime 2592000 valid 604800 p...

Page 1673: ...scouraged but not forbidden A deprecated address or prefix should not be used as a source address or prefix but packets sent from deprecated addresses or prefixes are delivered as expected An IPv6 address or prefix becomes invalid and is not available to an interface when the valid lifetime timer expires Invalid addresses or prefixes should not appear as the source or destination for a packet DNS ...

Page 1674: ...sntp address ipv6 address Mode DHCPv6 Configuration Examples The following example adds an SNTP Server IPv6 address of 2001 0db8 32 to the DHCPv6 pool named P2 awplus configure terminal awplus config ipv6 dhcp pool P2 awplus config dhcp6 sntp address 2001 0db8 32 The following example removes an SNTP Server IPv6 address of 2001 0db8 32 to the DHCPv6 pool named P2 awplus configure terminal awplus c...

Page 1675: ...nd saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Command List debug snmp on page 1652 show counter snmp server on page 1653 show debugging snmp on page 1658 show running config snmp on page 1659 show snmp server on page 1660 show snmp server community on page 1661 show snmp server group on page 1662 sh...

Page 1676: ... x SNMP COMMANDS snmp server engineID local on page 1676 snmp server engineID local reset on page 1678 snmp server group on page 1679 snmp server host on page 1681 snmp server location on page 1683 snmp server source interface on page 1684 snmp server startup trap delay on page 1685 snmp server user on page 1686 snmp server view on page 1689 undebug snmp on page 1690 ...

Page 1677: ...use the command awplus debug snmp detail To start SNMP debugging showing all SNMP debugging information use the command awplus debug snmp all Related Commands show debugging snmp terminal monitor undebug snmp Parameter Description all Enable or disable the display of all SNMP debugging information detail Enable or disable the display of detailed SNMP debugging information error string Enable or di...

Page 1678: ...ing System Version 5 4 5 0 x SNMP COMMANDS SHOW COUNTER SNMP SERVER show counter snmp server Overview This command displays counters for SNMP messages received by the SNMP agent Syntax show counter snmp server Mode User Exec and Privileged Exec Example To display the counters for the SNMP agent use the command awplus show counter snmp server ...

Page 1679: ...outTooBigs 0 outNoSuchNames 2 outBadValues 0 outGenErrs 0 outGetRequests 0 outGetNexts 0 outSetRequests 0 outGetResponses 11 outTraps 0 UnSupportedSecLevels 0 NotInTimeWindows 0 UnknownUserNames 0 UnknownEngineIDs 0 WrongDigest 0 DecryptionErrors 0 UnknownSecModels 0 InvalidMsgs 0 UnknownPDUHandlers 0 Table 41 1 Parameters in the output of the show counter snmp server command Parameter Meaning inP...

Page 1680: ... The number of SNMP PDUs received by the SNMP agent where the value of the error status field is badValue This is sent by an SNMP manager to indicate that an exception occurred when processing a request from the agent inReadOnlys The number of valid SNMP PDUs received by the SNMP agent where the value of the error status field is readOnly The SNMP manager should not generate a PDU which contains t...

Page 1681: ...tatus field This is sent to the SNMP manager to indicate that an exception occurred when processing a request from the manager outBadValues The number of SNMP PDUs that the SNMP agent has generated with the value badValue in the error status field This is sent to the SNMP manager to indicate that an exception occurred when processing a request from the manager outGenErrs The number of SNMP PDUs th...

Page 1682: ...r UnknownEngineIDs The number of received packets that the SNMP agent has dropped because they referenced an unknown snmpEngineID WrongDigest The number of received packets that the SNMP agent has dropped because they didn t contain the expected digest value DecryptionErrors The number of received packets that the SNMP agent has dropped because they could not be decrypted UnknownSecModels The numb...

Page 1683: ...SNMP show debugging snmp Overview This command displays whether SNMP debugging is enabled or disabled Syntax show debugging snmp Mode User Exec and Privileged Exec Example To display the status of SNMP debugging use the command awplus show debugging snmp Output Figure 41 2 Example output from the show debugging snmp command Related Commands debug snmp Snmp SMUX debugging status Snmp debugging is o...

Page 1684: ...running config snmp Mode Privileged Exec Example To display the current configuration of SNMP on your device use the command awplus show running config snmp Output Figure 41 3 Example output from the show running config snmp command Related Commands show snmp server snmp server contact AlliedTelesis snmp server location Philippines snmp server group grou1 auth read view1 write view1 notify view1 s...

Page 1685: ...ation of the SNMP server Syntax show snmp server Mode Privileged Exec Example To display the status of the SNMP server use the command awplus show snmp server Output Figure 41 4 Example output from the show snmp server command Related Commands debug snmp show counter snmp server snmp server snmp server engineID local snmp server engineID local reset SNMP Server Enabled IP Protocol IPv4 SNMPv3 Engi...

Page 1686: ...plays the SNMP server communities configured on the device SNMP communities are specific to v1 and v2c Syntax show snmp server community Mode Privileged Exec Example To display the SNMP server communities use the command awplus show snmp server community Output Figure 41 5 Example output from the show snmp server community command Related Commands show snmp server snmp server community SNMP commun...

Page 1687: ...with SNMP version 3 only Syntax show snmp server group Mode Privileged Exec Example To display the SNMP groups configured on the device use the command awplus show snmp server group Output Figure 41 6 Example output from the show snmp server group command Related Commands show snmp server snmp server group SNMP group information Group name guireadgroup Security Level priv Read View guiview Write V...

Page 1688: ...erview This command displays the SNMP server users and is used with SNMP version 3 only Syntax show snmp server user Mode Privileged Exec Example To display the SNMP server users configured on the device use the command awplus show snmp server user Output Figure 41 7 Example output from the show snmp server user command Related Commands show snmp server snmp server user Name Group name Auth Privac...

Page 1689: ...verview This command displays the SNMP server views and is used with SNMP version 3 only Syntax show snmp server view Mode Privileged Exec Example To display the SNMP server views configured on the device use the command awplus show snmp server view Output Figure 41 8 Example output from the show snmp server view command Related Commands show snmp server snmp server view SNMP view information View...

Page 1690: ...an2 static and dynamic link aggregation e g sa2 po2 To specify where notifications are sent use the snmp server host command To configure the device globally to send other notifications use the snmp server enable trap command Examples To enable SNMP to send link status notifications for ports 1 0 2 to 1 0 6 use following commands awplus configure terminal awplus config interface port1 0 2 1 0 6 aw...

Page 1691: ...ity High Power Video Surveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x SNMP COMMANDS SNMP TRAP LINK STATUS Related Commands show interface snmp trap link status suppress snmp server enable trap snmp server host ...

Page 1692: ...s enabled a suppression timer is started when the first link status notification of a particular type linkUp or linkDown is sent for an interface If the threshold number of notifications of this type is sent before the timerreachesthesuppresstime anyfurther notificationsofthistypegeneratedfor the interface during the interval are not sent At the end of the interval the sending of link status notif...

Page 1693: ... Operating System Version 5 4 5 0 x SNMP COMMANDS SNMP TRAP LINK STATUS SUPPRESS To disable the suppression link status notifications for port 1 0 2 use following commands awplus configure terminal awplus config interface port1 0 2 awplus config if no snmp trap link status suppress Related Commands show interface snmp trap link status ...

Page 1694: ...guration Syntax snmp server ip ipv6 no snmp server ip ipv6 Default By default the SNMP agent is enabled for both IPv4 and IPv6 If neither the ip parameter nor the ipv6 parameter is specified for this command then SNMP is enabled or disabled for both IPv4 and IPv6 Mode Global Configuration Examples To enable SNMP on the device for both IPv4 and IPv6 use the commands awplus configure terminal awplus...

Page 1695: ...liedWare Plus Operating System Version 5 4 5 0 x SNMP COMMANDS SNMP SERVER Related Commands show snmp server show snmp server community show snmp server user snmp server community snmp server contact snmp server enable trap snmp server engineID local snmp server group snmp server host snmp server location snmp server view ...

Page 1696: ...ew view name ro rw access list no snmp server community community name view view name access list Mode Global Configuration Example The following command creates an SNMP community called public with read only access to all MIB variables from any management station awplus configure terminal awplus config snmp server community public ro The following command removes an SNMP community called public a...

Page 1697: ...sysContact The no variant of this command removes the contact information from the system Syntax snmp server contact contact info no snmp server contact Mode Global Configuration Example To set the system contact information to support alliedtelesis co nz use the command awplus configure terminal awplus config snmp server contact support alliedtelesis co nz Related Commands show system snmp server...

Page 1698: ...nooping epsr lldp loopprot mstp nsm ospf pim power inline rmon thrash limit vcs vrrp no snmp server enable trap atmf atmflink atmfnode atmfrr auth dhcpsnooping epsr lldp loopprot mstp nsm ospf pim power inline rmon thrash limit vcs vrrp Parameter Description atmf AMF traps atmflink AMF Link traps atmfnode AMF Node traps atmfrr AMF Reboot Rolling traps auth Authentication failure dhcpsnooping DHCP ...

Page 1699: ...e terminal awplus config snmp server enable trap atmfnode To enable the device to send PoE related traps use the following commands awplus configure terminal awplus config snmp server enable trap power inline To disable PoE traps being sent out by the device use the following commands awplus configure terminal awplus config no snmp server enable power inline To enable the device to send MAC addres...

Page 1700: ...8GPX High Availability High Power Video Surveillance PoE Switch 1675 AlliedWare Plus Operating System Version 5 4 5 0 x SNMP COMMANDS SNMP SERVER ENABLE TRAP Related Commands show snmp server show ip dhcp snooping snmp trap link status snmp server host ...

Page 1701: ... must have a unique engine ID which is permanently set unless it is configured by the user In a stacked environment if the same engine ID was automatically generated for all members of the stack conflicts would occur if the stack was dismantled Therefore each member of the stack will generate its own engine ID and the stack master s ID is used when transmitting SNMPv3 packets Should a master failo...

Page 1702: ...e shows the engine ID values after configuration Validation Commands show snmp server Related Commands snmp server engineID local reset snmp server group awplus config snmp server engineid local asdgdfh231234d awplus config exit awplus show snmp server SNMP Server Enabled IP Protocol IPv4 SNMPv3 Engine ID configured name asdgdfh231234d SNMPv3 Engine ID actual 0x80001f888029af52e149198483 awplus co...

Page 1703: ...ew pseudo random SNMPv3 engine ID by resetting the SNMPv3 engine If the current engine ID is user defined usethe snmp server engineID local command to set SNMPv3 engineID to a system generated value Syntax snmp server engineID local reset Mode Global Configuration Example To force the SNMPv3 engine ID to be reset to a system generated value use the commands awplus configure terminal awplus config ...

Page 1704: ...tename notify notifyname no snmp server group groupname auth noauth priv Mode Global Configuration Examples To add SNMP group for ordinary users user the following commands awplus configure terminal awplus config snmp server group usergroup noauth read useraccess write useraccess To delete SNMP group usergroup use the following commands awplus configure terminal awplus config no snmp server group ...

Page 1705: ...Availability High Power Video Surveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x SNMP COMMANDS SNMP SERVER GROUP Related Commands snmp server show snmp server show snmp server group show snmp server user ...

Page 1706: ...ages community name SNMPv1 or SNMP v2c or the authentication encryption parameters and user name SNMP v3 Syntax snmp server host ipv4 address ipv6 address traps version 1 community name snmp server host ipv4 address ipv6 address informs traps version 2c community name snmp server host ipv4 address ipv6 address informs traps version 3 auth noauth priv user name no snmp server host ipv4 address ipv6...

Page 1707: ...e the device to send generated traps to the IPv6 host destination 2001 db8 8a2e 7334 with the SNMPv2c community name private use the following command awplus configure terminal awplus config snmp server host version 2c private2001 db8 8a2e 7334 To remove a configured trap host of 192 0 2 5 with the SNMPv2c community name public use the following command awplus configure terminal awplus config no s...

Page 1708: ...e MIB object sysLocation The no variant of this command removes the configured location from the system Syntax snmp server location location name no snmp server location Mode Global Configuration Example To set the location to server room 523 use the following commands awplus configure terminal awplus config snmp server location server room 523 Related Commands show snmp server show system snmp se...

Page 1709: ...ult By default the source interface is the Egress interface where traps or informs were sent from Mode Global Configuration Usage An SNMP trap or inform sent from an SNMP server has the notification IP address of the interface where it was sent from Use this command to monitor notifications from an interface Example To set the interface that SNMP informs originate from to port 1 0 2 for inform pac...

Page 1710: ...snmp server startup trap delay delay time no snmp server startup trap delay Default The SNMP server trap delay time is 30 seconds The no variant restores the default Mode Global Configuration Example To delay the device sending SNMP traps until 60 seconds after device startup use the following commands awplus configure terminal awplus config snmp server startup trap delay 60 To restore the sending...

Page 1711: ... passwords are used these passwords must be the same for both entities Use the encrypted parameter when you want to enter already encrypted passwords in encrypted form as displayed in the running and startup configs stored on the device For example you may need to move a user from one group to another group and keep the same passwords for the user instead of removing the user to apply new password...

Page 1712: ...sing the show snmp server user command To enter existing SNMP user authuser with existing passwords as a member of group newusergroup with authentication protocol md5 plus the encrypted authentication password 0x1c74b9c22118291b0ce0cd883f8dab6b74 privacy protocol des plus the encrypted privacy password 0x0e0133db5453ebd03822b004eeacb6608f use the following commands awplus configure terminal awplus...

Page 1713: ...AT IX5 28GPX High Availability High Power Video Surveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x SNMP COMMANDS SNMP SERVER USER Related Commands show snmp server user snmp server view ...

Page 1714: ...The no variant of this command removes the specified view on the device The view must already exist Syntax snmp server view view name mib name included excluded no snmp server view view name Mode Global Configuration Examples The following command creates a view called loc that includes the system location MIB sub tree awplus config snmp server view loc 1 3 6 1 2 1 1 6 0 included To remove the vie...

Page 1715: ...gh Availability High Power Video Surveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x SNMP COMMANDS UNDEBUG SNMP undebug snmp Overview This command applies the functionality of the no debug snmp command ...

Page 1716: ...cally the network information gathered using LLDP is transferred to a Network Management System by SNMP For security reasons we recommend using SNMPv3 for this purpose see the SNMP Feature Overviewand Configuration Guide LLDPoperates overphysicalportsonly Forexample it canbeconfiguredonswitch ports that belong to static or dynamic channel groups but not on the channel groups themselves Command Lis...

Page 1717: ...on on page 1713 location civic location identifier on page 1718 location civic location id on page 1719 location coord location configuration on page 1720 location coord location identifier on page 1722 location coord location id on page 1723 location elin location on page 1724 location elin location id on page 1725 show debugging lldp on page 1726 show lldp on page 1728 show lldp interface on pag...

Page 1718: ...ed ports If no port list is supplied LLDP statistics for all ports are cleared Syntax clear lldp statistics interface port list Mode Privileged Exec Examples To clear the LLDP statistics on ports 1 0 1 and 1 0 6 use the command awplus clear lldp statistics interface port1 0 1 port1 0 6 To clear all LLDP statistics for all ports use the command awplus clear lldp statistics Related Commands show lld...

Page 1719: ... port list is supplied neighbor information is cleared for all ports Syntax clear lldp table interface port list Mode Privileged Exec Examples To clear the table of neighbor information received on ports 1 0 1 and 1 0 6 use the command awplus clear lldp table interface port1 0 1 port1 0 6 Tocleartheentiretableofneighborinformationreceivedthroughallports usethe command awplus clear lldp table Relat...

Page 1720: ...face port list no debug lldp operation no debug lldp all Default By default no debug is enabled for any ports Mode Privileged Exec Examples To enable debugging of LLDP receive on ports 1 0 1 and 1 0 6 use the command awplus debug lldp rx interface port1 0 1 port1 0 6 To enable debugging of LLDP transmit with packet dump on all ports use the command awplus debug lldp tx txpkt To disable debugging o...

Page 1721: ...e for AT IX5 28GPX High Availability High Power Video Surveillance PoE Switch 1695 AlliedWare Plus Operating System Version 5 4 5 0 x LLDP COMMANDS DEBUG LLDP Related Commands show debugging lldp show running config lldp terminal monitor ...

Page 1722: ...the port for instance when it detects a new LLDP MED capable device The no variant of this command resets the LLDPD MED fast start count to the default 3 Syntax lldp faststart count 1 10 no lldp faststart count Default The default fast start count is 3 Mode Global Configuration Examples To set the fast start count to 5 use the command awplus configure terminal awplus config lldp faststart count 5 ...

Page 1723: ...ltiplier 2 10 no lldp holdtime multiplier Default The default holdtime multiplier value is 4 Mode Global Configuration Usage The Time To Live defines the period for which the information advertised to the neighbor is valid If the Time To Live expires before the neighbor receives another update of the information then the neighbor discards the information from its database Examples To set the holdt...

Page 1724: ...AN the port belongs to else the MAC address of the device s baseboard if no VLAN IP addresses are configured for the port Mode Interface Configuration Usage To see the management address that will be advertised use the show lldp interface command or show lldp local info command Examples To set the management address advertised by ports 1 0 1 and 1 06 to be 192 168 1 6 use the commands awplus confi...

Page 1725: ...Topology Change Detected notifications relating to the specified ports Syntax lldp med notifications no lldp med notifications Default The sending of LLDP MED notifications is disabled by default Mode Interface Configuration Examples To enable the sending of LLDP MED Topology Change Detected notifications relating to ports 1 0 1 and 1 0 6 use the commands awplus configure terminal awplus config in...

Page 1726: ... management lldp med tlv select all no lldp med tlv select capabilities network policy location power management ext inventory management no lldp med tlv select all Parameter Description capabilities LLDP MED Capabilities TLV When this is enabled the MAC PHY Configuration Status TLV from IEEE 802 3 Organizationally Specific TLVs is also automatically included in LLDP MED advertisements whether or ...

Page 1727: ...TLV Set in advertisements transmitted via ports 1 0 1 and 1 0 6 use the commands awplus configure terminal awplus config interface port1 0 1 port1 0 6 awplus config if lldp med tlv select inventory management To exclude the Inventory TLV Set in advertisements transmitted via ports 1 0 1 and 1 0 6 use the commands awplus configure terminal awplus config interface port1 0 1 port1 0 6 awplus config i...

Page 1728: ... strict order checking is applied to LLDP MED advertisements according to ANSI TIA 1057 and LLDP MED TLVs in non standard order are discarded Mode Global Configuration Usage The ANSI TIA 1057 specifies standard order for TLVs in LLDP MED advertisements and specifies that if LLDP receives LLDP advertisements with non standard LLDP MED TLV order the TLVs in non standard order should be discarded Thi...

Page 1729: ...hange Notification The no variant of this command sets the notification interval back to its default Syntax lldp notification interval 5 3600 no lldp notification interval Default The default notification interval is 5 seconds Mode Global Configuration Examples To set the notification interval to 20 seconds use the commands awplus configure terminal awplus config lldp notification interval 20 To s...

Page 1730: ...x lldp notifications no lldp notifications Default The sending of LLDP SNMP notifications is disabled by default Mode Interface Configuration Examples To enable sending of LLDP SNMP notifications for ports 1 0 1 and 1 0 6 use the commands awplus configure terminal awplus config interface port1 0 1 port1 0 6 awplus config if lldp notifications To disable sending of LLDP SNMP notifications for ports...

Page 1731: ...t number type Default The default port identifier type is number The no variant of this command sets the port identifier type to the default Mode Global Configuration Examples To set the type of port identifier used to enumerate LLDP MIB local port entries to port numbers use the commands awplus configure terminal awplus config lldp port number type number To set the type of port identifier used t...

Page 1732: ...nitialize The no variant of this command sets the reinitialization delay back to its default setting Syntax lldp reinit 1 10 no lldp reinit Default The default reinitialization delay is 2 seconds Mode Global Configuration Examples To set the reinitialization delay to 3 seconds use the commands awplus configure terminal awplus config lldp reinit 3 To set the reinitialization delay back to its defau...

Page 1733: ...f LLDP on the device The no variant of this command disables the operation of LLDP on the device The LLDP configuration remains unchanged Syntax lldp run no lldp run Default LLDP is disabled by default Mode Global Configuration Examples To enable LLDP operation use the commands awplus configure terminal awplus config lldp run To disable LLDP operation use the commands awplus configure terminal awp...

Page 1734: ...nterval back to its default Syntax lldp timer 5 32768 no lldp timer Default The default transmit interval is 30 seconds Mode Global Configuration Examples To set the transmit interval to 90 seconds use the commands awplus configure terminal awplus config lldp timer 90 To set the transmit interval back to its default use the commands awplus configure terminal awplus config no lldp timer Related Com...

Page 1735: ...is command The no variant of this command disables the specified optional TLVs or all optional TLVs for transmission in LLDP advertisements via the specified ports Syntax lldp tlv select tlv lldp tlv select all no lldp tlv select tlv no lldp tlv select all Default By default no optional TLVs are included in LLDP advertisements The MAC PHY Configuration Status TLV mac phy config is included in LLDP...

Page 1736: ...ports 1 0 1 and 1 0 6 use the commands awplus configure terminal awplus config interface port1 0 1 port1 0 6 awplus config if lldp tlv select all To exclude the management address and system name TLVs from advertisements transmitted via ports 1 0 1 and 1 0 6 use the commands awplus configure terminal awplus config interface port1 0 1 port1 0 6 awplus config if no lldp tlv select management address...

Page 1737: ...iguration Examples To enable transmission of LLDP advertisements on ports 1 0 1 and 1 0 6 use the commands awplus configure terminal awplus config interface port1 0 1 port1 0 6 awplus config if lldp transmit To enable LLDP advertisement transmission and reception on ports 1 0 1 and 1 0 6 use the commands awplus configure terminal awplus config interface port1 0 1 port1 0 6 awplus config if lldp tr...

Page 1738: ...nsmission delay timer back to its default setting Syntax lldp tx delay 1 8192 no lldp tx delay Default The default transmission delay timer is 2 seconds Mode Global Configuration Examples To set the transmission delay timer to 12 seconds use the commands awplus configure terminal awplus config lldp tx delay 12 To set the transmission delay timer back to its default use the commands awplus configur...

Page 1739: ...S LOCATION CIVIC LOCATION CONFIGURATION location civic location configuration Overview Use these commands to configure a civic address location The country parameter must be specified first and at least one of the other parameters must be configured before the location can be assigned to a port Use the no variants of this command to delete civic address parameters from the location ...

Page 1740: ...od street group street group no street group leading street direction leading street direction no leading street direction trailing street suffix trailing street suffix no trailing street suffix street suffix street suffix no street suffix house number house number no house number house number suffix house number suffix no house number suffix landmark landmark no landmark additional information ad...

Page 1741: ... no branch road name sub branch road name sub branch road name no sub branch road name street name pre modifier street name pre modifier no street name pre modifier streetname post modifier streetname post modifier no streetname post modifier Parameter Description country Upper case two letter country code as specified in ISO 3166 state State Civic Address CA Type 1 national subdivisions state can...

Page 1742: ...ng street suffix Trailing street suffix CA Type 17 street suffix Street suffix CA Type 18 street suffix or type house number House number CA Type 19 house number suffix House number suffix CA Type 20 landmark Landmark or vanity address CA Type 21 additional information Additional location information CA Type 22 name Name CA Type 23 residence and office occupant postal code Postal zip code CA Type ...

Page 1743: ...location identifier command To delete the civic address location use the no variant of the location civic location identifier command To assign the civic address location to particular ports so that it can be advertised in TLVs from those ports use the command location civic location id command Examples To configure civic address location 1 with location 27 Nazareth Avenue Christchurch New Zealand...

Page 1744: ...e location information for this civic address location identifier use the location civic location configuration command To associate this civic location identifier with particular ports use the location elin location id command Up to 400 locations can be configured on the switch for each type of location information up to a total of 1200 locations Examples To enter Civic Address Location Configura...

Page 1745: ...ess location associated with a port can be transmitted in Location Identification TLVs via the port Before using this command create the location using the following commands location civic location identifier command location civic location configuration command If a civic address location is deleted using the no variant of the location civic location identifier command it is automatically remove...

Page 1746: ...he Location Identification TLV as 34 bit fixed point binary numbers with a 25 bit fractional part irrespective of the number of digits entered by the user Likewise Parameter Description lat resolution Latitude resolution as a number of valid bits in the range 0 to 34 latitude Latitude value in degrees in the range 90 0 to 90 0 long resolution Longitude resolution as a number of valid bits in the r...

Page 1747: ...rgency services to define a search area To specify the coordinate identifier use the location coord location identifier command To remove coordinate information delete the coordinate location by using the no variant of that command To associate the coordinate location with particular ports so that it can be advertised in TLVs from those ports use the location elin location id command Example To co...

Page 1748: ... be configured on the switch for each type of location information up to a total of 1200 locations To configure this coordinate location use the location coord location configuration command To associate this coordinate location with particular ports so that it can be advertised in TLVs from those ports use the location coord location id command Examples To enter Coordinate Location Configuration ...

Page 1749: ...cation associated with a port can be transmitted in Location Identification TLVs via the port Before using this command configure the location using the following commands location coord location identifier command location coord location configuration command If a coordinate location is deleted using the no variant of the location coord location identifier command it is automatically removed from...

Page 1750: ...pe of location information up to a total of 1200 locations To assign this ELIN location to particular ports so that it can be advertised in TLVs from those ports use the location elin location id command Examples To create a new ELIN location with ID 1 and configure it with ELIN 1234567890 use the commands awplus configure terminal awplus config location elin location 1234567890 identifier 1 To de...

Page 1751: ...signed to ports Mode Interface Configuration Usage An ELIN location associated with a port can be transmitted in Location Identification TLVs via the port Before using this command configure the location using the location elin location command If an ELIN location is deleted using the no variant of one of the location elin location command it is automatically removed from all ports Examples To ass...

Page 1752: ...e the command awplus show debugging lldp interface port1 0 1 1 0 6 Output Figure 42 1 Example output from the show debugging lldp command Parameter Description port list The ports for which the LLDP debug settings are shown LLDP Debug settings Debugging for LLDP internal operation is on Port Rx RxPkt Tx TxPkt 1 0 1 Yes Yes No No 1 0 2 Yes No No No 1 0 3 No No No No 1 0 4 Yes Yes Yes No 1 0 5 Yes N...

Page 1753: ...EV A Command Reference for AT IX5 28GPX High Availability High Power Video Surveillance PoE Switch 1727 AlliedWare Plus Operating System Version 5 4 5 0 x LLDP COMMANDS SHOW DEBUGGING LLDP Related Commands debug lldp ...

Page 1754: ...ier 4 4 Computed TTL value 120 secs Reinitialization Delay 2 secs 2 Tx Delay 2 secs 2 Port Number Type Ifindex Port Number Fast Start Count 5 3 LLDP Global Status Total Neighbor Count 47 Neighbors table last updated 0 hrs 0 mins 43 secs ago Table 42 3 Parameters in the output of the show lldp command Parameter Description LLDP Status Whether LLDP is enabled Default is disabled Notification Interva...

Page 1755: ...transmitting advertisements due to a change in LLDP local information Port Number Type The type of port identifier used to enumerate LLDP MIB local port entries as set by the lldp port number type command Fast Start Count The number of times fast start advertisements are sent for LLDP MED Total Neighbor Count Number of LLDP neighbors discovered on all ports Neighbors table last updated The time si...

Page 1756: ...Status and Configuration LLDP is inactive on this port because it is a mirror analyser port Notification Abbreviations RC LLDP Remote Tables Change TC LLDP MED Topology Change TLV Abbreviations Base Pd Port Description Sn System Name Sd System Description Sc System Capabilities Ma Management Address 802 1 Pv Port VLAN ID Pp Port And Protocol VLAN ID Vn VLAN Name Pi Protocol Identity 802 3 Mp MAC P...

Page 1757: ...ication TP LLDP MED Topology Change Notification Management Addr Management address advertised to neighbors Base TLVs Enabled for Tx List of optional Base TLVs enabled for transmission Pd Port Description Sn System Name Sd System Description Sc System Capabilities Ma Management Address 802 1 TLVs Enabled for Tx List of optional 802 1 TLVs enabled for transmission Pv Port VLAN ID Pp Port And Protoc...

Page 1758: ...e Whether and which local information is transmitted in advertisements via a port depends on whether the port is set to transmit LLDP advertisements lldp transmit receive command which TLVs it is configured to send lldp tlv select command lldp med tlv select command Examples To display local information transmitted via port 1 0 1 use the command awplus show lldp local info interface port1 0 1 To d...

Page 1759: ...0806 86dd MAC PHY Auto negotiation Supported Enabled Advertised Capability 1000BaseTFD 100BaseTXFD 100BaseTX 10BaseTFD 10BaseT Operational MAU Type 1000BaseTFD 30 Power Via MDI PoE Supported Enabled Port Class PSE Pair Control Ability Disabled Power Class Unknown Link Aggregation Supported Disabled Maximum Frame Size 1522 LLDP MED Device Type Network Connectivity LLDP MED Capabilities LLDP MED Cap...

Page 1760: ...command System Description System description System Capabilities Supported Capabilities that the local port supports System Capabilities Enabled Enabled capabilities on the local port Management Addresses Management address associated with the local port To change this use the lldp management address command Port VLAN ID PVID VLAN identifier associated with untagged or priority tagged frames rece...

Page 1761: ...rame Size The maximum frame size capability of the implemented MAC and PHY LLDP MED Device Type LLDP MED device type LLDP MED Capabilities Capabilities LLDP MED capabilities supported on the local port Network Policy List of network policies configured on the local port VLAN ID VLAN identifier for the port for the specified application type Tagged Flag Whether the VLAN ID is to be used as tagged o...

Page 1762: ...LDP LOCAL INFO Related Commands description interface hostname lldp transmit receive Power Value The total power the switch can source over a maximum length cable to a PD device on the port The value shows the power value in Watts from the PD side Inventory Management Inventory information for the device Table 42 5 Parameters in the output of show lldp local info cont Parameter Description ...

Page 1763: ...show lldp neighbors command Parameter Description port list The ports for which the neighbor information is to be shown LLDP Neighbor Information Total number of neighbors on these ports 4 System Capability Codes O Other P Repeater B Bridge W WLAN Access Point R Router T Telephone C DOCSIS Cable Device S Station Only LLDP MED Device Type and Power Source Codes 1 Class I 3 Class III PSE PoE Both Po...

Page 1764: ...ail Neighbor Port Name Port ID of the neighbor Neighbor Sys Name System name of the LLDP neighbor Neighbor Capability Capabilities that are supported and enabled on the neighbor System Capability System Capabilities of the LLDP neighbor MED Device Type LLDP MED Device class Class I II III or Network Connectivity MED Power Source LLDP MED Power Source Table 42 6 Parameters in the output of the show...

Page 1765: ...ports is displayed Syntax show lldp neighbors detail base dot1 dot3 med interface port list Mode User Exec and Privileged Exec Examples To display detailed neighbor information received via all ports use the command awplus show lldp neighbors detail To display detailed neighbor information received via ports 1 0 1 use the command awplus show lldp neighbors detail interface port1 0 1 Parameter Desc...

Page 1766: ...s 0004 cd28 8754 Port VLAN ID PVID 1 Port Protocol VLAN Supported Yes Enabled Yes VIDs 5 VLAN Names default vlan5 Protocol IDs 9000 0026424203000000 888e01 8100 88090101 00540000e302 0800 0806 86dd MAC PHY Auto negotiation Supported Enabled Advertised Capability 1000BaseTFD 100BaseTXFD 100BaseTX 10BaseTFD 10BaseT Operational MAU Type 1000BaseTFD 30 Power Via MDI PoE not advertised Link Aggregation...

Page 1767: ... Supported Capabilities that the neighbor supports System Capabilities Enabled Capabilities that are enabled on the neighbor Management Addresses List of neighbor s management addresses Port VLAN ID PVID VLAN identifier associated with untagged or priority tagged frames for the neighbor port Port Protocol VLAN Supported Whether Port Protocol VLAN is supported on the LLDP neighbor Port Protocol VLA...

Page 1768: ... Commands show lldp neighbors LLDP MED Device Type LLDP MED Device type LLDP MED Capabilities LLDP MED capabilities supported Network Policy List of network policies Location Identification Location information Extended Power Via MDI PoE PoE capability and current status Inventory Management Inventory information Table 42 7 Parameters in the output of the show lldp neighbors detail command cont Pa...

Page 1769: ...s Unrecognized 0 Discarded 0 Neighbors New Entries 20 Deleted Entries 20 Dropped Entries 0 Entry Age outs 20 Table 42 9 Parameters in the output of the show lldp statistics command Parameter Description Frames Out Number of LLDPDU frames transmitted Frames In Number of LLDPDU frames received Frames In Errored Number of invalid LLDPDU frames received Frames In Dropped Number of LLDPDU frames receiv...

Page 1770: ...atistics interface Neighbors Dropped Entries Number of times the information advertised by neighbors could not be entered into the neighbor table because of insufficient resources Neighbors Entry Age outs Entries Number of times the information advertised by neighbors has been removed from the neighbor table because the information TTL interval has expired Table 42 9 Parameters in the output of th...

Page 1771: ...nters for specified ports If no port list is supplied LLDP statistics for all ports are displayed Syntax show lldp statistics interface port list Mode User Exec and Privileged Exec Examples To display LLDP statistics information for all ports use the command awplus show lldp statistics interface To display LLDP statistics information for ports 1 0 1 and 1 0 6 use the command awplus show lldp stati...

Page 1772: ... Neighbors New Entries 1 Deleted Entries 0 Dropped Entries 0 Entry Age outs 0 Table 42 11 Parameters in the output of the show lldp statistics interface command Parameter Description Frames Out Number of LLDPDU frames transmitted Frames In Number of LLDPDU frames received Frames In Errored Number of invalid LLDPDU frames received Frames In Dropped Number of LLDPDU frames received and discarded for...

Page 1773: ...dp statistics Neighbors Dropped Entries Number of times the information advertised by neighbors could not be entered into the neighbor table because of insufficient resources Neighbors Entry Age outs Entries Number of times the information advertised by neighbors has been removed from the neighbor table because the information TTL interval has expired Table 42 11 Parameters in the output of the sh...

Page 1774: ... To display a civic address location configured on port1 0 1 use the command awplus show location civic location interface port1 0 1 Parameter Description civic location Display civic location information coord location Display coordinate location information elin location Display ELIN location information civic loc id Civic address location identifier in the range 1 to 4095 coord loc id Coordinat...

Page 1775: ...ured on the switch use the command awplus show location elin location Related Commands location elin location id location civic location identifier location civic location configuration location coord location identifier location coord location configuration location elin location Table 42 13 Example output from the show location command awplus show location coord location identifier 1 ID Element ...

Page 1776: ...betical reference for commands used to configure SMTP For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Command List debug mail on page 1750 delete mail on page 1751 mail on page 1752 mail from on page 1753 mail smtpserver on page 1754 show counter mail on page 1755 show ma...

Page 1777: ...and turns on debugging for sending emails The no variant of this command turns off debugging for sending emails Syntax debug mail no debug mail Mode Privileged Exec Examples To turn on debugging for sending emails use the command awplus debug mail To turn off debugging for sending emails use the command awplus no debug mail Related Commands delete mail mail mail from mail smtpserver show mail show...

Page 1778: ...l Mode Privileged Exec Examples To delete a unique mail item 20060912142356 1234 from the queue use the command awplus delete mail 20060912142356 1234 To delete all mail from the queue use the command awplus delete mail all Related Commands debug mail mail mail from mail smtpserver show mail Parameter Description mail id Deletes a single mail from the mail queue mail id An unique mail ID number Us...

Page 1779: ...using the mail from command and a mail server using the mail smtpserver command Syntax mail to to subject subject file filename Mode Privileged Exec Example To send an email to rei nerv comwith the subject dummy plug configuration and with the message body inserted from the file plug conf use the command awplus mail rei nerv com subject dummy plug configuration filename plug conf Related Commands ...

Page 1780: ...ddress for the mailfrom SMTPcommand You must specify a sending email address with this command before you can send any email Syntax mail from from Mode Global Configuration Example To set the email address from which you are sending mail to kaji nerv com use the command awplus config mail from kaji nerv com Related Commands delete mail mail mail smtpserver show mail Parameter Description from The ...

Page 1781: ... the SMTP server that your device sends email to You must specify a mail server with this command before you can send any email Syntax mail smtpserver ip address Mode Global Configuration Example To specify a mail server at 192 168 0 1 use the command awplus mail smtpserver 192 168 0 1 Related Commands debug mail delete mail mail mail from show mail show counter mail Parameter Description ip addre...

Page 1782: ...put Figure 43 1 Example output from the show counter mail command Example To show the emails in the queue use the command awplus show counter mail Related Commands debug mail delete mail mail mail from show mail Mail Client SMTP counters Mails Sent 0 Mails Sent Fails 1 Table 43 1 Parameters in the output of the show counter mail command Parameter Description Mails Sent The number of emails sent su...

Page 1783: ...1 REV A AlliedWare Plus Operating System Version 5 4 5 0 x SMTP COMMANDS SHOW MAIL show mail Overview This command displays the emails in the queue Syntax show mail Mode Privileged Exec Example To display the emails in the queue use the command awplus show mail Related Commands delete mail mail show counter mail ...

Page 1784: ...AT IX5 28GPX High Availability High Power Video Surveillance PoE Switch 1757 AlliedWare Plus Operating System Version 5 4 5 0 x SMTP COMMANDS UNDEBUG MAIL undebug mail Overview This command applies the functionality of the no debug mail command ...

Page 1785: ... see the RMON Feature Overview and Configuration Guide RMON is disabled by default in AlliedWare Plus No RMON alarms or events are configured For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Command List rmon alarm on page 1759 rmon collection history on page 1761 rmon col...

Page 1786: ...5 Alarm entry index value oid The variable SNMP MIB Object Identifier OID name to be monitored in the format etherStatsEntry field stats index For example etherStatsEntry 5 22 is the OID for the etherStatsPkts field in the etherStatsEntry table for the interface defined by the stats index 22 in the rmon collection stats command interval 1 2147483647 Polling interval in seconds delta The RMON MIB a...

Page 1787: ... command syntax with oid must be specified as a dotted decimal value with the form etherStatsEntry field stats index Example To configure an alarm to monitor the change per minute in the etherStatsPkt value for interface 22 defined by stats index 22 in the rmon collection stats command to trigger event 2 defined by the rmon event command when it reaches the rising threshold 400 and to trigger even...

Page 1788: ...yntax rmon collection history history index buckets 1 65535 interval 1 3600 owner owner no rmon collection history history index Default The default interval is 1800 seconds and the default buckets is 50 buckets Mode Interface Configuration Example To create a history statistics control group to store 200 snapshots with an interval of 500 seconds use the commands awplus configure terminal awplus c...

Page 1789: ...ion index owner owner no rmon collection stats collection index Default RMON statistics are not enabled by default Mode Interface Configuration Example To enable the collection of RMON statistics with a statistics index of 200 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if rmon collection stats 200 owner myrtle To to stop collecting RMON statistics us...

Page 1790: ...rap trap rmon event event index log description description owner owner trap trap rmon event event index log trap description description owner owner no rmon event event index Default No event is configured by default Mode Global Configuration Example To create an event definition for a log with an index of 299 use this command awplus configure terminal awplus config rmon event 299 log description...

Page 1791: ...COMMANDS SHOW RMON ALARM show rmon alarm Overview Use this command to display the alarms and threshold configured for the RMON probe NOTE Onlythealarmsforswitchportinterfaces notforVLANinterfaces canbeshown Syntax show rmon alarm Mode User Exec and Privileged Exec Example To display the alarms and threshold use this command awplus show rmon alarm Related Commands rmon alarm ...

Page 1792: ...ow rmon event command NOTE The following etherStats counters are not currently available for Layer 3 interfaces etherStatsBroadcastPkts etherStatsCRCAlignErrors etherStatsUndersizePkts etherStatsOversizePkts etherStatsFragments etherStatsJabbers etherStatsCollisions etherStatsPkts64Octets etherStatsPkts65to127Octets etherStatsPkts128to255Octets etherStatsPkts256to511Octets etherStatsPkts512to1023O...

Page 1793: ...Power Video Surveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x RMON COMMANDS SHOW RMON EVENT Example To display the events configured for the RMON probe use this command awplus show rmon event Related Commands rmon event ...

Page 1794: ...Example output from the show rmon history command NOTE The following etherStats counters are not currently available for Layer 3 interfaces etherStatsBroadcastPkts etherStatsCRCAlignErrors etherStatsUndersizePkts etherStatsOversizePkts etherStatsFragments etherStatsJabbers etherStatsCollisions etherStatsPkts64Octets etherStatsPkts65to127Octets etherStatsPkts128to255Octets etherStatsPkts256to511Oct...

Page 1795: ...E Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x RMON COMMANDS SHOW RMON HISTORY Example To display the parameters specified on all the currently defined RMON history collections us the commands awplus show rmon history Related Commands rmon collection history ...

Page 1796: ...mple output from the show rmon statistics command NOTE The following etherStats counters are not currently available for Layer 3 interfaces etherStatsBroadcastPkts etherStatsCRCAlignErrors etherStatsUndersizePkts etherStatsOversizePkts etherStatsFragments etherStatsJabbers etherStatsCollisions etherStatsPkts64Octets etherStatsPkts65to127Octets etherStatsPkts128to255Octets etherStatsPkts256to511Oct...

Page 1797: ...e for AT IX5 28GPX High Availability High Power Video Surveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x RMON COMMANDS SHOW RMON STATISTICS Related Commands rmon collection stats ...

Page 1798: ...ering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Command List active trigger on page 1773 day on page 1774 debug trigger on page 1776 description trigger on page 1777 repeat on page 1778 script on page 1779 show debugging trigger on page 1781 show running config trigger on page 1782 show trigger...

Page 1799: ...m Version 5 4 5 0 x TRIGGER COMMANDS type memory on page 1799 type periodic on page 1800 type ping poll on page 1801 type reboot on page 1802 type stack disabled master on page 1803 type stack link on page 1804 type stack master fail on page 1805 type stack member on page 1806 type time on page 1807 type usb on page 1808 undebug trigger on page 1809 ...

Page 1800: ...itions are met Syntax active no active Mode Trigger Configuration Usage Configure a trigger first before you use this command to activate it Forinformationaboutconfiguringatrigger seethe TriggersFeatureOverviewand Configuration Guide Examples To enable trigger 172 so that it can activate when its trigger conditions are met use the commands awplus configure terminal awplus config trigger 172 awplus...

Page 1801: ...55 to activate on the 1 Jun 2010 use the commands awplus configure terminal awplus config trigger 55 awplus config trigger day 1 Jun 2010 To permit trigger 12 to activate on a Mondays Wednesdays and Fridays use the commands awplus configure terminal awplus config trigger 12 awplus config trigger day monday wednesday friday Parameter Description every day Sets the trigger so that it can activate on...

Page 1802: ... REV A Command Reference for AT IX5 28GPX High Availability High Power Video Surveillance PoE Switch 1775 AlliedWare Plus Operating System Version 5 4 5 0 x TRIGGER COMMANDS DAY Related Commands show trigger trigger ...

Page 1803: ...bugging This generates detailed messages about how your device is processing the trigger commands and activating the triggers The no variant of this command disables trigger debugging Syntax debug trigger no debug trigger Mode Privilege Exec Examples To start trigger debugging use the command awplus debug trigger To stop trigger debugging use the command awplus no trigger Related Commands show deb...

Page 1804: ...top displaying a description for this trigger Syntax description description no description Mode Trigger Configuration Examples To give trigger 240 the description daily status report use the commands awplus configure terminal awplus config trigger 240 awplus config trigger description daily status report To remove the description from trigger 36 use the commands awplus configure terminal awplus c...

Page 1805: ...lt triggers can activate an unlimited number of times To reset a trigger to this default specify either yes or forever Syntax repeat forever no once yes 1 4294967294 Mode Trigger Configuration Examples To allow trigger 21 to activate only once use the commands awplus configure terminal awplus config trigger 21 awplus config trigger repeat no To allow trigger 22 to activate an unlimited number of t...

Page 1806: ...heir name or by specifying their position in the script list The all parameter removes all scripts from the trigger Syntax script 1 5 filename no script 1 5 filename all Mode Trigger Configuration Examples To configure trigger 71 to run the script flash cpu_trig sh in position 3 when the trigger activates use the commands awplus configure terminal awplus config trigger 71 awplus config trigger scr...

Page 1807: ...CRIPT To remove the script flash cpu_trig sh from trigger 71 s script list use the commands awplus configure terminal awplus config trigger 71 awplus config trigger no script flash cpu_trig sh To remove all the scripts from trigger 71 s script list use the commands awplus configure terminal awplus config trigger 71 awplus config trigger no script all Related Commands show trigger trigger ...

Page 1808: ...debugging has been turned on or off from the debug trigger command Syntax show debugging trigger Mode User Exec and Privileged Exec Example To display the current configuration of trigger debugging use the command awplus show debugging trigger Output Figure 45 1 Example output from the show debugging trigger command Related Commands debug trigger awplus debug trigger awplus show debugging trigger ...

Page 1809: ...trigger Overview This command displays the current running configuration of the trigger utility Syntax show running config trigger Mode Privileged Exec Example To display the current configuration of the trigger utility use the command awplus show running config trigger Output Figure 45 2 Example output from the show running config trigger command Related Commands show trigger trigger 1 type card ...

Page 1810: ...ical information about all triggers full Displays detailed information about all triggers Table 45 1 Example output from the show trigger command awplus show trigger TR Type Details Name Ac Te Tr Repeat Scr Days Date 001 USB in Y N Y Continuous 0 smtwtfs 002 USB out Y N Y Continuous 0 smtwtfs 003 CPU 80 any Busy CPU Y N Y 5 1 smtwtfs 005 Periodic 30 min Regular status check Y N N Continuous 1 mtwt...

Page 1811: ... see the number of times a trigger has activated use the show trigger 1 250 command Scr Number of scripts associated with the trigger Days Date Days or date when the trigger may be activated For the days options the days are shown as a seven character string representing Sunday to Saturday A hyphen indicates days when the trigger cannot be activated awplus show trigger 3 Trigger Configuration Deta...

Page 1812: ...ontinuous Modified Fri Sep 3 14 45 56 2010 Number of activations 0 Last activation not activated Number of scripts 0 1 not configured 2 not configured 3 not configured 4 not configured 5 not configured Trigger 2 Description no description Type and details USB out Days smtwtfs After 00 00 00 Before 23 59 59 Active Yes Test No Trap Yes Repeat Continuous Modified Fri Sep 3 14 45 56 2010 Number of act...

Page 1813: ...ostic mode Trap Whether or not the trigger is enabled to send SNMP traps Repeat Whether the trigger repeats an unlimited number of times Continuous or for a set number of times When the trigger can repeat only a set number of times then the number of times the trigger has been activated is displayed in brackets Modified The date and time of the last time that the trigger was modified Number of act...

Page 1814: ...triggers activated today 0 Stack master fail triggers activated today 0 Stack member triggers activated today 0 Table 45 5 Parameters in the output of the show trigger counter command Parameter Description Trigger activations Number of times a trigger has been activated Time triggers activated today Number of times a time trigger has been activated today Periodic triggers activated today Number of...

Page 1815: ...mal operation When the trigger activates the scripts associated with the trigger will be run as normal Syntax test no test Mode Trigger Configuration Usage Configure a trigger first before you use this command to diagnose it For information about configuring a trigger see the Triggers Feature Overview and Configuration Guide Examples To put trigger 5into diagnosticmode where no scripts will berun ...

Page 1816: ...ter is 23 59 59 that is the trigger may activate at any time If the value specified for before is later than the value specified for after a time period from after to before is defined duringwhich the trigger may activate This command is not applicable to time triggers type time The following figure illustrates how the before and after parameters operate Syntax time after hh mm ss before hh mm ss ...

Page 1817: ...tion Guide Examples To allow trigger 63 to activate between midnight and 10 30am use the commands awplus configure terminal awplus config trigger 63 awplus config trigger time before 10 30 00 To allow trigger 64 to activate between 3 45pm and midnight use the commands awplus configure terminal awplus config trigger 64 awplus config trigger time after 15 45 00 To allow trigger 65 to activate betwee...

Page 1818: ...e SNMP MIBs Overview for information about which MIB objects are supported the SNMP Feature Overview and Configuration Guide Since SNMP traps are enabled by default for all defined triggers a common usage will be for the no variant of this command to disable SNMP traps from a specified trap if the trap is only periodic Refer in particular to AT TRIGGER MIB in the SNMP MIBs Overview for further inf...

Page 1819: ...gger scripts and other operational parameters can be specified At a minimum the trigger type information must be specified before the trigger can become active The no variant of this command removes a specified trigger and all configuration associated with it Syntax trigger 1 250 no trigger 1 250 Mode Global Configuration Examples To enter trigger configuration mode for trigger 12 use the command ...

Page 1820: ... 250 Mode Privileged Exec Usage This command manually activates a trigger without the normal trigger conditions being met The trigger is activated even if it is configured as inactive The scripts associated with the trigger will be executed even if the trigger is in the diagnostic test mode Triggers activated manually do not have their repeat counts decremented or their last triggered time updated...

Page 1821: ...nd is entered on node 1 node1 config trigger 5 node1 config trigger type atmf node leave Example 2 The following commands will configure trigger 5 to activate if an AMF node join event occurs on any node within the working set node1 atmf working set group all This command returns the following display Note that the running the above command changes the prompt from the name of the local node to the...

Page 1822: ...of the nodes in the AMF Network AMF Net 3 show running config trigger This command returns the following display node1 TR Type Details Description Ac Te Tr Repeat Scr Days Date 001 Periodic 2 min Periodic Status Chk Y N Y Continuous 1 smtwtfs 005 ATMF node leave E mail on ATMF Exit Y N Y Continuous 1 smtwtfs Node2 Node3 TR Type Details Description Ac Te Tr Repeat Scr Days Date 005 ATMF node leave ...

Page 1823: ...ference for AT IX5 28GPX High Availability High Power Video Surveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x TRIGGER COMMANDS TYPE ATMF NODE Related Commands show trigger ...

Page 1824: ...see Capture Unusual CPU and RAM Activity in the Triggers Feature Overview and Configuration Guide Examples To configure trigger 28 to be a CPU trigger that activates when CPU usage exceeds 80 use the following commands awplus configure terminal awplus config trigger 28 awplus config trigger type cpu 80 up To configure trigger 5 to be a CPU trigger that activates when CPU usage either rises above o...

Page 1825: ...gured to activate when either one of these events occurs by using the any option Syntax type interface interface up down any Mode Trigger Configuration Example To configure trigger 19 to be an interface trigger that activates when port1 0 2 becomes operational use the following commands awplus configure terminal awplus config trigger 19 awplus config trigger type interface port1 0 2 up Related Com...

Page 1826: ... configure trigger 12 to be a memory trigger that activates when memory usage exceeds 50 use the following commands awplus configure terminal awplus config trigger 12 awplus config trigger type memory 50 up To configure trigger 40 to be a memory trigger that activates when memory usage either rises above or drops below 65 use the following commands awplus configure terminal awplus config trigger 4...

Page 1827: ...type periodic and time can be configured If you attempt to add more than 10 triggers the following error message is displayed For an example trigger configuration that uses the type periodic command see See Daily Statistics in the Triggers Feature Overview and Configuration Guide Example To configure trigger 44 to activate periodically at 10 minute intervals use the following commands awplus confi...

Page 1828: ...when a device becomes reachable or unreachable Syntax type ping poll 1 100 up down Mode Trigger Configuration Example To configure trigger 106 to activate when ping poll 12 detects that its target device is now unreachable use the following commands awplus configure terminal awplus config trigger 106 awplus config trigger type ping poll 12 down Related Commands show trigger trigger Parameter Descr...

Page 1829: ...MMANDS TYPE REBOOT type reboot Overview This command configures a trigger that activates when your device is rebooted Syntax type reboot Mode Trigger Configuration Example To configure trigger 32 to activate when your device reboots use the following commands awplus configure terminal awplus config trigger 32 awplus config trigger type reboot Related Commands show trigger trigger ...

Page 1830: ...nked ports will not function correctly on the device that is connected downstream If the stack virtual mac command command is enabled the stack uses a virtual MAC address The stack will always use this MAC address and the new elected master will still retain the originally configured virtual MAC address If the stack virtual mac command is disabled the stack will use the MAC address of the current ...

Page 1831: ...ction of a pre configured trigger to occur when a stacking link is either activated or deactivated Syntax type stack link up down Mode Trigger Configuration Example To configure trigger 86 to activate when the stack link down event occurs use the commands awplus configure terminal awplus config trigger 86 awplus config trigger type stack link down Related Commands show trigger trigger type stack m...

Page 1832: ...ack initiates the action of a pre configured trigger to occur when the stack enters the fail over state Syntax type stack master fail Mode Trigger Configuration Example To configure trigger 86 to activate when stack master fail over event occurs use the commands awplus configure terminal awplus config trigger 86 awplus config trigger type stack master fail Related Commands stack disabled master mo...

Page 1833: ... either joins or leaves the stack Syntax type stack member join leave Mode Trigger Configuration Example To configure a pre configured trigger number 86 to activate when a new device joins the stack Note that the number 86 has no particular significance you can assign any previously created numbered trigger awplus configure terminal awplus config trigger 86 awplus config trigger type stack member ...

Page 1834: ... Configuration Usage A combined limit of 10 triggers of the type time and type periodic can be configured If you attempt to add more than 10 triggers the following error message is displayed Example To configure trigger 86 to activate at 15 53 use the following commands awplus configure terminal awplus config trigger 86 awplus config trigger type time 15 53 Related Commands show trigger trigger Pa...

Page 1835: ...ecute script files from a USB storage device For example trigger configurations that use the type usb command see Capture Show Output and Save to a USB Storage Device in the Triggers Feature Overview and Configuration Guide Examples To configure trigger 1 to activate on the insertion of a USB storage device use the commands awplus configure terminal awplus config trigger 1 awplus config trigger ty...

Page 1836: ... 28GPX High Availability High Power Video Surveillance PoE Switch 1809 AlliedWare Plus Operating System Version 5 4 5 0 x TRIGGER COMMANDS UNDEBUG TRIGGER undebug trigger Overview This command applies the functionality of the no debug trigger command ...

Page 1837: ... saving command output see Controlling show Command Output in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Command List active ping polling on page 1811 clear ping poll on page 1812 critical interval on page 1813 debug ping poll on page 1814 Table 46 1 The following table lists the default values when configuring a ping poll Default Value Critical interval 1 se...

Page 1838: ...COMMANDS description ping polling on page 1815 fail count on page 1816 ip ping polling on page 1817 length ping poll data on page 1818 normal interval on page 1819 ping poll on page 1820 sample size on page 1821 show counter ping poll on page 1823 show ping poll on page 1826 source ip on page 1831 timeout ping polling on page 1832 up count on page 1833 undebug ping poll on page 1834 ...

Page 1839: ...ssumes that the device it is polling is unreachable The no variant of this command disables a ping poll instance The polling instance no longer sends ICMP echo requests to the polled device This also resets all counters for this polling instance Syntax active no active Mode Ping Polling Configuration Examples To activate the ping poll instance 43 use the commands awplus configure terminal awplus c...

Page 1840: ... with the critical interval command The device status changes to reachable once the device responses have reached the up count Syntax clear ping poll 1 100 all Mode Privileged Exec Examples To reset the ping poll instance 12 use the command awplus clear ping poll 12 To reset all ping poll instances use the command awplus clear ping poll all Related Commands active ping polling ping poll show ping ...

Page 1841: ...tical interval to the default of one second Syntax critical interval 1 65536 no critical interval Default The default is 1 second Mode Ping Polling Configuration Examples To set the critical interval to 2 seconds for the ping polling instance 99 use the commands awplus configure terminal awplus config ping poll 99 awplus config ping poll critical interval 2 To reset the critical interval to the de...

Page 1842: ... disables ping poll debugging for the specified ping poll Syntax debug ping poll 1 100 no debug ping poll 1 100 all Mode Privileged Exec Examples To enable debugging for ping poll instance 88 use the command awplus debug ping poll 88 To disable all ping poll debugging use the command awplus no debug ping poll all To disable debugging for ping poll instance 88 use the command awplus no debug ping p...

Page 1843: ... variant of this command to delete the description set Syntax description description no description Mode Ping Polling Configuration Examples To add the text Primary Gateway to describe the ping poll instance 45 use the commands awplus configure terminal awplus config ping poll 45 awplus config ping poll description Primary Gateway To delete the description set for the ping poll instance 45 use th...

Page 1844: ...ngs may be declared unreachable The no variant of this command resets the fail count to the default Syntax fail count 1 100 no fail count Default The default is 5 Mode Ping Polling Configuration Examples To specify the number of pings that must fail within the sample size to determine that a device is unreachable for ping polling instance 45 use the commands awplus configure terminal awplus config...

Page 1845: ...mples To set ping poll instance 5 to poll the device with the IP address 192 168 0 1 use the commands awplus configure terminal awplus config ping poll 5 awplus config ping poll ip 192 168 0 1 To set ping poll instance 10 to poll the device with the IPv6 address 2001 db8 use the commands awplus configure terminal awplus config ping poll 10 awplus config ping poll ip 2001 db8 Related Commands ping ...

Page 1846: ...nreachable when the network is dropping packets of the size you are interested in The no variant of this command resets the data bytes to the default of 32 bytes Syntax length 4 1500 no length Default The default is 32 Mode Ping Polling Configuration Examples To specify that ping poll instance 12 sends ping packet with a data portion of 56 bytes use the commands awplus configure terminal awplus co...

Page 1847: ... is 30 seconds Mode Ping Polling Configuration Examples To specify a time period of 60 seconds between pings when the device is reachable for ping poll instance 45 use the commands awplus configure terminal awplus config ping poll 45 awplus config ping poll normal interval 60 To reset the interval to the default of 30 seconds for ping poll instance 45 use the commands awplus configure terminal awp...

Page 1848: ...d to specify the device you want the polling instance to poll It is not necessary to specify any further commands unless you want to change a command s default The no variant of this command deletes the specified ping poll Syntax ping poll 1 100 no ping poll 1 100 Mode Global Configuration Examples To create ping poll instance 3 and enter ping poll configuration mode use the commands awplus config...

Page 1849: ... fail count command a device that does not always reply to pings may be declared unreachable You cannot set this command s value lower than the fail count value The polling instance uses the number of pings specified by the up count command to determine when a device is reachable The no variant of this command resets this command to the default Syntax sample size 1 100 no sample size Default The d...

Page 1850: ...igh Power Video Surveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x PING POLLING COMMANDS SAMPLE SIZE Related Commands critical interval fail count normal interval ping poll show ping poll timeout ping polling up count ...

Page 1851: ...ANDS SHOW COUNTER PING POLL show counter ping poll Overview This command displays the counters for ping polling Syntax show counter ping poll 1 100 Mode User Exec and Privileged Exec Parameter Description 1 100 A unique ping poll ID number This displays the counters for the specified ping poll only If you do not specify a ping poll then this command displays counters for all ping polls ...

Page 1852: ...PingsFailedDownState 2 ErrorSendingPing 2 CurrentUpCount 9 CurrentFailCount 0 UpStateEntered 0 DownStateEntered 0 Table 46 2 Parameters in output of the show counter ping poll command Parameter Description Ping poll The ID number of the polling instance PingsSent The total number of pings generated by the polling instance PingsFailedUpState The number of unanswered pings while the target device is...

Page 1853: ...ces use the command awplus show counter ping poll Related Commands debug ping poll ping poll show ping poll CurrentFailCount The number of ping requests that have not received a ping reply in the current sample size window UpStateEntered Number of times the target device has entered the Up state DownStateEntered Number of times the target device has entered the Down state Table 46 2 Parameters in ...

Page 1854: ...pecified polling instance state Displays polling instances based on whether the device they are polling is currently reachable or unreachable up Displays polling instance where the device state is reachable down Displays polling instances where the device state is unreachable brief Displays a summary of the state of ping polls and the devices they are polling Ping Poll Configuration Id Enabled Sta...

Page 1855: ...he device is unreachable Critical Up The device is reachable but recently the polling instance has not received some ping replies so the polled device may be going down Critical Down The device is unreachable but the polling instance received a reply to the last ping packet so the polled device may be coming back up Destinatio n The IP address of the polled device set with the ip ping polling comm...

Page 1856: ...erval 1 Normal interval 30 Fail count 10 Up count 5 Sample size 50 Length 32 Timeout 1 Debugging Enabled Poll 2 Description Secondary Gateway Destination IP address 192 168 0 100 Status Up Enabled Yes Source IP address Default Critical interval 5 Normal interval 60 Fail count 20 Up count 30 Sample size 100 Length 56 Timeout 2 Debugging Enabled Table 46 4 Parameters in output of the show ping poll ...

Page 1857: ...unreachable This is set with the critical interval command Normal interval The time period between pings when the device is reachable This is set with the normal interval command Fail count The number of pings that must be unanswered within the total number of pings specified by the sample size command for the polling instance to consider the device unreachable This is set using the fail count com...

Page 1858: ...a summary of the ping poll settings use the command awplus show ping poll brief To display the settings for ping poll 6 use the command awplus show ping poll 6 To display a summary of the state of ping poll 6 use the command awplus show ping poll 6 brief To display the settings of ping polls that have reachable devices use the command awplus show ping poll state up To display a summary of ping pol...

Page 1859: ...ode Ping Polling Configuration Examples To configure the ping polling instance 43 to use the source IP address 192 168 0 1 in ping packets use the commands awplus configure terminal awplus config ping poll 43 awplus config ping poll source ip 192 168 0 1 To configure the ping polling instance 43 to use the source IPv6 address 2001 db8 in ping packets use the commands awplus configure terminal awpl...

Page 1860: ... default of one second Syntax timeout 1 30 no timeout Default The default is 1 second Mode Ping Polling Configuration Examples To specify the timeout as 5 seconds for ping poll instance 43 use the commands awplus configure terminal awplus config ping poll 43 awplus config ping poll timeout 5 To reset the timeout to its default of 1 second for ping poll instance 43 use the commands awplus configure...

Page 1861: ... Default The default is 30 Mode Ping Polling Configuration Examples To set the upcount to 5 consecutive pings for ping polling instance 45 use the commands awplus configure terminal awplus config ping poll 45 awplus config ping poll up count 5 To reset the upcount to the default value of 30 consecutive pings for ping polling instance 45 use the commands awplus configure terminal awplus config ping...

Page 1862: ...ity High Power Video Surveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x PING POLLING COMMANDS UNDEBUG PING POLL undebug ping poll Overview This command applies the functionality of the no debug ping poll command ...

Page 1863: ...ds Command List debug sflow on page 1835 debug sflow agent on page 1836 sflow agent address on page 1837 sflow collector address on page 1839 sflow collector max datagram size on page 1841 sflow enable on page 1842 sflow max header size on page 1843 sflow polling interval on page 1845 sflow sampling rate on page 1846 show debugging sflow on page 1847 show running config sflow on page 1849 show sfl...

Page 1864: ...g polling Default The sFlow sampling and or polling debug is disabled Mode Privileged Exec Examples To enable sFlow debug messagelogging for polling and sampling on port1 0 1 and port1 0 7 use the commands awplus debug sflow interface port1 0 1 port1 0 7 sampling polling To enable logging and polling of sFlow debug messages for polling and sampling on all ports use the command awplus debug sflow s...

Page 1865: ... logging that is not specific to particular ports For example sending an sFlow datagram to the collector The no variant of this command applies the command default Syntax debug sflow agent no debug sflow agent Default The sFlow agent debug message logging that is not port specific is disabled Mode Privileged Exec Example To enable logging of sFlow agent debug messages use the following command awp...

Page 1866: ...itch irrespective of the addition or deletion of VLAN interfaces each of which will have its own specific IP address Note that sFlow is rendered inactive whenever the agent address is not set The no variant of this command applies its default setting to remove a configured address Syntax sflow agent ip ip address ipv6 ipv6 address no sflow agent ip ipv6 Default The sFlow agent address is unset Mod...

Page 1867: ...T IX5 28GPX High Availability High Power Video Surveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x SFLOW COMMANDS SFLOW AGENT ADDRESS Related Commands show running config sflow show sflow ...

Page 1868: ...ss ipv6 ipv6 address port 1 65535 no sflow collector ip ipv6 port Default The collector address is 0 0 0 0 which renders sFlow inactive and the UDP port is 6343 Mode Global Configuration Examples To set the sFlow collector address to 1920 2 25 and UDP port to 9000 use the command awplus configure terminal awplus config sflow collector ip 192 0 2 25 port 9000 To remove the sFlow collector IPv4 addr...

Page 1869: ... UDP port unchanged use the command awplus configure terminal awplus config sflow collector ipv6 2001 0db8 1 To remove the sFlow collector IPv6 address and leave the UDP port unchanged use the command awplus configure terminal awplus config no sflow collector ipv6 To remove the sFlow collector IPv6 address and to remove the UDP port use the command awplus configure terminal awplus config no sflow ...

Page 1870: ... The no variant of this command resets the maximum datagram size to the default Syntax sflow collector max datagram size 200 1500 no sflow collector max datagram size Default 1400 bytes Mode Global Configuration Example To set the maximum datagram size to 1200 use the command awplus configure terminal awplus config sflow collector max datagram size 1200 Related Commands show running config sflow s...

Page 1871: ...ot automatically set its operational status to active To activate sFlow the following conditions need to be met sFlow is enabled The sFlow agent address is set The sFlow collector address is set to a valid non zero IPv4 or IPv6 address Polling or sampling is enabled on the ports to be sampled or polled Syntax sflow enable no sflow enable Default sFlow is disabled globally on the switch Mode Global...

Page 1872: ...The max header size is 128 bytes Mode Interface Configuration Usage The header size is measured from the first byte of the Ethernet frame MAC Destination Address For an environment using standard TCP IPv4 over Ethernet frames consider the following basic protocol structure Ethernet header including the 4 byte 802 1Q header component 18 bytes IPv4 header 24 bytes TCP header 24 bytes Total 66 bytes ...

Page 1873: ...h the default of 128 applied up to 128 82 46 bytes of user data could be included in the sFlow datagram samples sent between the Agent and the Collector Note that the agent to collector datagrams contain their own UDP headers which are outside this calculation Example To set the maximum header size to 160 bytes for ports 1 0 1 and 1 0 7 use the commands awplus configure terminal awplus config inte...

Page 1874: ... is the value set by this command The no variant of this command applies the default Syntax sflow polling interval 0 1 16777215 no sflow polling interval Default The polling interval is 0 polling disabled Mode Interface Configuration Example To set the polling interval to 60 seconds for ports 1 0 1 and 1 0 7 use the following commands awplus configure terminal awplus config interface port1 0 1 por...

Page 1875: ...ne frame in every 1000 frames received i e one in every 1000 frames sent from the specified port A value of 0 disables sampling on the specified port s The no variant of this command applies the default Syntax sflow sampling rate 0 256 16777215 no sflow sampling rate Default The sampling rate is 0 sampling disabled Mode Interface Configuration Example To set the sampling rate to 500 for ports 1 0 ...

Page 1876: ...ts 1 0 1 to 1 0 9 use the command awplus show debugging sflow interface port1 0 1 1 0 9 Output Figure 47 1 Sample obtained for an sFlow agent To display sFlow debug settings for all ports use the command awplus show debugging sflow Parameter Description interface The interface information port list The ports for which the sFlow debug settings are to be shown The ports to display information about ...

Page 1877: ...28GPX High Availability High Power Video Surveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x SFLOW COMMANDS SHOW DEBUGGING SFLOW Related Commands show running config sflow show sflow interface ...

Page 1878: ...to the sFlow feature Syntax show running config sflow Mode Privileged Exec and Global Configuration Example To display the sFlow running configuration information use the command awplus show running config sflow Output Figure 47 2 Example output from the show running config sflow command Related Commands show running config awplus sh run sflow sflow agent ip 192 0 2 33 sflow collector ip 192 0 2 6...

Page 1879: ...Collector Address 0 0 0 0 0 0 0 0 Collector UDP Port 6343 6343 Tx Max Datagram Size 1200 1400 sFlow Agent Status Polling sampling Tx Inactive because sFlow is disabled Agent Addr is not set Collector Addr is 0 0 0 0 Polling sampling disabled on all ports Table 47 2 Parameters in the output of the show sflow command Output Parameter Description sFlow Admin Status Whether sFlow agent operation is ad...

Page 1880: ... SFLOW Related Commands show running config sflow show sflow interface Tx Max Datagram Size The maximum size of the sFlow datagrams sent to the collector Polling sampling Tx Whether sFlow sampling and or polling and hence sFlow datagram transmission are active If inactive the reasons are listed Table 47 2 Parameters in the output of the show sflow command cont Output Parameter Description ...

Page 1881: ...V A AlliedWare Plus Operating System Version 5 4 5 0 x SFLOW COMMANDS SHOW SFLOW INTERFACE show sflow interface Overview This command displays sFlow agent sampling and polling configuration for specified ports Syntax show sflow interface ifrange Mode Privileged Exec Parameter Description ifrange The interface range ...

Page 1882: ...PX High Availability High Power Video Surveillance PoE Switch 1853 AlliedWare Plus Operating System Version 5 4 5 0 x SFLOW COMMANDS UNDEBUG SFLOW undebug sflow Overview This command applies the functionality of the no variant of the debug sflow command ...

Page 1883: ...ocator Commands Introduction Overview This chapter provides an alphabetical reference of commands used to test copper cables For more information on running the CFL see the Cable Fault Locator Feature Overview and Configuration Guide Command List clear test cable diagnostics tdr on page 1855 show test cable diagnostics tdr on page 1856 test cable diagnostics tdr interface on page 1857 ...

Page 1884: ... x CABLE FAULT LOCATOR COMMANDS CLEAR TEST CABLE DIAGNOSTICS TDR clear test cable diagnostics tdr Overview This command clears the results of the last cable test that was run Syntax clear test cable diagnostics tdr Mode Privileged Exec Examples To clear the results of a previous cable diagnostics test use the following commands awplus clear test cable diagnostics tdr ...

Page 1885: ...cable diagnostics test that was run using the TDR Time Domain Reflectometry on a fixed copper cable port The displayed status of the cable can be either OK Open Short within pair Short across pair Error Syntax show test cable diagnostics tdr Mode Privileged Exec Examples To show the results of a cable diagnostics test use the following command awplus show test cable diagnostics tdr Output Figure 4...

Page 1886: ... in progress CFL cannot run on a port that is currently supplying power via PoE The displayed status of the cable can be either OK Short within pair or Open The Open or Short status is accompanied with the distance from the source port to the incorrect termination Syntax test cable diagnostics tdr interface interface Example To run a cable test on the cable inserted into port 1 0 1 use the followi...

Page 1887: ...pe stack disabled master command type stack master fail command type stack member command type stack link command In addition to the stacking commands shown in this chapter stacking content also exists in the following commands hostname command reboot command reload command show cpu command show cpu history command show exception log command show file systems command show memory command show memor...

Page 1888: ...ng config stack on page 1872 show provisioning stack on page 1873 show stack on page 1874 show stack resiliencylink on page 1880 stack disabled master monitoring on page 1882 stack enable on page 1883 stack management subnet on page 1885 stack management vlan on page 1886 stack priority on page 1887 stack renumber on page 1888 stack renumber cascade on page 1889 stack resiliencylink on page 1891 s...

Page 1889: ...liedWare Plus Operating System Version 5 4 5 0 x STACKING COMMANDS CLEAR COUNTER STACK clear counter stack Overview This command clears all stack counters for all stack members Syntax clear counter stack Mode Privileged Exec Example To clear all stack counters awplus clear counter stack Related Commands show counter stack ...

Page 1890: ... displayed including link events topology discovery messages and all notable stacking events If link parameter is specified only the link events debugging information will be displayed Examples To enable debugging enter the following command on the stack master awplus debug stack To enable link debugging enter the following command on the stack master awplus debug stack link To enable topology dis...

Page 1891: ...ng Mode Privileged Exec Usage If you are upgrading to a new software version the new version must also support rollling reboot NOTE When stacking is used with EPSR the EPSR failovertime must be set to at least 5 seconds to avoid any broadcast storms during failover Broadcast storms may occur if the switch cannot failover quickly enough before the EPSR failovertime expires For further information a...

Page 1892: ...5 28GPX High Availability High Power Video Surveillance PoE Switch 1863 AlliedWare Plus Operating System Version 5 4 5 0 x STACKING COMMANDS RELOAD ROLLING reload rolling Overview This command performs the same function as the reboot rolling command ...

Page 1893: ...lance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x STACKING COMMANDS REMOTE COMMAND DELETED remote command deleted Overview This command has been deleted Instead please use the remote login command and then run the command you need to run remotely ...

Page 1894: ...aster Configuration commands are still applied to all stack members but show commands and commands that access the file system are executed locally The specific output obtained will vary greatly depending on the show command chosen Syntax remote login stack ID Mode Privileged Exec Usage Note that some commands such as ping or telnet are not available when the remote login is used Example To log on...

Page 1895: ...tem Version 5 4 5 0 x STACKING COMMANDS SHOW COUNTER STACK show counter stack Overview Use this command to display stack related counter information Syntax show counter stack Default All counters are reset when the stack member is rebooted Mode User Exec and Privileged Exec Usage This displays the stacking counter information for every stack member ...

Page 1896: ...e 49 1 Example output from the show counter stack command Virtual Chassis Stacking counters Stack member 1 Topology Event counters Units joined 1 Units left 0 Links up 1 Links down 0 ID conflict 0 Master conflict 0 Master failover 0 Master elected 1 Master discovered 0 SW autoupgrades 0 Stack Port 1 Topology Event counters Link up 3 Link down 2 Nbr re init 0 Nbr incompatible 0 Nbr 2way comms 1 Nbr...

Page 1897: ...unters Version unsupported 0 Product unsupported 0 XEM unsupported 0 Too many units 0 Invalid messages 0 Resiliency Link counters Health status good 1 Health status bad 0 Tx 0 Tx Error 0 Rx 3600 Rx Error 0 Stack member 2 Output repeated for other stack members details not shown Table 49 2 Parameters in the output of the show counter stack command Parameters Description Topology Event Counters Unit...

Page 1898: ...ck link has come down Nbr re init Number of times that the neighbor is detected as having reinitialised Nbr incompatible Number of times that the neighbor is detected as incompatible Nbr 2way comms Number of times that the neighbor is in two way communication status Nbr full comms Number of times that the neighbor is in full communication status Topology message counters Total Total number of topo...

Page 1899: ...nsupported Number of XEM unsupported errors Too many units Number of too many units errors Invalid messages Number of invalid messages Health status good The number of times that the resiliency link has successfully carried healthchecks following a failure at startup Health status bad The number of times that the resiliency link healthcheck has timed out A timeout occurs when a backup stack member...

Page 1900: ... command shows which debugging modes are currently enabled for stacking Syntax show debugging stack Mode User Exec and Privileged Exec Example To display the stack debugging mode status use the command awplus show debugging stack Figure 49 1 Example output from the show debugging stack command Related Commands debug stack Virtual Chassis Stacking debugging status VCS link debugging is on VCS topol...

Page 1901: ...ion specific to the stack show running config stack Mode Privileged Exec and Global Configuration Example To display the stacking running configuration information use the command awplus show running config stack Output Figure 49 2 Example output from the show running config stack command Related Commands show running config awplus show running config stack stack virtual mac stack virtual chassis ...

Page 1902: ...ser Exec and Privileged Exec Example To show provisioning use the following command awplus show provisioning Output Figure 49 3 Example output from the show provisioning command Switch provisioning summary information ID Board class Status 1 0 IX5 28 Hardware present Table 49 3 Parameters in the output of the show provisioning command Parameter Description ID The unit bay location of the hardware ...

Page 1903: ...layed for each stack member By default only summary information is displayed Example To display summary information about the stack use the command awplus show stack Output Figure 49 4 Example output from the show stack command Parameter Description detail Display detailed stacking information Virtual Chassis Stacking summary information ID Pending ID MAC address Priority Status Role 1 0000 cd28 0...

Page 1904: ...mber s role in the stack this can be one of Active Master Disabled Master this is the temporary master when there is a communication break within the stack but communication still exists across the resiliency link In this state all switch ports within the stack are disabled by default but a different configuration can be run by a type stack disabled master trigger Backup Member a device other than...

Page 1905: ...e Active Master Priority 1 Host name awplus S W version auto synchronizaion On Resiliency link status Configured Stack port 1 0 27 status learned neighbor 2 Stack port 1 0 28 status learned neighbor 3 Stack member 2 ID 2 Pending ID MAC address 0000 cd29 716d Last role change Wed May 7 23 47 21 2013 Product type IX5 28GPX Role Backup Member Status Ready Priority 2 Host name awplus 2 S W version aut...

Page 1906: ... The Virtual Chassis ID determines the last 12 bits of the Virtual MAC address 0000 cd37 0xxx Virtual MAC Address The Virtual MAC address of the stack Disabled Master Monitoring The current Disabled Master Monitoring status This can be Enabled Disabled Inactive Operational Status The status of the stack This can be Normal operation If any other status is displayed it may warrant further investigat...

Page 1907: ...he highest priority Product Type Stack member product type For example IX5 28GPX Provisioned Indicates that the stack position is provisionally configured i e ready to accept a particular switch type into the stack Resiliency link status The current status of the resiliency link The status can be one of Not configured Master or Member Configured Master only Successful Successfully receiving health...

Page 1908: ...across the resiliency link In this state all switch ports within the stack are disabled by default but a different configuration can be run by a type stack disabled master trigger command Backup Member a device other than the stack master Discovering joining the stack Status Indicates how readily a stack member can take over as master if the current stack master were to fail Init the stack member ...

Page 1909: ...plus config show stack resiliencylink Stack member 1 Status Configured Interface vlan4093 Interface state UP Resiliency link port s port1 2 11 Stack member 2 Status Successful Interface vlan4093 Interface state UP Resiliency link port s port2 2 11 Table 49 6 Parameters in the output of the show stack resiliencylink command Parameter Description Status The current status of the stack member s resil...

Page 1910: ...MMANDS SHOW STACK RESILIENCYLINK Related Commands switch provision stack show stack stack resiliencylink switchport resiliencylink Interface state The current status of the interface Can be either up or down Resiliency link port s The switch port s the resiliency link is connected to Table 49 6 Parameters in the output of the show stack resiliencylink command Parameter Description ...

Page 1911: ...tack member becoming a disabled master which has the configuration as a normal stack master except that all its switchports are shutdown For more information about the disabled master state see the VCStack Feature Overview and Configuration Guide When the DMM feature is enabled the disabled master will continue to monitor the health of the original stack master over the stack resiliency link conne...

Page 1912: ... variant of this command will remove the selected stack member from the stack At this point the removed member will act as a stand alone master and will disable all of its ports The switch can then only be accessed via its console port Ifthe command is run on themaster then all current members of thestackwill be disabled To returnthe switch to stack membership first connect to theswitch viaits con...

Page 1913: ...illance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x STACKING COMMANDS STACK ENABLE Example To turn on stacking on a stackable stand alone unit use the command awplus configure terminal awplus config stack enable Related Commands reboot license ...

Page 1914: ...ports Although this command enables you to change the IP address command the subnet mask must always remain as shown The stack management IP subnet is solely used internally to the stacked devices and cannot be reached external to the stack You should only change the stack management VLAN subnet address if it causes a conflict within your network Note that several separate stacks can use the same ...

Page 1915: ...ly so that the stack VLAN cannot be used in the stack s VLAN configuration commands such asawplus config vlan vlan Stack management VLAN ID The management VLAN should only be changed if the default stack VLAN ID needs to be used in the stack s VLAN configuration If the management VLAN ID is changed by this command you can use the no variant of this command to change it back to default value CAUTIO...

Page 1916: ...to become the stack master Where two stack members both have the same lowest priority value then the stack member with the lowest MAC address will be elected as master NOTE Assigning a new priority value will not immediately change the current stack master In order to force a master re election after the new priority value is assigned use reboot stack member master s ID to reboot the current stack...

Page 1917: ...ied to the new stack member 2 The existing stack ID must already be assigned to an existing stack member To avoid duplicating IDs a warning message will appear if you assign a new stack ID that is currently assigned to another stack member However you can continue to renumber the stack IDs and remove ID duplications If you do not remove the duplications then one of the devices will be forced to au...

Page 1918: ...IDs are ordered sequentially This would normally be done either when the stack is initially configured or following a major reconfiguration The renumber will start on the specified stack member If that stack ID is not used by any of the existing stack member the command will be rejected The starting stack member will be renumbered with the new stack ID specified or the default of member ID of 1 Th...

Page 1919: ...PX High Availability High Power Video Surveillance PoE Switch C613 50057 01 REV A AlliedWare Plus Operating System Version 5 4 5 0 x STACKING COMMANDS STACK RENUMBER CASCADE Related Commands show stack switch provision stack stack renumber ...

Page 1920: ...the resiliency link is not configured and the master loses communication with its other stack member then the stack will assume the master is NOT present in the network which could cause network conflicts if the master is still online Note that this is different to stacking operation in releases prior to version 5 3 1 Reply healthcheck messages are received if the master is still online but the st...

Page 1921: ...g of releases prior to version 5 3 1 Example To set the resiliency link to be VLAN 4093 First use the stack resiliencylink command to create the resiliency vlan 4093 awplus configure terminal awplus config stack resiliencylink vlan4093 Next use the switchport resiliencylink command to assign the resiliencylink vlan to the interface port in this case port1 0 1 awplus configure terminal awplus confi...

Page 1922: ... Note that if a device attempts to join a stack but is running a software release that is different to the other stack members the software version auto synchronization feature will copy the master s software release onto the new member If the software version auto synchronization feature is not enabled then the device will be unable to join the stack Note that the software version auto synchroniz...

Page 1923: ...onfiguration Usage The virtual chassis id entered will form the last 12 bits of a pre selected MAC prefix component that is 0000 cd37 0xxx If you enable the stack virtual MAC address feature by using the stack virtual mac command without using the stack virtual chassis id command to select the virtual chassis id then the stack will select a virtual chassis id from a number within the assigned rang...

Page 1924: ...ting of the command stack virtual chassis id command CAUTION Stack operation is only supported ifstack virtual macis enabled Before enabling the virtual MAC address feature you should check that the stack s virtual chassis id is not already used by another stack in the network Otherwise the duplicate MAC addresses will cause problems for the network traffic Syntax stack virtual mac no stack virtua...

Page 1925: ...d be numbered 1 to 4 and so the command could be run to provision any stack member within this range and we advise this procedure In effect the syntax then becomes switch 1 4 provision reprovision IX5 28 However you could number the stack units with any numbers between 1 and 8 For example you could number your four stack members 1 2 7 and 8 In this case you could provision any of the stack members...

Page 1926: ...es the switchport from the resiliency link VLAN Syntax switchport resiliencylink no switchport resiliencylink Mode Interface Configuration Usage Note that a resiliency link cannot be part of a static or dynamic aggregator group Examples To set the resiliency link to be VLAN 4093 First use the stack resiliencylink command to create the resiliency link vlan vlan4093 awplus configure terminal awplus ...

Page 1927: ...tion Examples To add a stack local VLAN with the VID of 4002 and assign it to stack member 2 use the following commands awplus configure terminal awplus config vlan database awplus config vlan vlan 4002 mode stack local vlan 2 To remove VLAN 4002 use the following commands awplus configure terminal awplus config vlan database awplus config vlan no vlan 4002 Related Commands mtu vlan database Param...

Page 1928: ...X5 28GPX High Availability High Power Video Surveillance PoE Switch 1899 AlliedWare Plus Operating System Version 5 4 5 0 x STACKING COMMANDS UNDEBUG STACK undebug stack Overview This command applies the functionality of the no debug stack command ...

Reviews:

No comments

Related manuals for AT-IX5-28GPX

Brand: La Toulousaine Pages: 6

Brand: Hama Pages: 5

SuperStack 3 4900

Brand: 3Com Pages: 2

Brand: Dataprobe Pages: 21

Brand: Xantech Pages: 4

Brand: FCI Pages: 12

Brand: Tenda Pages: 177

Brand: W Box Technologies Pages: 10

Brand: LEGRAND Pages: 197

Brand: Valcom Pages: 1

Smatrix Wave Plus Uahome Module R-167

Brand: Uponor Pages: 48

Extricom AT-EXLS-3000

Brand: Allied Telesis Pages: 120

Smart MatriX LE

Brand: Analog way Pages: 56

Brand: IMI SENSORS Pages: 41

Brand: GarrettCom Pages: 42

Brand: Bryston Pages: 8

Brand: N-audio Pages: 8

Brand: Aaeon Pages: 76

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands