manualshive.com logo in svg

Allied Telesis AT-x510-28GPX, Command Reference Manual

Product Information: The Allied Telesis AT-x510-28GPX is a high-performance switch that offers advanced features for enhanced network connectivity. You can easily access the user manual, available for free download on our website, to explore its comprehensive functionality and unleash its full potential. Visit manualshive.com for quick and hassle-free downloads.

Share
Download
background image

C613-50102-01 REV C

Command Reference for x510 Series

1407

AlliedWare Plus™ Operating System - Version 5.4.6-1.x

IP

V

4 H

ARDWARE

 A

CCESS

 C

ONTROL

 L

IST

 (ACL) C

OMMANDS

(

ACCESS

-

LIST

 

HARDWARE

 IP 

PROTOCOL

 

FILTER

)

Mode

IPv4 Hardware ACL Configuration

Default

Any traffic on an interface controlled by a hardware ACL that does not explicitly 
match a filter is permitted.

Usage

First create a named hardware access-list that applies the appropriate permit/deny 
requirements. Then use the 

access-group 

command to apply this access-list to a 

specific port or range. Note that this command will apply the access-list only to 

incoming

 data packets.

An ACL can be configured with multiple ACL filters using sequence numbers. If the 
sequence number is omitted, the next available multiple of 10 will be used as the 
sequence number for the new filter. A new ACL filter can be inserted into the 
middle of an existing list by specifying the appropriate sequence number.

NOTE

The access control list being configured is selected by running the 

access-list 

hardware (named) 

command. with the required access control list number, or name, 

but with no further parameters selected.

Hardware ACLs will 

permit

 access unless 

explicitly denied

 by an ACL action.

54

NARP (NBMA Address Resolution Protocol) [RFC1735]

58

ICMP for IPv6 [RFC1883]

59

No Next Header for IPv6 [RFC1883]

60

Destination Options for IPv6 [RFC1883]

88

EIGRP (Enhanced Interior Gateway Routing Protocol)

89

OSPFIGP [RFC1583]

97

Ethernet-within-IP Encapsulation / RFC3378

98

Encapsulation Header / RFC1241

108

IP Payload Compression Protocol / RFC2393

112

Virtual Router Redundancy Protocol / RFC3768

134

RSVP-E2E-IGNORE / RFC3175

135

Mobility Header / RFC3775

136

UDPLite / RFC3828

137

MPLS-in-IP / RFC4023

138

MANET Protocols / RFC-ietf-manet-iana-07.txt

139-252

Unassigned / IANA

253

Use for experimentation and testing / RFC3692

254

Use for experimentation and testing / RFC3692

255

Reserved / IANA

Table 35-2:  IP protocol number and description (cont.)

Protocol Number

Protocol Description [RFC]

Summary of Contents for AT-x510-28GPX

Page 1: ...BIT EDGE SWITCHES Command Reference for AlliedWare Plus Version 5 4 6 1 x AT x510 28GTX AT x510 28GPX AT x510 52GTX AT x510 52GPX AT x510 28GSX AT x510 28GSX 80 AT x510DP 28GTX AT x510DP 52GTX AT x510L 28GT AT x510L 28GP AT x510L 52GT AT x510L 52GP ...

Page 2: ...ver production and shipping costs and a CD with the GPL code will be mailed to you GPL Code Request Allied Telesis Labs Ltd PO Box 8011 Christchurch New Zealand Allied Telesis AlliedWare Plus Allied Telesis Management Framework EPSRing SwitchBlade VCStack and VCStack Plus are trademarks or registered trademarks in the United States and elsewhere of Allied Telesis Inc Microsoft and Internet Explore...

Page 3: ...le Privileged Exec mode 94 end 96 exit 97 help 98 logout 99 show history 100 Chapter 2 File and Configuration Management Commands 101 Introduction 101 autoboot enable 105 boot config file 106 boot config file backup 108 boot system 109 boot system backup 111 cd 112 copy filename 113 copy current software 115 copy debug 116 copy running config 117 copy startup config 118 copy zmodem 119 create auto...

Page 4: ...nsole 155 clear line vty 156 enable password 157 enable secret 160 exec timeout 163 flowcontrol hardware asyn console 165 length asyn 167 line 168 privilege level 170 security password history 171 security password forced change 172 security password lifetime 173 security password minimum categories 174 security password minimum length 175 security password reject expired pwd 176 security password...

Page 5: ...1 log event host 213 service http 214 show http 215 Chapter 7 System Configuration and Monitoring Commands 216 Introduction 216 banner exec 218 banner login system 220 banner motd 222 clock set 224 clock summer time date 225 clock summer time recurring 227 clock timezone 229 continuous reboot prevention 230 ecofriendly led 232 ecofriendly lpi 233 findme 235 findme trigger 237 hostname 238 max fib ...

Page 6: ...288 debug fiber monitoring 289 fiber monitoring action 291 fiber monitoring baseline 292 fiber monitoring enable 294 fiber monitoring interval 295 fiber monitoring sensitivity 296 show system fiber monitoring 298 show system pluggable 301 show system pluggable detail 303 show system pluggable diagnostics 306 show test cable diagnostics tdr 308 test cable diagnostics tdr interface 309 Chapter 9 Log...

Page 7: ...g trustpoint 375 show counter log 376 show exception log 377 show log 378 show log config 380 show log permanent 382 show running config log 384 Chapter 10 Scripting Commands 385 Introduction 385 activate 386 echo 387 wait 388 Chapter 11 Interface Commands 389 Introduction 389 description interface 390 interface to configure 391 mru 393 mtu 395 show interface 397 show interface brief 400 show inte...

Page 8: ...op detect 444 loop protection action 445 loop protection action delay time 446 loop protection timeout 447 mac address table acquire 448 mac address table ageing time 449 mac address table logging 450 mac address table static 451 mac address table thrash limit 452 platform hwfilter size 453 platform load balancing 454 platform stop unreg mc flooding 456 platform vlan stacking tpid 458 polarity 459...

Page 9: ...classifier rule 505 show vlan private vlan 506 show vlan statistics 507 switchport access vlan 508 switchport enable vlan 509 switchport mode access 510 switchport mode private vlan 511 switchport mode private vlan trunk promiscuous 512 switchport mode private vlan trunk secondary 514 switchport mode trunk 516 switchport private vlan host association 517 switchport private vlan mapping 518 switchp...

Page 10: ...e vlan range index 580 spanning tree autoedge RSTP and MSTP 581 spanning tree bpdu 582 spanning tree cisco interoperability MSTP 584 spanning tree edgeport RSTP and MSTP 585 spanning tree enable 586 spanning tree errdisable timeout enable 588 spanning tree errdisable timeout interval 589 spanning tree force version 590 spanning tree forward time 591 spanning tree guard root 592 spanning tree hello...

Page 11: ...static channel group 641 static channel group 642 undebug lacp 644 Chapter 18 Power over Ethernet Commands 645 Introduction 645 clear power inline counters interface 647 debug power inline 648 power inline allow legacy 650 power inline description 651 power inline enable 652 power inline max 653 power inline priority 655 power inline usage threshold 657 service power inline 658 show debugging powe...

Page 12: ...p 706 ip gratuitous arp link 708 ip helper address 710 ip limited local proxy arp 712 ip local proxy arp 713 ip proxy arp 714 ip redirects 715 local proxy arp 716 ip unreachables 717 optimistic nd 719 ping 720 show arp 721 show debugging ip packet 723 show ip interface 725 show ip sockets 726 show ip traffic 729 tcpdump 735 traceroute 736 undebug ip packet interface 737 Chapter 21 Domain Name Serv...

Page 13: ...nfig flag 772 ipv6 nd minimum ra interval 773 ipv6 nd other config flag 774 ipv6 nd prefix 775 ipv6 nd ra interval 777 ipv6 nd ra lifetime 778 ipv6 nd raguard 779 ipv6 nd reachable time 781 ipv6 nd retransmission time 782 ipv6 nd suppress ra 783 ipv6 neighbor 784 ipv6 opportunistic nd 785 ipv6 route 786 ipv6 unreachables 787 ping ipv6 788 show ipv6 forwarding 789 show ipv6 interface brief 790 show...

Page 14: ... packet 835 ip rip send version 836 ip rip send version 1 compatible 838 ip rip split horizon 840 key 841 key chain 842 key string 843 maximum prefix 844 neighbor RIP 845 network RIP 846 offset list RIP 847 passive interface RIP 848 recv buffer size RIP 849 redistribute RIP 850 restart rip graceful 851 rip restart grace period 852 route RIP 853 router rip 854 send lifetime 855 show debugging rip 8...

Page 15: ...rip 890 Chapter 26 OSPF Commands 891 Introduction 891 area default cost 894 area authentication 895 area filter list 896 area nssa 897 area range 899 area stub 901 area virtual link 902 auto cost reference bandwidth 905 bandwidth 907 capability opaque 908 capability restart 909 clear ip ospf process 910 compatible rfc1583 911 debug ospf events 912 debug ospf ifsm 913 debug ospf lsa 914 debug ospf ...

Page 16: ... router ospf 959 router id 960 show debugging ospf 961 show ip ospf 962 show ip ospf border routers 965 show ip ospf database 966 show ip ospf database asbr summary 968 show ip ospf database external 969 show ip ospf database network 971 show ip ospf database nssa external 972 show ip ospf database opaque area 974 show ip ospf database opaque as 975 show ip ospf database opaque link 976 show ip os...

Page 17: ...bute list IPv6 OSPF 1031 ipv6 ospf authentication spi 1033 ipv6 ospf cost 1035 ipv6 ospf dead interval 1036 ipv6 ospf display route single line 1037 ipv6 ospf encryption spi esp 1038 ipv6 ospf hello interval 1041 ipv6 ospf neighbor 1042 ipv6 ospf network 1044 ipv6 ospf priority 1045 ipv6 ospf retransmit interval 1046 ipv6 ospf transmit delay 1047 ipv6 router ospf area 1048 max concurrent dd IPv6 O...

Page 18: ... address 1099 match metric 1100 match route type 1101 match tag 1102 route map 1103 set ip next hop route map 1105 set metric 1106 set metric type 1108 set tag 1109 show route map 1110 PART 4 Multicast Applications 1111 Chapter 29 IGMP and IGMP Snooping Commands 1112 Introduction 1112 clear ip igmp 1114 clear ip igmp group 1115 clear ip igmp interface 1116 debug igmp 1117 ip igmp 1118 ip igmp acce...

Page 19: ...xy 1163 show ip igmp snooping mrouter 1164 show ip igmp snooping routermode 1165 show ip igmp snooping statistics 1166 undebug igmp 1168 Chapter 30 MLD and MLD Snooping Commands 1169 Introduction 1169 clear ipv6 mld 1171 clear ipv6 mld group 1172 clear ipv6 mld interface 1173 debug mld 1174 ipv6 mld 1177 ipv6 mld access group 1178 ipv6 mld immediate leave 1179 ipv6 mld last member query count 1180...

Page 20: ...e 1225 ipv6 multicast route limit 1228 ipv6 multicast routing 1229 multicast 1230 show ip mroute 1231 show ip mvif 1233 show ip rpf 1234 show ipv6 mroute 1235 show ipv6 multicast forwarding 1237 show ipv6 mif 1238 Chapter 32 PIM SM Commands 1239 Introduction 1239 clear ip pim sparse mode bsr rp set 1241 clear ip mroute pim sparse mode 1242 debug pim sparse mode 1243 debug pim sparse mode timer 124...

Page 21: ...ow ip pim sparse mode rp hash 1287 show ip pim sparse mode rp mapping 1288 undebug all pim sparse mode 1289 Chapter 33 PIM SMv6 Commands 1290 Introduction 1290 clear ipv6 mroute pim 1293 clear ipv6 mroute pim sparse mode 1294 clear ipv6 pim sparse mode bsr rp set 1295 debug ipv6 pim sparse mode 1296 debug ipv6 pim sparse mode packet 1298 debug ipv6 pim sparse mode timer 1299 ipv6 pim accept regist...

Page 22: ...se mode rp nexthop 1347 undebug all ipv6 pim sparse mode 1349 undebug ipv6 pim sparse mode 1350 Chapter 34 PIM DM Commands 1352 Introduction 1352 debug pim dense mode all 1354 debug pim dense mode context 1355 debug pim dense mode decode 1356 debug pim dense mode encode 1357 debug pim dense mode fsm 1358 debug pim dense mode mrt 1359 debug pim dense mode nexthop 1360 debug pim dense mode nsm 1361 ...

Page 23: ...1432 access list extended IP filter 1434 access list extended IP protocol filter 1437 access list extended TCP UDP filter 1441 access list standard named 1444 access list standard numbered 1446 access list standard named filter 1448 access list standard numbered filter 1450 clear ip prefix list 1452 dos 1453 ip prefix list 1456 maximum access list 1458 show access list IPv4 Software ACLs 1459 show...

Page 24: ...atch cos 1524 match dscp 1525 match eth format protocol 1526 match inner cos 1529 match inner vlan 1530 match ip precedence 1531 match mac type 1532 match tcp flags 1533 match vlan 1534 mls qos cos 1535 mls qos enable 1536 mls qos map cos queue to 1537 mls qos map premark dscp to 1538 no police 1540 police single rate action 1541 police twin rate action 1543 policy map 1545 priority queue 1546 rem...

Page 25: ... control 1594 dot1x timeout tx period 1596 show debugging dot1x 1598 show dot1x 1599 show dot1x diagnostics 1602 show dot1x interface 1604 show dot1x sessionstatistics 1609 show dot1x statistics interface 1610 show dot1x supplicant 1611 show dot1x supplicant interface 1613 undebug dot1x 1616 Chapter 41 Authentication Commands 1617 Introduction 1617 auth auth fail vlan 1620 auth critical 1622 auth ...

Page 26: ...b server page language 1687 auth web server login url 1688 auth web server page logo 1689 auth web server page sub title 1690 auth web server page success message 1691 auth web server page title 1692 auth web server page welcome message 1693 auth web server ping poll enable 1694 auth web server ping poll failcount 1695 auth web server ping poll interval 1696 auth web server ping poll reauth timer ...

Page 27: ...cacs 1750 aaa authentication enable default local 1752 aaa authentication login 1753 aaa group server 1755 aaa local authentication attempts lockout time 1757 aaa local authentication attempts max fail 1758 aaa login fail delay 1759 accounting login 1760 clear aaa local user lockout 1761 debug aaa 1762 login authentication 1763 proxy port 1764 radius secure proxy aaa 1765 server radsecproxy aaa 17...

Page 28: ...local user 1816 crypto pki export local pem 1817 crypto pki export local pkcs12 1818 crypto pki trustpoint local 1819 debug crypto pki 1820 domain style 1821 egress vlan id 1822 egress vlan name 1824 group 1826 nas 1827 radius secure proxy local server 1828 radius server local 1829 server auth port 1830 server enable 1831 show crypto pki certificates 1832 show crypto pki certificates local radius ...

Page 29: ...mands 1879 Introduction 1879 arp security 1881 arp security violation 1882 clear arp security statistics 1884 clear ip dhcp snooping binding 1885 clear ip dhcp snooping statistics 1886 debug arp security 1887 debug ip dhcp snooping 1888 ip dhcp snooping 1889 ip dhcp snooping agent option 1890 ip dhcp snooping agent option allow untrusted 1891 ip dhcp snooping agent option circuit id vlantriplet 18...

Page 30: ...k Availability 1944 Chapter 49 Virtual Chassis Stacking VCStack Commands 1945 Introduction 1945 clear counter stack 1947 debug stack 1948 mac address table vcs sync mode 1949 reboot rolling 1950 reload rolling 1951 remote command deleted 1952 remote login 1953 show counter stack 1954 show debugging stack 1958 show running config stack 1959 show provisioning stack 1960 show stack 1961 show stack de...

Page 31: ...ounters 2012 show vrrp ipv6 2015 show vrrp session 2016 transition mode 2018 undebug vrrp 2020 undebug vrrp events 2021 undebug vrrp packet 2022 virtual ip 2023 virtual ipv6 2025 vrrp vmac 2027 Chapter 51 Ethernet Protection Switched Ring EPSRing Commands 2028 Introduction 2028 debug epsr 2030 epsr 2031 epsr configuration 2033 epsr datavlan 2034 epsr enhancedrecovery enable 2035 epsr mode master c...

Page 32: ...dancy enable 2077 atmf backup server 2078 atmf backup stop 2080 atmf backup synchronize 2081 atmf cleanup 2082 atmf controller 2083 atmf distribute firmware 2084 atmf domain vlan 2086 atmf enable 2088 atmf group membership 2089 atmf guest class 2091 atmf log verbose 2093 atmf management subnet 2094 atmf management vlan 2096 atmf master 2097 atmf mtu 2098 atmf network name 2099 atmf provision 2100 ...

Page 33: ...show atmf links 2171 show atmf links detail 2173 show atmf links guest 2182 show atmf links statistics 2185 show atmf memory deprecated 2188 show atmf nodes 2189 show atmf provision nodes 2191 show atmf tech 2192 show atmf virtual links 2195 show atmf working set 2197 show debugging atmf 2198 show debugging atmf packet 2199 show running config atmf 2200 switchport atmf agentlink 2201 switchport at...

Page 34: ...server 2254 show counter dhcp client 2255 show counter dhcp relay 2256 show counter dhcp server 2259 show dhcp lease 2261 show ip dhcp binding 2263 show ip dhcp pool 2265 show ip dhcp relay 2269 show ip dhcp server statistics 2270 show ip dhcp server summary 2272 subnet mask 2273 Chapter 54 DHCP for IPv6 DHCPv6 Commands 2274 Introduction 2274 address prefix 2276 address range 2278 clear counter ip...

Page 35: ... ntp trusted key 2339 show counter ntp deprecated 2340 show ntp associations 2341 show ntp counters 2343 show ntp counters associations 2345 show ntp status 2347 Chapter 56 SNMP Commands 2348 Introduction 2348 debug snmp 2350 show counter snmp server 2351 show debugging snmp 2355 show running config snmp 2356 show snmp server 2357 show snmp server community 2358 show snmp server group 2359 show sn...

Page 36: ... number type 2405 lldp reinit 2406 lldp run 2407 lldp timer 2408 lldp tlv select 2409 lldp transmit receive 2411 lldp tx delay 2412 location civic location configuration 2413 location civic location identifier 2417 location civic location id 2418 location coord location configuration 2419 location coord location identifier 2421 location coord location id 2422 location elin location 2423 location e...

Page 37: ...te userkey 2477 crypto key pubkey chain knownhosts 2478 crypto key pubkey chain userkey 2480 debug ssh client 2482 debug ssh server 2483 service ssh 2484 show banner login 2486 show crypto key hostkey 2487 show crypto key pubkey chain knownhosts 2488 show crypto key pubkey chain userkey 2489 show crypto key userkey 2490 show running config ssh 2491 show ssh 2493 show ssh client 2495 show ssh serve...

Page 38: ...547 type ping poll 2548 type reboot 2549 type stack disabled master 2550 type stack link 2551 type stack master fail 2552 type stack member 2553 type time 2554 type usb 2555 undebug trigger 2556 Chapter 62 Ping Polling Commands 2557 Introduction 2557 active ping polling 2559 clear ping poll 2560 critical interval 2561 debug ping poll 2562 description ping polling 2563 fail count 2564 ip ping polli...

Page 39: ...bug sflow agent 2584 sflow agent address 2585 sflow collector address 2587 sflow collector max datagram size 2589 sflow enable 2590 sflow max header size 2591 sflow polling interval 2593 sflow sampling rate 2594 show debugging sflow 2595 show running config sflow 2597 show sflow 2598 show sflow interface 2600 undebug sflow 2601 ...

Page 40: ... UDP filter 1412 access list standard named filter 1448 access list standard numbered filter 1450 ipv6 access list extended IP protocol filter 1499 ipv6 access list extended TCP UDP filter 1502 ipv6 access list named ICMP filter 1472 ipv6 access list named IPv6 filter 1475 ipv6 access list named protocol filter 1478 ipv6 access list named TCP UDP filter 1482 ipv6 access list standard filter 1506 a...

Page 41: ...1385 access list extended numbered 1430 access list hardware IP numbered 1387 access list hardware MAC numbered 1396 access list standard numbered 1446 access list extended named 1422 access list hardware named 1399 access list standard named 1444 accounting login 1760 activate 386 active ping polling 2559 active trigger 2520 address prefix 2276 address range 2278 advertisement interval 1990 aggre...

Page 42: ...p aging timeout 689 arp mac disparity 690 arp reply bc dmac 698 atmf area password 2061 atmf area 2059 atmf backup area masters delete 2064 atmf backup area masters enable 2065 atmf backup area masters now 2066 atmf backup area masters synchronize 2067 atmf backup bandwidth 2068 atmf backup delete 2069 atmf backup enable 2070 atmf backup guests delete 2071 atmf backup guests enable 2072 atmf backu...

Page 43: ...1 atmf provision node configure boot config 2103 atmf provision node configure boot system 2104 atmf provision node create 2105 atmf provision node delete 2107 atmf provision node license cert 2109 atmf provision node locate 2111 atmf provision 2100 atmf reboot rolling 2112 atmf recover guest 2118 atmf recover led off 2119 atmf recover 2116 atmf remote login 2120 atmf restricted login 2121 atmf se...

Page 44: ...icant ip 1644 auth supplicant mac 1646 auth timeout connect timeout 1649 auth timeout quiet period 1651 auth timeout reauth period 1652 auth timeout server timeout 1654 auth timeout supp timeout 1656 auth two step enable 1658 authentication 1805 auth mac accounting 1661 auth mac authentication 1662 auth mac enable 1663 auth mac method 1665 auth mac password 1667 auth mac reauth relearning 1668 aut...

Page 45: ...e welcome message 1693 auth web server ping poll enable 1694 auth web server ping poll failcount 1695 auth web server ping poll interval 1696 auth web server ping poll reauth timer refresh 1697 auth web server ping poll timeout 1698 auth web server port 1699 auth web server redirect delay time 1700 auth web server redirect url 1701 auth web server session keep 1702 auth web server ssl intercept po...

Page 46: ...inks statistics 2127 clear counter ipv6 dhcp client 2280 clear counter ipv6 dhcp server 2281 clear counter stack 1947 clear exception log 312 clear gvrp statistics 672 clear ip dhcp binding 2218 clear ip dhcp snooping binding 1885 clear ip dhcp snooping statistics 1886 clear ip dns forwarding cache 740 clear ip igmp group 1115 clear ip igmp interface 1116 clear ip igmp 1114 clear ip mroute pim spa...

Page 47: ...unters 623 clear line console 155 clear line vty 156 clear lldp statistics 2391 clear lldp table 2392 clear log buffered 314 clear log permanent 315 clear log 313 clear loop protection counters 428 clear mac address table dynamic 429 clear mac address table static 431 clear mls qos interface policer counters 1518 clear ping poll 2560 clear port counter 432 clear port security intrusion 433 clear p...

Page 48: ... debug 116 copy fdb radius users to file 1810 copy local radius user db from file 1812 copy local radius user db to file 1813 copy proxy autoconfig file 1705 copy running config 117 copy startup config 118 copy web auth https file 1706 copy zmodem 119 create autoboot 120 critical interval 2561 crypto key destroy hostkey 2474 crypto key destroy userkey 2475 crypto key generate hostkey 2476 crypto k...

Page 49: ...o pki trustpoint local 1819 crypto pki trustpoint 1860 day 2521 deadtime RADIUS server group 1780 debug aaa 1762 debug arp security 1887 debug atmf packet 2130 debug atmf 2128 debug crypto pki 1820 debug dot1x 1581 debug epsr 2030 debug fiber monitoring 289 debug gvrp 673 debug igmp 1117 debug ip dhcp snooping 1888 debug ip dns forwarding 741 debug ip packet interface 700 debug ipv6 ospf events 10...

Page 50: ...14 debug ospf nfsm 915 debug ospf nsm 916 debug ospf packet 917 debug ospf route 918 debug pim dense mode all 1354 debug pim dense mode context 1355 debug pim dense mode decode 1356 debug pim dense mode encode 1357 debug pim dense mode fsm 1358 debug pim dense mode mrt 1359 debug pim dense mode nexthop 1360 debug pim dense mode nsm 1361 debug pim dense mode vif 1362 debug pim sparse mode timer 124...

Page 51: ...0 default log permanent 321 default action 1519 default information originate IPv6 RIPng 870 default information originate RIP 821 default information originate 1027 default information originate 919 default metric IPv6 OSPF 1028 default metric IPv6 RIPng 871 default metric OSPF 920 default metric RIP 822 default router 2219 delete debug 122 delete mail 2450 delete 121 description Authentication P...

Page 52: ...erver 2220 do 93 domain name DHCPv6 2287 domain name 2221 domain style 1821 dos 1453 dot1x accounting 1579 dot1x authentication 1580 dot1x control direction 1582 dot1x eap 1584 dot1x eapol version 1585 dot1x initialize interface 1587 dot1x initialize supplicant 1588 dot1x keytransmit 1589 dot1x max auth fail 1590 dot1x max reauth req 1592 dot1x port control 1594 dot1x timeout tx period 1596 duplex...

Page 53: ...ontrolvlan primary port 2036 epsr mode transit controlvlan 2037 epsr priority 2038 epsr state 2039 epsr trap 2040 epsr 2031 erase factory default 2135 erase proxy autoconfig file 1708 erase startup config 127 erase web auth https file 1709 exec timeout 163 exit 97 fail count 2564 fiber monitoring action 291 fiber monitoring baseline 292 fiber monitoring enable 294 fiber monitoring interval 295 fib...

Page 54: ... and Protocol 702 ip address dhcp 2223 ip dhcp bootp ignore 2225 ip dhcp leasequery enable 2226 ip dhcp option 2227 ip dhcp pool 2229 ip dhcp snooping agent option allow untrusted 1891 ip dhcp snooping agent option circuit id vlantriplet 1892 ip dhcp snooping agent option remote id 1893 ip dhcp snooping agent option 1890 ip dhcp snooping binding 1894 ip dhcp snooping database 1895 ip dhcp snooping...

Page 55: ...ache 743 ip dns forwarding dead time 744 ip dns forwarding retry 745 ip dns forwarding source interface 746 ip dns forwarding timeout 747 ip dns forwarding 742 ip domain list 748 ip domain lookup 749 ip domain name 750 ip forward protocol udp 706 ip gratuitous arp link 708 ip helper address 710 ip igmp access group 1119 ip igmp flood specific query 1120 ip igmp immediate leave 1121 ip igmp last me...

Page 56: ...m 1148 ip igmp ssm map enable 1149 ip igmp ssm map static 1150 ip igmp startup query count 1154 ip igmp startup query interval 1155 ip igmp static group 1152 ip igmp trusted 1156 ip igmp version 1157 ip igmp 1118 ip limited local proxy arp 712 ip local proxy arp 713 ip mroute 1215 ip multicast forward first packet 1217 ip multicast route 1218 ip multicast route limit 1220 ip multicast wrong vif su...

Page 57: ...um 1250 ip pim crp cisco prefix 1252 ip pim dense mode passive 1364 ip pim dense mode 1363 ip pim dr priority 1253 ip pim exclude genid 1254 ip pim ext srcs directly connected PIM DM 1365 ip pim ext srcs directly connected PIM SM 1255 ip pim hello holdtime PIM DM 1366 ip pim hello holdtime PIM SM 1256 ip pim hello interval PIM DM 1367 ip pim hello interval PIM SM 1257 ip pim ignore rp set priority...

Page 58: ...e 1782 ip redirects 715 ip rip authentication key chain 826 ip rip authentication mode 828 ip rip authentication string 831 ip rip receive version 834 ip rip receive packet 833 ip rip send version 1 compatible 838 ip rip send version 836 ip rip send packet 835 ip rip split horizon 840 ip route 797 ip source binding 1903 ip tftp source interface 128 ip unreachables 717 ipv6 access list named 1470 i...

Page 59: ...uery max response time 1186 ipv6 mld robustness variable 1187 ipv6 mld snooping fast leave 1190 ipv6 mld snooping mrouter 1191 ipv6 mld snooping querier 1193 ipv6 mld snooping report suppression 1194 ipv6 mld snooping 1188 ipv6 mld ssm map enable 1196 ipv6 mld ssm map static 1197 ipv6 mld static group 1198 ipv6 mld version 1200 ipv6 mld 1177 ipv6 mroute 1223 ipv6 multicast forward slow path packet...

Page 60: ...ncryption spi esp 1038 ipv6 ospf hello interval 1041 ipv6 ospf neighbor 1042 ipv6 ospf network 1044 ipv6 ospf priority 1045 ipv6 ospf retransmit interval 1046 ipv6 ospf transmit delay 1047 ipv6 pim accept register 1301 ipv6 pim anycast rp 1302 ipv6 pim bsr border 1303 ipv6 pim bsr candidate 1304 ipv6 pim cisco register checksum group list 1306 ipv6 pim cisco register checksum 1305 ipv6 pim crp cis...

Page 61: ...27 ipv6 pim sparse mode 1326 ipv6 pim spt threshold group list 1329 ipv6 pim spt threshold 1328 ipv6 pim ssm 1330 ipv6 pim unicast bsm 1331 ipv6 prefix list 1508 ipv6 rip metric offset 873 ipv6 rip split horizon 875 ipv6 route 786 ipv6 route 799 ipv6 router ospf area 1048 ipv6 router rip 876 ipv6 tftp source interface 129 ipv6 traffic filter 1486 ipv6 unreachables 787 key chain 842 key 841 key str...

Page 62: ...notifications 2404 lldp port number type 2405 lldp reinit 2406 lldp run 2407 lldp timer 2408 lldp tlv select 2409 lldp transmit receive 2411 lldp tx delay 2412 local proxy arp 716 location civic location configuration 2413 location civic location identifier 2417 location civic location id 2418 location coord location configuration 2419 location coord location identifier 2421 location coord locatio...

Page 63: ... monitor exclude 362 log permanent filter 366 log permanent exclude 369 log permanent size 372 log permanent 365 log trustpoint 375 login authentication 1763 logout 99 log rate limit nsm 373 loop protection action 445 loop protection action delay time 446 loop protection loop detect 444 loop protection timeout 447 mac address table acquire 448 mac address table ageing time 449 mac address table lo...

Page 64: ...nce 1531 match ipv6 address 1099 match mac type 1532 match metric 1100 match route type 1101 match tag 1102 match tcp flags 1533 match vlan 1534 max concurrent dd IPv6 OSPF 1050 max concurrent dd 943 max fib routes 240 max fib routes 800 maximum access list 1458 maximum area 944 maximum paths 802 maximum prefix 844 max static routes 241 max static routes 801 mirror interface 407 mkdir 130 mls qos ...

Page 65: ...ver 2244 no crypto pki certificate 1864 no debug all 242 no police 1540 normal interval 2567 ntp access group 2325 ntp authenticate 2326 ntp authentication key 2327 ntp broadcastdelay 2328 ntp discard 2329 ntp master 2330 ntp peer 2331 ntp restrict 2333 ntp server 2335 ntp source 2337 ntp trusted key 2339 offset list IPv6 RIPng 878 offset list RIP 847 openflow controller 1931 openflow native vlan ...

Page 66: ...ing 720 ping poll 2568 platform hwfilter size 453 platform l3 vlan hashing algorithm 1710 platform load balancing 454 platform load balancing 630 platform mac vlan hashing algorithm 1711 platform stop unreg mc flooding 456 platform vlan stacking tpid 458 polarity 459 police single rate action 1541 police twin rate action 1543 policy map 1545 port vlan forwarding priority 494 power inline allow leg...

Page 67: ...proxy local server 1828 radius server deadtime 1783 radius server host 1784 radius server key 1787 radius server local 1829 radius server retransmit 1788 radius server timeout 1790 range 2251 reboot rolling 1950 reboot 243 recv buffer size IPv6 RIPng 880 recv buffer size RIP 849 redistribute IPv6 OSPF 1052 redistribute IPv6 RIPng 881 redistribute OSPF 956 redistribute RIP 850 region MSTP 555 reloa...

Page 68: ...te RIP 853 route 2252 route map 1103 router ipv6 ospf 1055 router ipv6 rip 883 router ipv6 vrrp interface 2003 router ospf 959 router rip 854 router vrrp interface 2005 router id IPv6 OSPF 1056 router id 960 rsakeypair trustpoint configuration mode 1865 sample size 2569 script 2526 security password forced change 172 security password history 171 security password lifetime 173 security password mi...

Page 69: ... 2484 service telnet 180 service terminal length deleted 181 service test 420 service policy input 1551 set ip next hop PBR 1552 set ip next hop route map 1105 set metric 1106 set metric type 1108 set tag 1109 sflow agent address 2585 sflow collector address 2587 sflow collector max datagram size 2589 sflow enable 2590 sflow max header size 2591 sflow polling interval 2593 sflow sampling rate 2594...

Page 70: ...tmf group members 2167 show atmf group 2165 show atmf guest 2169 show atmf links detail 2173 show atmf links guest 2182 show atmf links statistics 2185 show atmf links 2171 show atmf memory deprecated 2188 show atmf nodes 2189 show atmf provision nodes 2191 show atmf tech 2192 show atmf virtual links 2195 show atmf working set 2197 show atmf 2139 show auth diagnostics 1714 show auth interface 1716...

Page 71: ...nter ntp deprecated 2340 show counter ping poll 2571 show counter snmp server 2351 show counter stack 1954 show cpu history 251 show cpu 248 show crypto key hostkey 2487 show crypto key mypubkey rsa 1866 show crypto key pubkey chain knownhosts 2488 show crypto key pubkey chain userkey 2489 show crypto key userkey 2490 show crypto pki certificates local radius all users 1834 show crypto pki certifi...

Page 72: ...ugging lacp 632 show debugging lldp 2425 show debugging loopprot 460 show debugging mld 1201 show debugging mstp 557 show debugging ospf 961 show debugging pim dense mode 1373 show debugging pim sparse mode 1274 show debugging platform packet 461 show debugging power inline 659 show debugging radius 1794 show debugging rip 857 show debugging sflow 2595 show debugging snmp 2355 show debugging stack...

Page 73: ...r summary 2052 show epsr 2042 show etherchannel detail 636 show etherchannel summary 637 show etherchannel 635 show exception log 377 show file systems 139 show file 138 show flowcontrol interface 462 show gvrp configuration 682 show gvrp machine 683 show gvrp statistics 684 show gvrp timer 685 show history 100 show hosts 754 show http 215 show interface access group 1418 show interface brief 400 ...

Page 74: ...s forwarding cache 756 show ip dns forwarding server 757 show ip dns forwarding 755 show ip domain list 758 show ip domain name 759 show ip igmp groups 1159 show ip igmp interface 1161 show ip igmp proxy 1163 show ip igmp snooping mrouter 1164 show ip igmp snooping routermode 1165 show ip igmp snooping statistics 1166 show ip interface 725 show ip mroute 1231 show ip mvif 1233 show ip name server ...

Page 75: ...mode neighbor 1378 show ip pim dense mode nexthop 1380 show ip pim sparse mode bsr router 1275 show ip pim sparse mode interface detail 1278 show ip pim sparse mode interface 1276 show ip pim sparse mode local members 1279 show ip pim sparse mode mroute detail 1283 show ip pim sparse mode mroute 1281 show ip pim sparse mode neighbor 1285 show ip pim sparse mode nexthop 1286 show ip pim sparse mode...

Page 76: ... ipv6 mld snooping statistics 1205 show ipv6 mroute 1235 show ipv6 multicast forwarding 1237 show ipv6 neighbors 791 show ipv6 ospf database external 1062 show ipv6 ospf database grace 1063 show ipv6 ospf database inter prefix 1064 show ipv6 ospf database inter router 1065 show ipv6 ospf database intra prefix 1066 show ipv6 ospf database link 1067 show ipv6 ospf database network 1068 show ipv6 osp...

Page 77: ...w ipv6 prefix list 1512 show ipv6 protocols rip 885 show ipv6 rip database 887 show ipv6 rip interface 888 show ipv6 rip 886 show ipv6 route summary 794 show ipv6 route summary 811 show ipv6 route 792 show ipv6 route 809 show lacp sys id 638 show lacp counter 639 show license brief member 200 show license brief 198 show license external 207 show license member 202 show license 196 show lldp interf...

Page 78: ...561 show mls qos interface storm status 1563 show mls qos interface 1556 show mls qos maps cos queue 1564 show mls qos maps premark dscp 1565 show mls qos 1555 show ntp associations 2341 show ntp counters associations 2345 show ntp counters 2343 show ntp status 2347 show openflow config 1934 show openflow coverage 1936 show openflow flows 1938 show openflow rules 1939 show openflow status 1941 sho...

Page 79: ... nas 1840 show radius local server statistics 1841 show radius local server user 1842 show radius server group 1774 show radius statistics 1798 show radius 1795 show reboot history 270 show remote mirror 413 show rmon alarm 2463 show rmon event 2464 show rmon history 2466 show rmon statistics 2468 show route map 1110 show router id 272 show running config atmf 2200 show running config interface 14...

Page 80: ...anning tree mst detail interface 571 show spanning tree mst detail 564 show spanning tree mst instance interface 569 show spanning tree mst instance 568 show spanning tree mst interface 570 show spanning tree mst 562 show spanning tree statistics instance interface 576 show spanning tree statistics instance 575 show spanning tree statistics interface 578 show spanning tree statistics 573 show span...

Page 81: ...stem serialnumber 279 show system 273 show tacacs 1874 show tech support 280 show telnet 185 show test cable diagnostics tdr 308 show trigger 2530 show users 186 show version 148 show vlan classifier group interface 503 show vlan classifier group 502 show vlan classifier interface group 504 show vlan classifier rule 505 show vlan private vlan 506 show vlan statistics 507 show vlan 501 show vrrp se...

Page 82: ... and MSTP 581 spanning tree bpdu 582 spanning tree cisco interoperability MSTP 584 spanning tree edgeport RSTP and MSTP 585 spanning tree enable 586 spanning tree errdisable timeout enable 588 spanning tree errdisable timeout interval 589 spanning tree force version 590 spanning tree forward time 591 spanning tree guard root 592 spanning tree hello time 593 spanning tree link type 594 spanning tre...

Page 83: ...ount 617 speed asyn 282 speed 480 ssh client 2502 ssh server allow users 2506 ssh server authentication 2508 ssh server deny users 2510 ssh server max auth tries 2512 ssh server resolve host 2513 ssh server scp 2514 ssh server sftp 2515 ssh server 2504 ssh 2500 stack disabled master monitoring 1969 stack enable 1970 stack management subnet 1972 stack management vlan 1973 stack priority 1974 stack ...

Page 84: ...witchport enable vlan 509 switchport mode access 510 switchport mode private vlan trunk promiscuous 512 switchport mode private vlan trunk secondary 514 switchport mode private vlan 511 switchport mode trunk 516 switchport port security aging 484 switchport port security maximum 485 switchport port security violation 486 switchport port security 483 switchport private vlan host association 517 swi...

Page 85: ...inal length 189 terminal monitor 285 terminal resize 190 test cable diagnostics tdr interface 309 test interface 421 test 2535 thrash limiting 487 time trigger 2536 timeout ping polling 2579 timers IPv6 RIPng 889 timers RIP 862 timers spf IPv6 OSPF deprecated 1084 timers spf exp IPv6 OSPF 1085 timers spf exp 989 traceroute ipv6 795 traceroute 736 transition mode 2018 trap 2538 trigger activate 254...

Page 86: ...l pim dense mode 1381 undebug all pim sparse mode 1289 undebug all 286 undebug atmf 2212 undebug dot1x 1616 undebug epsr 2053 undebug igmp 1168 undebug ip packet interface 737 undebug ipv6 ospf events 1086 undebug ipv6 ospf ifsm 1087 undebug ipv6 ospf lsa 1088 undebug ipv6 ospf nfsm 1089 undebug ipv6 ospf packet 1090 undebug ipv6 ospf route 1091 undebug ipv6 pim sparse mode 1350 undebug ipv6 rip 8...

Page 87: ...sh server 2517 undebug stack 1987 undebug trigger 2556 undebug vrrp events 2021 undebug vrrp packet 2022 undebug vrrp 2020 up count 2580 user RADIUS server 1844 username 191 username 2213 version RIP 864 virtual ip 2023 virtual ipv6 2025 vlan RADIUS server 1846 vlan classifier activate 532 vlan classifier group 533 vlan classifier rule ipv4 534 vlan classifier rule proto 535 vlan database 538 vlan...

Page 88: ...are Plus Operating System Version 5 4 6 1 x vty access class numbered 1466 vty ipv6 access class named 1513 wait 388 write file 150 write memory 151 write terminal 152 wrr queue disable queues 1574 wrr queue egress rate limit queues 1575 wrr queue weight queues 1576 ...

Page 89: ...C613 50102 01 REV C Command Reference for x510 Series 89 AlliedWare Plus Operating System Version 5 4 6 1 x Part 1 Setup and Troubleshooting ...

Page 90: ...ference for the commands used to navigate between different modes This chapter also provides a reference for the help and show commands used to help navigate within the CLI Command List configure terminal on page 91 disable Privileged Exec mode on page 92 do on page 93 enable Privileged Exec mode on page 94 end on page 96 exit on page 97 help on page 98 logout on page 99 show history on page 100 ...

Page 91: ...GATION COMMANDS CONFIGURE TERMINAL configure terminal Overview This command enters the Global Configuration command mode Syntax configure terminal Mode Privileged Exec Example To enter the Global Configuration command mode note the change in the command prompt enter the command awplus configure terminal awplus config ...

Page 92: ...EGED EXEC MODE disable Privileged Exec mode Overview This command exits the Privileged Exec mode returning the prompt to the User Exec mode To end a session use the exit command Syntax disable Mode Privileged Exec Example To exit the Privileged Exec mode enter the command awplus disable awplus Related Commands enable Privileged Exec mode end exit ...

Page 93: ...ION COMMANDS DO do Overview This command lets you to run User Exec and Privileged Exec mode commands when you are in any configuration mode Syntax do command Mode Any configuration mode Example awplus configure terminal awplus config do ping 192 0 2 23 Parameter Description command Specify the command and its parameters ...

Page 94: ...er privilege levels with the enable Privileged Exec mode command If the privilege level specified is higher than the users configured privilege level specified by the username command then the user is prompted for the password for that level Note that a separate password can be configured for each privilege level using the enable password and the enable secret commands from the Global Configuratio...

Page 95: ...N COMMANDS ENABLE PRIVILEGED EXEC MODE Privilege Exec mode Use the enable password command or the enable secret commands to set the password to enable access to Privileged Exec mode awplus enable 7 awplus Related Commands disable Privileged Exec mode enable password enable secret exit service password encryption username ...

Page 96: ...other advanced command mode Syntax end Mode All advanced command modes including Global Configuration and Interface Configuration modes Example The following example shows the use of the end command to return to the Privileged Exec mode directly from Interface mode awplus configure terminal awplus config interface vlan2 awplus config if end awplus Related Commands disable Privileged Exec mode enab...

Page 97: ... used in User Exec mode the exit command terminates the session Syntax exit Mode All command modes including Global Configuration and Interface Configuration modes Example The following example shows the use of the exit command to exit Interface mode and return to Configure mode awplus configure terminal awplus config interface vlan2 awplus config if exit awplus config Related Commands disable Pri...

Page 98: ...o display a description on how to use the system help use the command awplus help Output Figure 1 1 Example output from the help command When you need help at the command line press If nothing matches the help list will be empty Delete characters until entering a shows the available options Enter after a complete parameter to show remaining valid command parameters e g show Enter after part of a p...

Page 99: ...Operating System Version 5 4 6 1 x CLI NAVIGATION COMMANDS LOGOUT logout Overview This command exits the User Exec or Privileged Exec modes and ends the session Syntax logout Mode User Exec and Privileged Exec Example To exit the User Exec mode use the command awplus logout ...

Page 100: ... lists all command line entries including commands that returned an error For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show history Mode User Exec and Privileged Exec Example To display the commands entered during the current session use the command awplus show history Output Figure 1 2 Example o...

Page 101: ...syntax Example Copying in local Flash memory flash directory filename To specify a file in the configs directory in Flash flash configs example cfg Copyingtoorfrom a USB storage device usb directory filename To specify a file in the top level directory of the USB stick usb example cfg Copying with HTTP http username password hostname host ip filepath filename To specify a file in the configs direc...

Page 102: ...Use hyphens or underscores instead Syntax for directory listings A leading slash indicates the root of the current filesystem location In commands where you need to specify the local filesystem s Flash base directory you may use flash or flash or flash For example these commands are all the same dir flash dir flash dir flash Copying with SFTP sftp location directory filename To specify a file in t...

Page 103: ...ck member use the remote login command Command List autoboot enable on page 105 boot config file on page 106 boot config file backup on page 108 boot system on page 109 boot system backup on page 111 cd on page 112 copy filename on page 113 copy current software on page 115 copy debug on page 116 copy running config on page 117 copy startup config on page 118 copy zmodem on page 119 create autoboo...

Page 104: ... 1 x FILE AND CONFIGURATION MANAGEMENT COMMANDS show file on page 138 show file systems on page 139 show running config on page 141 show running config interface on page 145 show startup config on page 147 show version on page 148 write file on page 150 write memory on page 151 write terminal on page 152 ...

Page 105: ...on file from the external media An example of a valid autoboot txt file is shown in the following figure Figure 2 1 Example autoboot txt file Use the no variant of this command to disable the Autoboot feature NOTE This command is not supported in a stacked configuration Syntax autoboot enable no autoboot enable Default The Autoboot feature operates the first time the device is powered up in the fi...

Page 106: ...allback order see the File Management Feature Overview and Configuration Guide Examples To run the configuration file branch cfg stored on the device s Flash filesystem the next time the device boots up use the commands awplus configure terminal awplus config boot config file flash branch cfg To stop running the configuration file branch cfg stored on the device s Flash filesystem when the device ...

Page 107: ...NAGEMENT COMMANDS BOOT CONFIG FILE To stop running the configuration file branch cfg stored on the switch s USB storage device filesystem when the device boots up use the commands awplus configure terminal awplus config no boot config file usb branch cfg Related Commands boot config file backup boot system boot system backup show boot ...

Page 108: ...anagement Feature Overview and Configuration Guide Examples To set the configuration file backup cfg as the backup to the main configuration file use the commands awplus configure terminal awplus config boot config file backup flash backup cfg To remove the configuration file backup cfg as the backup to the main configuration file use the commands awplus configure terminal awplus config no boot co...

Page 109: ... stack members have a bootloader version that supports booting from it If a stack member has a USB storage device removed an error message is displayed For example if stack member 2 does not have a USB storage device inserted the following message is displayed Examples To run the release file x510 5 4 6 1 1 rel stored on the device s Flash filesystem the next time the device boots up use the comma...

Page 110: ... there is not enough space to synchronize the new release across the stack the boot system command has an interactive mode that prompts you to delete old releases awplus configure terminal awplus config boot system x510 5 4 6 1 1 rel Answering y at the prompt will cause the system to delete the specified file awplus config y Related Commands boot config file boot config file backup boot system bac...

Page 111: ...Examples To specify the file x510 5 4 6 0 1 rel as the backup to the main release file use the commands awplus configure terminal awplus config boot system backup flash x510 5 4 6 0 1 rel To remove the file x510 5 4 6 0 1 rel as the backup to the main release file use the commands awplus configure terminal awplus config no boot system backup flash x510 5 4 6 0 1 rel Related Commands boot config fi...

Page 112: ...TION MANAGEMENT COMMANDS CD cd Overview This command changes the current working directory Syntax cd directory name Mode Privileged Exec Example To change to the directory called images use the command awplus cd images Related Commands dir pwd show file systems Parameter Description directory name Name and path of the directory ...

Page 113: ...te server at 10 0 1 2 use the command awplus copy sftp 10 0 1 2 new cfg bob key To use SCP with the username beth to copy the file old cfg into the directory config_files on a remote server that is listening on TCP port 2000 use the command awplus copy scp beth serv 2000 config_files old cfg old cfg To copy the file newconfig cfg onto your device s Flash from a USB storage device use the command a...

Page 114: ...er and rename it to configtest cfg use the command awplus copy fserver config cfg configtest cfg To copy the file test txt from the top level of Flash on stack member 2 to the current directory in the stack master use the command awplus copy awplus 2 flash test txt test txt Note that you must specify either the NVS or Flash filesystem on the backup stack member flash in this example Related Comman...

Page 115: ...system Syntax copy current software destination name Mode Privileged Exec Example To copy the current software as installed in the working directory with the file name my release rel use the command awplus copy current software my release rel Related Commands boot system backup show boot Parameter Description destination name The filename and path where you would like the current running release s...

Page 116: ...tftp usb source name debug flash nvs scp tftp usb Mode Privileged Exec Example To copy debug output to a USB storage device with a filename my debug use the following command awplus copy debug usb my debug Output Figure 2 2 CLI prompt after entering the copy debug command Related Commands delete debug move debug Parameter Description destination name The filename and path where you would like the ...

Page 117: ...opy the running config as current cfg to the remote server listening on TCP port 2000 use the command awplus copy running config scp user server 2000 config_files current cfg Related Commands copy startup config write file write memory Parameter Description source name The filename and path of a configuration file This must be a valid configuration file with a cfg filename extension Specify this w...

Page 118: ... as the file oldconfig cfg in the current directory use the command awplus copy startup config oldconfig cfg Related Commands copy running config Parameter Description source name The filename and path of a configuration file This must be a valid configuration file with a cfg filename extension Specify this to copy the script in the file into the startup config file Note that this does not make th...

Page 119: ...Minicom ZMODEM works over a serial connection and does not need any interfaces configured to do a file transfer Syntax copy source name zmodem copy zmodem Mode Privileged Exec Example To copy the local file asuka key using ZMODEM use the command awplus copy asuka key zmodem Related Commands copy filename show file systems Parameter Description source name The filename and path of the source file S...

Page 120: ...eys and values that are expected in this file are correct After the file is created the create autoboot command will copy the current release and configuration files across to the external media The external media is then available to restore a release file and or a configuration file to the device Syntax create autoboot usb Mode Privileged Exec Example To create an autoboot txt file on a USB stor...

Page 121: ...urrent directory use the command awplus delete force one cfg To delete the directory old_configs which is not empty use the command awplus delete recursive old_configs To delete the directory new_configs which is not empty without prompting if any read only files are being deleted use the command awplus delete force recursive new_configs Related Commands erase startup config rmdir Parameter Descri...

Page 122: ...fied debug output file Syntax delete debug source name Mode Privileged Exec Example To delete debug output use the following command awplus delete debug Output Figure 2 3 CLI prompt after entering the delete debug command Related Commands copy debug move debug Parameter Description source name The filename and path where the debug output originates See Introduction on page 101 for valid URL syntax...

Page 123: ...lename For example to specify a file in the configs directory on member 2 of a stack enter awplus 2 flash configs example cfg Examples To list the files in the current working directory use the command awplus dir To list the non hidden files in the root of the Flash filesystem use the command awplus dir flash Parameter Description all List all files recursive List the contents of directories recur...

Page 124: ... sort name To list the files by size smallest to largest use the command awplus dir sort reverse size To sort the files by modification time oldest to newest use the command awplus dir sort reverse time To list the files within the Flash filesystem for stack member 2 use the command awplus dir awplus 2 flash Note that you must specify the filesystem on the stack member flash in this example Output...

Page 125: ...ditor make sure your terminal terminal emulation program or Telnet client is 100 compatible with a VT100 terminal The editor uses VT100 control sequences to display text on the terminal For more information about using the editor including control sequences see the File Management Feature Overview and Configuration Guide Syntax edit filename Mode Privileged Exec Examples To create and edit a new t...

Page 126: ...re your terminal terminal emulation program or Telnet client is 100 compatible with a VT100 terminal The editor uses VT100 control sequences to display text on the terminal Syntax edit filename Mode Privileged Exec Example To view the file bob key stored in the security directory of a TFTP server use the command awplus edit tftp security bob key Related Commands copy filename edit show file Parame...

Page 127: ...s when it boots up At the next restart the device loads the default configuration file default cfg If default cfg no longer exists then the device loads with the factory default configuration This provides a mechanism for you to return the device to the factory default settings Syntax erase startup config Mode Privileged Exec Example To delete the file currently set as the startup config use the c...

Page 128: ...d is helpful in network configurations where TFTP traffic needs to traverse point to point links or subnets within your network and you do not want to propagate those point to point links through your routing tables In those circumstances the TFTP server cannot dynamically determine the source of the TFTP request and therefore cannot send the requested data to the correct device Specifyingasourcei...

Page 129: ... configurations where TFTP traffic needs to traverse point to point links or subnets within your network and you do not want to propagate those point to point links through your routing tables In those circumstances the TFTP server cannot dynamically determine the source of the TFTP request and therefore cannot send the requested data to the correct device Specifyingasourceinterfaceoraddressenable...

Page 130: ...dir name Mode Privileged Exec Usage You cannot name a directory or subdirectory flash nvs usb card tftp scp sftp or http These keywords are reserved for tab completion when using various file commands Example To make a new directory called images in the current directory use the command awplus mkdir images Related Commands cd dir pwd Parameter Description name The name and path of the directory th...

Page 131: ...p cfg to startup cfg use the command awplus move temp cfg startup cfg To move the file temp cfg from the root of the Flash filesystem to the directory myconfigs use the command awplus move temp cfg myconfigs temp cfg Related Commands delete edit show file show file systems Parameter Description source name The filename and path of the source file See Introduction on page 101 for valid syntax desti...

Page 132: ...stination name debug flash nvs usb Mode Privileged Exec Example To movedebug output onto a USB storagedevicewith a filename my debug use the following command awplus move debug usb my debug Output Figure 2 5 CLI prompt after entering the move debug command Related Commands copy debug delete debug Parameter Description destination name The filename and path where you would like the debug output mov...

Page 133: ...us Operating System Version 5 4 6 1 x FILE AND CONFIGURATION MANAGEMENT COMMANDS PWD pwd Overview This command prints the current working directory Syntax pwd Mode Privileged Exec Example To print the current working directory use the command awplus pwd Related Commands cd ...

Page 134: ...ove the directory images from the top level of the Flash filesystem use the command awplus rmdir flash images To create a directory called level1 containing a subdirectory called level2 and then force the removal of both directories use the commands awplus mkdir level1 awplus mkdir level1 level2 awplus rmdir force level1 To remove a directory called test from the top level of the Flash filesystem ...

Page 135: ...Figure 2 6 Example output from the show autoboot command Figure 2 7 Example output from the show autoboot command when an external media source is not present Related Commands autoboot enable create autoboot show boot awplus show autoboot Autoboot configuration Autoboot status enabled USB file autoboot txt exists yes Restore information on USB Autoboot enable in autoboot txt yes Restore release fi...

Page 136: ...up boot image flash x510 5 4 6 0 1 rel Default boot config flash default cfg Current boot config usb my cfg file exists Backup boot config flash backup cfg file not found Autoboot status enabled Table 1 Parameters in the output of the show boot command Parameter Description Current software The current software release that the device is using Current boot image The boot image currently configured...

Page 137: ...d Commands autoboot enable boot config file backup boot system backup show autoboot Backup boot config The configuration file to use during the next boot cycle if the main configuration file cannot be loaded Autoboot status The status of the Autoboot feature either enabled or disabled Table 1 Parameters in the output of the show boot command cont Parameter Description ...

Page 138: ... displays the contents of a specified file Syntax show file filename Mode Privileged Exec Example To display the contents of the file oldconfig cfg which is in the current directory use the command awplus show file oldconfig cfg Related Commands edit edit filename show file systems Parameter Description filename Name of a file on the local Flash filesystem or name and directory path of a file ...

Page 139: ...5M flash rw flash static local Y system rw system virtual local 10 0M 9 8M debug rw debug static local Y 499 0K 431 0K nvs rw nvs static local Y tftp rw tftp network scp rw scp network sftp ro sftp network http ro http network rsync rw rsync network Table 2 Parameters in the output of the show file systems command Parameter Description Size B Available The total memory available to this filesystem...

Page 140: ...how file Prefixes The prefixes used when entering commands to access the filesystems one of flash system nvs usb tftp scp sftp http S V D The memory type static virtual dynamic Lcl Ntwk Whether the memory is located locally or via a network connection Avail Whether the memory is accessible Y yes N no not applicable Table 2 Parameters in the output of the show file systems command cont Parameter De...

Page 141: ...enter the following parameters after the command filename Syntax show running config Mode Privileged Exec and Global Configuration Example To display the current configuration of your device use the command awplus show running config feature full Parameter Description feature Display only the configuration for a single feature The features available depend on your device and will be some of the fo...

Page 142: ...ess list IPv6 ACL configuration ipv6 mroute IPv6 multicast route configuration ipv6 prefix list IPv6 prefix list configuration ipv6 route IPv6 static route configuration isakmp Internet Security Association Key Management Protocol ISAKMP configuration key chain Authentication key management configuration l2tp profile L2TP tunnel profile configuration lldp LLDP configuration log Logging utility con...

Page 143: ... the running config for all features This is the default setting so is the same as entering show running config Parameter Description awplus show running config service password encryption hostname MyNode no banner motd username manager privilege 15 password 8 1 bJoVec4D JwOJGPr7YqoExA0GVasdE0 no service ssh autoboot enable service telnet service http no clock timezone snmp server snmp server cont...

Page 144: ...ng config show running config interface switch 1 provision x510 28 vlan database vlan 2 15 state enable interface port1 0 1 1 0 6 switchport switchport mode access interface port1 0 25 1 0 26 switchport switchport mode access switchport access vlan 14 interface vlan1 ip address 192 168 1 1 24 ipv6 enable ipv6 mld interface vlan12 ip address 192 168 3 1 24 ipv6 forwarding line con 0 line vty 0 4 en...

Page 145: ... in a list The specified interfaces must exist dot1x Displays running configuration for 802 1X port authentication for the specified interfaces lacp Displays running configuration for LACP Link Aggregation Control Protocol for the specified interfaces ip igmp Displays running configuration for IGMP Internet Group Management Protocol for the specified interfaces ip multicast Displays running config...

Page 146: ... vlan1 To display the current running configuration of a device for VLANs 1 and 3 5 use the command awplus show running config interface vlan1 vlan3 vlan5 To display the current OSPF configuration of your device for ports 1 to 6 use the command awplus show running config interface port1 0 1 port1 0 6 ospf Output Figure 2 11 Example output from a show running config interface port1 0 2 command Rela...

Page 147: ...Feature Overview and Configuration Guide Syntax show startup config Mode Privileged Exec Example To display the contents of the current start up configuration file use the command awplus show startup config Output Figure 2 12 Example output from the show startup config command Related Commands boot config file backup copy running config copy startup config erase startup config show boot awplus sho...

Page 148: ...y Inc All rights reserved c 2001 2003 Cambridge Broadband Ltd All rights reserved c 2003 Sun Microsystems Inc All rights reserved c 2003 2006 Sparta Inc All rights reserved c 2004 Cisco Inc and Information Network Center of Beijing University of Posts and Telecommunications All rights reserved RSA Data Security Inc MD5 Message Digest Algorithm c 1991 2 RSA Data Security Inc Created 1991 All rights...

Page 149: ...c 2002 2004 MontaVista Software Inc All rights reserved Copyright c 2005 2010 Red Hat Inc File Utility Library Copyright c Ian F Darwin 1986 1987 1989 1992 1994 1995 Software written by Ian F Darwin and others maintained 1994 Christos Zoulas ProL2TP Copyright Katalix Systems Ltd 2010 2011 All rights reserved Portions of this product are covered by the GNU GPL source code may be downloaded from htt...

Page 150: ...d copies the running config into the file that is set as the current startup config file This command is a synonym of the write memory and copy running config startup config commands Syntax write file Mode Privileged Exec Example To write configuration data to the start up configuration file use the command awplus write file Related Commands copy running config write memory show running config ...

Page 151: ...and copies the running config into the file that is set as the current startup config file This command is a synonym of the write file and copy running config startup config commands Syntax write memory Mode Privileged Exec Example To write configuration data to the start up configuration file use the command awplus write memory Related Commands copy running config write file show running config ...

Page 152: ...MMANDS WRITE TERMINAL write terminal Overview This command displays the current configuration of the device This command is a synonym of the show running config command Syntax write terminal Mode Privileged Exec Example To display the current configuration of your device use the command awplus write terminal Related Commands show running config ...

Page 153: ...meout on page 163 flowcontrol hardware asyn console on page 165 length asyn on page 167 line on page 168 privilege level on page 170 security password history on page 171 security password forced change on page 172 security password lifetime on page 173 security password minimum categories on page 174 security password minimum length on page 175 security password reject expired pwd on page 176 sec...

Page 154: ... x USER ACCESS COMMANDS show privilege on page 182 show security password configuration on page 183 show security password user on page 184 show telnet on page 185 show users on page 186 telnet on page 187 telnet server on page 188 terminal length on page 189 terminal resize on page 190 username on page 191 ...

Page 155: ...rminal session exists on the line then the terminal session is terminated If console line settings have changed then the new settings are applied Syntax clear line console 0 Mode Privileged Exec Example To reset the console line asyn use the command awplus clear line console 0 awplus The new settings for console line 0 have been applied Related Commands clear line vty flowcontrol hardware asyn con...

Page 156: ...LINE VTY clear line vty Overview This command resets a VTY line If a session exists on the line then it is closed Syntax clear line vty 0 32 Mode Privileged Exec Example To reset the first vty line use the command awplus clear line vty 1 Related Commands privilege level line show telnet show users Parameter Description 0 32 Line number ...

Page 157: ...15 by default Previously the default was level 1 Mode Global Configuration Usage This command enables the Network Administrator to set a password for entering the Privileged Exec mode when using the enable Privileged Exec mode command There are three methods to enable a password In the examples below for each method note that the configuration is different and the configuration file output is diff...

Page 158: ...mand First use the enable password command to specify the string that you want to use as a password mypasswd Then use the service password encryption command to encrypt the specified string mypasswd The advantage of using an encrypted password is that the configuration file does not show mypasswd it will only show the encrypted string fU7zHzuutY2SA NOTE Do not use encrypted passwords for GUI users...

Page 159: ...configuration file will show only the encrypted string and not the text string awplus configure terminal awplus config enable password 8 fU7zHzuutY2SA awplus config end This results in the following show output Related Commands enable Privileged Exec mode enable secret service password encryption privilege level show privilege username show running config awplus show run Current configuration host...

Page 160: ...t is level 15 by default Mode Global Configuration Usage This command enables the Network Administrator to set a password for entering the Privileged Exec mode when using the enable Privileged Exec mode command There are three methods to enable a password In the examples below for each method note that the configuration is different and the configuration file output is different but the password s...

Page 161: ...rst use the enable password command to specify the string that you want to use as a password mypasswd Then use the service password encryption command to encrypt the specified string mypasswd The advantage of using an encrypted password is that the configuration file does not show mypasswd it will only show the encrypted string fU7zHzuutY2SA NOTE Do not use encrypted passwords for GUI users The GU...

Page 162: ...uration file will show only the encrypted string and not the text string awplus configure terminal awplus config enable secret 8 fU7zHzuutY2SA awplus config end This results in the following show output Related Commands enable Privileged Exec mode enable secret service password encryption privilege level show privilege username show running config awplus show run Current configuration hostname awp...

Page 163: ...ore it times out An exec timeout 0 0 setting will cause the telnet session to wait indefinitely The command exec timeout 0 0 is useful while configuring a device but reduces device security If no input is detected during the interval then the current connection resumes If no connections exist then the terminal returns to an idle state and disconnects incoming sessions Examples To set VTY connectio...

Page 164: ...C613 50102 01 REV C Command Reference for x510 Series 164 AlliedWare Plus Operating System Version 5 4 6 1 x USER ACCESS COMMANDS EXEC TIMEOUT Related Commands line service telnet ...

Page 165: ... message is sent to the sending device to suspend the transmission until the data in the buffers has been processed Hardware flow control can be configured on terminal console lines e g asyn0 For Reverse Telnet connections hardware flow control must be configured to match on both the Access Server and the Remote Device For terminal console sessions hardware flow control must be configured to match...

Page 166: ... control on terminal console line asyn0 use the commands awplus configure terminal awplus config line console 0 awplus config line flowcontrol hardware To disable hardware flow control on terminal console line asyn0 use the commands awplus configure terminal awplus config line console 0 awplus config line no flowcontrol hardware Related Commands clear line console show running config speed asyn ...

Page 167: ...er than the length of the line the output will be paused and the More prompt allows you to move to the next screen full of data A length of 0 will turn off pausing and data will be displayed to the console as long as there is data to display Examples To set the terminal session length on the console to 10 rows use the command awplus configure terminal awplus config line console 0 awplus config lin...

Page 168: ...port speed use this line command to enter Line Configuration mode before using the speed asyn command Set the console speed Baud rate to match the transmission rate of the device connected to the console asyn port on your device Note that line configuration commands do not take effect immediately Line configuration commands take effect after one of the following commands or events issuing a clear ...

Page 169: ...To enter Line Configuration mode to configure the console asyn 0 port terminal line use the commands awplus configure terminal awplus config line console 0 awplus config line Related Commands accounting login clear line console clear line vty flowcontrol hardware asyn console length asyn login authentication privilege level speed asyn ...

Page 170: ...xec and all User Exec commands However intermediate CLI security will not show configuration commands in Privileged Exec Examples To set the console connection to have the maximum privilege level use the following commands awplus configure terminal awplus config line console 0 awplus config line privilege level 15 To set all vty connections to have the minimum privilege level use the following com...

Page 171: ...ree most recent passwords use the command awplus configure terminal awplus config security password history 3 To allow the reuse of recent passwords use the command awplus configure terminal awplus config no security password history Related Commands security password forced change security password lifetime security password minimum categories security password minimum length security password re...

Page 172: ... lifetime command and the reject expired pwd feature must be disabled with the security password reject expired pwd command The no variant of the command disables this feature Syntax security password forced change no security password forced change Default The forced change feature is disabled by default Mode Global Configuration Example To force a user to change their expired password at the nex...

Page 173: ...me Default The default password lifetime is 0 which will disable the lifetime functionality Mode Global Configuration Example To configure the password lifetime to 10 days use the command awplus configure terminal awplus config security password lifetime 10 Related Commands security password forced change security password history security password minimum categories security password minimum leng...

Page 174: ...imum number of categories should align with the lifetime selected i e the fewer categories specified the shorter the lifetime specified Syntax security password minimum categories 1 4 Default The default number of categories that the password must satisfy is 1 Mode Global Configuration Example To configure the required minimum number of character categories to be 3 use the command awplus configure...

Page 175: ... 1 23 Default The default minimum password length is 1 Mode Global Configuration Example To configure the required minimum password length as 8 use the command awplus configure terminal awplus config security password minimum length 8 Related Commands security password history security password forced change security password lifetime security password minimum categories security password reject e...

Page 176: ...ed pwd in a default config file Note that when the reject expired pwd functionality is disabled and a user logs on with an expired password if the forced change feature is enabled with security password forced change command a user may have to change the password during login depending on the password lifetime specified by the security password lifetime command The no variant of the command disabl...

Page 177: ...which disables warning functionality Mode Global Configuration Example To configure a warning period of three days use the command awplus configure terminal awplus config security password warning 3 Related Commands security password forced change security password history security password lifetime security password minimum categories security password minimum length security password reject expi...

Page 178: ...ure displays the possible options The no service advanced vty command disables the advanced vty help feature Syntax service advanced vty no service advanced vty Default The advanced vty help feature is enabled by default Mode Global Configuration Examples To disable the advanced vty help feature use the command awplus configure terminal awplus config no service advanced vty To re enable the advanc...

Page 179: ...lain text Use the no service password encryption command to stop the device from displaying newly entered passwords in encrypted form This does not change the display of existing passwords NOTE Do not use encrypted passwords for GUI users The GUI requires unencrypted user passwords only not encrypted user passwords Do not use option 8 for GUI users Syntax service password encryption no service pas...

Page 180: ...ing telnet sessions will still be active Syntax service telnet ip ipv6 no service telnet ip ipv6 Default The IPv4 and IPv6 telnet servers are enabled by default The configured telnet port is TCP port 23 by default Mode Global Configuration Examples To enable both the IPv4 and IPv6 telnet servers use the following commands awplus configure terminal awplus config service telnet To enable the IPv6 te...

Page 181: ...ce for x510 Series 181 AlliedWare Plus Operating System Version 5 4 6 1 x USER ACCESS COMMANDS SERVICE TERMINAL LENGTH DELETED service terminal length deleted Overview This command has been deleted in Software Version 5 4 5 0 1 and later ...

Page 182: ... 15 gives full user access to all Privileged Exec commands Syntax show privilege Mode User Exec and Privileged Exec Usage A user can have an intermediate CLI security level set with this command for privilege levels 7 14 to access all show commands in Privileged Exec mode and all commands in User Exec mode but no configuration commands in Privileged Exec mode Example To show the current privilege ...

Page 183: ... security password rule configuration settings use the command awplus show security password configuration Output Figure 3 2 Example output from the show security password configuration command Related Commands show running config security password show security password user Security Password Configuration Minimum password length 8 Minimum password character categories to match 3 Number of previo...

Page 184: ... Exec Example To display the system users remaining lifetime or last password change use the command awplus show security password user Output Figure 3 3 Example output from the show security password user command Related Commands show running config security password show security password configuration User account and password information UserName Privilege Last PWD Change Remaining lifetime ma...

Page 185: ... shows the Telnet server settings Syntax show telnet Mode User Exec and Privileged Exec Example To show the Telnet server settings use the command awplus show telnet Output Figure 3 4 Example output from the show telnet command Related Commands clear line vty service telnet show users telnet server Telnet Server Configuration Telnet server Enabled Protocol IPv4 IPv6 Port 23 ...

Page 186: ...s command Line User Host s Idle Location Priv Idletime Timeout con 0 manager idle 00 00 00 ttyS0 15 10 N A vty 0 bob idle 00 00 03 172 16 11 3 1 0 5 Table 1 Parameters in the output of the show users command Parameter Description Line Console port user is connected to User Login name of user Host s Status of the host the user is connected to Idle How long the host has been idle Location URL locati...

Page 187: ...st example use the command awplus telnet host example To connect to the telnet server host example on TCP port 100 use the command awplus telnet host example 100 Parameter Description hostname The host name of the remote system ip Keyword used to specify the IPv4 address or host name of a remote system ipv4 addr An IPv4 address of the remote system ipv6 Keyword used to specify the IPv6 address of ...

Page 188: ...y enabled then it will be restarted on the new port Changing the port number does not affect the port used by existing sessions Syntax telnet server 1 65535 default Mode Global Configuration Example To enable the telnet server on TCP port 2323 use the following commands awplus configure terminal awplus config telnet server 2323 Related Commands show telnet Parameter Description 1 65535 The TCP por...

Page 189: ...specified by this command The default length will apply unless you have changed the length for some or all lines by using the length asyn command Syntax terminal length length terminal no length length Mode User Exec and Privileged Exec Examples The following example sets the number of lines to 15 awplus terminal length 15 The following example removes terminal length set previously awplus termina...

Page 190: ...ed on the user s terminal Syntax terminal resize Mode User Exec and Privileged Exec Usage When the user s terminal size is changed then a remote session via SSH or TELNET adjusts the terminal size automatically However this cannot normally be done automatically for a serial or console port This command automatically adjusts the terminal size for a serial or console port Examples The following exam...

Page 191: ...lege levels if an enable password has been configured for the level the user tries to access and the user enters that password A user at privilege level 1 can access the majority of show commands A user at privilege level 7 can access the majority of show commands including platform show commands Privilege Level 15 to access the Privileged Exec command mode is required to access configuration comm...

Page 192: ...s To create the user bob with a privilege level of 15 for all show commands including show running configuration and show startup configuration and to access configuration commands in Privileged Exec command mode and the password bobs_secret use the commands awplus configure terminal awplus config username bob privilege 15 password bobs_secret To create a user junior_admin with a privilege level o...

Page 193: ...sion 5 4 6 1 x and later new installations of Allied Telesis Management Framework AMF require a Subscription License instead of a Feature License For information about Subscription Licensing commands see the Subscription Licensing Commands chapter Note that existing AMF Feature Licenses purchased prior to 5 4 6 1 x will still operate with 5 4 6 x x For step by step instructions about how to licens...

Page 194: ... specific to you when you initially add a license Once a license is added any change to the license label first requires removal of the license before adding a license again with a new license label The default feature license labels are issued along with encrypted license keys by e mail for you to apply using this command to activate features You can change default feature license labels but they...

Page 195: ... network traffic Only install licenses in scheduled maintenance periods for devices in a live environment Examples To activate the license called IPv6 that has the key 12345678ABCDE123456789ABCDE use the command awplus license IPv6 12345678ABCDE123456789ABCDE To deactivate the license called IPv6 use the command awplus no license ipv6 Output Figure 4 1 Example of a license command entry to remove ...

Page 196: ...ion about all enabled licenses use the command awplus show license To display full information about the licenses with index number 1 use the command awplus show license index 1 Output Figure 4 2 Example output from show license Parameter Description feature Only display license information for any applied feature licenses label The license name to show information about This can be used instead o...

Page 197: ...gion Name of the region for the Base License features Index Index identifying entry The index is assigned automatically by the software It is not configured License name Name of the license key bundle case sensitive Customer name Customer name Quantity of licenses Quantity of licensed installations Type of license Full or Trial License issue date Date the license was generated License expiry date ...

Page 198: ... display a brief summary of information about all feature licenses use the command awplus show license feature brief Output Figure 4 3 Example output from show license brief Parameter Description feature Only display license information for any applied feature licenses label The license name to show information about This can be used instead of the index number to identify a specific license index...

Page 199: ...rief Parameter Description Board region Name of the region for the Base License features Index Index identifying entry The index is assigned automatically by the software It is not configured License name Name of the license key bundle case sensitive Quantity Quantity of licensed installations Customer name Customer name Type Full or Trial Period Expiry date for trial license Current enabled featu...

Page 200: ...s on stack member 2 use the command awplus show license brief member 2 To display a briefsummary aboutall enabledlicenses on all stack members use the command awplus show license brief member all To display a brief summary about the license name1 on all stack members use the command awplus show license name1 brief member all Output Figure 4 4 Example output from show license brief member Parameter...

Page 201: ...rief member Parameter Description Board region Name of the region for the Base License features Index Index identifying entry The index is assigned automatically by the software It is not configured License name Name of the license key bundle case sensitive Quantity Quantity of licensed installations Customer name Customer name Type Full or Trial Period Expiry date for trial license Current enable...

Page 202: ... show license member all command to display full list output of all licenses per stack member Examples To display full information about all enabled licenses on all stack members use the command awplus show license member all To display full information about all enabled licenses on stack member 2 use the command awplus show license member 2 To display full information about the license name1 on a...

Page 203: ...RP Index 2 License name PIM Trial Customer name PIM Trial Quantity of licenses 10 Type of license 30 day trial License issue date 12 Jul 2014 License expiry date 12 Jul 2014 Features included PIM PIM 100 Table 4 4 Parameters in the output of show license member Parameter Description Board region Name of the region for the Base License features Index Index identifying entry The index is assigned au...

Page 204: ...ption Licensing enables you to use Allied Telesis Management Framework AMF You need to purchase an AMF subscription for each AMF master or controller node in your AMF network To see which AMF subscriptions are available for your device see the AlliedWare Plus Datasheet For step by step instructions about how to license AlliedWare Plus devices see the Licensing Feature Overview and Configuration_Gu...

Page 205: ...he license to another stack member To do this 1 Check which stack member the license entitlement came from originally by using the command awplus show license external stored 2 Ifyou are replacingthatstack member inthe AlliedTelesisDownloadcenter transfer the license to another stack member s serial number 3 Download the CRF file from the Download Central Homepage locate your device type by clicki...

Page 206: ... update local_url Mode Privileged Exec Usage Subscription licenses can be loaded onto the device from the Allied Telesis Download Center Examples To load a license onto a device from a file called license_file bin use the following command awplus license update license_file bin Note that there must be a local version of the bin file on the device Related Commands license redistribute show license ...

Page 207: ...one of the stack members the source stack member The software then applies the license entitlement to all members of the stack If you need to modify the license for example to extend its expiry date you need to know which stack member you purchased the license for This lets you make sure you modify the source stack member s license instead of accidentally creating a new license for a different sta...

Page 208: ...AMF nodes 10 Start date 20 Apr 2017 00 00 Expiry date 20 Apr 2018 23 59 Maximum AMF nodes 50 AMF Controller Sourced from stack member 2 serial A04430H101200026 NOT PRESENT Currently licensed No Start date 10 Oct 2016 00 00 Expiry date 11 Oct 2017 23 59 Maximum AMF areas 80 WARNING The following features have license entitlements that were sourced from stack members that are no longer part of the s...

Page 209: ...s Introduction Overview This chapter provides an alphabetical reference of commands used to configure the GUI For more information see the Getting Started with Alliedware Plus Command List atmf topology gui enable on page 210 gui timeout on page 211 log event host on page 213 service http on page 214 show http on page 215 ...

Page 210: ... the GUI enabled by default Regular nodes not master or controller will always have it disabled Mode Global Configuration mode Usage This command is run from an AMF Master node Topology information about your network is displayed in the GUI For example Node Name status i e link state node status and recovery status Role i e Master or Controller and IP address Example To enable AMF Vista Manager on...

Page 211: ...ace and then enter the seconds If the GUI timeout is disabled a GUI session will remain active until you terminate it No idle time will be configured The same timeout period will apply to all GUI sessions logged into a specific stand alone device or stack Examples Use this command to configure the GUI timeout period for 3 minutes and 30 seconds for a GUI session awplus gui timeout 3 30 Use this co...

Page 212: ...C613 50102 01 REV C Command Reference for x510 Series 212 AlliedWare Plus Operating System Version 5 4 6 1 x GUI COMMANDS GUI TIMEOUT Related Commands show running config ...

Page 213: ...slog sends the messages out as they come NOTE There is a difference between log event and log host messages Log event messages are sent out as they come by syslog Log host messages are set to wait for a number of messages 20 to send them out together for traffic optimization Example To enable Node 1 to log event messages from host ipv6 address 192 0 2 31 use the following commands Node1 configure ...

Page 214: ...ommand to enable the HTTP Hypertext Transfer Protocol service This service which is enabled by default is required to support the AlliedWare Plus GUI Java applet on a Java enabled browser Use the no variant of this command to disable the HTTP feature Syntax service http no service http Default Enabled Mode Global Configuration Validation Commands show running config ...

Page 215: ...iew This command shows the HTTP server settings Syntax show http Mode User Exec and Privileged Exec Example To show the HTTP server settings use the command awplus show http Output Figure 6 2 Example output from the show http command Related Commands clear line vty service http awplus show http HTTP Server Configuration HTTP server Enabled Port 80 ...

Page 216: ...login system on page 220 banner motd on page 222 clock set on page 224 clock summer time date on page 225 clock summer time recurring on page 227 clock timezone on page 229 continuous reboot prevention on page 230 ecofriendly led on page 232 ecofriendly lpi on page 233 findme on page 235 findme trigger on page 237 hostname on page 238 max fib routes on page 240 max static routes on page 241 no deb...

Page 217: ...61 show memory history on page 263 show memory pools on page 265 show memory shared on page 266 show process on page 267 show reboot history on page 270 show router id on page 272 show system on page 273 show system environment on page 274 show system interrupts on page 275 show system mac on page 276 show system pci device on page 277 show system pci tree on page 278 show system serialnumber on p...

Page 218: ...ner exec banner text banner exec default no banner exec Default By default the AlliedWare Plus version and build date is displayed at console login such as Mode Global Configuration Examples To configure a User Exec mode banner after login in this example to tell people to use the enable command to move to Privileged Exec mode enter the following commands To restore the default User Exec mode bann...

Page 219: ...e banner after login enter the following commands Related Commands banner login system banner motd awplus configure terminal awplus config banner exec default awplus config exit awplus exit awplus login manager Password AlliedWare Plus TM 5 4 6 1 09 30 16 13 03 59 awplus awplus configure terminal awplus config no banner exec awplus config exit awplus exit awplus login manager Password awplus ...

Page 220: ...e login username and password prompts Use the no banner login command to disable the login banner Syntax banner login no banner login Default By default no login banner is displayed at console login Mode Global Configuration Examples To configure a login banner of Authorised users only to be displayed when you login enter the following commands To remove the login banner enter the following comman...

Page 221: ...Version 5 4 6 1 x SYSTEM CONFIGURATION AND MONITORING COMMANDS BANNER LOGIN SYSTEM Related Commands banner exec banner motd awplus configure terminal awplus config no banner login awplus config exit awplus exit awplus login manager Password AlliedWare Plus TM 5 4 6 1 09 30 16 13 03 59 awplus ...

Page 222: ... to delete the MotD banner Syntax banner motd motd text no banner motd Default By default the device displays the AlliedWare Plus OS version and build date when you login Mode Global Configuration Examples To configure a MotD banner of System shutdown at 6pm today to be displayed when you log in enter the following commands To delete the login banner enter the following commands Parameter Descript...

Page 223: ...n 5 4 6 1 x SYSTEM CONFIGURATION AND MONITORING COMMANDS BANNER MOTD Related Commands banner exec banner login system awplus enable awplus configure terminal awplus config no banner motd awplus config exit awplus exit awplus login manager Password AlliedWare Plus TM 5 4 6 1 09 30 16 13 03 59 awplus ...

Page 224: ...ffset to the local time NOTE If Network Time Protocol NTP is enabled then you cannot change the time or date using this command NTP maintains the clock automatically using an external time source If you wish to manually alter the time or date you must first disable NTP Example To set the time and date on your system to 2pm on the 2nd of October 2016 use the command awplus clock set 14 00 00 2 oct ...

Page 225: ...andard time and NZDT UTC 13 00 assummertime with thesummertimesetto begin on the 25th of September 2016 and end on the 2nd of April 2017 awplus config clock summer time NZDT date 25 sep 2 00 2016 2 apr 2 00 2017 60 To remove any summertime settings on the system use the command awplus config no clock summer time Parameter Description timezone name A description of the summertime zone up to 6 chara...

Page 226: ... C Command Reference for x510 Series 226 AlliedWare Plus Operating System Version 5 4 6 1 x SYSTEM CONFIGURATION AND MONITORING COMMANDS CLOCK SUMMER TIME DATE Related Commands clock summer time recurring clock timezone ...

Page 227: ...every year from now on start week Week of the month when summertime starts in the range 1 5 The value 5 indicates the last week that has the specified day in it for the specified month For example to start summertime on the last Sunday of the month enter 5 for start week and sun for start day start day Day of the week when summertime starts Valid values are mon tue wed thu fri sat or sun start mon...

Page 228: ...nition for New Zealand using NZST UTC 12 00 as the standard time and NZDT UTC 13 00 as summertime with summertime set to start on the last Sunday in September and end on the 1st Sunday in April use the command awplus config clock summer time NZDT recurring 5 sun sep 2 00 1 sun apr 2 00 60 To remove any summertime settings on the system use the command awplus config no clock summer time Related Com...

Page 229: ...t to the local time Examples To set the timezone to New Zealand Standard Time with an offset from UTC of 12 hours use the command awplus config clock timezone NZST plus 12 To set the timezone to Indian Standard Time with an offset from UTC of 5 30 hours use the command awplus config clock timezone IST plus 5 30 To set the timezone back to UTC with no offsets use the command awplus config no clock ...

Page 230: ...continuous reboot prevention period threshold action Default Continuous reboot prevention is disabled by default The default period value is 600 the default threshold value is 1 and the default action is linkdown Mode Global Configuration Usage Note that user initiated reboots via the CLI and software version auto synchronization reboots are not counted toward the threshold value Parameter Descrip...

Page 231: ...to stopreboot use the commands awplus configure terminal awplus config continuous reboot prevention period 500 action stopreboot To return the period and action to the defaults and keep the continuous reboot prevention feature enabled use the commands awplus configure terminal awplus config no continuous reboot prevention period action To disable continuous reboot prevention use the commands awplu...

Page 232: ...LED feature is enabled a change in port status will not affect the display of the associated LED When the eco friendly LED feature is disabled and power is returned to port LEDs the LEDs will correctly show the current state of the ports In a stacked environment enabling the eco friendly LED feature on the stack master will apply the feature to every member of the stack For an example of how to co...

Page 233: ...iendly lpi no ecofriendly lpi Default The eco friendly LPI feature is disabled by default Mode Interface Configuration for a switch port or Interface Configuration for a range of switch ports Usage For an example of how to configure a trigger to enable the eco friendly LPI feature see the Triggers Feature Overview and Configuration Guide All ports configured for LPI must support LPI in hardware an...

Page 234: ...ND MONITORING COMMANDS ECOFRIENDLY LPI To disable the eco friendly feature on a range of switch ports port1 0 2 port1 0 4 use the following commands awplus configure terminal awplus config interface port1 0 2 port1 0 4 awplus config if no ecofriendly lpi Related Commands duplex ecofriendly led show ecofriendly show interface speed ...

Page 235: ...estored automatically after either the default time or a specified timehas elapsed or a no findme command is used You can specify which interface or interfaces are flashed with the optional interface parameter You can specify a particular stack member with the optional member parameter All available interfaces are flashed by default NOTE The interface and member parameters are mutually exclusive E...

Page 236: ... twice Each alternate flash will be amber if that device has amber LEDs This pattern will repeat until timeout default or set or no findme commands are used To deactivate the Find Me feature use the following command awplus no findme To activate the Find Me feature for the default duration on stack member 2 use the following command awplus findme member 2 In the example above all ports on member 2...

Page 237: ...rash limit qsp no findme trigger all loopprot thrash limit qsp Default The findme trigger function is disabled Mode Global config Example To enable action LED flashing for the loop protection function awplus findme trigger loopprot Related Commands findme loop protection loop detect storm protection Parameter Description all Enable the find me function whenever any of the listed parameter conditio...

Page 238: ...with a numeric suffix For example awplus 1 awplus 2 and so on The hostname command can then be used to change the stack name and the stack master s host name For example for the hostname Lab the stack master s hostnamewill be Lab and theotherstackmemberswill havehostnames Lab 1 Lab 2 and so on In case of stack master fail over or stack split the new stack will use the previous stack name as its ho...

Page 239: ... awplus configure terminal awplus config hostname HQ Sales This changes the prompt to HQ Sales config To revert to the default hostname awplus use the command HQ Sales config no hostname This changes the prompt to awplus config NOTE When AMF is configured running the no hostname command will apply a hostname that is based on the MAC address of the device node for example node_0000_5e00_5301 Relate...

Page 240: ...tes to 2000 and warning threshold of 75 use the following commands awplus config terminal awplus config max fib routes 2000 75 Parameter Description max fib routes This is a the maximum number of routes that can be stored in the device s Forwarding Information dataBase In practice other practical system limits would prevent this maximum being reached 1 4294967294 The allowable configurable range f...

Page 241: ...nd to set the maximum number of static routes to the default of 1000 static routes Syntax max static routes 1 1000 no max static routes Default The default number of static routes is the maximum number of static routes 1000 Mode Global Configuration Example To reset the maximum number of static routes to the default maximum use the command awplus configure terminal awplus config no max static rout...

Page 242: ...ll To disable all 802 1X debugging use the command awplus no debug all dot1x To disable all IPv6 debugging use the command awplus no debug all ipv6 To disable all NSM debugging use the command awplus no debug all nsm To disable all OSPF debugging use the command awplus no debug all ospf To disable all VRRP debugging use the command awplus no debug all vrrp Related Commands undebug all Parameter De...

Page 243: ...arting the whole stack you can either use this reboot command to reboot all stack members immediately or to minimize downtime reboot the stack members in a rolling sequence by using the reboot rolling command Examples To restart a stand alone device use the command awplus reboot reboot system y n y To restart all devices in a stack use the command awplus reboot Are you sure you want to reboot the ...

Page 244: ...C Command Reference for x510 Series 244 AlliedWare Plus Operating System Version 5 4 6 1 x SYSTEM CONFIGURATION AND MONITORING COMMANDS RELOAD reload Overview This command performs the same function as the reboot command ...

Page 245: ...Oct 2016 01 56 06 0000 Timezone NZST Timezone Offset 12 00 Summer time zone NZDT Summer time starts Last Sunday in September at 02 00 00 Summer time ends First Sunday in April at 02 00 00 Summer time offset 60 mins Summer time recurring Yes Table 1 Parameters in the output of the show clock command Parameter Description Local Time Current local time UTC Time Current UTC time Timezone The current c...

Page 246: ...Reference for x510 Series 246 AlliedWare Plus Operating System Version 5 4 6 1 x SYSTEM CONFIGURATION AND MONITORING COMMANDS SHOW CLOCK Related Commands clock set clock summer time date clock summer time recurring clock timezone ...

Page 247: ...ous reboot prevention configuration Syntax show continuous reboot prevention Mode User Exec and Privileged Exec Examples To show the current continuous reboot prevention configuration use the command awplus show continuous reboot prevention Output Figure 7 2 Example output from the show continuous reboot prevention command Related Commands continuous reboot prevention show reboot history Continuou...

Page 248: ...c and Privileged Exec Examples To show the CPU utilization of current processes sorting them by the number of threads the processes are using use the command awplus show cpu sort thrds To show CPU utilization for a specific stack member in this example stack member 2 use the following command awplus show cpu 2 Parameter Description stack ID Stack member number from 1 to 8 sort Changes the sorting ...

Page 249: ...3 corerotate 1 0 0 20 sleep 0 0 853 syslog ng 1 0 0 20 sleep 0 356 859 klogd 1 0 0 20 sleep 0 1 910 inetd 1 0 0 20 sleep 0 3 920 portmap 1 0 0 20 sleep 0 0 931 crond 1 0 0 20 sleep 0 1 1090 openhpid 11 0 0 20 sleep 0 233 1111 hpilogd 1 0 0 20 sleep 0 0 1240 hsl 1 0 0 20 sleep 0 79 1453 authd 1 0 0 20 sleep 0 85 Table 2 Parameters in the output of the show cpu command Parameter Description Stack me...

Page 250: ... allocations show memory history show memory pools show process state Process state one of run sleep zombie and dead sleep Percentage of time that the process is in the sleep state runtime The time that the process has been running for measured in jiffies A jiffy is the duration of one tick of the system timer interrupt Table 2 Parameters in the output of the show cpu command cont Parameter Descri...

Page 251: ...output displays three graphs of the percentage CPU utilization per second for the last minute then per minute for the last hour then per 30 minutes for the last 30 hours If this command is entered on the stack master it will print graphs for all the stack members A stack member heading will be displayed to distinguish the different graphs for every stack member Examples To display a graph showing ...

Page 252: ...history command Per second CPU load history 100 90 80 70 60 50 40 30 20 10 Oldest Newest CPU load per second last 60 seconds average CPU load Per minute CPU load history 100 90 80 70 60 50 40 30 20 10 Oldest Newest CPU load per minute last 60 minutes average CPU load maximum Per 30 minute CPU load history 100 90 80 70 60 50 40 30 20 10 Oldest Newest CPU load per 30 minutes last 60 values 30 hours ...

Page 253: ...d Reference for x510 Series 253 AlliedWare Plus Operating System Version 5 4 6 1 x SYSTEM CONFIGURATION AND MONITORING COMMANDS SHOW CPU HISTORY Related Commands show memory show memory allocations show memory pools show process ...

Page 254: ...ged Exec Usage This command displays all debugging information similar to the way the show tech support command displays all show output for use by Allied Telesis authorized service personnel only Example To display all debugging information use the command awplus show debugging Output Figure 7 5 Example output from the show debugging command awplus show debugging AAA debugging status Authenticati...

Page 255: ...nd awplus show ecofriendly Front panel port LEDs normal Energy efficient ethernet Port Name Configured Status port1 0 1 Port 1 lpi lpi port1 0 2 lpi lpi port1 0 3 lpi lpi port1 0 4 off off port1 0 5 lpi off port1 0 6 Port 6 off off port1 0 7 off port1 0 8 off port1 0 9 off port1 0 10 off Table 3 Parameters in the output of the show ecofriendly command Parameter Description normal The eco friendly ...

Page 256: ...rriding the configuration set with the ecofriendly led command Power to the port LEDs is disabled Port Displays the port number as assigned by the switch Name Displays the port name if a name is configured for a port number Configured The eco friendly LPI feature is configured on the port Either LPI or off is displayed Status The eco friendly LPI feature is active on the port Either LPI or off is ...

Page 257: ...w interface port list memory Mode User Exec and Privileged Exec Example To display the shared memory used by all interfaces use the command awplus show interface memory To display the shared memory used by port1 0 1 and port1 0 5 to port1 0 6 use the command awplus show interface port1 0 1 port1 0 5 1 0 6 memory Parameter Description port list Display information about only the specified port or p...

Page 258: ...ef show interface status show interface switchport awplus show interface memory Vlan blocking state shared memory usage Interface shmid Bytes Used nattch Status port1 0 1 393228 512 1 port1 0 2 458766 512 1 port1 0 3 360459 512 1 port1 0 4 524304 512 1 port1 0 5 491535 512 1 port1 0 6 557073 512 1 lo 425997 512 1 po1 1179684 512 1 po2 1212453 512 1 sa3 1245222 512 1 awplus show interface port1 0 1...

Page 259: ...g processes use the command awplus show memory Output Figure 7 9 Example output from show memory Parameter Description stack ID Stack member number from 1 to 8 sort Changes the sorting order for the list of processes If you do not specify this then the list is sorted by percentage memory utilization size Sort by the amount of memory the process is currently using peak Sort by the amount of memory ...

Page 260: ...the show memory command Parameter Description Stack member Stack member number RAM total Total amount of RAM memory free free Available memory size buffers Memory allocated kernel buffers pid Identifier number for the process name Short name used to describe the process mem Percentage of memory utilization the process is currently using size Amount of memory currently used by the process peak Grea...

Page 261: ... the memory allocations used by all processes on your device use the command awplus show memory allocations Output Figure 7 10 Example output from the show memory allocations command Parameter Description process Displays the memory allocation used by the specified process awplus show memory allocations Memory allocations for imi Current 15093760 peak 15093760 Statically allocated memory binary ex...

Page 262: ...r x510 Series 262 AlliedWare Plus Operating System Version 5 4 6 1 x SYSTEM CONFIGURATION AND MONITORING COMMANDS SHOW MEMORY ALLOCATIONS Related Commands show memory show memory history show memory pools show memory shared show tech support ...

Page 263: ...stack ID Mode User Exec and Privileged Exec Usage This command s output displays three graphs of the percentage memory utilization per second for the last minute then per minute for the last hour then per 30 minutes for the last 30 hours Examples To show a graph displaying the historical memory usage for either a single unstacked device or a complete stack use the command awplus show memory histor...

Page 264: ...HOW MEMORY HISTORY Output Figure 7 11 Example output from the show memory history command Related Commands show memory allocations show memory pools show memory shared show tech support STACK member 1 Per minute memory utilization history 100 90 80 70 60 50 40 30 20 10 Oldest Newest Memory utilization per minute last 60 minutes average memory utilisation ...

Page 265: ...the memory pools used by processes use the command awplus show memory pools Output Figure 7 12 Example output from the show memory pools command Related Commands show memory allocations show memory history show tech support Parameter Description process Displays the memory pools used by the specified process awplus show memory pools Memory pools for imi Current 15290368 peak 15290368 Statically al...

Page 266: ...Ware Plus Feature Overview and Configuration Guide Syntax show memory shared Mode User Exec and Privileged Exec Example To display information about the shared memory allocation used on the device use the command awplus show memory shared Output Figure 7 13 Example output from the show memory shared command Related Commands show memory allocations show memory history show memory awplus show memory...

Page 267: ...ory usage for either a single unstacked device or a complete stack use the command awplus show memory history To show a graph displaying the historical memory usage for specific stack member stack member 2 in this example within a stack use the command awplus show memory history 2 Example To display a summary of the current running processes use the command awplus show process To display a summary...

Page 268: ...g ng 1 0 0 16 sleep 88 kernel threads pid name cpu pri state sleep 71 aio 0 0 20 sleep 0 3 events 0 0 10 sleep 98 Table 5 Parameters in the output from the show process command Parameter Description Stack member Stack member number CPU averages Average CPU utilization for the periods stated System load averages The average number of processes waiting for CPU time for the periods stated Current CPU...

Page 269: ...ONFIGURATION AND MONITORING COMMANDS SHOW PROCESS Related Commands show cpu show cpu history pri Process priority state Process state one of run sleep stop zombie or dead sleep Percentage of time the process is in the sleep state Table 5 Parameters in the output from the show process command cont Parameter Description ...

Page 270: ...equest 2016 10 10 01 35 31 Expected User Request 2016 10 10 01 16 25 Unexpected Rebooting due to critical process network nsm failure 2016 10 10 01 11 04 Unexpected Rebooting due to critical process network nsm failure 2016 10 09 20 46 40 Unexpected Rebooting due to VCS duplicate member ID 2016 10 09 19 56 16 Expected User Request 2016 10 09 20 36 06 Unexpected Rebooting due to VCS duplicate maste...

Page 271: ...boot prevention show tech support Continuous reboot prevention A continuous reboot prevention event has occurred The action taken is configured with the continuous reboot prevention command The next time period during which reboot events are counted begins from this event User request User initiated reboot via the CLI Table 6 Parameters in the output from the show reboot history command Parameter ...

Page 272: ...OUTER ID show router id Overview Use this command to show the Router ID of the current system Syntax show router id Mode User Exec and Privileged Exec Example To display the Router ID of the current system use the command awplus show router id Output Figure 7 16 Example output from the show router id command awplus show router id Router ID 10 55 0 2 automatic ...

Page 273: ...tion Guide Syntax show system Mode User Exec and Privileged Exec Example To display configuration information use the command awplus show system Output Figure 7 17 Example output from show system Related Commands show system environment awplus show system System Status Mon Nov 16 08 42 16 2015 Board ID Bay Board Name Rev Serial number Base 369 x510 28GTX A 0 A24SCA01M RAM Total 495792 kB Free 3849...

Page 274: ...view and Configuration Guide Syntax show system environment Mode User Exec and Privileged Exec Example To display the system s environmental status use the command awplus show system environment Output Figure 7 18 Example output from the show system environment command Related Commands show system Stack Environment Monitoring Status Stack member 1 Overall Status Normal Resource ID 1 Name x510 28GT...

Page 275: ... Example To display information about the number of interrupts for each IRQ in your device use the command awplus show system interrupts Output Figure 7 19 Example output from the show system interrupts command Related Commands show system environment awplus show system interrupts CPU0 1 2 CPM2 SIU Level Enabled 0 i2c mpc 2 145 CPM2 SIU Level Enabled 0 spi mpc 77 0 OpenPIC Level Enabled 0 enet_tx ...

Page 276: ...isplay the physical MAC address enter the following command awplus show system mac Output Figure 7 20 Example output from the show system mac command Output Figure 7 21 Example output showing how to use the stack virtual mac command and the show system mac command Related Commands stack virtual mac awplus show system mac eccd 6d9d 4eed system awplus configure terminal Enter configuration commands ...

Page 277: ...use the command awplus show system pci device Output Figure 7 22 Example output from the show system pci device command Related Commands show system environment show system pci tree awplus show system pci device 00 0c 0 Class 0200 11ab 00d1 rev 01 Flags bus master 66Mhz medium devsel latency 128 IRQ 113 Memory at 5ffff000 32 bit non prefetchable size 4K Memory at 58000000 32 bit non prefetchable s...

Page 278: ...command to display the PCI tree on your device Syntax show system pci tree Mode User Exec and Privileged Exec Example To display information about the PCI tree on your device use the command awplus show system pci tree Output Figure 7 23 Example output from the show system pci tree command Related Commands show system environment show system pci device awplus show system pci tree 00 0c 0 11ab 00d1...

Page 279: ...tion for the device For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show system serialnumber Mode User Exec and Privileged Exec Example To display the serial number information for the device use the command awplus show system serialnumber Output Figure 7 24 Example output from the show system seria...

Page 280: ...d saving files to external memory or a TFTP server whenever possible to avoid device lockup This method is not likely to be appropriate when running the working set option of AMF across a range of physically separated devices Syntax show tech support all atmf auth bgp card dhcpsn epsr firewall igmp ip ipv6 mld openflow ospf ospf6 pim rip ripng stack stp system tacacs update outfile filename Parame...

Page 281: ...ocols or specific protocols on your device so that it can then be analyzed for troubleshooting purposes The output of this command can be provided to technical support staff when reporting a problem Mode Privileged Exec Examples To produce the output needed by technical support staff use the command awplus show tech support ripng Display RIPNG specific information stack Display stacking device inf...

Page 282: ...figuration Usage This command is used to change the console asyn port speed Set the console speed to matchthetransmissionrateofthe device connectedto theconsole asyn port on your device Example To set the terminal console asyn0 port speed from the device to 57600 bps then exit the session use the commands awplus configure terminal awplus config line console 0 awplus config line speed 57600 awplus ...

Page 283: ...nd Reference for x510 Series 283 AlliedWare Plus Operating System Version 5 4 6 1 x SYSTEM CONFIGURATION AND MONITORING COMMANDS SPEED ASYN Related Commands clear line console line show running config show startup config speed ...

Page 284: ...5 4 6 1 x SYSTEM CONFIGURATION AND MONITORING COMMANDS SYSTEM TERRITORY DEPRECATED system territory deprecated Overview This command has been deprecated in Software Version 5 4 4 0 1 and later It now has no effect It is no longer useful to specify a system territory so there is no alternative command ...

Page 285: ...rminal or use the timeout option to stop displaying debugging output on the terminal after a set time Syntax terminal monitor 1 60 terminal no monitor Default Disabled Mode User Exec and Privileged Exec Examples To display debugging output on a terminal enter the command awplus terminal monitor To specify timeout of debugging output after 60 seconds enter the command awplus terminal monitor 60 To ...

Page 286: ...d Reference for x510 Series 286 AlliedWare Plus Operating System Version 5 4 6 1 x SYSTEM CONFIGURATION AND MONITORING COMMANDS UNDEBUG ALL undebug all Overview This command applies the functionality of the no debug all command ...

Page 287: ...es in optical power received over fiber cables For more information see the Pluggables and Cabling Feature Overview and Configuration_Guide Command List clear test cable diagnostics tdr on page 288 debug fiber monitoring on page 289 fiber monitoring action on page 291 fiber monitoring baseline on page 292 fiber monitoring enable on page 294 fiber monitoring interval on page 295 fiber monitoring se...

Page 288: ... cable diagnostics tdr Overview Use this command to clear the results of the last cable test that was run Syntax clear test cable diagnostics tdr Mode Privileged Exec Examples To clear the results of a previous cable diagnostics test use the following commands awplus clear test cable diagnostics tdr Related Commands show test cable diagnostics tdr test cable diagnostics tdr interface ...

Page 289: ...ec Privileged Exec Usage While debugging is enabled by this command for a port all the optical power readings for the port are sent to the console Example To enable debugging messages for active fiber monitoring of port 1 0 2 to be sent to the console use the commands awplus debug fiber monitoring interface port 1 0 2 awplus terminal monitor To disable debugging messages for active fiber monitorin...

Page 290: ... 522 Fiber monitor port2 0 1 Channel 1 Reading 1748 Baseline 1708 Threshold 1356 01 42 52 awplus Pluggable 522 Fiber monitor port2 0 1 Channel 1 Reading 1717 Baseline 1709 Threshold 1357 01 42 54 awplus Pluggable 522 Fiber monitor port2 0 1 Channel 1 Reading 1780 Baseline 1709 Threshold 1357 01 42 56 awplus Pluggable 522 Fiber monitor port2 0 1 Channel 1 Reading 1685 Baseline 1710 Threshold 1358 0...

Page 291: ...only generates a log message Example To set the device to send an SNMP notification when ports 1 0 1 or 1 0 2 receive reduced power use the commands awplus config interface port1 0 1 1 0 2 awplus config if fiber monitoring action trap To set the device to send an SNMP notification and to shut down the port when ports 1 0 1 or 1 0 2 receive reduced power use the commands awplus config interface por...

Page 292: ...caused by temperature fluctuations etc could lead to unnecessary alarms There are two ways to configure the baseline The first is to choose a number of readings to average This is the default and recommended method The second is to set a fixed value in units of x0 0001mW If a fixed value is required the easiest way is to enable fiber monitoring on the port and use the show system fiber monitoring ...

Page 293: ...C Command Reference for x510 Series 293 AlliedWare Plus Operating System Version 5 4 6 1 x PLUGGABLES AND CABLING COMMANDS FIBER MONITORING BASELINE Related Commands fiber monitoring interval fiber monitoring sensitivity ...

Page 294: ...ce or to remove all the configuration and state for the ports respectively Syntax fiber monitoring enable no fiber monitoring enable no fiber monitoring Default Active fiber monitoring is disabled by default Mode Interface Configuration mode for a fiber port Examples To enable active fiber monitoring on a ports 1 0 1 and 1 0 2 use the commands awplus config interface port1 0 1 1 0 2 awplus config ...

Page 295: ...e polling interval to the default 5 seconds Syntax fiber monitoring interval 2 60 no fiber monitoring interval Default The interval is set to 5 seconds by default Mode Interface configuration mode for a fiber port Example To set the fiber monitoring polling interval for port 1 0 2 to 30 seconds use the commands awplus config interface port1 0 2 awplus config if fiber monitoring interval 30 To rese...

Page 296: ...fined levels in decibels or to a fixed absolute delta in units of 0 0001mW The alarm thresholds can be seen in the show system fiber monitoring output The maximum absolute sensitivity configurable is 0 0025 mW Note that 0 0025 mW equates to a reduction of approximately 1dB at the maximum attenuation of an AT SPLX10 1 Example To set the fiber monitoring sensitivity for port 1 0 2 to a relative sens...

Page 297: ...rence for x510 Series 297 AlliedWare Plus Operating System Version 5 4 6 1 x PLUGGABLES AND CABLING COMMANDS FIBER MONITORING SENSITIVITY Related Commands fiber monitoring action fiber monitoring baseline show system fiber monitoring ...

Page 298: ...monitoring awplus show sys fiber monitoring Fiber Monitoring Status Reading units 0 0001mW Stack member 1 Interface port1 0 1 Status enabled Supported Supported pluggable Debugging disabled Interval 2 seconds Sensitivity 1 00dB Baseline type average of last 35 values greater than 50 Status Baseline value 496 Alarm threshold 393 Alarm no Last 12 Readings 498 498 498 498 498 498 498 498 498 498 498 ...

Page 299: ...d sensitivity threshold for optical power changes on this port Baseline type How the baseline optical power level is calculated either the average of the specified number of previous readings or a specified fixed value in 0 0001mW Status Current values for the following parameters Baseline value The baseline value calculated according to the configured baseline method in 0 0001mW Alarm threshold T...

Page 300: ...01 REV C Command Reference for x510 Series 300 AlliedWare Plus Operating System Version 5 4 6 1 x PLUGGABLES AND CABLING COMMANDS SHOW SYSTEM FIBER MONITORING fiber monitoring interval fiber monitoring sensitivity ...

Page 301: ...luggable Example To display brief information about pluggable transceivers installed in port1 0 25 through port1 0 26 use the command awplus show system pluggable port1 0 25 1 0 26 Output Figure 8 3 Example output from show system pluggable port1 0 25 1 0 26 Parameter Description port list The ports to display information about The port list can be a switch port e g port1 0 25 a continuous range o...

Page 302: ...ver Checking the manufacturing datecode with the vendor may be useful when determining Laser Diode aging issues For more information see How To Troubleshoot Fiber and Pluggable Issues in the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide SFP Laser Wavelength Specifies the laser wavelength of the installed pluggable transceiver Datecode Specifies the manufacturing dat...

Page 303: ... detail command displays the following information SFP Laser Wavelength Specifies the laser wavelength of the installed pluggable transceiver Single mode Fiber Specifies the link length supported by the pluggable transceiver using single mode fiber OM1 62 5μ m Fiber Specifies the link length in meters m or kilometers km supported by the pluggable transceiver using 62 5 micron multi mode fiber OM2 ...

Page 304: ...system pluggable detail Output Figure 8 4 Example output from the show system pluggable detail command for a specific port on a device awplus show system pluggable port1 0 25 detail System Pluggable Information Detail Port1 0 25 Vendor Name AGILENT Device Name HFCT 5710L Device Revision A Device Type 1000BASE LX Serial Number 0402142241184360 Manufacturing Datecode 040214 SFP Laser Wavelength Link...

Page 305: ...Ware Plus Feature Overview and Configuration Guide SFP Laser Wavelength Specifies the laser wavelength of the installed pluggable transceiver Single Mode Fiber Specifies the link length supported by the pluggable transceiver using single mode fiber OM1 62 5um Fiber Specifies the link length in μm micron supported by the pluggable transceiver using 62 5 micron multi mode fiber OM2 50um Fiber Specif...

Page 306: ...rn optical SFP and SFP transceivers support Digital Diagnostics Monitoring DDM functions Diagnostic monitoring features allow you to monitor real time parameters of the pluggable transceiver such as optical output power optical input power temperature laser bias current and transceiver supply voltage Additionally RX LOS Loss of Signal is shown when the received optical level is below a preset thre...

Page 307: ... Low 12 589 0 040 Rx LOS Rx Down Port1 0 26 Status Alarms Warnings Reading Alarm Max Min Warning Max Min Temp Degrees C 29 387 100 00 40 00 85 000 10 00 Vcc Volts 3 378 3 630 2 970 3 465 3 135 Tx Bias mA 2 802 6 000 1 000 5 000 1 000 Tx Power mW 2 900 11 000 0 600 10 000 0 850 Rx Power mW 1 739 18 000 0 000 10 000 0 200 Rx LOS Rx Up Table 11 Parameters in the output from the show system pluggables...

Page 308: ...tometer on a fixed copper cable port The displayed status of the cable can be either OK Open Short within pair Short across pair Error Syntax show test cable diagnostics tdr Mode Privileged Exec Examples To show the results of a cable diagnostics test use the following command awplus show test cable diagnostics tdr Output Figure 8 6 Example output from the show test cable diagnostics tdr command R...

Page 309: ... The displayed status of the cable can be either OK Short within pair or Open The Open or Short status is accompanied with the distance from the source port to the incorrect termination Syntax test cable diagnostics tdr interface interface Mode Privileged Exec Example To run a cable test on the cable inserted into port1 0 1 use the following command awplus test cable diagnostics tdr interface port...

Page 310: ... on page 314 clear log permanent on page 315 default log buffered on page 316 default log console on page 317 default log email on page 318 default log host on page 319 default log monitor on page 320 default log permanent on page 321 log buffered on page 322 log buffered filter on page 323 log buffered exclude on page 326 log buffered size on page 329 log console on page 330 log console filter on...

Page 311: ... source on page 356 log host time on page 357 log monitor filter on page 359 log monitor exclude on page 362 log permanent on page 365 log permanent filter on page 366 log permanent exclude on page 369 log permanent size on page 372 log rate limit nsm on page 373 log trustpoint on page 375 show counter log on page 376 show exception log on page 377 show log on page 378 show log config on page 380 ...

Page 312: ...OG clear exception log Overview This command resets the contents of the exception log but does not remove the associated core files NOTE When this command is used within a stacked environment it will remove the contents of the exception logs in all stack members Syntax clear exception log Mode Privileged Exec Example awplus clear exception log ...

Page 313: ...tents of the buffered and permanent logs NOTE When this command is used within a stacked environment it will remove the contents of the buffered and permanent logs in all stack members Syntax clear log Mode Privileged Exec Example To delete the contents of the buffered and permanent log use the command awplus clear log Related Commands clear log buffered clear log permanent show log ...

Page 314: ...ed log NOTE When this command is used within a stacked environment it will remove the contents of the buffered logs in all stack members Syntax clear log buffered Mode Privileged Exec Example To delete the contents of the buffered log use the following commands awplus clear log buffered Related Commands default log buffered log buffered log buffered filter log buffered size log buffered exclude sh...

Page 315: ...OTE When this command is used within a stacked environment it will remove the contents of the permanent logs in all stack members Syntax clear log permanent Mode Privileged Exec Example To delete the contents of the permanent log use the following commands awplus clear log permanent Related Commands default log permanent log permanent log permanent filter log permanent exclude log permanent size s...

Page 316: ... the buffered log is 50 kB and it accepts messages with the severity level of warnings and above Syntax default log buffered Default The buffered log is enabled by default Mode Global Configuration Example To restore the buffered log to its default settings use the following commands awplus configure terminal awplus config default log buffered Related Commands clear log buffered log buffered log b...

Page 317: ...sages sent to the terminal when a log console command is issued By default all messages are sent to the console when a log console command is issued Syntax default log console Mode Global Configuration Example To restore the log console to its default settings use the following commands awplus configure terminal awplus config default log console Related Commands log console log console filter log ...

Page 318: ...ill be sent This command also restores the remote syslog server time offset value to local no offset Syntax default log email email address Mode Global Configuration Example To restore the default settings for log messages sent to the email address admin alliedtelesis com use the following commands awplus configure terminal awplus config default log email admin alliedtelesis com Related Commands l...

Page 319: ...ges will be sent This command also restores the remote syslog server time offset value to local no offset Syntax default log host ip addr Mode Global Configuration Example To restore the default settings for messages sent to the remote syslog server with IP address 10 32 16 21 use the following commands awplus configure terminal awplus config default log host 10 32 16 21 Related Commands log host ...

Page 320: ... sent to the terminal when a terminal monitor command is used Syntax default log monitor Default All messages are sent to the terminal when a terminal monitor command is used Mode Global Configuration Example To restore the log monitor to its default settings use the following commands awplus configure terminal awplus config default log monitor Related Commands log monitor filter log monitor exclu...

Page 321: ...manent log is 50 kB and it accepts messages with the severity level of warnings and above Syntax default log permanent Default The permanent log is enabled by default Mode Global Configuration Example To restore the permanent log to its default settings use the following commands awplus configure terminal awplus config default log permanent Related Commands clear log permanent log permanent log pe...

Page 322: ... be deleted to make way for new ones Syntax log buffered no log buffered Default The buffered log is configured by default Mode Global Configuration Examples To configured the device to store log messages in RAM use the following commands awplus configure terminal awplus config log buffered To configure the device to not store log messages in a RAM buffer use the following commands awplus configur...

Page 323: ...e to send to the buffered log The level can be specified as one of the following numbers or level names where 0 is the highest severity and 7 is the lowest severity 0 emergencies System is unusable 1 alerts Action must be taken immediately 2 critical Critical conditions 3 errors Error conditions 4 warnings Warning conditions 5 notices Normal but significant conditions 6 informational Informational...

Page 324: ...IMISH epsr Ethernet Protection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protection poe Power inline Power over Ethernet dhcpsn DHCP snooping DHCPSN facility Filter messages to the buffered log by syslog facility facility Specify one of the following syslog facilities to include messages from in the buffered log kern Kernel messages user Random user level messages mail Mail system d...

Page 325: ...ollowing commands awplus configure terminal awplus config log buffered msgtext Bridging initialization To remove a filter that sends all messages generated by EPSR that have a severity of notices or higher to the buffered log use the following commands awplus configure terminal awplus config no log buffered level notices program epsr To remove a filter that sends all messages containing the text B...

Page 326: ... the specified severity level level The severity level to exclude The level can be specified as one of the following numbers or level names where 0 is the highest severity and 7 is the lowest severity 0 emergencies System is unusable 1 alerts Action must be taken immediately 2 critical Critical conditions 3 errors Error conditions 4 warnings Warning conditions 5 notices Normal but significant cond...

Page 327: ...tection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protection poe Power inline Power over Ethernet dhcpsn DHCP snooping DHCPSN facility Exclude messages from a syslog facility facility Specify one of the following syslog facilities to exclude messages from kern Kernel messages user Random user level messages mail Mail system daemon System daemons auth Security authorization messages ...

Page 328: ...LUDE Example To remove messages that contain the string example of irrelevant message use the following commands awplus configure terminal awplus config log buffered exclude msgtext example of irrelevant message Related Commands clear log buffered default log buffered log buffered log buffered filter log buffered size show log show log config ...

Page 329: ...ion has been filled old messages will be deleted to make room for new messages Syntax log buffered size 50 250 Mode Global Configuration Example To allow the buffered log to use up to 100 kB of RAM use the following commands awplus configure terminal awplus config log buffered size 100 Related Commands clear log buffered default log buffered log buffered log buffered filter log buffered exclude sh...

Page 330: ... the no variant of this command to configure the device not to send log messages to consoles Syntax log console no log console Mode Global Configuration Examples To configure the device to send log messages use the following commands awplus configure terminal awplus config log console To configure the device not to send log messages in all consoles use the following commands awplus configure termi...

Page 331: ...e highest severity and 7 is the lowest severity 0 emergencies System is unusable 1 alerts Action must be taken immediately 2 critical Critical conditions 3 errors Error conditions 4 warnings Warning conditions 5 notices Normal but significant conditions 6 informational Informational messages 7 debugging Debug level messages program Filter messages by program Include messages from a specified progr...

Page 332: ... epsr Ethernet Protection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protection poe Power inline Power over Ethernet dhcpsn DHCP snooping DHCPSN facility Filter messages by syslog facility facility Specify one of the following syslog facilities to include messages from kern Kernel messages user Random user level messages mail Mail system daemon System daemons auth Security authorizat...

Page 333: ...s config log console msgtext Bridging initialization To remove a filter that sends all messages generated by EPSR that have a severity of notices or higher to consoles use the following commands awplus configure terminal awplus config no log console level notices program epsr To remove a default filter that includes sending critical alert and emergency level messages to the console use the followi...

Page 334: ...Parameter Description level Exclude messages of the specified severity level level The severity level to exclude The level can be specified as one of the following numbers or level names where 0 is the highest severity and 7 is the lowest severity 0 emergencies System is unusable 1 alerts Action must be taken immediately 2 critical Critical conditions 3 errors Error conditions 4 warnings Warning c...

Page 335: ...r Ethernet Protection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protection poe Power inline Power over Ethernet dhcpsn DHCP snooping DHCPSN facility Exclude messages from a syslog facility facility Specify one of the following syslog facilities to exclude messages from kern Kernel messages user Random user level messages mail Mail system daemon System daemons auth Security authoriza...

Page 336: ...CONSOLE EXCLUDE Mode Global configuration Example To remove messages that contain the string example of irrelevant message use the following commands awplus configure terminal awplus config log console exclude msgtext example of irrelevant message Related Commands default log console log console log console filter show log config ...

Page 337: ...ss Default By default no filters are defined for email log targets Filters must be defined before messages will be sent Mode Global Configuration Example To have log messages emailed to the email address admin alliedtelesis com use the following commands awplus configure terminal awplus config log email admin alliedtelesis com Related Commands default log email log email filter log email exclude l...

Page 338: ...to send logging messages to level Filter messages by severity level level The minimum severity of message to send The level can be specified as one of the following numbers or level names where 0 is the highest severity and 7 is the lowest severity 0 emergencies System is unusable 1 alerts Action must be taken immediately 2 critical Critical conditions 3 errors Error conditions 4 warnings Warning ...

Page 339: ...ings EPSR rmon Remote Monitoring loopprot Loop Protection poe Power inline Power over Ethernet dhcpsn DHCP snooping DHCPSN facility Filter messages by syslog facility facility Specify one of the following syslog facilities to include messages from kern Kernel messages user Random user level messages mail Mail system daemon System daemons auth Security authorization messages syslog Messages generat...

Page 340: ... address admin alliedtelesis com use the following commands awplus configure terminal awplus config log email admin alliedtelesis com level informational To stop the device emailing log messages emailed to the email address admin alliedtelesis com use the following commands awplus configure terminal awplus config no log email admin homebase com To remove a filter that sends all messages generated ...

Page 341: ...t string Parameter Description level Exclude messages of the specified severity level level The severity level to exclude The level can be specified as one of the following numbers or level names where 0 is the highest severity and 7 is the lowest severity 0 emergencies System is unusable 1 alerts Action must be taken immediately 2 critical Critical conditions 3 errors Error conditions 4 warnings ...

Page 342: ... Ethernet Protection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protection poe Power inline Power over Ethernet dhcpsn DHCP snooping DHCPSN facility Exclude messages from a syslog facility facility Specify one of the following syslog facilities to exclude messages from kern Kernel messages user Random user level messages mail Mail system daemon System daemons auth Security authorizat...

Page 343: ...AIL EXCLUDE Mode Global configuration Example To remove messages that contain the string example of irrelevant message use the following commands awplus configure terminal awplus config log email exclude msgtext example of irrelevant message Related Commands default log email log email log email filter log email time show log config ...

Page 344: ...d Use the offset option if the email recipient is in a different time zone to this device Specify the time offset of the email recipient in hours Messages will display the time they were generated on this device but converted to the time zone of the email recipient Parameter Description email address The email address to send log messages to time Specify the time difference between the email recip...

Page 345: ... information converted to the time zone of the email recipient which is 3 hours ahead of the device s local time zone use the following commands awplus configure terminal awplus config log email admin base com time local offset plus 3 To send messages to the email address user remote com with the time information converted to the time zone of the email recipient which is 3 hours behind the device ...

Page 346: ... local5 local6 local7 no log facility Default None the outgoing syslog facility depends on the log message Mode Global Configuration Parameter Description kern Kernel messages user User level messages mail Mail system daemon System daemons auth Security authorization messages syslog Messages generated internally by the syslog daemon lpr Line printer subsystem news Network news subsystem uucp UNIX ...

Page 347: ...eries 347 AlliedWare Plus Operating System Version 5 4 6 1 x LOGGING COMMANDS LOG FACILITY Example To specify a facility of local0 use the following commands awplus configure terminal awplus config log facility local0 Related Commands show log config ...

Page 348: ... chain that terminates with the root CA certificate for any of the trustpoints that are associated with the application The remote server may also request that a certificate is transmitted from the local device In this situation the first trustpoint added to the syslog application will be transmitted to the remote server Examples To configurethedeviceto send log messages to a remotesecuresyslog se...

Page 349: ...C613 50102 01 REV C Command Reference for x510 Series 349 AlliedWare Plus Operating System Version 5 4 6 1 x LOGGING COMMANDS LOG HOST log host time log trustpoint show log config ...

Page 350: ...log server level Filter messages by severity level level The minimum severity of message to send The level can be specified as one of the following numbers or level names where 0 is the highest severity and 7 is the lowest severity 0 emergencies System is unusable 1 alerts Action must be taken immediately 2 critical Critical conditions 3 errors Error conditions 4 warnings Warning conditions 5 noti...

Page 351: ...ing loopprot Loop Protection poe Power inline Power over Ethernet dhcpsn DHCP snooping DHCPSN facility Filter messages by syslog facility facility Specify one of the following syslog facilities to include messages from kern Kernel messages user Random user level messages mail Mail system daemon System daemons auth Security authorization messages syslog Messages generated internally by syslogd lpr ...

Page 352: ...21 use the following commands awplus configure terminal awplus config log host 10 32 16 21 level informational To remove a filter that sends all messages generated by EPSR that have a severity of notices or higher to a remote syslog server with IP address 10 32 16 21 use the following commands awplus configure terminal awplus config no log host 10 32 16 21 level notices program epsr To remove a fi...

Page 353: ...meter Description level Exclude messages of the specified severity level level The severity level to exclude The level can be specified as one of the following numbers or level names where 0 is the highest severity and 7 is the lowest severity 0 emergencies System is unusable 1 alerts Action must be taken immediately 2 critical Critical conditions 3 errors Error conditions 4 warnings Warning condi...

Page 354: ... Ethernet Protection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protection poe Power inline Power over Ethernet dhcpsn DHCP snooping DHCPSN facility Exclude messages from a syslog facility facility Specify one of the following syslog facilities to exclude messages from kern Kernel messages user Random user level messages mail Mail system daemon System daemons auth Security authorizat...

Page 355: ...CLUDE Mode Global configuration Example To remove messages that contain the string example of irrelevant message use the following commands awplus configure terminal awplus config log host exclude msgtext example of irrelevant message Related Commands default log host log host log host filter log host source log host time show log config ...

Page 356: ...no variant of this command to stop specifying a source interface or address Syntax log host source interface name ipv4 addr ipv6 addr no log host source Default None no source is configured Mode Global Configuration Example To send syslog messages from 192 168 1 1 use the commands awplus configure terminal awplus config log host source 192 168 1 1 Related Commands default log host log host log hos...

Page 357: ... remote syslog server in hours Messages will display the time they were generated on this device but converted to the time zone of the remote syslog server Examples To send messages to the remote syslog server with the IP address 10 32 16 21 in the same time zone as the device s local time zone use the following commands awplus configure terminal awplus config log host 10 32 16 21 time local 0 Par...

Page 358: ...ime zone use the following commands awplus configure terminal awplus config log host 10 32 16 12 time local offset plus 3 To send messages to the remote syslog server with the IP address 10 32 16 02 with the time information converted to the time zone of the email recipient which is 3 hours behind the device s UTC time zone use the following commands awplus configure terminal awplus config log hos...

Page 359: ...level names where 0 is the highest severity and 7 is the lowest severity 0 emergencies System is unusable 1 alerts Action must be taken immediately 2 critical Critical conditions 3 errors Error conditions 4 warnings Warning conditions 5 notices Normal but significant conditions 6 informational Informational messages 7 debugging Debug level messages program Filter messages by program Include messag...

Page 360: ...Rings EPSR rmon Remote Monitoring loopprot Loop Protection poe Power inline Power over Ethernet dhcpsn DHCP snooping DHCPSN facility Filter messages by syslog facility facility Specify one of the following syslog facilities to include messages from kern Kernel messages user Random user level messages mail Mail system daemon System daemons auth Security authorization messages syslog Messages genera...

Page 361: ... awplus configure terminal awplus config log monitor level info program auth To remove a filter that sends all messages generated by EPSR that have a severity of notices or higher to the terminal use the following commands awplus configure terminal awplus config no log monitor level notices program epsr To remove a default filter that includes sending everything to the terminal use the following c...

Page 362: ...g Parameter Description level Exclude messages of the specified severity level level The severity level to exclude The level can be specified as one of the following numbers or level names where 0 is the highest severity and 7 is the lowest severity 0 emergencies System is unusable 1 alerts Action must be taken immediately 2 critical Critical conditions 3 errors Error conditions 4 warnings Warning...

Page 363: ...r Ethernet Protection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protection poe Power inline Power over Ethernet dhcpsn DHCP snooping DHCPSN facility Exclude messages from a syslog facility facility Specify one of the following syslog facilities to exclude messages from kern Kernel messages user Random user level messages mail Mail system daemon System daemons auth Security authoriza...

Page 364: ...NITOR EXCLUDE Mode Global configuration Example To remove messages that contain the string example of irrelevant message use the following commands awplus configure terminal awplus config log monitor exclude msgtext example of irrelevant message Related Commands default log monitor log monitor filter show log config terminal monitor ...

Page 365: ... to make way for new messages The no variant of this command configures the device not to send any messages to the permanent log Log messages will not be retained over a restart Syntax log permanent no log permanent Mode Global Configuration Examples To enable permanent logging use the following commands awplus configure terminal awplus config log permanent To disable permanent logging use the fol...

Page 366: ...erity of message to send The level can be specified as one of the following numbers or level names where 0 is the highest severity and 7 is the lowest severity 0 emergencies System is unusable 1 alerts Action must be taken immediately 2 critical Critical conditions 3 errors Error conditions 4 warnings Warning conditions 5 notices Normal but significant conditions 6 informational Informational mess...

Page 367: ...ll IMISH epsr Ethernet Protection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protection poe Power inline Power over Ethernet dhcpsn DHCP snooping DHCPSN facility Filter messages by syslog facility facility Specify one of the following syslog facilities to include messages from kern Kernel messages user Random user level messages mail Mail system daemon System daemons auth Security au...

Page 368: ...g use the following commands awplus configure terminal awplus config log permanent level notices program epsr To create a filter to send all messages containing the text Bridging initialization to the permanent log use the following commands awplus configure terminal awplus config log permanent msgtext Bridging initialization Related Commands clear log permanent default log permanent log permanent...

Page 369: ...ssages of the specified severity level level The severity level to exclude The level can be specified as one of the following numbers or level names where 0 is the highest severity and 7 is the lowest severity 0 emergencies System is unusable 1 alerts Action must be taken immediately 2 critical Critical conditions 3 errors Error conditions 4 warnings Warning conditions 5 notices Normal but signifi...

Page 370: ...tection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protection poe Power inline Power over Ethernet dhcpsn DHCP snooping DHCPSN facility Exclude messages from a syslog facility facility Specify one of the following syslog facilities to exclude messages from kern Kernel messages user Random user level messages mail Mail system daemon System daemons auth Security authorization messages ...

Page 371: ...mple To remove messages that contain the string example of irrelevant message use the following commands awplus configure terminal awplus config log permanent exclude msgtext example of irrelevant message Related Commands clear log permanent default log permanent log permanent log permanent filter log permanent size show log config show log permanent ...

Page 372: ...n filled old messages will be deleted to make room for new messages Syntax log permanent size 50 250 Mode Global Configuration Example To allow the permanent log to use up to 100 kB of NVS use the following commands awplus configure terminal awplus config log permanent size 100 Related Commands clear log permanent default log permanent log permanent log permanent filter log permanent exclude show ...

Page 373: ...his log rate limiting feature constrains the rate that log messages are generated by the device Notethatif withinthe giventimeinterval thenumberoflogmessages exceeds the limit then any excess log messages are discarded At the end of the time interval a single log message is generated indicating that log messages were discarded due to the log rate limit being exceeded Thus if the expectation is tha...

Page 374: ...lliedWare Plus Operating System Version 5 4 6 1 x LOGGING COMMANDS LOG RATE LIMIT NSM To return the device the default setting to generate up to 200 log messages per second use the following commands awplus configure terminal awplus config no log rate limit nsm ...

Page 375: ...he certificate received from the remote server must have an issuer chain that terminates with the root CA certificate for any of the trustpoints that are associated with the application If no trustpoints are specified in the command the trustpoint list will be unchanged If no log trustpoint is issued without specifying any trustpoints then all trustpoints will be disassociated from the application...

Page 376: ...ceived P4 32 Total Received P5 312 Total Received P6 1602 Total Received P7 372 Table 1 Parameters in output of the show counter log command Parameter Description Total Received Total number of messages received by the log Total Received P0 Total number of Priority 0 Emergency messages received Total Received P1 Total number of Priority 1 Alert messages received Total Received P2 Total number of P...

Page 377: ...me facility severity program pid message 2014 Jan 27 09 57 47 local7 debug awplus corehandler Process imish PID 3746 signal 11 core dumped to flash imish x610 5 4 3 3 7 1 1390816667 3746 tgz 2014 Jan 27 09 57 47 local7 debug awplus corehandler Process imish PID 2504 signal 11 core dumped to flash imish x610 5 4 3 3 7 1 1390816667 2504 tgz 2014 Jan 27 09 58 02 local7 debug awplus corehandler Proces...

Page 378: ...tion Usage If the optional tail parameter is specified only the latest 10 messages in the buffered log are displayed A numerical value can be specified after the tail parameter to select how many of the latest messages should be displayed The show log command is only available to users at privilege level 7 and above To set a user s privilege level use the command awplus config username name privil...

Page 379: ... notice awplus kernel Linux version 2 6 32 12 at1 mak er awpmaker03 dl gcc version 4 3 3 Gentoo 4 3 3 r3 p1 2 pie 10 1 5 1 Wed Dec 8 11 53 40 NZDT 2010 2011 Aug 29 07 55 22 kern warning awplus kernel No pci config register base in dev tree using default 2011 Aug 29 07 55 23 kern notice awplus kernel Kernel command line console tty S0 9600 releasefile x510 5 4 6 1 1 rel ramdisk 14688 bootversion 1 ...

Page 380: ...ple To display the logging configuration use the command awplus show log config Output Figure 9 4 Example output from the show log config command Facility default PKI trustpoints example_trustpoint Buffered log Status enabled Maximum size 100kb Filters 1 Level notices Program any Facility any Message text any 2 Level informational Program auth Facility daemon Message text any Statistics 1327 messa...

Page 381: ...annot be set at the same time If console logging is enabled then the terminal logging is turned off Related Commands show counter log show log show log permanent Host 10 32 16 21 Time offset 2 00 Offset type UTC Source Secured enabled Filters 1 Level critical Program any Facility any Message text any Statistics 1327 messages received 1 accepted by filter 2016 Oct 11 10 36 16 Email admin alliedtele...

Page 382: ... permanent log permanent Parameter Description stack ID Stack member number from 1 to 8 tail Display only the latest log entries 10 250 Specify the number of log entries to display awplus show log permanent 2 Stack member 2 date time facility severity program pid message 2014 Feb 25 09 10 48 daemon crit awplus 2 HPI HOTSWAP Pluggable 2 0 51 hotswapped in AT StackXS 1 0 2014 Feb 25 09 10 48 daemon ...

Page 383: ... 01 REV C Command Reference for x510 Series 383 AlliedWare Plus Operating System Version 5 4 6 1 x LOGGING COMMANDS SHOW LOG PERMANENT log permanent filter log permanent exclude log permanent size show log config ...

Page 384: ...IG LOG show running config log Overview This command displays the current running configuration of the Log utility Syntax show running config log Mode Privileged Exec and Global Configuration Example To display the current configuration of the log utility use the command awplus show running config log Related Commands show log show log config ...

Page 385: ...nce for x510 Series 385 AlliedWare Plus Operating System Version 5 4 6 1 x Scripting Commands Introduction Overview This chapter provides commands used for command scripts Command List activate on page 386 echo on page 387 wait on page 388 ...

Page 386: ... filename extension of either sh or scp only for the AlliedWare Plus CLI to activate the script file The sh filename extension indicates the file is an ASH script and the scp filename extension indicates the file is an AlliedWare Plus script Examples To activate a command script to run as a background process use the command awplus activate background test scp Related Commands configure terminal e...

Page 387: ...to the terminal followed by a blank line Syntax echo line Mode User Exec and Privileged Exec Usage This command may be useful in CLI scripts to make the script print user visible comments Example To echo the string Hello World to the console use the command awplus echo Hello World Output Related Commands activate wait Parameter Description line The string to echo Hello World ...

Page 388: ...m the command line Usage Use this command to pause script execution in an scp AlliedWare Plus script or an sh ASH script file executed by the activate command The script must contain an enable command because the wait command is only executed in the Privileged Exec mode Example See an scp script file extract below that will show port counters for interface port1 0 1 over a 10 second interval Relat...

Page 389: ... chapter provides an alphabetical reference of commands used to configure and display interfaces Command List description interface on page 390 interface to configure on page 391 mru on page 393 mtu on page 395 show interface on page 397 show interface brief on page 400 show interface memory on page 401 show interface status on page 403 shutdown on page 405 ...

Page 390: ...nd to add a description to a specific port or interface Syntax description description Mode Interface Configuration Example The following example uses this command to describe the device that a switch port is connected to awplus configure terminal awplus config interface port1 0 2 awplus config if description Boardroom PC Parameter Description description Text describing the specific interface ...

Page 391: ...bility and simplify management information gathering and filtering One example of this increased reliability is for OSPF to advertise a local loopback interface as an interface route into the network irrespective of the physical links that may be up or down at the time This provides a higher probability that the routing traffic will be received and subsequently forwarded Mode Global Configuration ...

Page 392: ... 1 x INTERFACE COMMANDS INTERFACE TO CONFIGURE The following example shows how to enter Interface mode to configure the local loopback interface awplus configure terminal awplus config interface lo awplus config if Related Commands ip address IP Addressing and Protocol show interface show interface brief ...

Page 393: ...g additional components Source and Destination addresses EtherType field Priority and VLAN tag fields FCS These additional components increase the frame size internally to 1522 bytes Syntax mru mru size no mru Default The default MRU size is 1500 bytes for switch ports Mode Interface Configuration for switch ports Usage Note that show interface output will only show MRU size for switch ports Examp...

Page 394: ... AlliedWare Plus Operating System Version 5 4 6 1 x INTERFACE COMMANDS MRU To restore the MRU size of 1500 bytes on port1 0 2 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if no mru Related Commands show interface ...

Page 395: ... device will send an ICMP destination unreachable 3 packet type and a fragmentation needed and DF set 4 code back to the source For IPv6 packets bigger than the MTU size of the transmitting VLAN interface an ICMP packet too big ICMP type 2 code 0 message is sent to the source Note that show interface output will only show MTU size for VLAN interfaces Examples To configure an MTU size of 1500 bytes...

Page 396: ...C613 50102 01 REV C Command Reference for x510 Series 396 AlliedWare Plus Operating System Version 5 4 6 1 x INTERFACE COMMANDS MTU Related Commands show interface ...

Page 397: ...ize for VLAN interfaces and MRU Maximum Received Unit size for switch ports Example To display configuration and status information for all interfaces use the command awplus show interface Parameter Description interface list The interfaces or ports to configure An interface list can be an interface such as a VLAN e g vlan2 a switch port e g port1 0 6 a static channel group e g sa2 or a dynamic LA...

Page 398: ...rdware is Ethernet address is 0000 cd24 daeb index 5001 metric 1 mru 1500 UP BROADCAST RUNNING MULTICAST current duplex full current speed 1000 configured duplex auto configured speed auto configured polarity auto current ecofriendly lpi configured ecofriendly lpi SNMP link status traps Sending Suppressed after 20 traps in 60 sec input packets 2396 bytes 324820 dropped 0 multicast packets 2370 out...

Page 399: ...AST RUNNING MULTICAST SNMP link status traps Disabled Bandwidth 1g input packets 295606 bytes 56993106 dropped 5 multicast packets 156 output packets 299172 bytes 67379392 multicast packets 0 broadcast packets 0 Time since last state change 0 days 14 22 39 Interface vlan2 Scope both Link is DOWN administrative state is UP Hardware is VLAN address is 0015 77e9 5c50 IPv4 address 192 168 2 1 24 broad...

Page 400: ...c and Privileged Exec Output Figure 11 4 Example output from the show interface brief command Related Commands show interface show interface memory awplus show int brief Interface Status Protocol port1 0 1 admin up down port1 0 2 admin up down port1 0 3 admin up down port1 0 4 admin up down port1 0 5 admin up down port1 0 6 admin up running lo admin up running vlan1 admin up down vlan2 admin up do...

Page 401: ...ort list memory Mode User Exec and Privileged Exec Example To display the shared memory used by all interfaces use the command awplus show interface memory To display the shared memory used by port1 0 1 and port1 0 5 to port1 0 6 use the command awplus show interface port1 0 1 port1 0 5 1 0 6 memory Parameter Description port list Display information about only the specified port or ports The port...

Page 402: ...rface status show interface switchport awplus show interface memory Vlan blocking state shared memory usage Interface shmid Bytes Used nattch Status port1 0 1 393228 512 1 port1 0 2 458766 512 1 port1 0 3 360459 512 1 port1 0 4 524304 512 1 port1 0 5 491535 512 1 port1 0 6 557073 512 1 lo 425997 512 1 po1 1179684 512 1 po2 1212453 512 1 sa3 1245222 512 1 awplus show interface port1 0 1 port1 0 5 1...

Page 403: ... separated by a hyphen e g port1 0 1 1 0 6 or sa1 2 or po1 2 a comma separated list of ports and port ranges e g port1 0 1 port1 0 4 1 0 6 Do not mix switch ports static channel groups and dynamic LACP channel groups in the same list Table 2 Example output from the show interface port list status command awplus show interface port1 0 1 1 0 4 status Port Name Status Vlan Duplex Speed Type port1 0 1...

Page 404: ...ate promiscuous it displays the primary VLAN ID if it has one and promiscuous if it does not have a VLAN ID When the VLAN mode is private host it displays the primary and secondary VLAN IDs When the port is an Eth port it displays none there is no VLAN associated with it When the VLAN is dynamically assigned it displays the current dynamically assigned VLAN ID not the access VLAN ID or dynamic if ...

Page 405: ...regator and its component ports as admin down While the aggregator is down the device accepts shutdown and no shutdown commands on component ports but these have no effect on port status Ports will not come up again while the aggregator is down Example To shut down port1 0 2 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if shutdown To bring up port1 0 2...

Page 406: ...rence of commands used to configure Port Mirroring and Remote Mirroring also known as RSPAN For more information see the Mirroring Feature Overview and Configuration Guide Command List mirror interface on page 407 remote mirror interface on page 409 show mirror on page 411 show mirror interface on page 412 show remote mirror on page 413 switchport remote mirror egress on page 415 vlan mode remote ...

Page 407: ... Description source port list The source switch ports to mirror A port list can be a port e g port1 0 2 a continuous range of ports separated by a hyphen e g port1 0 1 1 0 2 a comma separated list of ports and port ranges e g port1 0 1 port1 0 4 1 0 6 The source port list cannot include dynamic or static channel groups link aggregators direction Specifies whether to mirror traffic that the source ...

Page 408: ...sed to mirror a subset of traffic from the mirrored port by using the copy to mirror parameter in hardware ACL commands Example To mirror traffic received and transmitted on port1 0 4 and port1 0 5 to destination port1 0 3 use the commands awplus configure terminal awplus config interface port1 0 3 awplus config if mirror interface port1 0 4 port1 0 5 direction both To enable use with the access l...

Page 409: ...o remote mirror interface port list direction receive transmit no remote mirror interface none Default No ports are set to be remote mirrored by default Mode Interface Configuration Usage To prevent unwanted processing of mirrored traffic we recommend configuring remote monitoring on the receiving device before configuring it on the source device Parameter Description port list The ports from whic...

Page 410: ... egress port on the source device for remote mirroring remote mirror interface command All mirrored ports on a single device must use the same remote mirror VLAN and priority Access control lists can be used to mirror a subset of traffic from the mirrored port by using the copy to mirror parameter in hardware ACL commands Example To configure the source device to send all the traffic that it recei...

Page 411: ...tput Figure 12 1 Example output from the show mirror command Mirror Test Port Name port1 0 1 Mirror option Enabled Mirror direction both Monitored Port Name port1 0 2 Mirror Test Port Name port1 0 3 Mirror option Enabled Mirror direction receive Monitored Port Name port1 0 4 Mirror Test Port Name port1 0 3 Mirror option Enabled Mirror direction receive Monitored Port Name port1 0 1 Mirror Test Por...

Page 412: ...ce port Mode User Exec Privileged Exec and Interface Configuration Example To display port mirroring configuration for the port1 0 4 use the following commands awplus configure terminal awplus config interface port1 0 4 awplus config if show mirror interface port1 0 4 Output Figure 12 2 Example output from the show mirror interface command Parameter Description port The monitored switch port to di...

Page 413: ... User priority 0 Monitored ports port1 0 1 direction both Remote mirror egress ports Remote mirror VLANs VLAN 259 Table 12 1 Parameters in the output from show remote mirror Parameter Description Remote mirror destination On the source device this displays information about the egress port for the mirrored traffic on the source device the remote mirroring VLAN ID this traffic is tagged with on egr...

Page 414: ...ror vlan Remote mirror egress ports On the destination device this displays the remote mirror egress ports the remote mirror VLANs they are associated with Remote mirror VLANs On source destination and intermediate devices this displays a list of any VLANs configured in remote mirror VLAN mode To see a list of the ports associated with these VLANs use the command show vlan brief Table 12 1 Paramet...

Page 415: ...rored traffic we recommend configuring remote monitoring on the receiving device before configuring it on the source device This command would typically be used for the port that transmits the remote mirrored traffic to a device that will analyze it The port effectively functions as an access port in the remote mirror VLAN with the added feature of not allowing ingress traffic on the port Example ...

Page 416: ...onfiguring the source device The remote mirror VLAN operates in a special mode all traffic on the remote mirror VLAN is flooded and no learning or CPU processing is done for packets in the VLAN BPDU packets link local packets used to control features like spanning tree or AMF are dropped on remote mirror VLANs Disabling the remote mirroring VLAN on the source switch does not prevent the mirrored p...

Page 417: ...0102 01 REV C Command Reference for x510 Series 417 AlliedWare Plus Operating System Version 5 4 6 1 x PORT MIRRORING AND REMOTE MIRRORING COMMANDS VLAN MODE REMOTE MIRROR VLAN switchport remote mirror egress ...

Page 418: ...Plus Operating System Version 5 4 6 1 x Interface Testing Commands Introduction Overview This chapter provides an alphabetical reference of commands used for testing interfaces Command List clear test interface on page 419 service test on page 420 test interface on page 421 ...

Page 419: ...Syntax clear test interface port list all Mode Privileged Exec Examples To clear the counters for port1 0 1 use the command awplus clear test interface port1 0 1 To clear the counters for all interfaces use the command awplus clear test interface all Related Commands test interface Parameter Description port list The ports to test A port list can be a switch port e g port1 0 6 a continuous range o...

Page 420: ...ter entering this command enter Interface Configuration mode for the desired interfaces and enter the command test interface Do not test interfaces on a device that is part of a live network disconnect the device first Use the no variant of this command to stop the test service Syntax service test no service test Mode Global Configuration Example To put the device into a test state use the command...

Page 421: ...d 100 NOTE Do not run test interface on live networks because this will degrade network performance Syntax test interface port list all time 1 60 cont no test interface port list all Mode Privileged Exec Parameter Description port list The ports to test A port list can be a switch port e g port1 0 6 a continuous range of ports separated by a hyphen e g port1 0 1 port1 0 6 a comma separated list of...

Page 422: ...d enter the following commands awplus config service test awplus config no spanning tree rstp enable bridge forward awplus config interface vlan1 awplus config if shutdown awplus config if end awplus test interface all To see the output use the commands awplus show test awplus show test count To start the test on all interfaces for 1 minute use the command awplus test interface all time 1 Related ...

Page 423: ...C613 50102 01 REV C Command Reference for x510 Series 423 AlliedWare Plus Operating System Version 5 4 6 1 x Part 2 Layer Two Switching ...

Page 424: ... on page 428 clear mac address table dynamic on page 429 clear mac address table static on page 431 clear port counter on page 432 clear port security intrusion on page 433 debug loopprot on page 436 debug platform packet on page 437 duplex on page 439 flowcontrol switch port on page 441 linkflap action on page 443 loop protection loop detect on page 444 loop protection action on page 445 loop pro...

Page 425: ...isabled on page 463 show interface switchport on page 464 show loop protection on page 465 show mac address table on page 467 show mac address table thrash limit on page 469 show platform on page 470 show platform classifier statistics utilization brief on page 472 show platform port on page 473 show port security interface on page 477 show port security intrusion on page 478 show storm control on...

Page 426: ...plex mode The flow control applied by the flowcontrol switch port command operates only on full duplex links whereas back pressure operates only on half duplex links If a port has insufficient capacity to receive further frames the device will simulate a collision by transmitting a CSMACD jamming signal from this port until the buffer empties The jamming signal causes the sending device to stop tr...

Page 427: ...ion 5 4 6 1 x SWITCHING COMMANDS BACKPRESSURE Todisablebackpressureflowcontroloninterfaceport1 0 2enterthefollowing commands awplus configure terminal awplus config interface port1 0 2 awplus config if backpressure off Validation Commands show running config show interface Related Commands duplex ...

Page 428: ...e Loop Protection counters Syntax clear loop protection interface port list counters Mode Privileged Exec Examples To clear the counter information for all interfaces awplus clear loop protection counters To clear the counter information for a single port awplus clear loop protection interface port1 0 1 counters Parameters Description interface The interface whose counters are to be cleared port l...

Page 429: ...mac address table static command Note that an MSTP instance cannot be specified with the command clear mac address table static Examples This example shows how to clear all dynamically learned filtering database entries for all interfaces addresses VLANs awplus clear mac address table dynamic This example shows how to clear all dynamically learned filtering database entries when learned through de...

Page 430: ...C ADDRESS TABLE DYNAMIC This example shows how to clear all dynamically learned filtering database entries whenlearnedthroughdeviceoperationforagivenMSTP instance1 on switchport interface port1 0 2 awplus clear mac address table dynamic interface port1 0 2 instance 1 Related Commands clear mac address table static show mac address table ...

Page 431: ...r all filtering database entries for a specific interface configured through the CLI awplus clear mac address table static interface port1 0 3 This example shows how to clear filtering database entries configured through the CLI for the mac address 0000 5E00 5302 awplus clear mac address table static address 0000 5E00 5302 Related Commands clear mac address table dynamic mac address table static s...

Page 432: ...RT COUNTER clear port counter Overview Use this command to clear the packet counters of the port Syntax clear port counter port Mode Privileged Exec Example To clear the packet counter for port1 0 1 use the command awplus clear port counter port1 0 1 Related Commands show platform port Parameter Description port The port number or range ...

Page 433: ...trusion interface port Mode Privileged Exec Examples To see the port security status on port1 0 1 use the following command awplus show port security interface port1 0 1 To see the intrusion list on port1 0 1 use the following command awplus show port security intrusion interface port1 0 1 Parameter Description port Specify the switch port from which the history of violated address entries will be...

Page 434: ...wplus show port security intrusion interface port1 0 1 Table 2 Example output from the show port security intrusion command awplus show port security intrusion interface port1 0 1 Port Security Intrusion List Interface port1 0 1 1 intrusion s detected 801f 0200 19da Table 3 Example output from the show port security interface command awplus show port security interface port1 0 1 Port Security conf...

Page 435: ...rating System Version 5 4 6 1 x SWITCHING COMMANDS CLEAR PORT SECURITY INTRUSION Related Commands show port security interface show port security intrusion switchport port security switchport port security aging switchport port security maximum switchport port security violation ...

Page 436: ...opprot info msg pkt state nsm all Mode Privileged Exec and Global Configuration Example To enable debug for all state transitions use the command awplus debug loopprot state Related Commands show debugging loopprot undebug loopprot Parameter Description info General Loop Protection information msg Received and transmitted Loop Detection Frames LDFs pkt Echo raw ASCII display of received and transm...

Page 437: ...ace packets sent and received by the CPU If a timeout is not specified then a default 5 minute timeout will be applied If a timeout of 0 is specified packet debug will be generated until the no variant of this command is used or another timeout value is specified The timeout value applies to both send and receive debug and is updated whenever the debug platform packet command is used Examples To e...

Page 438: ...f 5 minutes enter awplus debug platform packet sflow To enable send packet debug with no timeout enter awplus debug platform packet send timeout 0 To enable VLAN packet debug for VLAN 2 with a timeout duration of 3 minutes enter awplus debug platform packet vlan 2 timeout 150 To disable receive packet debug enter awplus no debug platform packet recv Related Commands show debugging platform packet ...

Page 439: ... LACP channel group must have the same port speed and be in full duplex mode Once switch ports have been aggregated into a channel group you can set the duplex mode of all the switch ports in the channel group by applying this command to the channel group Examples To specify full duplex for port1 0 4 enter the following commands awplus configure terminal awplus config interface port1 0 4 awplus co...

Page 440: ...C613 50102 01 REV C Command Reference for x510 Series 440 AlliedWare Plus Operating System Version 5 4 6 1 x SWITCHING COMMANDS DUPLEX Related Commands backpressure polarity speed show interface ...

Page 441: ...and cannot receive any more traffic it notifies the other port to stop sending until the condition clears When the local device detects congestion at its end it notifies the remote device by sending a pause frame On receiving a pause frame the remote device stops sending data packets which prevents loss of data packets during the congestion period Flow control is not recommended when running QoS o...

Page 442: ...ort1 0 2 awplus config if flowcontrol receive on awplus configure terminal awplus config interface port1 0 2 awplus config if flowcontrol send on awplus configure terminal awplus config interface port1 0 2 awplus config if flowcontrol receive off awplus configure terminal awplus config interface port1 0 2 awplus config if flowcontrol send off Validation Commands show running config Related Command...

Page 443: ...ll shut down Use the no variant of this command to disable flapping detection at this rate Syntax linkflap action shutdown no linkflap action Default Linkflap action is disabled by default Mode Global Configuration Example To enable the linkflap action command on the device use the following commands awplus configure terminal awplus config linkflap action shutdown Parameter Description linkflap Gl...

Page 444: ...verview and Configuration Guide for relevant conceptual configuration and overview information prior to applying this command Example To enable the loop detect mechanism on the switch and generate loop detect frames once every 5 seconds use the following commands awplus configure terminal awplus config loop protection loop detect ldf interval 5 Related Commands loop protection action loop protecti...

Page 445: ...nd overview information prior to applying this command Example To disable the interface port1 0 4 and bring the link down when a network loop is detected use the commands awplus configure terminal awplus config interface port1 0 4 awplus config if loop protection action link down Related Commands loop protection loop detect loop protection timeout show loop protection thrash limiting Parameter Des...

Page 446: ...o variant of this command to reset the loop protection action delay time for an interface to default Syntax loop protection action delay time 0 86400 no loop protection action Default Action delay timer is disabled by default Mode Interface Configuration Example To configure a loop protection action delay time of 10 seconds on port 1 0 4 use the commands awplus configure terminal awplus config int...

Page 447: ...rotection section in the Switching Feature Overview and Configuration Guide for relevant conceptual configuration and overview information prior to applying this command Example To configure a loop protection action timeout of 10 seconds for port1 0 4 use the command awplus configure terminal awplus config interface port1 0 4 awplus config if loop protection timeout 10 Related Commands loop protec...

Page 448: ...ress table acquire Overview Use this command to enable MAC address learning on the device Use the no variant of this command to disable learning Syntax mac address table acquire no mac address table acquire Default Learning is enabled by default for all instances Mode Global Configuration Example awplus configure terminal awplus config mac address table acquire ...

Page 449: ...fault of 300 seconds 5 minutes Syntax mac address table ageing time ageing timer none no mac address table ageing time Default The default ageing time is 300 seconds Mode Global Configuration Examples The following commands specify various ageing timeouts on the device awplus configure terminal awplus config mac address table ageing time 1000 awplus configure terminal awplus config mac address tab...

Page 450: ...c address table logging no mac address table logging Default MAC address table logging is disabled by default Mode User Exec Privileged Exec Usage When MAC address table logging is enabled the switch produces the following messages Note that rapid changes may not be logged For example if an entry is added and then removed within a few seconds those actions may not be logged To see whether MAC addr...

Page 451: ...hed traffic within a single VLAN Do not apply the mac address table static command to Layer 3 switched traffic passing from one VLAN to another VLAN Frames will not be discarded across VLANs because packets are routed across VLANs This command only works on Layer 2 traffic Example awplus configure terminal awplus config mac address table static 2222 2222 2222 forward interface port1 0 4 vlan 3 Rel...

Page 452: ... disable thrash limiting Syntax mac address table thrash limit rate no mac address table thrash limit Default No thrash limiting Mode Global Configuration Usage Use this command to limit thrashing on the selected port range Example To apply a thrash limit of 100 MAC address flips per second awplus configure terminal awplus config mac address table thrash limit 100 Related Commands show mac address...

Page 453: ...erated Syntax platform hwfilter size ipv4 limited ipv6 ipv4 full ipv6 Default The default mode is ipv4 limited ipv6 Mode Global Configuration Example To configure hardware ACLs to filter IPv4 and IPv6 traffic use the following commands awplus configure terminal awplus config platform hwfilter size ipv4 full ipv6 Related Commands show platform ipv6 access list named Parameter Description hwfilter s...

Page 454: ... of inputs you must turn off the inputs you do not want Useful combinations of inputs include all four inputs MAC address IP address and Layer 4 port number MAC address and Ethertype MAC address only IP address and Layer 4 port number IP address only The following examples show how to configure some of these combinations Use the show platform command to verify this command s setting Parameter Desc...

Page 455: ...move Ethertype by entering awplus configure terminal awplus config no platform load balancing ethertype To use MAC addresses and Ethertype remove the IP inputs by entering awplus configure terminal awplus config no platform load balancing src dst ip src dest port To use MAC addresses only remove the other inputs by entering awplus configure terminal awplus config no platform load balancing src dst...

Page 456: ...g mc flooding no platform stop unreg mc flooding Default This feature is disabled by default Mode Global Configuration Usage This command stops the periodic flooding of unknown or unregistered multicast packets when the Group Membership interval timer expires and there are no subscribers to a multicast group If there is multicast traffic in a VLAN without subscribers multicast traffic temporarily ...

Page 457: ... To enable this feature and stop multicast packet flooding use the following commands awplus configure terminal awplus config platform stop unreg mc flooding To disable this feature and allow multicast packet flooding use the following commands awplus configure terminal awplus config no platform stop unreg mc flooding Related Commands show platform show running config ...

Page 458: ...nd 1522 bytes you must increase the MRU size to activate VLAN stacking Go into interface mode for the appropriate ports and use the mru command Syntax platform vlan stacking tpid tpid no platform vlan stacking tpid Default The default TPID value is 0x8100 Mode Global Configuration Examples To set the VLAN stacking TPID value to 0x9100 use the following commands awplus configure terminal awplus con...

Page 459: ...ty applies to copper 10BASE T 100BASE T and 1000BASE T switch ports It does not apply to fiber ports See the MDI MDIX Connection Modes section in the Switching Feature Overview and Configuration Guide for more information Example To set the polarity for port1 0 6 to fixed MDI mode use the following commands awplus configure terminal awplus config interface port1 0 6 awplus config if polarity mdi P...

Page 460: ...NDS SHOW DEBUGGING LOOPPROT show debugging loopprot Overview This command shows Loop Protection debugging information Syntax show debugging loopprot Mode User Exec and Privileged Exec Example To display the enabled Loop Protection debugging modes use the command awplus show debugging loopprot Related Commands debug loopprot ...

Page 461: ...show debugging platform packet Overview This command shows platform to CPU level packet debugging information Syntax show debugging platform packet Mode User Exec and Privileged Exec Example To display the platform packet debugging information use the command awplus show debugging platform packet Related Commands debug platform packet undebug platform packet ...

Page 462: ...flowcontrol interface port Mode User Exec and Privileged Exec Example To display the flow control for the port1 0 5 use the command awplus show flowcontrol interface port1 0 5 Output Figure 14 1 Example output from the show flowcontrol interface command for a specific interface Parameter Description port Specifies the name of the port to be displayed Port Send FlowControl Receive FlowControl RxPau...

Page 463: ...ocols responsible for the shutdown Syntax show interface interface range err disabled Mode User Exec and Privileged Exec Example To show which protocols have shut down ports use the commands awplus show interface err disabled Output Figure 14 2 Example output from show interface err disabled Parameter Description interface range Interface range err disabled Brief summary of interfaces shut down by...

Page 464: ...ivileged Exec Example To display VLAN information about each switch port enter the command awplus show interface switchport Output Figure 14 3 Example output from the show interface switchport command Related Commands show interface memory Interface name port1 0 1 Switchport mode access Ingress filter enable Acceptable frame types all Default Vlan 2 Configured Vlans 2 Interface name port1 0 2 Swit...

Page 465: ...guration status use the command awplus show loop protection Figure 14 4 Example output from the show loop protection command To display the counter information use the command awplus show loop protection counters Figure 14 5 Example output from the show loop protection counters command Parameter Description interface The interface selected for display port list A port a port range or an aggregated...

Page 466: ...liedWare Plus Operating System Version 5 4 6 1 x SWITCHING COMMANDS SHOW LOOP PROTECTION awplus show loop protection counters Switch Loop Detection Counter Interface Tx Rx Rx Invalid Last LDF Rx port1 0 1 vlan1 60 0 0 port1 0 2 vlan1 0 0 0 port1 0 3 vlan1 0 0 0 ...

Page 467: ...ample output captured when packets were switched and mac addresses were learned Note the new mac addresses learned for port1 0 4 and port1 0 6 added as dynamic entries Note the first column of the output below shows VLAN IDs if multiple VLANs are configured Also note manually configured static mac addresses are shown to the right of the type column awplus show mac address table VLAN Port MAC State...

Page 468: ... table static mac address table static mac address table vcs sync mode awplus config mac address table static 0000 1111 2222 for int port1 0 3 vlan 2 awplus config end awplus awplus show mac address table VLAN Port MAC State 1 unknown 0000 cd28 0752 static 1 port1 0 2 0030 846e bac7 dynamic 2 port1 0 3 0000 1111 2222 static 2 unknown 0000 cd28 0752 static 2 port1 0 5 0030 846e 9bf4 dynamic ARP 000...

Page 469: ...nd to display the current thrash limit set for all interfaces on the device Syntax show mac address table thrash limit Mode User Exec and Privileged Exec Example To display the current use the following command awplus show mac address table thrash limit Output Figure 14 6 Example output from the show mac address table thrash limit command Related Commands mac address table thrash limit Thrash limi...

Page 470: ...rc32l stop unreg mc flooding off Vlan stacking TPID 0x8100 Hardware Filter Size ipv4 limited ipv6 Table 5 Parameters in the output of the show platform command Parameter Description MAC vlan hashing algorithm The MAC VLAN hash key generating algorithm set with the platform mac vlan hashing algorithm command The default algorithm is crc32l The algorithm may need to be changed in rare circumstances ...

Page 471: ...the TPID set in the Ethernet type field when a frame has a double VLAN tag set with the platform vlan stacking tpid command Hardware Filter Size Whether hardware ACLs can filter on IPv6 addresses ipv4 full ipv6 or not ipv4 limited ipv6 This is set with the platform hwfilter size command Table 5 Parameters in the output of the show platform command cont Parameter Description ...

Page 472: ... represents of the total available Syntax show platform classifier statistics utilization brief Mode Privileged Exec Example To display the platform classifier utilization statistics use the following command awplus show platform classifier statistics utilization brief Output Figure 14 8 Output from the show platform classifier statistics utilization brief command Related Commands show platform aw...

Page 473: ...ples To display port registers for port1 0 1 and port1 0 2 use the following command awplus show platform port port1 0 1 port1 0 2 To display platform counters for port1 0 1 and port1 0 2 use the following command awplus show platform port port1 0 1 port1 0 2 counters Parameter Description port list The ports to display information about A port list can be a continuous range of ports separated by ...

Page 474: ...on for lport 0x08002003 Phy Driver 54680 Gigabit PHY Driver enabled 1 loopback 0 link 1 speed 1000 max speed 1000 duplex 1 linkscan 2 autonegotiate 1 master 2 tx pause 0 rx pause 0 untagged vlan 4000 vlan filter 3 stp state 4 learn 5 discard 0 jam 0 max frame size 1500 MC Disable SA no MC Disable TTL no MC egress untag 0 MC egress vid 1 MC TTL threshold 1 Table 6 Parameters in the output from the ...

Page 475: ...tet packets received and transmitted General Counters Receive Counters for traffic received Octets Number of octets received Pkts Number of packets received FCSErrors Number of FCS Frame Check Sequence error events received UnicastPkts Number of unicast packets received MulticastPkts Number of multicast packets received BroadcastPkts Number of broadcast packets received PauseMACCtlFrms Number of P...

Page 476: ...rral Frame counter FrmWExcesDefer Transmit Multiple Deferral Frame counter SingleCollsnFrm Transmit Single Collision Frame counter MultCollsnFrm Transmit Multiple Collision Frame counter LateCollisions Transmit Late Collision Frame counter ExcessivCollsns Transmit Excessive Collision Frame counter Collisions Transmit Total Collision counter Layer 3 Counters ifInUcastPkts Inbound interface Unicast ...

Page 477: ... Figure 14 10 Example output from the show port security interface command Related Commands clear port security intrusion show port security intrusion switchport port security switchport port security aging switchport port security maximum switchport port security violation Parameter Description port The port to display information about The port may be a switch port e g port1 0 4 a static channel...

Page 478: ... security intrusion interface port1 0 1 Output Figure 14 11 Example output from the show port security intrusion command for port 1 0 1 Related Commands clear port security intrusion show port security interface switchport port security switchport port security aging switchport port security maximum switchport port security violation Parameter Description interface Specify a port port The port to ...

Page 479: ...er Exec and Privileged Exec Example To display storm control information for port1 0 2 use the following command awplus show storm control port1 0 2 Output Figure 14 12 Example output from the show storm control command for port1 0 2 Related Commands storm control level Parameter Description port The port to display information about The port may be a switch port e g port1 0 4 a static channel gro...

Page 480: ... 100Base FX ports which do not support auto negotiation so default to 100Mbps Usage Switch ports in a static or dynamic LACP channel group must have the same port speed and be in full duplex mode Once switch ports have been aggregated into a channel group you can set the speed of all the switch ports in the channel group by applying this command to the channel group NOTE If multiple speeds are spe...

Page 481: ...eed enter the following commands awplus configure terminal awplus config interface port1 0 49 awplus config if speed auto To set the port to auto negotiate its speed at 1000Mbps only enter the following commands awplus configure terminal awplus config interface port1 0 49 awplus config if speed auto 1000 Related Commands duplex ecofriendly lpi polarity show interface speed asyn ...

Page 482: ...ode Interface Configuration Usage Flooding techniques are used to block the forwarding of unnecessary flooded traffic A packet storm occurs when a large number of broadcast packets are received on a port Forwarding these packets can cause the network to slow down or time out Example To limit broadcast traffic on port1 0 2 to 30 of the maximum port speed use the following commands awplus configure ...

Page 483: ...ntax switchport port security no switchport port security Mode Interface Configuration Examples To enable the port security feature on port1 0 4 use the following commands awplus configure terminal awplus config interface port1 0 4 awplus config if switchport port security To disable the port security feature on port1 0 4 use the following commands awplus configure terminal awplus config interface...

Page 484: ... Examples To set port1 0 4 so that the MAC addresses that have been learned by port security age out use the following commands awplus configure terminal awplus config interface port1 0 4 awplus config if switchport port security aging To stop the MAC addresses that have been learned by port security from aging out on port1 0 4 use the following commands awplus configure terminal awplus config int...

Page 485: ...it will be ignored and the specified intrusion action for the port will be carried out Syntax switchport port security maximum 0 256 no switchport port security maximum Mode Interface Configuration Examples To learn 3 MAC addresses on port1 0 4 use the following commands awplus configure terminal awplus config interface port1 0 4 awplus config if switchport port security maximum 3 To remove the MA...

Page 486: ...iolation action to default The default violation action is protect Syntax switchport port security violation shutdown restrict protect no switchport port security violation Mode Interface Configuration Examples To set the action to be shutdown on port1 0 4 use the following commands awplus configure terminal awplus config interface port1 0 4 awplus config if switchport port security violation shut...

Page 487: ...ing this command Examples To set the action to learn disable for port1 0 4 use the following commands awplus configure terminal awplus config interface port1 0 4 awplus config if thrash limiting action learn disable To block all traffic on a vlan use the following command awplus configure terminal awplus config thrash limiting action vlan disable To set the thrash limiting timeout to 5 seconds use...

Page 488: ... set the thrash limiting action to its default use the following command awplus config if no thrash limiting action To set the thrash limiting timeout to its default use the following command awplus config if no thrash limiting timeout Related Commands loop protection loop detect loop protection action loop protection timeout show loop protection ...

Page 489: ...Command Reference for x510 Series 489 AlliedWare Plus Operating System Version 5 4 6 1 x SWITCHING COMMANDS UNDEBUG LOOPPROT undebug loopprot Overview This command applies the functionality of the no debug loopprot command ...

Page 490: ...erence for x510 Series 490 AlliedWare Plus Operating System Version 5 4 6 1 x SWITCHING COMMANDS UNDEBUG PLATFORM PACKET undebug platform packet Overview This command applies the functionality of the no debug platform packet command ...

Page 491: ...ion on page 498 show port vlan forwarding priority on page 499 show interface switchport vlan translation on page 500 show vlan on page 501 show vlan classifier group on page 502 show vlan classifier group interface on page 503 show vlan classifier interface group on page 504 show vlan classifier rule on page 505 show vlan private vlan on page 506 show vlan statistics on page 507 switchport access...

Page 492: ... on page 522 switchport vlan translation on page 523 switchport vlan translation default drop on page 524 switchport vlan stacking double tagging on page 525 switchport voice dscp on page 526 switchport voice vlan on page 527 switchport voice vlan priority on page 530 vlan on page 531 vlan classifier activate on page 532 vlan classifier group on page 533 vlan classifier rule ipv4 on page 534 vlan ...

Page 493: ...ed interchangeably Syntax clear vlan statistics name instance_name Mode Privileged Exec Examples To reset all packet counters for the packet counter instance vlan2 data awplus clear vlan statistics name vlan2 data To reset all packet counters for all packet counter instances awplus clear vlan statistics Related Commands show vlan statistics vlan statistics Parameter Description vlan statistics The...

Page 494: ...e default highest priority protocol back to the default of EPSR For more information about EPSR see the EPSR Feature Overview and Configuration Guide Syntax port vlan forwarding priority epsr loop protection none no port vlan forwarding priority Default By default the highest priority protocol is EPSR Mode Global Configuration Usage Only one of EPSR Loop Protection and MAC Thrashing protection usu...

Page 495: ... data VLAN configured to VLAN interface vlan20 The EPSR master node has a second data VLAN configured to VLAN interface vlan30 Initially the EPSR ring is complete with port1 0 2 blocking data VLANs vlan20 and vlan30 and some broadcast traffic flowing through If the user removes vlan30 from EPSR a storm is created on vlan30 MAC thrashing protection detects it and blocks vlan30 Then after the storm ...

Page 496: ...e terminal awplus config port vlan forwarding priority loop protection To set EPSR Loop Protection and MAC Thrashing protection protocols to have equal priority for port forwarding and blocking which allows the protocols to override each other to set a port to the forwarding or blocking states use the commands awplus configure terminal awplus config port vlan forwarding priority none To restore th...

Page 497: ...ted primary Mode VLAN Configuration Examples awplus configure terminal awplus config vlan database awplus config vlan vlan 2 name vlan2 state enable awplus config vlan vlan 3 name vlan3 state enable awplus config vlan vlan 4 name vlan4 state enable awplus config vlan private vlan 2 primary awplus config vlan private vlan 3 isolated awplus config vlan private vlan 4 community awplus configure termi...

Page 498: ... vlan id remove secondary vlan id no private vlan primary vlan id association Mode VLAN Configuration Examples The following commands associate primary VLAN 2 with secondary VLAN 3 awplus configure terminal awplus config vlan database awplus config vlan private vlan 2 association add 3 The following commands remove the association of primary VLAN 2 with secondary VLAN 3 awplus configure terminal a...

Page 499: ...otection is set as the highest priority for determining whether a port forwards a VLAN as set by the port vlan forwarding priority command For more information about EPSR see the EPSR Feature Overview and Configuration Guide Syntax show port vlan forwarding priority Mode Privileged Exec Example To display the highest priority protocol use the command awplus show port vlan forwarding priority Outpu...

Page 500: ...0 1 Related Commands switchport vlan translation switchport vlan translation default drop Parameter Description interface int The interface to display information about An interface can be a switch port e g port1 0 6 a static channel group e g sa2 or a dynamic LACP channel group e g po2 awplus show interface switchport vlan translation port1 0 1 Interface port1 0 1 VLAN on Wire VLAN 1649 100 defau...

Page 501: ...nd awplus show vlan 2 Output Figure 15 3 Example output from the show vlan command Related Commands vlan Parameter Description 1 4094 Display information about the VLAN specified by the VLAN ID all Display information about all VLANs on the device brief Display information about all VLANs on the device dynamic Display information about all VLANs learned dynamically static Display information about...

Page 502: ...or a specific group Syntax show vlan classifier group 1 16 Mode User Exec and Privileged Exec Usage If a group ID is not specified all configured VLAN classifier groups are shown If a group ID is specified a specific configured VLAN classifier group is shown Example To display information about VLAN classifier group 1 enter the command awplus show vlan classifier group 1 Related Commands vlan clas...

Page 503: ...rt Mode User Exec and Privileged Exec Usage All configured VLAN classifier groups are shown for a single interface Example TodisplayVLANclassifiergroupinformationforswitchportinterface port1 0 2 enter the command awplus show vlan classifier group interface port1 0 2 Output Figure 15 4 Example output from the show vlan classifier group interface port1 0 1 command Related Commands vlan classifier gr...

Page 504: ... all interfaces configured for all VLAN groups enter the command awplus show vlan classifier interface group To display information about all interfaces configured for VLAN group 1 enter the command awplus show vlan classifier interface group 1 Output Figure 15 5 Example output from the show vlan classifier interface group command Output Figure 15 6 Example output from the show vlan classifier int...

Page 505: ...eged Exec Usage If a rule ID is not specified all configured VLAN classifier rules are shown If a rule ID is specified a specific configured VLAN classifier rule is shown Example To display information about VLAN classifier rule 1 enter the command awplus show vlan classifier rule 1 Output Figure 15 7 Example output from the show vlan classifier rule1 command Related Commands vlan classifier activ...

Page 506: ...ation and associations Syntax show vlan private vlan Mode User Exec and Privileged Exec Example To display the private VLAN configuration and associations enter the command awplus show vlan private vlan Output Figure 15 8 Example output from the show vlan private vlan command Related Commands private vlan private vlan association awplus show vlan private vlan PRIMARY SECONDARY TYPE INTERFACES 2 3 ...

Page 507: ...ances Syntax show vlan statistics name instance_name Mode User Exec and Privileged Exec Examples To display all packet counters for the packet counter instance vlan2 data awplus show vlan statistics name vlan2 data To display all packet counters for all packet counter instances awplus show vlan statistics Related Commands clear vlan statistics vlan statistics Table 15 2 Example output from the sho...

Page 508: ...witchports using the negated form of this command Mode Interface Configuration Usage Any untagged frame received on this port will be associated with the specified VLAN Examples To change the port based VLAN to VLAN 3 for port1 0 2 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if switchport access vlan 3 To reset the port based VLAN to the default VLAN ...

Page 509: ...torm Protection or EPSR Ethernet Protection Switching Ring Note that if the VID is not given all disabled VLANs are re enabled Syntax switchport enable vlan 1 4094 Mode Interface Configuration Example To re enable the port1 0 1 from VLAN 1 awplus configure terminal awplus config interface port1 0 1 awplus config if switchport enable vlan 1 Related Commands show mls qos interface storm status storm...

Page 510: ...access ingress filter enable disable Default By default ports are in access mode with ingress filtering on Usage Use access mode to send untagged frames only Mode Interface Configuration Example awplus configure terminal awplus config interface port1 0 2 awplus config if switchport mode access ingress filter enable Validation Command show interface switchport Parameter Description ingress filter S...

Page 511: ...ace port1 0 2 awplus config if switchport mode private vlan host awplus config interface port1 0 3 awplus config if switchport mode private vlan promiscuous awplus config interface port1 0 4 awplus config if no switchport mode private vlan promiscuous Related Commands switchport private vlan mapping Parameter Description host This port type can communicate with all other host ports assigned to the...

Page 512: ... private vlan trunk promiscuous Default By default a port in trunk mode is disabled as a promiscuous port Mode Interface Configuration Usage A port must be put in trunk mode with switchport mode trunk command before it can be enabled as a promiscuous port To add VLANs to be trunked over the promiscuous port use the switchport trunk allowed vlan command These VLANs can be isolated VLANs or non priv...

Page 513: ...s config vlan exit awplus config interface port1 0 2 awplus config if switchport mode trunk awplus config if switchport trunk allowed vlan add 2 4 awplus config if switchport mode private vlan trunk promiscuous group 3 To remove port1 0 2 in trunk mode as a promiscuous port for a private VLAN use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if no switchpor...

Page 514: ...efault a port in trunk mode is disabled as a secondary port When a port in trunk mode is enabled to be a secondary port for isolated VLANs by default it will have a native VLAN of none no native VLAN specified Mode Interface Configuration Usage A port must be put in trunk mode with switchport mode trunk command before the port is enabled as a secondary port in trunk mode To add VLANs to be trunked...

Page 515: ...lus config vlan private vlan 2 isolated awplus config vlan exit awplus config interface port1 0 3 awplus config if switchport mode trunk awplus config if switchport trunk allowed vlan add 2 awplus config if switchport mode private vlan trunk secondary group 3 To remove port1 0 3 in trunk mode as a secondary port use the commands awplus configure terminal awplus config interface port1 0 3 awplus co...

Page 516: ... the default VLAN vlan1 and have ingress filtering on Mode Interface Configuration Usage Aportin trunkmodecan be a tagged member ofmultipleVLANs and anuntagged member of one native VLAN To configure which VLANs this port will trunk for use the switchport trunk allowed vlan command Example awplus configure terminal awplus config interface port1 0 3 awplus config if switchport mode trunk ingress fil...

Page 517: ...command to remove the association Syntax switchport private vlan host association primary vlan id add secondary vlan id no switchport private vlan host association Mode Interface Configuration Examples awplus configure terminal awplus config interface port1 0 2 awplus config if switchport private vlan host association 2 add 3 awplus configure terminal awplus config interface port1 0 2 awplus confi...

Page 518: ... switchport private vlan mapping Mode Interface Configuration Usage This command can be applied to a switch port or a static channel group but not a dynamic LACP channel group LACP channel groups dynamic LACP aggregators cannot be promiscuous ports in private VLANs Examples awplus configure terminal awplus config interface port1 0 2 awplus config if switchport private vlan mapping 2 add 3 4 awplus...

Page 519: ...and remove parameters will add and remove VLANs to and from the port s member set See the note below about restrictions when using the add remove except and all parameters Parameter Description all Allow all VLANs to transmit and receive through the port none Allow no VLANs to transmit and receive through the port add Add a VLAN to transmit and receive through the port Only use this parameter if a...

Page 520: ...the list of VLANs to remove instead of using the remove parameter as shown in the command example below awplus configure terminal awplus config interface port1 0 6 awplus config if switchport trunk allowed vlan except 3 4 Then the configuration is changed after entering the above commands to remove VLAN 3 To add a VLAN where the configuration for port1 0 6 shows the below output awplus show runnin...

Page 521: ...mmands to add VLAN 4 Examples The following shows adding a single VLAN to the port s member set awplus configure terminal awplus config interface port1 0 2 awplus config if switchport trunk allowed vlan add 2 The following shows adding a range of VLANs to the port s member set awplus configure terminal awplus config interface port1 0 2 awplus config if switchport trunk allowed vlan add 2 4 The fol...

Page 522: ...following commands show configuration of VLAN 2 as the native VLAN for port1 0 2 awplus configure terminal awplus config interface port1 0 2 awplus config if switchport trunk native vlan 2 The following commands show the removal of the native VLAN for interface port1 0 2 awplus configure terminal awplus config interface port1 0 2 awplus config if switchport trunk native vlan none Thefollowingcomma...

Page 523: ...n translation vlan wire vid vlan vid no switchport vlan translation all vlan wire vid Default None by default no translation entries exist Mode Interface Configuration for a switch port or a static channel group or a dynamic LACP channel group The interface must be in a mode that supports tagged packets Example To translate VLAN100 to VLAN200 on port 1 0 1 use the commands awplus configure termina...

Page 524: ...slation default drop Default Do not drop packets Mode Interface Configuration for a switch port or a static channel group or a dynamic LACP channel group The interface must be in a mode that supports tagged packets Example To drop inbound tagged packets arriving at port1 0 1 unless they match a VLAN translation entry use the commands awplus configure terminal awplus config interface port1 0 1 awpl...

Page 525: ...e Interface Configuration Usage Use VLAN stacking to separate traffic from different customers to that they can be managed over a provider network Note that you must also set an MRU of 1504 or higher on the customer edge port using the mru command Traffic with an extra VLAN header added by VLAN stacking cannot be routed Example To apply vlan stacking to the selected port configure it to be a custo...

Page 526: ...e advertised Mode Interface Configuration Usage LLDP MED advertisements including Network Policy TLVs are transmitted via a port if LLDP is enabled lldp run command Voice VLAN is configured for the port switchport voice vlan command The portis configured to transmitLLDP advertisements enabled by default lldp transmit receive command The port is configured to transmit Network Policy TLVs enabled by...

Page 527: ... network policy is advertised for voice devices Mode Interface Configuration Usage LLDP MED advertisements including Network Policy TLVs are transmitted via a port if LLDP is enabled lldp run command Voice VLAN is configured for the port using this command switchport voice vlan The portis configured to transmitLLDP advertisements enabled by default lldp transmit receive command The port is configu...

Page 528: ...gged for VLAN 10 use the commands awplus configure terminal awplus config interface port1 0 5 awplus config if switchport voice vlan 10 To tell IP phones connected to ports 1 0 2 1 0 6 to send priority tagged packets 802 1p priority tagged with VID 0 so that they will be assigned to the port VLAN use the following commands The priority value is 5 by default but can be configured with the switchpor...

Page 529: ...9 AlliedWare Plus Operating System Version 5 4 6 1 x VLAN COMMANDS SWITCHPORT VOICE VLAN Related Commands egress vlan id egress vlan name lldp med tlv select spanning tree edgeport RSTP and MSTP switchport voice dscp switchport voice vlan priority show lldp ...

Page 530: ... Usage LLDP MED advertisements including Network Policy TLVs are transmitted via a port if LLDP is enabled lldp run command Voice VLAN is configured for the port switchport voice vlan command The portis configured to transmitLLDP advertisements enabled by default lldp transmit receive command The port is configured to transmit Network Policy TLVs enabled by default lldp med tlv select command Ther...

Page 531: ...e mtu Default By default VLANs are enabled when they are created Mode VLAN Configuration Examples To enable vlan 45 use the commands awplus configure terminal awplus config vlan database awplus config vlan vlan 45 name accounts state enable To destroy vlan 45 use the commands awplus configure terminal awplus config vlan database awplus config vlan no vlan 45 Related Commands mtu vlan database show...

Page 532: ...or Usage See the protocol based VLAN configuration example in the VLAN Feature Overview and Configuration Guide for configuration details Example To associate VLAN classifier group 3 with switch port1 0 3 enter the following commands awplus configure terminal awplus config interface port1 0 3 awplus config if vlan classifier activate 3 To remove VLAN classifier group 3 from switch port1 0 3 enter ...

Page 533: ... VLAN classifier rules Syntax vlan classifier group 1 16 add delete rule vlan class rule id no vlan classifier group 1 16 Mode Global Configuration Example awplus configure terminal awplus config vlan classifier group 3 add rule 5 Related Commands show vlan classifier rule vlan classifier activate vlan classifier rule ipv4 vlan classifier rule proto Parameter Description 1 16 VLAN classifier group...

Page 534: ... classifier only matches IPv4 packets It does not match ARP packets To ensure ARP traffic is classified into the correct subnet VLAN you can use a hardwarebasedpolicymapthatsendsARPpacketstotheCPU whichwillthenprocess them appropriately This means that if you use subnet based VLANs you should also configure the following NOTE The policy map should be applied to each port that uses a subnet based V...

Page 535: ...adecimal values The no variant of this command removes a previously set rule Syntax vlan classifier rule 1 256 proto protocol encap ethv2 nosnapllc snapllc vlan 1 4094 no vlan classifier rule 1 256 Parameter Description 1 256 VLAN Classifier identifier proto Protocol type protocol Specify a protocol either by its decimal number 0 65535 or by one of the following protocol names arp 2054 Address Res...

Page 536: ...protocol g8bpqx25 2303 G8BPQ AX 25 protocol ieeeaddrtrans 2561 Xerox IEEE802 3 PUP Address ieeepup 2560 Xerox IEEE802 3 PUP protocol ip 2048 IP protocol ipv6 34525 IPv6 protocol ipx 33079 IPX protocol netbeui 61680 IBM NETBIOS NETBEUI protocol netbeui 61681 IBM NETBIOS NETBEUI protocol pppdiscovery 34915 PPPoE discovery protocol pppsession 34916 PPPoE session protocol rarp 32821 Reverse Address Re...

Page 537: ... proto 2056 encap ethv2 vlan 2 awplus config vlan classifier rule 4 proto 2054 encap ethv2 vlan 2 Validation Output awplus show vlan classifier rule Related Commands show vlan classifier rule vlan classifier activate vlan classifier group vlan classifier rule 16 proto rarp encap ethv2 vlan 2 vlan classifier rule 8 proto encap ethv2 vlan 2 vlan classifier rule 4 proto arp encap ethv2 vlan 2 vlan cl...

Page 538: ...ter the VLAN Configuration mode Syntax vlan database Mode Global Configuration Usage Use this command to enter the VLAN configuration mode You can then add or delete a VLAN or modify its values Example In the following example note the change to VLAN configuration mode from Configure mode awplus configure terminal awplus config vlan database awplus config vlan Related Commands vlan ...

Page 539: ... PC To avoid this we recommend disabling IGMP snooping on stack local VLANs by using the command no ip igmp snooping Examples To add a stack local VLAN with the VID of 4002 and assign it to stack member 2 use the following commands awplus configure terminal awplus config vlan database awplus config vlan vlan 4002 mode stack local vlan 2 awplus config vlan exit awplus config interface vlan4002 awpl...

Page 540: ...re Plus Operating System Version 5 4 6 1 x VLAN COMMANDS VLAN MODE STACK LOCAL VLAN To remove VLAN 4002 use the following commands awplus configure terminal awplus config vlan database awplus config vlan no vlan 4002 Related Commands ip igmp snooping mtu vlan database ...

Page 541: ... support 128 packet counter instances These resources are also shared with other features such as QoS and ACLs Where the remaining resources are insufficient to support the VLAN Statistics feature the feature will not be enabled and an error message will display Examples Create a VLAN packet counter instance named vlan2 data and apply this to count incoming vlan2 tagged frames on ports 1 0 4 and 1...

Page 542: ...emove the remaining ports 1 0 2 to 1 0 4 from the packet counter instance named vlan2 data Note that because there are no ports associated with the vlan2 data this instance will be removed awplus config interface port1 0 2 port1 0 4 awplus config if no vlan statistics name vlan2 data Related Commands clear vlan statistics show vlan statistics ...

Page 543: ...and MSTP on page 546 debug mstp RSTP and STP on page 547 instance priority MSTP on page 551 instance vlan MSTP on page 553 region MSTP on page 555 revision MSTP on page 556 show debugging mstp on page 557 show spanning tree on page 558 show spanning tree brief on page 561 show spanning tree mst on page 562 show spanning tree mst config on page 563 show spanning tree mst detail on page 564 show spa...

Page 544: ...n page 591 spanning tree guard root on page 592 spanning tree hello time on page 593 spanning tree link type on page 594 spanning tree max age on page 595 spanning tree max hops MSTP on page 596 spanning tree mode on page 597 spanning tree mst configuration on page 598 spanning tree mst instance on page 599 spanning tree mst instance path cost on page 600 spanning tree mst instance priority on pag...

Page 545: ...age Use this command with the instance parameter in MSTP mode Specifying this command with the interface parameter only not the instance parameter will work in STP and RSTP mode Examples awplus clear spanning tree statistics awplus clear spanning tree statistics instance 1 awplus clear spanning tree statistics interface port1 0 2 awplus clear spanning tree statistics interface port1 0 2 instance 1...

Page 546: ...ew Use this command to clear the detected protocols for a specific port or all ports Use this command in RSTP or MSTP mode only Syntax clear spanning tree detected protocols interface port Mode Privileged Exec Example awplus clear spanning tree detected protocols Parameter Description port The port to clear detected protocols for The port may be a switch port e g port1 0 4 a static channel group e...

Page 547: ... 1 Use the debug mstp topology change interface command to generate debugging messageswhen the device receives an indicationof a topology change in a BPDU from another device The debugging can be activated on a per port basis Although this command uses the keyword mstp it displays debugging output for RSTP and STP protocols as well as the MSTP protocol Due to the likely volume of output these debu...

Page 548: ...his command uses the keyword mstp it displays debugging output for RSTP and STP protocols as well as the MSTP protocol Due to the likely volume of output these debug messages are best viewed using the terminal monitor command before issuing the relevant debug mstp command The default terminal monitor filter will select and display these messages Alternatively the messages can be directed to any of...

Page 549: ...IST int pathcost 0 17 23 42 awplus MSTP 1417 CIST bridge id 0000 0000cd1000fe 17 23 42 awplus MSTP 1417 CIST hops remaining 20 17 23 42 awplus MSTP 1417 MSTI flags Agree Forward Learn role Desig 17 23 42 awplus MSTP 1417 MSTI reg root id 8001 0000cd1000fe 17 23 42 awplus MSTP 1417 MSTI pathcost 0 17 23 42 awplus MSTP 1417 MSTI bridge priority 32768 port priority 128 17 23 42 awplus MSTP 1417 MSTI ...

Page 550: ...ebugging mstp terminal monitor undebug mstp awplus terminal monitor awplus debug mstp packet rx decode interface port1 0 4 awplus 17 30 17 awplus MSTP 1417 port1 0 4 xSTP BPDU rx start 17 30 17 awplus MSTP 1417 Protocol version RSTP BPDU type RST 17 30 17 awplus MSTP 1417 CIST Flags Forward Learn role Desig 17 30 17 awplus MSTP 1417 CIST root id 8000 0000cd1000fe 17 30 17 awplus MSTP 1417 CIST ext...

Page 551: ... instance MSTP selects the device with the lowest MAC address to be the root bridge Give the device a higher priority for becoming the root bridge for a particular instance by assigning it a lower priority number or vice versa Examples To set the root bridge priority for MSTP instance 2 to be the highest 0 so that it will be the root bridge for this instance when available use the commands awplus ...

Page 552: ...10 Series 552 AlliedWare Plus Operating System Version 5 4 6 1 x SPANNING TREE COMMANDS INSTANCE PRIORITY MSTP Related Commands region MSTP revision MSTP show spanning tree mst config spanning tree mst instance spanning tree mst instance priority ...

Page 553: ... MST Configuration Usage The VLANs must be created before being associated with an MST instance MSTI If the VLAN range is not specified the MSTI will not be created This command removes the specified VLANs from the CIST and adds them to the specified MSTI If you use the no variant of this command to remove the VLAN from the MSTI it returns it to the CIST To move a VLAN from one MSTI to another you...

Page 554: ... Reference for x510 Series 554 AlliedWare Plus Operating System Version 5 4 6 1 x SPANNING TREE COMMANDS INSTANCE VLAN MSTP Related Commands region MSTP revision MSTP show spanning tree mst config spanning tree mst instance vlan ...

Page 555: ...t to the default Syntax region region name no region Default By default the region name is My Name Mode MST Configuration Usage The region name the revision number and the digest of the VLAN to MSTI configuration table must be the same on all devices that are intended to be in the same MST region Example awplus configure terminal awplus config spanning tree mst configuration awplus config mst regi...

Page 556: ...n revision number Default The default of revision number is 0 Mode MST Configuration Usage The region name the revision number and the digest of the VLAN to MSTI configuration table must be the same on all devices that are intended to be in the same MST region Example awplus configure terminal awplus config spanning tree mst configuration awplus config mst revision 25 Related Commands region MSTP ...

Page 557: ...ion on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging mstp Mode User Exec and Privileged Exec mode Example To display the MSTP debugging options set enter the command awplus show debugging mstp Output Figure 16 1 Example output from show debugging mstp Related Commands debug mstp RSTP and STP MSTP debu...

Page 558: ...nter has been included for RSTP and MSTP You can see the topology change counter for RSTP by using the show spanning tree command You can see the topology change counter for MSTP by using the show spanning tree mst instance command Example To display spanning tree information about port1 0 3 use the command awplus show spanning tree interface port1 0 3 Parameter Description interface Display infor...

Page 559: ...Timer 0 topo change timer 0 port1 0 1 forward transitions 0 port1 0 1 Version Rapid Spanning Tree Protocol Received None Send STP port1 0 1 No portfast configured Current portfast off port1 0 1 portfast bpdu guard default Current portfast bpdu guard off port1 0 1 portfast bpdu filter default Current portfast bpdu filter off port1 0 1 no root guard configured Current root guard off port1 0 1 Config...

Page 560: ...t1 0 3 Designated Path Cost 0 port1 0 3 Configured Path Cost 200000 Add type Explicit ref count 1 port1 0 3 Designated Port Id 839f Priority 128 port1 0 3 Root 80000000cd20f093 port1 0 3 Designated Bridge 80000000cd20f093 port1 0 3 Message Age 0 Max Age 20 port1 0 3 Hello Time 2 Forward Delay 15 port1 0 3 Forward Timer 0 Msg Age Timer 0 Hello Timer 1 topo change timer 0 port1 0 3 forward transitio...

Page 561: ...the topology change counter for MSTP by using the show spanning tree mst instance command Example To display a summary of spanning tree status information use the command awplus show spanning tree brief Output Figure 16 4 Example output from show spanning tree brief Related Commands show spanning tree Parameter Description brief A brief summary of spanning tree information Default Bridge up Spanni...

Page 562: ...ce Configuration Example To display bridge level information about the CIST and VLAN to MSTI mappings enter the command awplus show spanning tree mst Output Figure 16 5 Example output from show spanning tree mst Related Commands show spanning tree mst interface 1 Bridge up Spanning Tree Enabled 1 CIST Root Path Cost 0 CIST Root Port 0 CIST Bridge Priority 32768 1 Forward Delay 15 Hello Time 2 Max ...

Page 563: ...sage The region name the revision number and the digest of the VLAN to MSTI configuration table must be the same on all devices that are intended to be in the same MST region Example To display MSTP configuration identifier information enter the command awplus show spanning tree mst config Output Figure 16 6 Example output from show spanning tree mst config Related Commands instance vlan MSTP regi...

Page 564: ...ff2d 1 CIST Reg Root Id 80000000cd24ff2d 1 CIST Bridge Id 80000000cd24ff2d 1 portfast bpdu filter disabled 1 portfast bpdu guard disabled 1 portfast errdisable timeout disabled 1 portfast errdisable timeout interval 300 sec port1 0 1 Port 5001 Id 8389 Role Disabled State Discarding port1 0 1 Designated External Path Cost 0 Internal Path Cost 0 port1 0 1 Configured Path Cost 20000000 Add type Expli...

Page 565: ...egional Root 80000000cd24ff2d port1 0 3 Designated Bridge 80000000cd24ff2d port1 0 3 Message Age 0 Max Age 20 port1 0 3 CIST Hello Time 2 Forward Delay 15 port1 0 3 CIST Forward Timer 0 Msg Age Timer 0 Hello Timer 0 topo change timer 0 port1 0 3 forward transitions 0 port1 0 3 Version Multiple Spanning Tree Protocol Received None Send STP port1 0 3 No portfast configured Current portfast off port1...

Page 566: ...ort e g port1 0 4 a static channel group e g sa2 or a dynamic LACP channel group e g po2 1 Bridge up Spanning Tree Enabled 1 CIST Root Path Cost 0 CIST Root Port 0 CIST Bridge Priority 32768 1 Forward Delay 15 Hello Time 2 Max Age 20 Max hops 20 1 CIST Root Id 80000000cd24ff2d 1 CIST Reg Root Id 80000000cd24ff2d 1 CIST Bridge Id 80000000cd24ff2d 1 portfast bpdu filter disabled 1 portfast bpdu guar...

Page 567: ...o point Current shared Instance 2 Vlans 2 1 MSTI Root Path Cost 0 MSTI Root Port 0 MSTI Bridge Priority 32768 1 MSTI Root Id 80020000cd24ff2d 1 MSTI Bridge Id 80020000cd24ff2d port1 0 2 Port 5002 Id 838a Role Disabled State Discarding port1 0 2 Designated Internal Path Cost 0 Designated Port Id 838a port1 0 2 Configured Internal Path Cost 20000000 port1 0 2 Configured CST External Path cost 200000...

Page 568: ...Exec Privileged Exec and Interface Configuration Example To display detailed information for instance 2 and all switch ports associated with that instance use the command awplus show spanning tree mst instance 2 Output Figure 16 9 Example output from show spanning tree mst instance Parameter Description instance id Specify an MSTP instance in the range 1 15 1 MSTI Root Path Cost 0 MSTI Root Port 0...

Page 569: ...ee mst instance 2 interface port1 0 2 Output Figure 16 10 Example output from show spanning tree mst instance Parameter Description instance id Specify an MSTP instance in the range 1 15 port The port to display information about The port may be a switch port e g port1 0 4 a static channel group e g sa2 or a dynamic LACP channel group e g po2 1 MSTI Root Path Cost 0 MSTI Root Port 0 MSTI Bridge Pr...

Page 570: ... instance and all interfaces associated with them for port1 0 4 use the command awplus show spanning tree mst interface port1 0 4 Output Figure 16 11 Example output from show spanning tree mst interface Parameter Description port The port to display information about The port may be a switch port e g port1 0 4 a static channel group e g sa2 or a dynamic LACP channel group e g po2 1 Bridge up Spann...

Page 571: ...ort e g port1 0 4 a static channel group e g sa2 or a dynamic LACP channel group e g po2 1 Bridge up Spanning Tree Enabled 1 CIST Root Path Cost 0 CIST Root Port 0 CIST Bridge Priority 32768 1 Forward Delay 15 Hello Time 2 Max Age 20 Max hops 20 1 CIST Root Id 80000000cd24ff2d 1 CIST Reg Root Id 80000000cd24ff2d 1 CIST Bridge Id 80000000cd24ff2d 1 portfast bpdu filter disabled 1 portfast bpdu guar...

Page 572: ...o point Current shared Instance 2 Vlans 2 1 MSTI Root Path Cost 0 MSTI Root Port 0 MSTI Bridge Priority 32768 1 MSTI Root Id 80020000cd24ff2d 1 MSTI Bridge Id 80020000cd24ff2d port1 0 2 Port 5002 Id 838a Role Disabled State Discarding port1 0 2 Designated Internal Path Cost 0 Designated Port Id 838a port1 0 2 Configured Internal Path Cost 20000000 port1 0 2 Configured CST External Path cost 200000...

Page 573: ...display BPDU statistics for all spanning tree instances and all switch ports associated with all spanning tree instances use the command awplus show spanning tree statistics Output Figure 16 13 Example output from show spanning tree statistics Port number 915 Interface port1 0 6 BPDU Related Parameters Port Spanning Tree Disable Spanning Tree Type Rapid Spanning Tree Protocol Current Port State Di...

Page 574: ...llo timer INACTIVE Hello Time Value 0 Forward Delay Timer INACTIVE Forward Delay Timer Value 0 Message Age Timer INACTIVE Message Age Timer Value 0 Topology Change Timer INACTIVE Topology Change Timer Value 0 Hold Timer INACTIVE Hold Timer Value 0 Other Port Specific Info Max Age Transitions 1 Msg Age Expiry 0 Similar BPDUS Rcvd 0 Src Mac Count 0 Total Src Mac Rcvd 0 Next State Learning Topology C...

Page 575: ...spanning tree statistics instance instance id Mode Privileged Exec Example To display BPDU statistics information for MST instance 2 and all switch ports associated with that MST instance use the command awplus show spanning tree statistics instance 2 Output Figure 16 14 Example output from show spanning tree statistics instance Related Commands show spanning tree statistics Parameter Description ...

Page 576: ...ormation on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show spanning tree statistics instance instance id interface port Mode Privileged Exec Example To display BPDU statistics for MST instance 2 interface port1 0 2 use the command awplus show spanning tree statistics instance 2 interface port1 0 2 Parameter Desc...

Page 577: ...d for Instance 1 INST_PORT port1 0 2 Information Statistics Config Bpdu s xmitted port inst 0 0 Config Bpdu s received port inst 0 0 TCN Bpdu s xmitted port inst 0 0 TCN Bpdu s received port inst 0 0 Message Age port Inst 0 0 port1 0 2 Forward Transitions 0 Next State Learning Topology Change Time 0 Other Inst Vlan Information Statistics Bridge Priority 0 Bridge Mac Address ec cd 6d 20 c0 ed Topol...

Page 578: ...about each MST instance for port1 0 4 use the command awplus show spanning tree statistics interface port1 0 4 Output Figure 16 16 Example output from show spanning tree statistics interface Parameter Description port The port to display information about The port may be a switch port e g port1 0 4 a static channel group e g sa2 or a dynamic LACP channel group e g po2 awplus show spanning tree sta...

Page 579: ... 0 Message Age Timer INACTIVE Message Age Timer Value 0 Topology Change Timer INACTIVE Topology Change Timer Value 0 Hold Timer INACTIVE Hold Timer Value 0 Other Port Specific Info Max Age Transitions 1 Msg Age Expiry 0 Similar BPDUS Rcvd 0 Src Mac Count 0 Total Src Mac Rcvd 0 Next State Learning Topology Change Time 0 Other Bridge information Statistics STP Multicast Address 01 80 c2 00 00 00 Bri...

Page 580: ... them including the VLAN range index value for the device Syntax show spanning tree vlan range index Mode Privileged Exec Example To display information about MST instances and the VLANs associated with them for the device including the VLAN range index value use the following command awplus show spanning tree vlan range index Output Figure 16 17 Example output from show spanning tree vlan range i...

Page 581: ... an edge port If it does not receive any BPDUs in the first three seconds after linkup enabling or entering RSTP or MSTP mode it sets itself to be an edgeport and enters the forwarding state Use this command for RSTP or MSTP Use the no variant of this command to disable this feature Syntax spanning tree autoedge no spanning tree autoedge Default Disabled Mode Interface Configuration Example awplus...

Page 582: ...enable command before you can use this command to then configure BPDU discarding or forwarding This command enables the switch to forward unsupported BPDUs with an unsupported Spanning Tree Protocol such as proprietary STP protocols with unsupported BPDUs by forwarding BDPU Bridge Protocol Data Unit frames unchanged through the switch When you want to revert to default behavior on the switch issue...

Page 583: ...r untagged frames in Global Configuration mode with STP disabled which forwards any ingress STP BPDU frames to all ports that are untagged members of the ingress port s native VLAN enter the commands awplus configure terminal awplus config no spanning tree stp enable awplus config spanning tree bpdu forward untagged vlan To enable STP BPDU forwarding for tagged frames in Global Configuration mode ...

Page 584: ... the switched LAN running the AlliedWare Plus Operating System must have Cisco interoperability enabled When the AlliedWare Plus Operating System is interoperating with Cisco the only criteria used to classify a region are the region name and revision level VLAN to instance mapping is not used to classify regions when interoperating with Cisco Examples To enable Cisco interoperability on a Layer 2...

Page 585: ...utput of some show commands Use the no variant of this command to set a port to its default state not an edge port Syntax spanning tree edgeport no spanning tree edgeport Default Not an edge port Mode Interface Configuration Usage Use this command on a switch port connected to a LAN that has no other bridges attached If a BPDU is received on the port that indicates that another bridge is connected...

Page 586: ... the spanning tree mode is set to RSTP To change the mode see spanning tree mode command Examples To enable STP in Global Configuration mode enter the below commands awplus configure terminal awplus config spanning tree stp enable To disable STP in Global Configuration mode enter the below commands awplus configure terminal awplus config no spanning tree stp enable To enable MSTP in Global Configu...

Page 587: ...s Operating System Version 5 4 6 1 x SPANNING TREE COMMANDS SPANNING TREE ENABLE To disable RSTP in Global Configuration mode enter the below commands awplus configure terminal awplus config no spanning tree rstp enable Related Commands spanning tree bpdu spanning tree mode ...

Page 588: ... tree errdisable timeout enable no spanning tree errdisable timeout enable Default By default the errdisable timeout is disabled Mode Global Configuration Usage The BPDU guard feature shuts down the port on receiving a BPDU on a BPDU guard enabled port This command associates a timer with the feature such that the port is re enabled without manual intervention after a set interval This interval ca...

Page 589: ...by the BPDU guard feature Use this command for RSTP or MSTP Syntax spanning tree errdisable timeout interval 10 1000000 no spanning tree errdisable timeout interval Default By default the port is re enabled after 300 seconds Mode Global Configuration Example awplus configure terminal awplus config spanning tree errdisable timeout interval 34 Related Commands show spanning tree spanning tree errdis...

Page 590: ...Mode Interface Configuration mode for a switch port interface only Examples Set the value to enforce the spanning tree protocol STP awplus configure terminal awplus config interface port1 0 2 awplus config if spanning tree force version 0 Set the default protocol version awplus configure terminal awplus config interface port1 0 2 awplus config if no spanning tree force version Related Commands sho...

Page 591: ...ing to learning and from learning to forwarding This value is used only when the device is acting as the root bridge Devices not acting asthe RootBridgeuse adynamic valuefor the forwarddelayset by theroot bridge The forward delay max age and hello time parameters are interrelated Syntax spanning tree forward time forward delay no spanning tree forward time Default The default is 15 seconds Mode Gl...

Page 592: ...use this command for RSTP STP or MSTP Use the no variant of this command to disable the root guard feature for the port Syntax spanning tree guard root no spanning tree guard root Mode Interface Configuration mode for a switch port interface only Usage The Root Guard feature makes sure that the port on which it is enabled is a designated port If the Root Guard enabled port receives a superior BPDU...

Page 593: ...o restore the default of the hello time Syntax spanning tree hello time hello time no spanning tree hello time Default Default is 2 seconds Mode Global Configuration and Interface Configuration for switch ports Usage The allowable range of values is 1 10 seconds The forward delay max age and hello time parameters should be set according to the following formula as specified in IEEE Standard 802 1d...

Page 594: ...variant of this command to return the port to the default link type Syntax spanning tree link type point to point shared no spanning tree link type Default The default link type is point to point Mode Interface Configuration mode for a switch port interface only Usage You may want to set link type to shared if the port is connected to a hub with multiple devices connected to it Examples awplus con...

Page 595: ...efault of spanning tree max age is 20 seconds Mode Global Configuration Usage Max age is the maximum time in seconds for which a message is considered valid Configure this value sufficiently high so that a frame generated by the root bridge can be propagated to the leaf nodes without exceeding the max age The forward delay max age and hello time parameters should be set according to the following ...

Page 596: ...tax spanning tree max hops hop count no spanning tree max hops hop count Default The default max hops in a MST region is 20 Mode Global Configuration Usage Specifying the max hops for a BPDU prevents the messages from looping indefinitely in the network The hop count is decremented by each receiving port When a device receives an MST BPDU that has a hop count of zero it discards the BPDU Examples ...

Page 597: ...panning tree protocol mode on the device is RSTP Mode Global Configuration Usage With no configuration the device will have spanning tree enabled and the spanning tree mode will be set to RSTP Use this command to change the spanning tree protocol mode on the device MSTP is VLAN aware but RSTP and STP are not VLAN aware To enable or disable spanning tree operation see the spanning tree enable comma...

Page 598: ...nfiguration Overview Use this command to enter the MST Configuration mode to configure the Multiple Spanning Tree Protocol Syntax spanning tree mst configuration Mode Global Configuration Examples ThefollowingexampleusesthiscommandtoenterMSTConfigurationmode Note the change in the command prompt awplus configure terminal awplus config spanning tree mst configuration awplus config mst ...

Page 599: ...ation mode for a switch port or channel group Usage You can disable automatic configuration of member ports of a VLAN to an associated MSTI by using a no spanning tree mst instance command to remove the member port from the MSTI Use the spanning tree mst instance command to add a VLAN member port back to the MSTI Examples To assign instance 3 to a switch port use the commands awplus configure term...

Page 600: ...rom the IEEE 802 1q 2003 standard Mode Interface Configuration mode for a switch port interface only Usage Before you can use this command to set a path cost in a VLAN configuration you must explicitly add an MST instance to a port using the spanning tree mst instance command Examples To set a path cost of 1000 on instance 3 use the commands awplus configure terminal awplus config interface port1 ...

Page 601: ...eturn the path cost to its default value on instance 3 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if no spanning tree mst instance 3 path cost Related Commands instance vlan MSTP spanning tree mst instance spanning tree mst instance priority spanning tree mst instance restricted role spanning tree mst instance restricted tcn ...

Page 602: ...MSTI The port with the lowest value has the highest priority so it will be chosen as root port over a port that is equivalent in all other aspects but with a higher priority value Examples To set the priority to 112 on instance 3 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if spanning tree mst instance 3 priority 112 To return the priority to its defa...

Page 603: ...nce instance id restricted role Default The restricted role for an MSTI instance on a switch port is disabled by default Mode Interface Configuration mode for a switch port interface only Usage The root port is the port providing the best path from the bridge to the root bridge Use this command to disable a port from becoming a root port Use the no variant of this command to enable a port to becom...

Page 604: ...erating System Version 5 4 6 1 x SPANNING TREE COMMANDS SPANNING TREE MST INSTANCE RESTRICTED ROLE Related Commands instance vlan MSTP spanning tree priority port priority spanning tree mst instance spanning tree mst instance path cost spanning tree mst instance restricted tcn ...

Page 605: ...e instance id restricted tcn no spanning tree mst instance instance id restricted tcn Default Disabled By default switch ports propagate TCNs Mode Interface Configuration mode for a switch port interface only Examples To prevent a switch port from propagating received topology change notifications and topology changes to other switch ports use the commands awplus configure terminal awplus config i...

Page 606: ...to the port s path cost for the CIST Syntax spanning tree path cost pathcost no spanning tree path cost Default The default path cost values and the range of recommended path cost values depend on the port speed as shown in the following table from the IEEE 802 1q 2003 and IEEE 802 1d 2004 standards Mode Interface Configuration mode for switch port interface only Example awplus configure terminal ...

Page 607: ...ax spanning tree portfast no spanning tree portfast Default Not an edge port Mode Interface Configuration mode for a switch port interface only Usage Portfast makes a port move from a blocking state to a forwarding state bypassing both listening and learning states The portfast feature is meant to be used for ports connected to end user devices Enabling portfast on ports that are connected to a wo...

Page 608: ...6 1 x SPANNING TREE COMMANDS SPANNING TREE PORTFAST STP Example awplus configure terminal awplus config interface port1 0 2 awplus config if spanning tree portfast Related Commands spanning tree edgeport RSTP and MSTP show spanning tree spanning tree portfast bpdu filter spanning tree portfast bpdu guard ...

Page 609: ...ter Default BPDU Filter is not enabled on any ports by default Mode Global Configuration and Interface Configuration Usage This command filters the BPDUs and passes only data to continue to act as an edge port Using this command in Global Configuration mode applies the portfast bpdu filter feature to all ports on the device Using it in Interface mode applies the feature to a specific port or range...

Page 610: ...TFAST BPDU FILTER To enable STP BPDU filtering in Interface Configuration mode enter the commands awplus configure terminal awplus config interface port1 0 2 awplus config if spanning tree portfast bpdu filter enable Related Commands spanning tree edgeport RSTP and MSTP show spanning tree spanning tree portfast STP spanning tree portfast bpdu guard ...

Page 611: ...s by default Mode Global Configuration or Interface Configuration Usage This command blocks the port s to all devices and data when enabled BPDU Guard is a port security feature that changes how a portfast enabled port behaves if it receives a BPDU When bpdu guard is set then the port shuts down if it receives a BPDU It does not process the BPDU as it is considered suspicious When bpdu guard is no...

Page 612: ...ently running values of bpdu guard Example To enable STP BPDU guard in Global Configuration mode enter the below commands awplus configure terminal awplus config spanning tree portfast bpdu guard To enable STP BPDU guard in Interface Configuration mode enter the below commands awplus configure terminal awplus config interface port1 0 2 awplus config if spanning tree portfast bpdu guard enable Rela...

Page 613: ...n MSTP mode is configured this will apply to the CIST Use the no variant of this command to reset it to the default Syntax spanning tree priority priority no spanning tree priority Default The default priority is 32678 Mode Global Configuration Usage To force a particular device to become the root bridge use a lower value than other devices in the spanning tree Example awplus configure terminal aw...

Page 614: ... to the default Syntax spanning tree priority priority no spanning tree priority Default The default priority is 128 Mode Interface Configuration mode for a switch port interface only Usage To force a port to be part of the active topology for instance become the root port or a designated port use a lower value than other ports on the device This behavior is subject to network topology and more si...

Page 615: ...for a switch port interface only to restrict the port from becoming a root port Use the no variant of this command to disable the restricted role functionality Syntax spanning tree restricted role no spanning tree restricted role Default The restricted role is disabled Mode Interface Configuration mode for a switch port interface only Example awplus configure terminal awplus config interface port1...

Page 616: ...idge Protocol Data Units from being sent on a port If this command is enabled after a topology change a bridge is prevented from sending a TCN to its designated bridge Use the no variant of this command to disable the restricted TCN functionality Syntax spanning tree restricted tcn no spanning tree restricted tcn Default The restricted TCN is disabled Mode Interface Configuration mode for a switch...

Page 617: ...Overview Use this command to set the maximum number of BPDU transmissions that are held back Use the no variant of this command to restore the default transmit hold count value Syntax spanning tree transmit holdcount no spanning tree transmit holdcount Default Transmit hold count default is 3 Mode Global Configuration Example awplus configure terminal awplus config spanning tree transmit holdcount...

Page 618: ...mand Reference for x510 Series 618 AlliedWare Plus Operating System Version 5 4 6 1 x SPANNING TREE COMMANDS UNDEBUG MSTP undebug mstp Overview This command applies the functionality of the no debug mstp RSTP and STP command ...

Page 619: ...ows across the links as evenly as possible Link aggregation hashes one or more of the source and destination MAC address IP address and UDP TCP ports to select a link on which to send a packet So packet flow between a pair of hosts always takes the same link inside the Link Aggregation Group LAG The net effect is that the bandwidth for a given packet stream is restricted to the speed of one link i...

Page 620: ...orm load balancing on page 630 show debugging lacp on page 632 show diagnostic channel group on page 633 show etherchannel on page 635 show etherchannel detail on page 636 show etherchannel summary on page 637 show lacp sys id on page 638 show lacp counter on page 639 show port etherchannel on page 640 show static channel group on page 641 static channel group on page 642 undebug lacp on page 644 ...

Page 621: ... same port speed and be in full duplex mode Once the LACP channel group has been created it is treated as a device port and can be referred to in most other commands that apply to device ports To refer to an LACP channel group in other LACP commands use the channel group number To specify an LACP channel group LACP aggregator in other commands prefix the channel group number with po For example po...

Page 622: ...face port1 0 6 awplus config if channel group 2 mode active To remove device port1 0 6 from any created LACP channel groups use the command below awplus configure terminal awplus config interface port1 0 6 awplus config if no channel group To reference channel group 2 as an interface use the following commands awplus configure terminal awplus config interface po2 awplus config if Related Commands ...

Page 623: ...GREGATION COMMANDS CLEAR LACP COUNTERS clear lacp counters Overview Use this command to clear all counters of all present LACP aggregators channel groups or a given LACP aggregator Syntax clear lacp 1 32 counters Mode Privileged Exec Example awplus clear lacp 2 counters Parameter Description 1 32 Channel group number ...

Page 624: ...g lacp all Related Commands show debugging lacp undebug lacp Parameter Description all Turn on all debugging for LACP cli Specifies debugging for CLI messages Echoes commands to the console event Specifies debugging for LACP events Echoes events to the console ha Specifies debugging for HA High Availability events Echoes High Availability events to the console packet Specifies debugging for LACP p...

Page 625: ...ode Global Configuration Usage Do not mix LACP configurations manual dynamic When LACP global passive mode is turned on by using the lacp global passive mode enable command we do not recommend using a mixed configuration in a LACP channel group i e some links are manually configured by the channel group command and others are dynamically learned in the same channel group Example To enable global p...

Page 626: ...aggregation based on their priority with the higher priority numerically lower ports selected first Use the no variant of this command to reset the priority of port to the default Syntax lacp port priority 1 65535 no lacp port priority Default The default is 32768 Mode Interface Configuration Example awplus configure terminal awplus config interface port1 0 5 awplus config if lacp port priority 34...

Page 627: ...ning the system responsible for resolving conflicts in the choice of aggregation groups Use the no variant of this command to reset the system priority of the local system to the default Syntax lacp system priority 1 65535 no lacp system priority Default The default is 32768 Mode Global Configuration Example awplus configure terminal awplus config lacp system priority 6700 Parameter Description 1 ...

Page 628: ...ation if no updates are seen for 3 seconds i e 3 consecutive updates are lost The device indicates its preference by means of the Timeout field in the Actor section of its LACPDUs If the Timeout field is set to 1 then the device has set the short timeout If the Timeout field is set to 0 then the device has set the long timeout Setting the short timeout enables the device to be more responsive to c...

Page 629: ...lliedWare Plus Operating System Version 5 4 6 1 x LINK AGGREGATION COMMANDS LACP TIMEOUT The following commands set the LACP short timeout for 1 second on port1 0 2 awplus configure terminal awplus config interface port1 0 2 awplus config if lacp timeout short ...

Page 630: ... set of inputs you must turn off the inputs you do not want Useful combinations of inputs include all four inputs MAC address IP address and Layer 4 port number MAC address and Ethertype MAC address only IP address and Layer 4 port number IP address only The following examples show how to configure some of these combinations Use the show platform command to verify this command s setting Parameter ...

Page 631: ...s remove Ethertype by entering awplus configure terminal awplus config no platform load balancing ethertype To use MAC addresses and Ethertype remove the IP inputs by entering awplus configure terminal awplus config no platform load balancing src dst ip src dest port To use MAC addresses only remove the other inputs by entering awplus configure terminal awplus config no platform load balancing src...

Page 632: ...ommand output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging lacp Mode User Exec and Privileged Exec Example awplus show debugging lacp Output Figure 17 1 Example output from the show debugging lacp command Related Commands debug lacp LACP debugging status LACP timer debugging is on LACP timer detail debugging is on LACP cli debugging is...

Page 633: ...annel group Mode User Exec and Privileged Exec Example awplus show diagnostic channel group Output Figure 17 2 Example output from the show diagnostic channel group command awplus show diagnostic channel group Channel Group Info based on NSM Note Pos position in hardware table Dev Interface IfIndex Member port IfIndex Active Pos sa3 4503 port1 0 15 5015 No sa3 4503 port1 0 18 5018 No po1 4601 port...

Page 634: ...4 6 1 x LINK AGGREGATION COMMANDS SHOW DIAGNOSTIC CHANNEL GROUP Related Commands show tech support Channel Group Info based on HW Note Pos position in hardware table Only entries from firstdevice are displayed Dev Interface IfIndex Member port IfIndex Active Pos sa3 4503 N a po1 4601 N a No error found ...

Page 635: ...ration Guide which is available on our website at alliedtelesis com Syntax show etherchannel 1 32 Mode User Exec and Privileged Exec Example awplus show etherchannel Output Figure 17 3 Example output from show etherchannel Example awplus show etherchannel 1 Output Figure 17 4 Example output from show etherchannel for a particular channel Parameter Description 1 32 Channel group number awplus show ...

Page 636: ... Exec and Privileged Exec Example awplus show etherchannel detail Output Example output from show etherchannel detail awplus show etherchannel detail Aggregator po1 IfIndex 4601 Mac address 00 00 cd 37 05 17 Admin Key 0001 Oper Key 0001 Receive link count 2 Transmit link count 2 Individual 0 Ready 1 Partner LAG 0x8000 00 00 cd 37 02 9a 0x0001 Link port1 0 1 IfIndex 8002 synchronized Link port1 0 2...

Page 637: ... the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide which is available on our website at alliedtelesis com Syntax show etherchannel summary Mode User Exec and Privileged Exec Example awplus show etherchannel summary Output Example output from show etherchannel summary awplus show etherchannel summary Aggregator po10 IfIndex 4610 Admin Key 0010 Oper Key 0010 Link port...

Page 638: ...ACP system ID and priority For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide which is available on our website at alliedtelesis com Syntax show lacp sys id Mode User Exec and Privileged Exec Example awplus show lacp sys id Output Example output from show lacp sys id System Priority 0x8000 32768 MAC Address 0...

Page 639: ...rmation on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide which is available on our website at alliedtelesis com Syntax show lacp counter 1 32 Mode User Exec and Privileged Exec Example awplus show lacp counter 2 Output Example output from show lacp counter Parameter Description 1 32 Channel group number Traffic statistics ...

Page 640: ... etherchannel Parameter Description port Name of the device port to display LACP information about awplus show port etherchannel port1 0 2 LACP link info port1 0 2 7007 Link port1 0 2 IfIndex 7007 Aggregator po10 IfIndex 4610 Receive machine state Current Periodic Transmission machine state Slow periodic Mux machine state Collecting Distributing Actor Information Partner Information Selected Selec...

Page 641: ...miting command is set to vlan disable the output will also show the VLANs on which thrashing is detected For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide which is available on our website at alliedtelesis com Syntax show static channel group Mode User Exec and Privileged Exec Example awplus show static chan...

Page 642: ... to be removed the static channel group is deleted All the ports in a channel group must have the same VLAN configuration they must belong to the same VLANs and have the same tagging status and can only be operated on as a group Once the static channel group has been created it is treated as a device port and can be referred to in other commands that apply to device ports To refer to a static chan...

Page 643: ... the commands awplus configure terminal awplus config interface sa2 awplus config if To make it possible to use QoS Storm Protection on static channel group 2 on port1 0 6 with an ACL named test acl use the commands awplus configure terminal awplus config interface port1 0 6 awplus config if static channel group 2 member filters awplus config if access group test acl Related Commands show static c...

Page 644: ...C Command Reference for x510 Series 644 AlliedWare Plus Operating System Version 5 4 6 1 x LINK AGGREGATION COMMANDS UNDEBUG LACP undebug lacp Overview This command applies the functionality of the no debug lacp command ...

Page 645: ...the PoE Feature Overview and Configuration_Guide the Support for Allied Telesis Enterprise_MIBs_in AlliedWare Plus for information about which PoE MIB objects are supported theSNMPFeatureOverviewand Configuration_Guide forinformationabout SNMP traps Power over Ethernet PoE is a technology allowing devices such as security cameras to receive power over LAN cabling The Powered Device PD referred to ...

Page 646: ...re Plus Operating System Version 5 4 6 1 x POWER OVER ETHERNET COMMANDS show debugging power inline on page 659 show power inline on page 660 show power inline counters on page 663 show power inline interface on page 665 show power inline interface detail on page 667 ...

Page 647: ...621 Syntax clear power inline counters interface port list Mode Privileged Exec Usage The PoE counters are displayed with the show power inline counters command Examples To clear the PoE counters for port1 0 2 only use the following command awplus clear power inline counters interface port1 0 2 To clear the PoE counters for port1 0 5 through port1 0 8 use the following command awplus clear power i...

Page 648: ...f PoE event and info debug messages on the console use the following commands awplus terminal monitor awplus debug power inline event info To enable PoE debugging and start the display of all PoE debugging messages on the console use the following commands awplus terminal monitor awplus debug power inline all To stop the display of PoE info debug messages on the console use the following command a...

Page 649: ...02 01 REV C Command Reference for x510 Series 649 AlliedWare Plus Operating System Version 5 4 6 1 x POWER OVER ETHERNET COMMANDS DEBUG POWER INLINE Related Commands show debugging power inline terminal monitor ...

Page 650: ...of pre IEEE 802 3af Power Ethernet standard legacy Powered Devices PDs Syntax power inline allow legacy no power inline allow legacy Default Detection of legacy PDs is enabled on all ports Mode Global Configuration Examples To disable detection of legacy PDs use the following commands awplus configure terminal awplus config no power inline allow legacy To enable detection of legacy PDs use the fol...

Page 651: ...a list of PoE ports or a range of PoE ports with the preceding interface to configure command If you specify a range or list of ports they must all be PoE capable ports Examples To add the description Desk Phone for a connected PD on port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if power inline description Desk Phone To clear the des...

Page 652: ...sabled Syntax power inline enable no power inline enable Default PoE is enabled by default on all ports Mode Interface Configuration for one or more ports Usage No PoE log messages are generated for ports on which PoE is disabled Examples To disable PoE on port1 0 1 to port1 0 4 use the following commands awplus configure terminal awplus config interface port1 0 1 port1 0 4 awplus config if no pow...

Page 653: ...e maximum power supplied to a PoE port to the default which is set to the maximum power limit for the class of the connected Powered Device PD Syntax power inline max 4000 30000 no power inline max Default The switch supplies the maximum power limit for the class of the PD connected to the port by default NOTE See the PoE Feature Overview and Configuration Guide for further information about power...

Page 654: ...e at the PD Examples To set the maximum power supplied to ports in the range port1 0 1 to port1 0 4 to 6450mW per port use the following commands awplus configure terminal awplus config interface port1 0 2 port1 0 4 awplus config if power inline max 6450 To clear the user configured maximum power supplied to port1 0 1 and revert to using the default maximum power use the following commands awplus ...

Page 655: ...ecify a range or list of ports they must all be PoE capable ports PoE ports with higher priorities are given power before PoE ports with lower priorities If the priorities for two PoE ports are the same then the lower numbered PoE port is given power before the higher numbered PoE port See the PoE Feature Overview and Configuration Guide for further information about PoE priority Parameter Descrip...

Page 656: ...s awplus configure terminal awplus config interface port1 0 1 port1 0 4 awplus config if power inline priority high To reset the priority level to the default of low on port1 0 1 to port1 0 4 use the following commands awplus configure terminal awplus config interface port1 0 1 port1 0 4 awplus config if no power inline priority Related Commands power inline usage threshold show power inline show ...

Page 657: ...er usage threshold is 80 of the nominal power rating Mode Global Configuration Usage Use the snmp server enable trap command to configure SNMP notification An SNMP notification is sent when the usage threshold as configured in the example is exceeded Examples To generate SNMP notifications when power supplied exceeds 70 of the nominal power rating use the following commands awplus configure termin...

Page 658: ...y is enabled by default Mode Global Configuration Usage In a stack issuing this command enables PoE globally for all PoE ports In a stack configuration only stack members containing PoE hardware will have PoE enabled by default in software Examples To disable PoE use the following commands awplus configure terminal awplus config no service power inline To re enable PoE if PoE has been disabled use...

Page 659: ...ging power inline Mode User Exec and Privileged Exec Example To display PoE debug settings use the following command awplus show debugging power inline Output Figure 18 1 Example output from the show debugging power inline command Related Commands debug power inline terminal monitor awplus show debugging power inline PoE Debugging status PoE Informational debugging is disabled PoE Event debugging ...

Page 660: ...370W Power Allocated 246W Actual Power Consumption 151W Operational Status On Power Usage Threshold 80 296W PoE Interface Interface Admin Pri Oper Power Device Class Max mW port1 0 1 Enabled Low Powered 3840 n a 1 4000 C port1 0 2 Enabled High Powered 6720 n a 2 7000 C port1 0 3 Enabled Low Powered 14784 n a 3 15400 C port1 0 4 Enabled Crit Powered 14784 n a 3 15400 C port1 0 5 Enabled Crit Powere...

Page 661: ...ured from a power inline priority command Low displays when the low parameter is issued The lowest priority for a PoE enabled port default High displays when the high parameter is issued The second highest priority for a PoE enabled port Crit displays when the critical parameter is issued The highest priority for a PoE enabled port Oper The current PoE port state when this command was issued Power...

Page 662: ...onnected PD if power is being supplied to the PD Max mW The power in milliwatts mW allocated for the PoE port Additionally note the following as displayed per PoE port U if the power limit for a port was user configured with the power inline max command L if the power limit for a port was supplied by LLDP C if the power limit for a port was supplied by the PD class Table 1 Parameters in the show p...

Page 663: ...d Configuration Guide Syntax show power inline counters port list Mode User Exec and Privileged Exec Examples To display all PoE event counters for all PoE ports use the command awplus show power inline counters To display the PoE event counters for the port range 1 0 1 to 1 0 3 use the command awplus show power inline counters interface port1 0 1 1 0 3 Output Figure 18 3 Example output from the s...

Page 664: ...signal has been lost The PoE MPS signal is lost when a PD is disconnected from the PSE Also increments pethPsePortMPSAbsentCounter in the PoE MIB Overload The number of instances when a PD exceeds its configured power limit as configured by the power inline max command Also increments pethPsePortOverLoadCounter in the PoE MIB Short The number of short circuits that have happened with a PD Also inc...

Page 665: ...ific information for the port range1 0 1 to 1 0 4 use the following command awplus show power inline interface port1 0 1 port1 0 4 Output Figure 18 4 Example output from the show power inline interface command Parameter Description port list Enter the PoE port s to display PoE specific information in the show output awplus show power inline interface port1 0 1 port1 0 4 Interface Admin Pri Oper Po...

Page 666: ...isabled displays when the PoE port is administratively disabled Off displays when PoE has been disabled for the port Fault displays when a PSE goes over its power allocation Power The power consumption in milliwatts mW for the PoE port when this command was entered Device The description of the connected PD device if a description has been added with the power inline description command No descrip...

Page 667: ...E port specific information for the port range 1 0 1 to 1 0 3 use the command awplus show power inline interface port1 0 1 1 0 3 detail Output Figure 18 5 Example output from the show power inline interface detail command Parameter Description port list Enter the PoE port s to display information about only the specified port or ports awplus show power inline interface port1 0 1 1 0 2 detail Inter...

Page 668: ...command Detection status The current PSE PoE port state when this command was issued Powered displays when there is a PD connected and power is being supplied from the PSE Denied displays when supplying power would make the PSE go over the power budget Disabled displays when the PoE port is administratively disabled Off displays when PoE has been disabled for the port Fault displays when a PSE goe...

Page 669: ...f legacy PoE detection on the PoE port as configured for the PoE port with the power inline allow legacy command Powered pairs Data Spare The IEEE 802 3af and IEEE 802 3at standards allow for either data or spare twisted pairs to be used to transfer power to a PD The powered pairs status for each port AlliedWare Plus PoE switches implement IEEE 802 3af and IEEE 802 3at Endpoint PSE Alternative A D...

Page 670: ...are Plus GVRP implementation GVRP and MSTP are mutually exclusive STP and RSTP are supported by GVRP VCStack is not supported by the current AlliedWare Plus GVRP implementation This chapter provides an alphabetical reference for commands used to configure GVRP For information about GVRP including configuration see the GVRP Feature Overview and Configuration Guide Command List clear gvrp statistics...

Page 671: ...C613 50102 01 REV C Command Reference for x510 Series 671 AlliedWare Plus Operating System Version 5 4 6 1 x GVRP COMMANDS show gvrp timer on page 685 ...

Page 672: ...e Privileged Exec Usage Use this command together with the show gvrp statistics command to troubleshoot GVRP Examples To clear all GVRP statistics for all switchport on the switch enter the command awplus clear gvrp statistics all To clear GVRP statistics for switchport interface port1 0 3 enter the command awplus clear gvrp statistics port1 0 3 Related Commands show gvrp statistics Parameter Desc...

Page 673: ... interface port1 0 1 port1 0 2 awplus config if gvrp To disable GVRP on interfaces port1 0 1 port1 0 2 enter the commands awplus configure terminal awplus config interface port1 0 1 port1 0 2 awplus config if no gvrp Examples To send debug output to the console for GVRP packets and GVRP commands and to enable the display of debug output on the console first enter the commands awplus terminal monit...

Page 674: ...ter the commands awplus terminal monitor awplus configure terminal awplus config debug gvrp cli To stop sending debug output for GVRP packets and GVRP commands to the console and to stop the display of any debug output on the console enter the commands awplus terminal no monitor awplus configure terminal awplus config no debug gvrp all Related Commands show debugging gvrp terminal monitor ...

Page 675: ...erface command You must enable GVRP on both ends of a link for GVRP to propagate VLANs between links NOTE MSTP is not supported by the current AlliedWare Plus GVRP implementation GVRP and MSTP are mutually exclusive STP and RSTP are supported by GVRP Private VLAN trunk ports are not supported by the current AlliedWare Plus GVRP implementation GVRP and private VLAN trunk ports are mutually exclusiv...

Page 676: ...n interface in Interface Configuration mode Both of these tasks must occur to create VLANs NOTE There is limit of 400 VLANs supported by the AlliedWare Plus GVRP implementation VLANsmaybenumbered1 4094 butalimitof400oftheseVLANsare supported Examples Enter the following commands for switches with hostnames switch1 and switch2 respectively so switch1 propagates VLANs to switch2 and switch2 propagat...

Page 677: ...and before issuing a gvrp interface command You must enable GVRP on both ends of a link for GVRP to propagate VLANs between links NOTE MSTP is not supported by the current AlliedWare Plus GVRP implementation GVRP and MSTP are mutually exclusive STP and RSTP are supported by GVRP Private VLAN trunk ports are not supported by the current AlliedWare Plus GVRP implementation GVRP and private VLAN trun...

Page 678: ... show gvrp configuration command Configuring a trunk port in fixed registration mode allows manual creation of VLANs Configuring a trunk port in forbidden registration mode prevents VLAN creation on the port Examples To configure GVRP registration to fixed on port1 0 1 enter the commands awplus configure terminal awplus config interface port1 0 1 awplus config if gvrp registration fixed To disable...

Page 679: ...nabled switches See also the section Setting the GVRP Timers in the GVRP Feature Overview and Configuration Guide Use the show gvrp timer command to confirm GVRP timers set with this command Examples To set the GVRP join timer to 30 hundredths of a second 300 milliseconds for interface port1 0 1 enter the commands awplus configure terminal awplus config interface port1 0 1 awplus config if gvrp ti...

Page 680: ...em Version 5 4 6 1 x GVRP COMMANDS GVRP TIMER To reset the GVRP join timer to its default of 20 hundredths of a second for interface port1 0 1 enter the commands awplus configure terminal awplus config interface port1 0 1 awplus config if no gvrp timer join Related Commands show gvrp timer ...

Page 681: ...ture Overview and Configuration Guide Syntax show debugging gvrp Mode User Exec and Privileged Exec Example Enter the following commands to display GVRP debugging output on the console awplus configure terminal awplus config debug gvrp all awplus config exit awplus show debugging gvrp Output See sample output from the show debugging gvrp command after entering debug gvrp all Related Commands debug...

Page 682: ...on Guide Syntax show gvrp configuration Mode User Exec and Privileged Exec Example To show GVRP configuration for the switch enter the command awplus show gvrp configuration Output The following is an output of this command displaying the GVRP configuration for a switch awplus show gvrp configuration Global GVRP Configuration GVRP Feature Enabled Dynamic Vlan Creation Disabled Port based GVRP Conf...

Page 683: ...command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show gvrp machine Mode User Exec and Privileged Exec Example To show the GVRP state machine for the switch enter the command awplus show gvrp machine Output See the following output of this command displaying the GVRP state machine awplus show gvrp machine port 1 0 1 applicant state QA regis...

Page 684: ...ogether with the clear gvrp statistics command to troubleshoot GVRP Examples To show the GVRP statistics for all switchport interfaces enter the command awplus show gvrp statistics To show the GVRP statistics for switchport interfaces port1 0 1 and port1 0 2 enter the command awplus show gvrp statistics port1 0 1 port1 0 2 Output The following is an output of this command displaying a statistical ...

Page 685: ...tion Guide Syntax show gvrp timer interface Mode User Exec and Privileged Exec Examples To show the GVRP timers for all switchport interfaces enter the command awplus show gvrp timer To show the GVRP timers for switchport interface port1 0 1 enter the command awplus show gvrp timer port1 0 1 Output The following show output displays data for timers on the switchport interface port1 0 1 Related Com...

Page 686: ...C613 50102 01 REV C Command Reference for x510 Series 686 AlliedWare Plus Operating System Version 5 4 6 1 x Part 3 Layer Three Switching and Routing ...

Page 687: ...ture Overview and Configuration Guide Command List arp aging timeout on page 689 arp mac disparity on page 690 arp IP address MAC on page 693 arp log on page 694 arp opportunistic nd on page 697 arp reply bc dmac on page 698 clear arp cache on page 699 debug ip packet interface on page 700 ip address IP Addressing and Protocol on page 702 ip directed broadcast on page 704 ip forward protocol udp o...

Page 688: ...L COMMANDS local proxy arp on page 716 ip unreachables on page 717 optimistic nd on page 719 ping on page 720 show arp on page 721 show debugging ip packet on page 723 show ip interface on page 725 show ip sockets on page 726 show ip traffic on page 729 tcpdump on page 735 traceroute on page 736 undebug ip packet interface on page 737 ...

Page 689: ...oes not fill with entries for hosts that are no longer active Static ARP entries are not aged or automatically deleted By default the time limit for dynamic ARP entries is 300 seconds on all interfaces The no variant of this command sets the time limit to the default of 300 seconds Syntax arp aging timeout 0 432000 no arp aging timeout Default 300 seconds 5 minutes Mode Interface Configuration for...

Page 690: ...the disparate ARP has a multicast MAC address in the ARP reply the switch drops the ARP reply and does not learn any associated addresses If the disparate ARP has a unicast MAC address in the ARP reply the switch learns the address in the ARP reply The learned ARP entry points to the single port that the ARP reply arrived on Matching traffic will go out this port Mode Interface Configuration for a...

Page 691: ... a disparate ARP response an ARP entry is created for the IP MAC in the content of the ARP packet The difference with the arp mac disparity multicast igmp command is that the egress port is set to the subset of ports in the VLAN that have received IGMP reports for the NLB cluster MAC address Note that the ARP entry is updated as ports join leave the IGMP group If no ports have received IGMP report...

Page 692: ... IP ADDRESSING AND PROTOCOL COMMANDS ARP MAC DISPARITY To disable support for MS NLB in unicast mode on interface vlan2 use the following commands awplus configure terminal awplus config interface vlan2 awplus config if no arp mac disparity unicast Related Commands arp IP address MAC clear arp cache show arp ...

Page 693: ...ddress port number alias no arp ip addr Mode Global Configuration Examples To add the IP address 10 10 10 9 with the MAC address 0010 2533 4655 into the ARP cache and have your device respond to ARP requests for this address use the commands awplus configure terminal awplus config arp 10 10 10 9 0010 2355 4566 alias Related Commands arp mac disparity clear arp cache ip proxy arp show arp Parameter...

Page 694: ...ve the option to change how the MAC address is displayed in the ARP log message The output can either use the notation HHHH HHHH HHHH or HH HH HH HH HH HH Enter arp log to use HHHH HHHH HHHH notation Enter arp log mac address format ieee to use HH HH HH HH HH HH notation Enter no arp log mac address format ieee to revert from HH HH HH HH HH HH to HHHH HHHH HHHH Enter no arp log to disable ARP logg...

Page 695: ...lus configure terminal awplus config arp log awplus config exit awplus show log include ARP_LOG 2016 Oct 6 06 21 01 user notice awplus HSL 1007 ARP_LOG port1 0 1 vlan1 add 0013 4078 3b98 192 168 2 4 2016 Oct 6 06 22 30 user notice awplus HSL 1007 ARP_LOG port1 0 1 vlan1 del 0013 4078 3b98 192 168 2 4 2016 Oct 6 06 23 26 user notice awplus HSL 1007 ARP_LOG port1 0 1 vlan1 add 0030 940e 136b 192 168...

Page 696: ...nclude ARP_LOG command Parameter Description ARP_LOG Indicates that ARP log entry information follows port number Indicates device port number for the ARP log entry vid Indicates the VLAN ID for the ARP log entry operation Indicates add if the ARP log entry displays an ARP addition Indicates del if the ARP log entry displays an ARP deletion MAC Indicates the MAC address for the ARP log entry eithe...

Page 697: ...guration Usage When opportunistic neighbor discovery is enabled the device will reply to any received unsolicited ARP packets but not gratuitous ARP packets The source MAC address for the unsolicited ARP packet is added to the ARP cache so the device forwards the ARP packet When opportunistic neighbor discovery is disabled the source MAC address for the ARP packet is not added to the ARP cache so ...

Page 698: ...onses that contain a broadcast destination MAC Use the no variant of this command to turn off processing of ARP replies that arrive with a broadcast destination MAC Syntax arp reply bc dmac no arp reply bc dmac Default By default this functionality is disabled Mode Interface Configuration for VLAN interfaces Example To allow processing of ARP replies that arrive on VLAN2 with a broadcast destinati...

Page 699: ...ip address Mode Privileged Exec Usage To display the entries in the ARP cache use the show arp command To remove static ARP entries use the no variant of the arp IP address MAC command Example To clear all dynamic ARP entries use the command awplus clear arp cache To clear all dynamic ARP entries associated with the IPv4 address 192 168 1 1 use the command awplus clear arp cache 192 168 1 1 Relate...

Page 700: ...rface to show debugging for either all interfaces or a single interface all Specify all Layer 3 interfaces on the device ip address Specify an IPv4 address If this keyword is specified then only packets with the specified IP address as specified in the ip address placeholder are shown in the output verbose Specify verbose to output more of the IP packet If this keyword is specified then more of th...

Page 701: ...use the command awplus debug ip packet interface all To turn on TCP packet debugging on vlan1 and IP address 192 168 2 4 use the command awplus debug ip packet interface vlan1 address 192 168 2 4 tcp To turn off IP packet interface debugging on all interfaces use the command awplus no debug ip packet interface To turn off IP packet interface debugging on interface vlan2 use the command awplus no d...

Page 702: ...configure a primary address on the interface before configuring a secondary address NOTE Use show running config interface not show ip interface brief when you need to view a secondary address configured on an interface show ip interface brief will only show the primary address not a secondary address for an interface Examples To add the primary IP address 10 10 10 50 24 to the interface vlan3 use...

Page 703: ...COL COMMANDS IP ADDRESS IP ADDRESSING AND PROTOCOL To add the IP address 10 10 11 50 24 to the local loopback interface lo use the following commands awplus configure terminal awplus config interface lo awplus config if ip address 10 10 11 50 24 Related Commands interface to configure show ip interface show running config interface ...

Page 704: ...ion address is a broadcast address for some IP subnet but originates from a node that is not itself part of that destination subnet When a directed broadcast packet reaches a device that is directly connected to its destination subnet that packet is flooded as a broadcast on the destination subnet The ip directed broadcast c ommand controls the flooding of directed broadcasts when they reach targe...

Page 705: ...mmand Reference for x510 Series 705 AlliedWare Plus Operating System Version 5 4 6 1 x IP ADDRESSING AND PROTOCOL COMMANDS IP DIRECTED BROADCAST Related Commands ip forward protocol udp ip helper address show running config ...

Page 706: ... not enabled by default Mode Global Configuration Usage Combined with the ip helper address command in interface mode the ip forward protocol udp command in Global Configuration mode allows control of which protocols destination port numbers are forwarded The ip forward protocol udp command configures protocols for forwarding and the ip helper address command configures the destination address es ...

Page 707: ... 1 x IP ADDRESSING AND PROTOCOL COMMANDS IP FORWARD PROTOCOL UDP To delete a UDP port from the UDP ports that the device forwards use the following commands awplus configure terminal awplus config no ip forward protocol udp port Related Commands ip helper address ip directed broadcast show running config ...

Page 708: ...Default The default Gratuitous ARP time limit for all switchports is 8 seconds Mode Global Configuration Usage Every switchport will send a sequence of 3 Gratuitous ARP packets to each VLAN that the switchport is a member of whenever the switchport moves to the forwarding state The first Gratuitous ARP packet is sent 1 second after the switchport becomes a forwarding switchport The second and thir...

Page 709: ...ng System Version 5 4 6 1 x IP ADDRESSING AND PROTOCOL COMMANDS IP GRATUITOUS ARP LINK To restrict the sending of Gratuitous ARP packets to one every 20 seconds use the commands awplus configure terminal awplus config ip gratuitous arp link 20 Validation Commands show running config ...

Page 710: ...e destination address es The destination address can be a unicast address or a subnet broadcast address The UDP destination port is configured separately with the ip forward protocol udp command If multiple destination addresses are registered then UDP packets are forwarded to each IP address added to an IP Helper Up to 32 destination addresses may be added using IP Helper The device will only for...

Page 711: ...ELPER ADDRESS The following example removes IPv4 address 192 168 1 100 as an IP Helper destination address to which to forward UDP broadcasts received on vlan2 awplus configure terminal awplus config interface vlan2 awplus config if no ip helper address 192 168 1 100 Related Commands ip forward protocol udp ip directed broadcast show running config ...

Page 712: ...xy arp Default Limited local proxy ARP is disabled by default Mode Interface Configuration Usage This command allows you to stop MAC address resolution for specified hosts Limited local proxy ARP works by intercepting ARP requests for the specified hosts and responding with your device s own MAC address details instead of the destination host s details This stops hosts from learning the MAC addres...

Page 713: ...e does not generate or forward any ICMP Redirect messages on that interface This command does not enable proxy ARP on the interface see the ip proxy arp command for more information on enabling proxy ARP The no variant of this command disables Local Proxy ARP to stop your device from intercepting and responding to ARP requests between hosts within a subnet This allows the hosts to use MAC address ...

Page 714: ...oute that the ARP request arrived from It ignores all other ARP requests See the ip local proxy arp command about enabling your device to respond to other ARP messages The no variant of this command disables Proxy ARP responses on an interface Proxy ARP is disabled by default Syntax ip proxy arp no ip proxy arp Default Proxy ARP is disabled by default Mode Interface Configuration for a VLAN interf...

Page 715: ...ce Usage ICMP redirect messages are used to notify hosts that a better route is available to a destination ICMP redirects are used when a packet is routed into the device on the same interface that the packet is routed out of the device ICMP redirects are only sent to packet sources that are directly connected to the device Examples To enable the device to send ICMP redirects on interface vlan2 us...

Page 716: ...variant of this command to stop specifying a subnet for use with limited local proxy ARP Syntax local proxy arp ip add mask no local proxy arp ip add mask Default No subnets are specified for use with limited local proxy ARP Mode Global Configuration Example To specify limited local proxy ARP for the address 172 22 0 3 use the following commands awplus configure terminal awplus config local proxy ...

Page 717: ...se these messages to obtain information regarding the topology of a network Disabling destination unreachable messages using the no ip unreachables command secures your network against this type of probing NOTE Disabling ICMP destination unreachable messages breaks applications such as traceroute and Path MTU Discovery PMTUD which depend on these messages to operate correctly Table 20 1 ICMP type ...

Page 718: ...e destination unreachable messages use the commands awplus configure terminal awplus config no ip unreachables To enable destination unreachable messages use the commands awplus configure terminal awplus config ip unreachables 14 Host Precedence Violation RFC1812 15 Precedence cutoff in effect RFC1812 Table 20 1 ICMP type 3 reason codes and description cont Code Description RFC ...

Page 719: ...stale neighbors are deleted from the hardware L3 switching table The optimistic neighbor discovery feature enables the device to sustain L3 traffic switching to a neighbor without interruption Without the optimistic neighbor discovery feature enabled L3 traffic is interrupted when a neighbor is stale and is then deleted from the L3 switching table If a neighbor receiving optimistic neighbor solici...

Page 720: ...it in the IP header interval 0 128 Specify the time interval in seconds between sending ping packets The default is 1 You can use decimal places to specify fractions of a second For example to ping every millisecond set the interval to 0 001 pattern hex data pattern Specify the hex data pattern repeat Specify the number of ping packets to send 1 2147483647 Specify repeat count The default is 5 con...

Page 721: ...dditional parameters will display all entries in the ARP routing and forwarding table Example To display all ARP entries in the ARP cache use the following command awplus show arp Output Figure 20 3 Example output from the show arp command awplus show arp IP Address MAC Address Interface Port Type 192 168 10 2 0015 77ad fad8 vlan1 port1 0 1 dynamic 192 168 20 2 0015 77ad fa48 vlan2 port1 0 2 dynam...

Page 722: ...13 50102 01 REV C Command Reference for x510 Series 722 AlliedWare Plus Operating System Version 5 4 6 1 x IP ADDRESSING AND PROTOCOL COMMANDS SHOW ARP Related Commands arp IP address MAC clear arp cache ...

Page 723: ...lay theIP interface debugging statuswhen theterminal monitoroff use the command awplus terminal no monitor awplus show debug ip packet Output Figure 20 4 Example output from the show debugging ip packet command with terminal monitor off Example To display the IP interface debugging status when the terminal monitor is on use the command awplus terminal monitor awplus show debug ip packet Output Fig...

Page 724: ...REV C Command Reference for x510 Series 724 AlliedWare Plus Operating System Version 5 4 6 1 x IP ADDRESSING AND PROTOCOL COMMANDS SHOW DEBUGGING IP PACKET Related Commands debug ip packet interface terminal monitor ...

Page 725: ...rmation for the assigned IP address for interface port1 0 2 use the command awplus show ip interface port1 0 2 brief To show the IP addresses assigned to vlan2 and vlan3 use the command awplus show ip interface vlan2 3 brief Output Figure 20 6 Example output from the show ip interface brief command Parameter Description interface list The interfaces to display information about An interface list c...

Page 726: ...yntax show ip sockets Mode Privileged Exec Usage Use this command to verify that the socket being used is opening correctly If there is a local and remote endpoint a connection is established with the ports indicated Note that this command does not display sockets that are used internally for exchanging data between the various processes that exist on the device and are involved in itsoperationand...

Page 727: ...yp This column displays the type of the socket Possible values for this column are tcp IP Protocol 6 udp IP Protocol 17 raw Indicates that socket is for a non port orientated protocol i e a protocol other than TCP or UDP where all packets of a specified IP protocol type are accepted For raw socket entries the protocol type is indicated in subsequent columns Local Address For TCP and UDP listening ...

Page 728: ...source port will be accepted This is indicated by For active TCP sessions the IP address will display the remote address and port the session was established with For raw sockets the entry in this column will be 0 0 0 0 or for IPv4 and IPv6 respectively State This column shows the state of the socket For TCP sockets this shows the state of the TCP state machine For UDP sockets this column is blank...

Page 729: ...ode Privileged Exec Example To display IP traffic statistics use the command awplus show ip traffic Output Figure 20 8 Example output from the show ip traffic command IP 261998 packets received 261998 delivered 261998 sent 69721 multicast packets received 69721 multicast packets sent 23202841 bytes received 23202841 bytes sent 7669296 multicast bytes received 7669296 multicast bytes sent IPv6 28 p...

Page 730: ...s received broadcast packets sent Broadcast packets sent bytes received Bytes received bytes sent Bytes sent multicast bytes received Multicast bytes received multicast bytes sent Multicast bytes sent broadcast bytes received Broadcast bytes received broadcast bytes sent Broadcast bytes sent packets received Packets received packets received with invalid headers Packets received with invalid heade...

Page 731: ...ages received errors received Errors received messages sent Messages sent TCP TCP counters remote connections established Remote connections established local connections established Local connections established remote listening ports Remote listening ports local listening ports Local listening ports active connection openings Active connection openings passive connection openings Passive connect...

Page 732: ...rther delayed because of locked socket delayed acks lost Delayed acks lost listening socket overflows Listening socket overflows listening socket drops Listening socket drops headers predicted Headers predicted pure ACKs Pure ACKs pure ACKs predicted Pure ACKs predicted losses recovered by TCP Reno Losses recovered by TCP Reno losses recovered by SACK Losses recovered by SACK SACKs renegged SACKs ...

Page 733: ...r segments DSACKs received for out of order segments connections reset due to unexpected SYN Connections reset due to unexpected SYN connections reset due to unexpected data Connections reset due to unexpected data connections reset due to early user close Connections reset due to early user close connections aborted due to lack of memory Connections aborted due to lack of memory connections abort...

Page 734: ...Counters UDP6 UDPv6 Counters UDPLite6 UDPLitev6 Counters datagrams received Datagrams received datagrams received for unknown port Datagrams received for unknown port datagram receive errors Datagram receive errors datagrams transmitted Datagrams transmitted datagrams received Datagrams received datagrams received for unknown port Datagrams received for unknown port datagram receive errors Datagra...

Page 735: ...ump Syntax tcpdump line Mode Privileged Exec Example To start a tcpdump running to capture IP packets enter the command awplus tcpdump ip Output Figure 20 9 Example output from the tcpdump command Related Commands debug ip packet interface Parameter Description line Specify the dump options For more information on the options for this placeholder see http www tcpdump org tcpdump_man html 03 40 33 ...

Page 736: ...MMANDS TRACEROUTE traceroute Overview Use this command to trace the route to the specified IPv4 host Syntax traceroute ip addr hostname Mode User Exec and Privileged Exec Example awplus traceroute 10 10 0 5 Parameter Description ip addr The destination IPv4 address The IPv4 address uses the format A B C D hostname The destination hostname ...

Page 737: ...0 Series 737 AlliedWare Plus Operating System Version 5 4 6 1 x IP ADDRESSING AND PROTOCOL COMMANDS UNDEBUG IP PACKET INTERFACE undebug ip packet interface Overview This command applies the functionality of the no debug ip packet interface command ...

Page 738: ...Command List clear ip dns forwarding cache on page 740 debug ip dns forwarding on page 741 ip dns forwarding on page 742 ip dns forwarding cache on page 743 ip dns forwarding dead time on page 744 ip dns forwarding retry on page 745 ip dns forwarding source interface on page 746 ip dns forwarding timeout on page 747 ip domain list on page 748 ip domain lookup on page 749 ip domain name on page 750...

Page 739: ...C Command Reference for x510 Series 739 AlliedWare Plus Operating System Version 5 4 6 1 x DOMAIN NAME SERVICE DNS COMMANDS show ip domain list on page 758 show ip domain name on page 759 show ip name server on page 760 ...

Page 740: ...E DNS COMMANDS CLEAR IP DNS FORWARDING CACHE clear ip dns forwarding cache Overview Use this command to clear the DNS Relay name resolver cache Syntax clear ip dns forwarding cache Mode Privileged Exec Examples To clear all cached data use the command awplus clear ip dns forwarding cache Related Commands ip dns forwarding cache ...

Page 741: ...ng Use the no variant of this command to disable DNS Relay debugging Syntax debug ip dns forwarding no debug ip dns forwarding Default DNS Relay debugging is disabled by default Mode Privileged Exec Examples To enable DNS forwarding debugging use the commands awplus debug ip dns forwarding To disable DNS forwarding debugging use the commands awplus no debug ip dns forwarding Related Commands ip dn...

Page 742: ...kup is enabled by default but if it has been disabled you can re enable it by using the command ip domain lookup See the IP Feature Overview and Configuration Guide for more information about DNS Relay See the ip dns forwarding dead time command used with this command Examples To enable the forwarding of incoming DNS query packets use the commands awplus configure terminal awplus config ip dns for...

Page 743: ... used when the time out period of the DNS reply from the DNS server is bigger than the time out period configured on the device Syntax ip dns forwarding cache size 0 1000 timeout 60 3600 no ip dns forwarding cache size timeout Default The default cache size is 0 no entries and the default lifetime is 1800 seconds Mode Global Configuration Usage See the IP Feature Overview and Configuration Guide f...

Page 744: ...an unresponsive server is 3600 seconds Mode Global Configuration Usage See the IP Feature Overview and Configuration Guide for more information about DNS Relay See the ip dns forwarding retry command used with this command Examples To set the DNS forwarding retry count to 50 and to set the DNS forwarding dead time to 1800 seconds use the commands awplus configure terminal awplus config ip dns forw...

Page 745: ...er Mode Global Configuration Usage See the IP Feature Overview and Configuration Guide for more information about DNS Relay See the ip dns forwarding dead time command used with this command Examples To set the DNS forwarding retry count to 50 and to set the DNS forwarding dead time to 1800 seconds use the commands awplus configure terminal awplus config ip dns forwarding retry 50 awplus config ip...

Page 746: ...he default is that no interface is set and the device selects the appropriate source IP address automatically Mode Global Configuration Usage See the IP Feature Overview and Configuration Guide for more information about DNS Relay Examples To set vlan1 as the source interface for relayed DNS queries use the commands awplus configure terminal awplus config ip dns forwarding source interface vlan1 T...

Page 747: ...ing timeout 0 3600 no ip dns forwarding timeout Default The default timeout value is 3 seconds Mode Global Configuration Usage See the IP Feature Overview and Configuration Guide for more information about DNS Relay Examples To set the timeout value to 12 seconds use the commands awplus configure terminal awplus config ip dns forwarding timeout 12 To set the timeout value to the default of 3 secon...

Page 748: ...d deletes a domain from the list Syntax ip domain list domain name no ip domain list domain name Mode Global Configuration Usage If there are no domains in the DNS list then your device uses the domain specified with the ip domain name command If any domain exists in the DNS list then the device does not use the domain set using the ip domain name command Example To add the domain example net to t...

Page 749: ...addresses to specify hosts in commands Syntax ip domain lookup no ip domain lookup Mode Global Configuration Usage The client is enabled by default However it does not attempt DNS inquiries unless there is a DNS server configured For more information about DNS clients see the IP Feature Overview and Configuration Guide If you are using DNS Relay see the command ip dns forwarding you must have IP d...

Page 750: ...If there are no domains in the DNS list created using the ip domain list command then your device uses the domain specified with this command If any domain exists in the DNS list then the device does not use the domain configured with this command When your device is using its DHCP client for an interface it can receive Option 15 from the DHCP server This option replaces the domain name set with t...

Page 751: ...to Name servers can be learned through the following means Manual configuration using the ip name server command Learned from DHCP server with Option 6 Learned over a PPP tunnel if the neighbor advertises the DNS server This command is used to statically configure a DNS name server for the device to use For more information about DHCP and DNS see the IP Feature Overview and Configuration Guide Exa...

Page 752: ...nce for x510 Series 752 AlliedWare Plus Operating System Version 5 4 6 1 x DOMAIN NAME SERVICE DNS COMMANDS IP NAME SERVER Related Commands ip domain list ip domain lookup ip domain name show ip dns forwarding cache show ip name server ...

Page 753: ... command For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging ip dns forwarding Mode User Exec and Privileged Exec Example To display the DNS Relay debugging status use the command awplus show debugging ip dns forwarding Output Figure 21 1 Example output from the show debugging ip dns forw...

Page 754: ...nd output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show hosts Mode User Exec and Privileged Exec Example To display the default domain use the command awplus show hosts Output Figure 21 2 Example output from the show hosts command Related Commands ip domain list ip domain lookup ip domain name ip name server awplus show hosts Default domain is my...

Page 755: ...play the DNS Relay status Syntax show ip dns forwarding Mode User Exec and Privileged Exec Examples To display the DNS Relay status use the command awplus show ip dns forwarding Output Figure 21 3 Example output from the show ip dns forwarding command Related Commands ip dns forwarding awplus show ip dns forwarding Max Retry 2 Timeout 3 second s Dead Time 3600 second s Source Interface not specifi...

Page 756: ...arding cache Mode User Exec and Privileged Exec Example To display the DNS Relay name resolver cache use the command awplus show ip dns forwarding cache Output Figure 21 4 Example output from the show ip dns forwarding cache command Related Commands ip dns forwarding cache ip name server awplus show ip dns forwarding cache Host Address Expires Flags www example com 172 16 1 1 180 mail example com ...

Page 757: ...p dns forwarding server Mode User Exec and Privileged Exec Examples To display the status of DNS Relay name servers use the command awplus show ip dns forwarding server Output Figure 21 5 Example output from the show ip dns forwarding server command Related Commands ip dns forwarding ip dns forwarding dead time Parameter Description forwarding server The DNS forwarding name server awplus show ip d...

Page 758: ...s when sending a DNS inquiry to a DNS server For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip domain list Mode User Exec and Privileged Exec Example To display the list of domains in the domain list use the command awplus show ip domain list Output Figure 21 6 Example output from the show ip ...

Page 759: ...ncomplete hostnames when sending a DNS inquiry to a DNS server For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip domain name Mode User Exec and Privileged Exec Example To display the default domain configured on your device use the command awplus show ip domain name Output Figure 21 7 Example ...

Page 760: ...the ip name server command For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip name server Mode User Exec and Privileged Exec Example To display the list of DNS servers that your device sends DNS requests to use the command awplus show ip name server Output Figure 21 8 Example output from the sh...

Page 761: ...e 764 ipv6 address autoconfig on page 766 ipv6 enable on page 768 ipv6 forwarding on page 770 ipv6 multicast forward slow path packet on page 771 ipv6 nd managed config flag on page 772 ipv6 nd minimum ra interval on page 773 ipv6 nd other config flag on page 774 ipv6 nd prefix on page 775 ipv6 nd ra interval on page 777 ipv6 nd ra lifetime on page 778 ipv6 nd raguard on page 779 ipv6 nd reachable...

Page 762: ...System Version 5 4 6 1 x IPV6 COMMANDS ipv6 unreachables on page 787 ping ipv6 on page 788 show ipv6 forwarding on page 789 show ipv6 interface brief on page 790 show ipv6 neighbors on page 791 show ipv6 route on page 792 show ipv6 route summary on page 794 traceroute ipv6 on page 795 ...

Page 763: ...AlliedWare Plus Operating System Version 5 4 6 1 x IPV6 COMMANDS CLEAR IPV6 NEIGHBORS clear ipv6 neighbors Overview Use this command to clear all dynamic IPv6 neighbor entries Syntax clear ipv6 neighbors Mode Privileged Exec Example awplus clear ipv6 neighbors ...

Page 764: ...guration SLAAC if the device received an RA Router Advertisement specifying this prefix See ipv6 address autoconfig for a detailed command description and examples to enable and disable SLAAC For more information see IPv6 EUI 64 Addressing in the IPv6 Feature Overview and Configuration Guide Note that link local addresses are retained in the system until they are negated by using the no variant of...

Page 765: ...configure terminal awplus config interface vlan2 awplus config if no ipv6 address 2001 0db8 a2 64 To assign the eui64 derived address in the prefix 2001 db8 48 to VLAN interface vlan2 use the following commands awplus configure terminal awplus config interface vlan2 awplus config fr subif ipv6 address 2001 0db8 48 eui64 To remove the eui64 derived address in the prefix 2001 db8 48 from VLAN interf...

Page 766: ...uration parameters for IPv6 hosts The SLAAC process derives the interface identifier of the IPv6 address from the MAC address of the interface When applying SLAAC to an interface note that the MAC addressof thedefaultVLAN isappliedtotheinterfaceif theinterface doesnot have its own MAC address If SLAAC is not suitable then a network can use stateful configuration with DHCPv6 Dynamic Host Configurat...

Page 767: ...PV6 COMMANDS IPV6 ADDRESS AUTOCONFIG To disable SLAAC on the VLAN interface vlan2 use the following commands awplus configure terminal awplus config interface vlan2 awplus config if no ipv6 address autoconfig Related Commands ipv6 address ipv6 enable show ipv6 interface brief show ipv6 route show running config ...

Page 768: ...al network or for a point to point connection Routing does not forward packets with link local addresses IPv6 requires that a link local address is assigned to each interface that has the IPv6 protocol enabled and when addresses are assigned to interfaces for routing IPv6 packets Note that link local addresses are retained in the system until they are negated by using the no variant of the command...

Page 769: ...and Reference for x510 Series 769 AlliedWare Plus Operating System Version 5 4 6 1 x IPV6 COMMANDS IPV6 ENABLE Related Commands ipv6 address ipv6 address autoconfig show ipv6 interface brief show ipv6 route show running config ...

Page 770: ...multicast routing command before using PIM SMv6 commands Syntax ipv6 forwarding no ipv6 forwarding Mode Global Configuration Default IPv6 unicast forwarding is disabled by default Usage Enable IPv6 unicast forwarding globally for all interface on your device with this command Use the no variant of this command to disable IPv6 unicast forwarding globally for all interfaces on your device IPv6 unica...

Page 771: ...he smallest MTU among the outgoing interfaces for the multicast group It will also ensure that a received packet that is larger than the MTU value will result in the generation of an ICMP Too Big message Use the no variant of this command to disable the above functionality Syntax ipv6 multicast forward slow path packet no ipv6 multicast forward slow path packet Default Disabled Mode Privileged Exe...

Page 772: ...ts to use a stateless autoconfiguration mechanism to establish their IPv6 addresses The default is flag unset Use the no variant of this command to reset this command to its default of flag unset Syntax ipv6 nd managed config flag no ipv6 nd managed config flag Default Unset Mode Interface Configuration for a VLAN interface Usage Advertisement flags will not be transmitted unless you have applied ...

Page 773: ...l for a VLAN interface is unset by default Mode Interface Configuration for a VLAN interface Examples To set the minimum RA interval for the VLAN interface vlan2 use the following commands awplus configure terminal awplus config interface vlan2 awplus config if ipv6 nd minimum ra interval 60 To remove the minimum RA interval for the VLAN interface vlan2 use the following commands awplus configure ...

Page 774: ...t the ipv6 nd other config flag will also be set Use no variant of this command to reset the value to the default Syntax ipv6 nd other config flag no ipv6 nd other config flag Default Unset Mode Interface Configuration for a VLAN interface Usage Advertisement flags will not be transmitted unless you have applied the ipv6 nd suppress ra command This step is included in the example below Example To ...

Page 775: ... advertised by the router advertisement message The IPv6 address prefix uses the format X X prefix length The prefix length is usually set between 0 and 64 The default is X X 64 valid lifetime The the period during which the specified IPv6 address prefix is valid This can be set to a value between 0 and 4294967295 seconds The default is 2592000 30 days Note that this period should be set to a valu...

Page 776: ...rminal awplus config interface vlan4 awplus config if ipv6 nd prefix 2001 0db8 64 864000 432000 Thefollowing exampleconfiguresthedevice toissuerouteradvertisementsonthe VLAN interface vlan4 and advertises the address prefix of 2001 0db8 64 with a valid lifetime of 10 days a preferred lifetime of 5 days and no prefix used for autoconfiguration awplus configure terminal awplus config interface vlan4...

Page 777: ...e Configuration for a VLAN interface Usage Advertisement flags will not be transmitted unless you have applied the ipv6 nd suppress ra command as shown in the example below Example To set the advertisements interval on the VLAN interface vlan4 to be 60 seconds use the following commands awplus configure terminal awplus config interface vlan4 awplus config if ipv6 nd ra interval 60 awplus config if...

Page 778: ...fies the lifetime of the current router to be announced in IPv6 Router Advertisements Advertisement flags will not be transmitted unless you have applied the ipv6 nd suppress ra command This instruction is included in the example shown below Examples To set the advertisement lifetime of 8000 seconds on the VLAN interface vlan4 use the following commands awplus configure terminal awplus config inte...

Page 779: ...rd blocks RAs from untrusted hosts Blocking RAs stops untrusted hosts from flooding malicious RAs and stops any misconfigured hosts from disrupting traffic on the local network Enabling RA Guard on a port blocks RAs from a connected host and indicates the port and host are untrusted Disabling RA Guard on a port allows RAs from a connected host and indicates the port and host are trusted Ports and ...

Page 780: ...dWare Plus Operating System Version 5 4 6 1 x IPV6 COMMANDS IPV6 ND RAGUARD Output Exampleoutputfromusing showrunning configinterfaceport1 0 2toverify RA Guard Related Commands show running config interface interface port1 0 2 switchport mode access ipv6 nd raguard ...

Page 781: ...ansmitted unless you have applied the ipv6 nd suppress ra command This instruction is included in the example shown below Example To set the reachable time in router advertisements on the VLAN interface vlan4 to be 1800000 milliseconds enter the following commands awplus configure terminal awplus config interface vlan4 awplus config if ipv6 nd reachable time 1800000 awplus config if no ipv6 nd sup...

Page 782: ... 1 second Mode Interface Configuration for a VLAN interface Examples To set the retransmission time of Neighbor Solicitation on the VLAN interface vlan2 to be 800000 milliseconds enter the following commands awplus configure terminal awplus config interface vlan2 awplus config if ipv6 nd retransmission time 800000 To reset the retransmission time of Neighbor Solicitation on the VLAN interface vlan...

Page 783: ...figuration Use no parameter with this command to enable Router Advertisement transmission Syntax ipv6 nd suppress ra no ipv6 nd suppress ra Default Router Advertisement RA transmission is suppressed by default Mode Interface Configuration for a VLAN interface Example To enable the transmission of router advertisements from the VLAN interface vlan4 on the device use the following commands awplus co...

Page 784: ...r a specific IPv6 neighbor entry To clear all dynamic address entries use the clear ipv6 neighbors command Example To create a static neighbor entry for IPv6 address 2001 0db8 a2 on vlan 4 MAC address 0000 cd28 0880 on port1 0 6 use the command awplus configure terminal awplus config ipv6 neighbor 2001 0db8 a2 vlan4 0000 cd28 0880 port1 0 6 Related Commands clear ipv6 neighbors Parameter Descripti...

Page 785: ...nfiguration Usage When opportunistic neighbor discovery is enabled the device will reply to any received unsolicited ICMPv6 ND packets The source MAC address for the unsolicited ICMPv6 ND packet is added to the IPv6 ND cache so the device forwards the ICMPv6 ND packet When opportunistic neighbor discovery is disabled the source MAC address for the ICMPv6 packet is not added to the IPv6 ND cache so...

Page 786: ...ateway ip gateway name distvalue Mode Global Configuration Usage Administrative distance can be modified so static routes do not take priority over other routes Example awplus configure terminal awplus config ipv6 route 2001 0db8 1 128 vlan2 32 Validation Commands show running config show ipv6 route Parameter Description dest prefix length Specifies the IP destination prefix The IPv6 address prefi...

Page 787: ...ges to obtain information regarding the topology of a network Disabling destination unreachable messages using the no ipv6 unreachables command secures your network against this type of probing NOTE Disabling ICMPv6 destination unreachable messages breaks applications such as traceroute which depend on these messages to operate correctly Example To disable destination unreachable messages use the ...

Page 788: ...repeat Specify the number of ping packets to send 1 2147483647 Specify repeat count The default is 5 size 10 1452 The number of data bytes to send excluding the 8 byte ICMP header The default is 56 64 ICMP data bytes interface interface list The interface or range of configured IP interfaces to use as the source in the IP header of the ping packet timeout 1 65535 The time in seconds to wait for ec...

Page 789: ... IPV6 COMMANDS SHOW IPV6 FORWARDING show ipv6 forwarding Overview Use this command to display IPv6 forwarding status Syntax show ipv6 forwarding Mode User Exec and Privileged Exec Example awplus show ipv6 forwarding Output Figure 22 1 Example output from the show ipv6 forwarding command ipv6 forwarding is on ...

Page 790: ...arted with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ipv6 interface brief Mode User Exec and Privileged Exec Examples awplus show ipv6 interface brief Output Figure 22 2 Example output from the show ipv6 interface brief command Related Commands show interface brief Parameter Description brief Specify this optional parameter to display brief IPv6 interface information awp...

Page 791: ...PV6 COMMANDS SHOW IPV6 NEIGHBORS show ipv6 neighbors Overview Use this command to display all IPv6 neighbors For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ipv6 neighbors Mode User Exec and Privileged Exec ...

Page 792: ...eters turned on use the following command awplus show ipv6 route Parameter Description connected Displays only the routes learned from connected interfaces database Displays only the IPv6 routing information extracted from the database ospf Displays only the routes learned from IPv6 Open Shortest Path First OSPFv3 rip Displays only the routes learned from IPv6 Routing Information Protocol RIPng st...

Page 793: ...ommand IPv6 Routing Table Codes C connected S static R RIP O OSPFS 0 1 0 via 2001 a 0 0 c0a8 a6 vlan10 C 2001 db8 a 0 0 0 0 64 via vlan10 C 2001 db8 14 0 0 0 0 64 via vlan20 C 2001 db8 0 0 0 0 64 via vlan30 C 2001 db8 28 0 0 0 0 64 via vlan40 C 2001 db8 fa 0 0 0 0 64 via vlan250 C 2001 db8 64 via vlan250 C 2001 db8 64 via vlan40 C 2001 db8 64 via vlan20 C 2001 db8 64 via vlan10 IPv6 Routing Table ...

Page 794: ... see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ipv6 route summary Mode User Exec and Privileged Exec Example To display IP route summary use the following command awplus show ipv6 route summary Output Figure 22 5 Example output from the show ipv6 route summary command Related Commands show ip route database IPv6 routing table name is Default IPv6...

Page 795: ...route to the specified IPv6 host Syntax traceroute ipv6 ipv6 addr hostname Mode User Exec and Privileged Exec Example To run a traceroute for the IPv6 address 2001 0db8 a2 use the following command awplus traceroute ipv6 2001 0db8 a2 Related Commands ping ipv6 Parameter Description ipv6 addr The destination IPv6 address The IPv6 address uses the format X X X X hostname The destination hostname ...

Page 796: ...re common across the routing IP protocols For more information see the Route Selection Feature Overview and Configuration Guide Command List ip route on page 797 ipv6 route on page 799 max fib routes on page 800 max static routes on page 801 maximum paths on page 802 show ip route on page 803 show ip route database on page 806 show ip route summary on page 808 show ipv6 route on page 809 show ipv6...

Page 797: ...s Specify a Null interface to add a null or blackhole route to the switch A null or blackhole route is a routing table entry that does not forward packets so any packets sent to it are dropped Parameter Description subnet mask The IPv4 address of the destination subnet defined using either a prefix length or a separate mask specified in one of the following formats The IPv4 subnet address in dotte...

Page 798: ... available through the device at 10 10 0 2 with the default administrative distance use the commands awplus configure terminal awplus config no ip route 192 168 3 0 255 255 255 0 10 10 0 2 To specify a null or blackhole route 192 168 4 0 24 so packets forwarded to this route are dropped use the commands awplus configure terminal awplus config ip route 192 168 4 0 24 null To add the destination 192...

Page 799: ... gateway ip gateway name distvalue Mode Global Configuration Usage Administrative distance can be modified so static routes do not take priority over other routes Example awplus configure terminal awplus config ipv6 route 2001 0db8 1 128 vlan2 32 Validation Commands show running config show ipv6 route Parameter Description dest prefix length Specifies the IP destination prefix The IPv6 address pre...

Page 800: ...d warning threshold of 75 use the following commands awplus config terminal awplus config max fib routes 2000 75 Parameter Description max fib routes This is a the maximum number of routes that can be stored in the device s Forwarding Information dataBase In practice other practical system limits would prevent this maximum being reached 1 4294967294 The allowable configurable range for setting the...

Page 801: ...maximum number of static routes to the default of 1000 static routes Syntax max static routes 1 1000 no max static routes Default The default number of static routes is the maximum number of static routes 1000 Mode Global Configuration Example To reset the maximum number of static routes to the default maximum use the command awplus configure terminal awplus config no max static routes NOTE Static...

Page 802: ... of this command sets the maximum paths to the default of 4 Syntax maximum paths 1 8 no maximum paths Default By default the maximum number of paths is 4 Mode Global Configuration Examples To set the maximum number of paths for each route in the FIB to 5 use the command awplus configure terminal awplus config maximum paths 5 To set the maximum paths for a route to the default of 4 use the command ...

Page 803: ...the OSPF routes in the FIB use the command awplus show ip route ospf Output Eachentry inthe outputfromthiscommandhasa codepreceding it indicating the source of the routing entry For example O indicates OSPF as the origin of the route The first few lines of the output list the possible codes that may be seen with the route entries Typically route entries are composed of the following elements code ...

Page 804: ...s reachable via next hop 10 10 31 16 The outgoing local interface for this route is vlan2 This route was added 20 minutes and 54 seconds ago OSPF External Route The OSPF external route entry consists of This route entry denotes that this route is the same as the other OSPF route explained above the main difference is that it is a Type 2 External OSPF route Codes C connected S static R RIP B BGP O ...

Page 805: ...C613 50102 01 REV C Command Reference for x510 Series 805 AlliedWare Plus Operating System Version 5 4 6 1 x ROUTING COMMANDS SHOW IP ROUTE Related Commands ip route maximum paths show ip route database ...

Page 806: ...only the routes learned from connected interfaces ospf Displays only the routes learned from OSPF rip Displays only the routes learned from RIP static Displays only the static routes you have configured Codes C connected S static R RIP B BGP O OSPF IA OSPF inter area N1 OSPF NSSA external type 1 N2 OSPF NSSA external type 2 E1 OSPF external type 1 E2 OSPF external type 2 selected route FIB route p...

Page 807: ...ther the nor the symbol These route entries denote The same prefix was learned from OSPF and from static route configuration Since this static route has a lower administrative distance than the OSPF route 110 the static route 1 is selected and installed in the FIB If the static route becomes unavailable then the device automatically selects the OSPF route and installs it in the FIB Related Command...

Page 808: ...ut modifiertoken to save the output to a file use the output redirection token Syntax show ip route summary Mode User Exec and Privileged Exec Example To display a summary of the current RIB entries use the command awplus show ip route summary Output Figure 23 3 Example output from the show ip route summary command Related Commands show ip route show ip route database IP routing table name is Defa...

Page 809: ...meters turned on use the following command awplus show ipv6 route Parameter Description connected Displays only the routes learned from connected interfaces database Displays only the IPv6 routing information extracted from the database ospf Displays only the routes learned from IPv6 Open Shortest Path First OSPFv3 rip Displays only the routes learned from IPv6 Routing Information Protocol RIPng s...

Page 810: ...command IPv6 Routing Table Codes C connected S static R RIP O OSPFS 0 1 0 via 2001 a 0 0 c0a8 a6 vlan10 C 2001 db8 a 0 0 0 0 64 via vlan10 C 2001 db8 14 0 0 0 0 64 via vlan20 C 2001 db8 0 0 0 0 64 via vlan30 C 2001 db8 28 0 0 0 0 64 via vlan40 C 2001 db8 fa 0 0 0 0 64 via vlan250 C 2001 db8 64 via vlan250 C 2001 db8 64 via vlan40 C 2001 db8 64 via vlan20 C 2001 db8 64 via vlan10 IPv6 Routing Table...

Page 811: ...t see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ipv6 route summary Mode User Exec and Privileged Exec Example To display IP route summary use the following command awplus show ipv6 route summary Output Figure 23 6 Example output from the show ipv6 route summary command Related Commands show ip route database IPv6 routing table name is Default IPv...

Page 812: ...behavior on page 816 cisco metric behavior RIP on page 818 clear ip rip route on page 819 debug rip on page 820 default information originate RIP on page 821 default metric RIP on page 822 distance RIP on page 823 distribute list RIP on page 824 fullupdate RIP on page 825 ip rip authentication key chain on page 826 ip rip authentication mode on page 828 ip rip authentication string on page 831 ip ...

Page 813: ... offset list RIP on page 847 passive interface RIP on page 848 recv buffer size RIP on page 849 redistribute RIP on page 850 restart rip graceful on page 851 rip restart grace period on page 852 route RIP on page 853 router rip on page 854 send lifetime on page 855 show debugging rip on page 857 show ip protocols rip on page 858 show ip rip on page 859 show ip rip database on page 860 show ip rip ...

Page 814: ...s configure terminal awplus config key chain mychain awplus config keychain key 1 awplus config keychain key accept lifetime 03 03 01 Sep 3 2016 04 04 02 Oct 6 2016 Parameter Description start date Specifies the start time and date in the format hh mm ss day month year or hh mm ss month day year where hh mm ss The time of the day in hours minutes and seconds day 1 31 The day of the month month The...

Page 815: ...g System Version 5 4 6 1 x RIP COMMANDS ACCEPT LIFETIME or awplus configure terminal awplus config key chain mychain awplus config keychain key 1 awplus config keychain key accept lifetime 03 03 01 3 Sep 2016 04 04 02 6 Oct 2016 Related Commands key key string key chain send lifetime ...

Page 816: ... RIP being advertised does not match the subnetting used on the outgoing RIPv1 interface it will be filtered The alliedware behavior command returns your router s RIPv1 behavior to the AlliedWare format where the prefix will be advertised as is For example if a RIPv1 update is being sent over interface 192 168 1 4 26 by default the prefix 192 168 1 64 26 will be advertised but the prefix 192 168 1...

Page 817: ...evice to AlliedWare Plus like behavior when sending and receiving RIPv1 update messages enter the commands awplus configure terminal awplus config router rip awplus config router no alliedware behavior rip1 send awplus config router no alliedware behavior rip1 recv Validation Commands show ip protocols rip show running config Related Commands fullupdate RIP ...

Page 818: ...behavior enable disable no cisco metric behavior Default By default the Cisco metric behavior is disabled Mode Router Configuration Examples To enable the routing metric update to behave as per the Cisco implementation enter the commands awplus configure terminal awplus config router rip awplus config router cisco metric behavior enable To disable the routing metric update to behave as per the def...

Page 819: ...uting table use the following command awplus clear ip rip route 10 0 0 0 8 Parameter Description ip dest network prefix length Removes entries which exactly match this destination address from RIP routing table Enter the IP address and prefix length of the destination network static Removes static entries from the RIP routing table connected Removes entries for connected routes from the RIP routin...

Page 820: ... Mode Privileged Exec and Global Configuration Example The following example displays information about the RIP packets that are received and sent out from the device awplus debug rip packet Related Commands undebug rip Parameter Description events RIP events debug information is displayed nsm RIP and NSM communication is displayed packet packet recv send detail Specifies RIP packets only recv Spe...

Page 821: ...are being redistributed the RIP protocol will advertise this default route irrespective of whether the default information originate command has been configured or not However if the router has not redistributed any default route into RIP but you want RIP to advertise a default route anyway then use this command This will cause RIP to create a default route entry in the RIP database The entry will...

Page 822: ...o 1 Mode RIP Router Configuration Usage This command is used with the redistribute RIP command to make the routing protocol use the specified metric value for all redistributed routes regardless of the original protocol that the route has been redistributed from Examples This example assigns the cost of 10 to the routes that are redistributed into RIP awplus configure terminal awplus config router...

Page 823: ...p addr prefix length access list Mode RIP Router Configuration Examples To set the administrative distance to 8 for the RIP routes within the 10 0 0 0 8 network that match the access list mylist use the commands awplus configure terminal awplus config router rip awplus config router distance 8 10 0 0 0 8 mylist To set the administrative distance to the default of 120 for the RIP routes within the ...

Page 824: ...ing access list or prefix list If you do not specify the name of the interface the filter will be applied to all interfaces Examples In this example the following commands are used to apply an access list called myfilter to filter incoming routing updates in vlan2 awplus configure terminal awplus config router rip awplus config router distribute list prefix myfilter in vlan2 Related Commands acces...

Page 825: ...ate is configured the device advertises the full RIP route table in outgoing triggered updates including routes that have not changed This enables faster convergence times or allow inter operation with legacy network equipment but at the expense of larger update messages Use the no variant of this command to disable this feature Syntax fullupdate no fullupdate Default By default this feature is di...

Page 826: ...nd for single key authentication Use the ip rip authentication key chain command for multiple keys authentication See the RIP Feature Overview and Configuration Guide for illustrated RIP configuration examples For multiple key authentication use the following steps to configure a route to enable RIPv2 authentication using multiple keys at different times 1 Define a key chain with a key chain name ...

Page 827: ...s config keychain key key string toyota awplus config keychain key accept lifetime 10 00 00 Oct 08 2016 duration 43200 awplus config keychain key send lifetime 10 00 00 Oct 08 2016 duration 43200 awplus config keychain key exit awplus config keychain exit awplus config interface vlan2 awplus config if ip rip authentication key chain cars awplus config if ip rip authentication mode md5 Example In t...

Page 828: ...cation string command for single key authentication Use the ip rip authentication key chain command for multiple keys authentication See the RIP Feature Overview and Configuration Guide for illustrated RIP configuration examples Usage single key Use the following steps to configure a route to enable RIPv2 authentication using a single key or password 1 Define the authentication string or password ...

Page 829: ...on for the given interface text or MD5 using the following commands awplus config if ip rip authentication mode md5 text Example 1 In the following example of a configuration for multiple keys authentication a password of toyota is set for key 1 in key chain cars Authentication is enabled on vlan2 and the authentication mode is set to MD5 awplus configure terminal awplus config key chain cars awpl...

Page 830: ...e 3 The following example specifies mykey as the authentication string with MD5 authentication for the VLAN interface vlan2 awplus configure terminal awplus config interface vlan2 awplus config if ip rip authentication string mykey awplus config if ip rip authentication mode md5 Related Commands ip rip authentication string ip rip authentication key chain ...

Page 831: ...t configuring RIP see the RIP Feature Overview and Configuration Guide Use the following steps to configure a route to enable RIPv2 authentication using a single key or password 1 Define the authentication string or password used by the key for the desired interface using the following commands awplus configure terminal awplus config interface id 2 Specify the mode of authentication for the given ...

Page 832: ...e following example the VLAN interface vlan2 is configured to have an authentication string as guest Any received RIP packet in that interface should have the same string as password awplus configure terminal awplus config interface vlan2 awplus config if ip rip authentication string guest Related commands ip rip authentication key chain ip rip authentication mode ...

Page 833: ...o variant of this command to disable this feature Syntax ip rip receive packet no ip rip receive packet Default Receive packet is enabled Mode Interface Configuration for a VLAN interface Usage This command can only be configured on VLAN interfaces Example This example shows packet receiving being turned on for the VLAN interface vlan3 awplus configure terminal awplus config interface vlan3 awplus...

Page 834: ...ommand applies to a specific VLAN interface and overrides any the version specified by the version RIP command RIP can be run in version 1 or version 2 mode Version 2 has more features than version 1 in particular RIP version 2 supports authentication and classless routing Once the RIP version is set RIP packets of that version will be received and sent on all the RIP enabled interfaces Example In...

Page 835: ...o variant of this command to disable this feature Syntax ip rip send packet no ip rip send packet Default Send packet is enabled Mode Interface Configuration for a VLAN interface Usage This command can only be configured on VLAN interfaces Example This example shows packet sending being turned on for the VLAN interface vlan4 awplus configure terminal awplus config interface vlan4 awplus config if ...

Page 836: ...more features than version 1 in particular RIP version 2 supports authentication and classless routing Once the RIP version is set RIP packets of that version will be received and sent on all the RIP enabled interfaces Selecting version parameters 1 2 or 2 1 sends RIP version 1 and 2 packets Use the ip rip send version 1 compatible command in an environment where you cannot send multicast packets ...

Page 837: ...d to send RIP version 1 packets only awplus configure terminal awplus config interface vlan4 awplus config if ip rip send version 1 In the following example the VLAN interface vlan4 is configured to send RIP version 2 packets only awplus configure terminal awplus config interface vlan4 awplus config if ip rip send version 2 In the following example the VLAN interface vlan3 is configured to use the...

Page 838: ...he version RIP command RIP can be run in version 1 compatible mode Version 2 has more features than version 1 in particular RIP version 2 supports authentication and classless routing Once the RIP version is set RIP packets of that version will be received and sent on all the RIP enabled interfaces Use the ip rip send version command in an environment where you can send multicast packets For examp...

Page 839: ...613 50102 01 REV C Command Reference for x510 Series 839 AlliedWare Plus Operating System Version 5 4 6 1 x RIP COMMANDS IP RIP SEND VERSION 1 COMPATIBLE Related Commands ip rip send version version RIP ...

Page 840: ...luding routes in updates sent to the same gateway from which they were learned Without the poisoned parameter using this command causes routes learned from a neighbor to be omitted from updates sent to that neighbor With the poisoned parameter using this command causes such routes to be included in updates but sets their metrics to infinity This advertises that these routes are not reachable Examp...

Page 841: ...no key keyid Mode Keychain Configuration Usage This command allows you to enter the keychain key mode where a password can be set for the key Example The following example configures a key number 1 and shows the change into a keychain key command mode prompt awplus configure terminal awplus config key chain mychain awplus config keychain key 1 awplus config keychain key Related Commands key chain ...

Page 842: ...eys Syntax key chain key chain name no key chain key chain name Mode Global Configuration Usage This command allows you to enter the keychain mode from which you can specify keys on this key chain Example The following example shows the creationof a key chain named mychain and the change into keychain mode prompt awplus configure terminal awplus config key chain mychain awplus config keychain Rela...

Page 843: ...amples In the following example the password for key1 in the key chain named mychain is set to password prime awplus configure terminal awplus config key chain mychain awplus config keychain key 1 awplus config keychain key key string prime In the following example the password for key1 in the key chain named mychain is removed awplus configure terminal awplus config key chain mychain awplus confi...

Page 844: ...limiting of the number of RIP routes stored in the routing table Syntax maximum prefix maxprefix threshold no maximum prefix Mode Router Configuration Example To configure the maximum number of RIP routes to 150 use the following command awplus configure terminal awplus config router rip awplus config router maximum prefix 150 Parameter Description maxprefix 1 65535 The maximum number of RIP route...

Page 845: ...mand to exchange nonbroadcast routing information It can be used multiple times for additional neighbors The passive interface RIP command disables sending routing updates on an interface Use the neighbor command in conjunction with the passive interface RIP to send routing updates to specific neighbors Example To specify the neighbor router to 1 1 1 1 use the following command awplus configure te...

Page 846: ...ed network or VLANs will be automatically advertised in RIP updates RIP updates will be sent and received within the specified network or VLAN Example Use the following commands to activate RIP routing updates on network 172 16 20 0 24 awplus configure terminal awplus config router rip awplus config router network 172 16 20 0 24 Related Commands show ip rip show running config clear ip rip route P...

Page 847: ...routing metric When the networks match the access list the offset is applied to the metrics No change occurs if the offset value is zero Examples In this example the router examines the RIP updates being sent out from interface vlan2 and adds 5 hops to the routes matching the ip addresses specified in the access list 8 awplus configure terminal awplus config router rip awplus config router offset ...

Page 848: ... command to disable this function Syntax passive interface interface no passive interface interface Default Disabled Mode RIP Router Configuration Usage This command can only be configured for VLAN interfaces Examples Use the following commands to block RIP broadcasts on vlan20 awplus configure terminal awplus config router rip awplus config router passive interface vlan20 Related Commands show ip...

Page 849: ...ffer size to the system default 196608 bits Syntax recv buffer size 8192 2147483647 no recv buffer size 8192 2147483647 Default 196608 bits is the system default when reset using the no variant of this command Mode Router Configuration Examples To run time configure the RIP UDP use the following commands awplus configure terminal awplus config router rip awplus config router recv buffer size 23456...

Page 850: ...ode RIP Router Configuration Example To apply the metric value 15 to static routes being redistributed into RIP use the commands awplus configure terminal awplus config router rip awplus config router redistribute static metric 15 Related Commands default metric RIP Parameter Description routemap Optional Specifies route map that controls how routes are redistributed routemap Optional The name of ...

Page 851: ...RIP has performed a graceful shutdown Routes that have been installed into the route table by RIP are preserved until the specified grace period expires When a restart rip graceful command is issued the RIP configuration is reloaded from the last saved configuration Ensure you first enter the command copy running config startup config When a master failover happens on a VCStack the RIP grace perio...

Page 852: ...he default RIP grace period is 60 seconds Usage Use this command to enable the Graceful Restart feature on the RIP process Entering this command configures a grace period for RIP When a master failover happens on a VCStack the RIP grace period will be the longest period between the default value 60 seconds is the default RIP grace period and the configured RIP grace period value from this command ...

Page 853: ...ength Default No static RIP route is added by default Mode RIP Router Configuration Usage Use this command to add a static RIP route After adding the RIP route the route can be checked in the RIP routing table Example To create a static RIP route to IP subnet 192 168 1 0 24 use the following commands awplus configure terminal awplus config router rip awplus config router route 192 168 1 0 24 Relat...

Page 854: ...ess Use the no variant of this command to disable the RIP routing process Syntax router rip no router rip Mode Global Configuration Example This command is used to begin the RIP routing process awplus configure terminal awplus config router rip awplus config router version 1 awplus config router network 10 10 10 0 24 awplus config router network 10 10 11 0 24 awplus config router neighbor 10 10 10...

Page 855: ...config keychain key send lifetime 03 03 01 Jan 3 2016 04 04 02 Dec 6 2016 Parameter Description start date Specifies the start time and date in the format hh mm ss day month year or hh mm ss month day year where hh mm ss The time of the day in hours minutes and seconds day 1 31 The day of the month month The month of the year the first three letters of the month for example Jan year 1993 2035 The ...

Page 856: ...C613 50102 01 REV C Command Reference for x510 Series 856 AlliedWare Plus Operating System Version 5 4 6 1 x RIP COMMANDS SEND LIFETIME Related Commands key key string key chain accept lifetime ...

Page 857: ...ugging status for these debugging options nsmdebugging RIP eventdebugging RIP packet debugging and RIP nsm debugging For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging rip Mode User Exec and Privileged Exec Usage Use this command to display the debug status of RIP Example awplus show deb...

Page 858: ...us show ip protocols rip Output Figure 24 1 Example output from the show ip protocols rip command Routing Protocol is rip Sending updates every 30 seconds with 50 next due in 12 seconds Timeout after 180 seconds garbage collect after 120 seconds Outgoing update filter list for all interface is not set Incoming update filter list for all interface is not set Default redistribution metric is 1 Redis...

Page 859: ... Feature Overview and Configuration Guide Syntax show ip rip Mode User Exec and Privileged Exec Example awplus show ip rip Output Figure 24 2 Example output from the show up rip command Related Commands route RIP network RIP clear ip rip route awplus show ip rip Codes R RIP Rc RIP connected Rs RIP static C Connected S Static O OSPFNetwork Next Hop Metric From If Time C 10 0 1 0 24 1 vlan20 S 10 10...

Page 860: ...out the RIP database For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip rip database full Mode User Exec and Privileged Exec Example awplus show ip rip database awplus show ip rip database full Related Commands show ip rip Parameter Description full Specify the full RIP database including sub o...

Page 861: ...ce Overview Use this command to display information about the RIP interfaces You can specify an interface name to display information about a specific interface Syntax show ip rip interface interface Mode User Exec and Privileged Exec Example awplus show ip rip interface Parameter Description interface The interface to display information about For instance vlan2 ...

Page 862: ...e specified by the garbage parameter expires the metric 16 route is finally removed from the routing table Until the garbage time expires the route is included in all updates sent by the router All the routers in the network must have the same timers to ensure the smooth operation of RIP throughout the network Examples To set the update timer to 30 the routing information timeout timer to 180 and ...

Page 863: ...nts nsm packet Mode Privileged Exec Example To disable the options set for debugging RIP information events use the following command awplus undebug rip packet Related Commands debug rip Parameter Description all Disables all RIP debugging events Disables the logging of RIP events nsm Disables the logging of RIP and NSM communication packet packet recv send detail Disables the debugging of RIP pac...

Page 864: ...ion will be received and sent on all the RIP enabled interfaces Setting the version command has no impact on receiving updates only on sending them The ip rip send version command overrides the value set by the version RIP command on an interface specific basis The ip rip receive version command allows you to configure a specific interface to accept only packets of the specified RIP version The ip...

Page 865: ...res the encoding of the next hop for a set of routes For more information see the RIPng Feature Overview and Configuration Guide Command List aggregate address IPv6 RIPng on page 867 clear ipv6 rip route on page 868 debug ipv6 rip on page 869 default information originate IPv6 RIPng on page 870 default metric IPv6 RIPng on page 871 distribute list IPv6 RIPng on page 872 ipv6 rip metric offset on p...

Page 866: ...rsion 5 4 6 1 x RIPNG FOR IPV6 COMMANDS router ipv6 rip on page 883 show debugging ipv6 rip on page 884 show ipv6 protocols rip on page 885 show ipv6 rip on page 886 show ipv6 rip database on page 887 show ipv6 rip interface on page 888 timers IPv6 RIPng on page 889 undebug ipv6 rip on page 890 ...

Page 867: ...range covered by the aggregate route are retained in the RIPng database but are marked as suppressed routes The aggregate route will be advertised in RIPng updates and the component route will no longer be advertised Note that simply having a component route in the IPv6 route database is not a sufficient condition for the aggregate route to be included into the RIPng database The component route s...

Page 868: ...lus clear ipv6 rip route 2001 db8 32 Parameter Description ipv6 addr prefix length Specify the IPv6 Address in format X X X X Prefix Length The prefix length is a decimal integer between 1 and 128 Removes entries which exactly match this destination address from the RIPng routing table connected Removes redistributed connected entries from RIPng routing table static Removes redistributed static en...

Page 869: ...cv detail send detail Default RIPng debugging is disabled by default Mode Privileged Exec and Global Configuration Example awplus debug ipv6 rip events awplus debug ipv6 rip packet send detail awplus debug ipv6 rip nsm Related Commands undebug ipv6 rip Parameter Description all Displays all RIPng debugging showing RIPng events debug information RIPng received packets information and RIPng sent pac...

Page 870: ...information originate IPv6 RIPng Overview Use this command to generate a default route into RIPng Use the no variant of this command to disable this feature Syntax default information originate no default information originate Default Disabled Mode Router Configuration Example awplus configure terminal awplus config router ipv6 rip awplus config router default information originate ...

Page 871: ...ed metric value for all redistributed RIPng routes regardless of the original protocol that the route has been redistributed from Note this metric is not applied to routes that are brought into RIPng by using the route command in router IPv6 RIP configuration mode This metric is though applied to any RIPng aggregate routes that have been brought into the RIPng database due to the presence of a com...

Page 872: ... Configuration Usage Filter out incoming or outgoing route updates using the access list or the prefix list If you do not specify the name of the interface the filter is applied to all the interfaces Example To filter incoming or outgoing route updates use the following commands awplus configure terminal awplus config router ipv6 rip awplus config router distribute list prefix myfilter in vlan2 Re...

Page 873: ...e route in the routing table Note this command only increments the metric for incoming routes on a specified interface Increasing the metric value for a VLAN interface increases the metric value of routes received on that VLAN interface This changes the route selected from the routing table The RIPng metric is the hop count At regular intervals of the routing update timer which has a default value...

Page 874: ...mands awplus configure terminal awplus config router ipv6 rip awplus config router exit awplus config interface vlan2 awplus config if ipv6 rip metric offset 1 To reset the metric offset on the VLAN interface vlan2 to the default value enter the below commands awplus configure terminal awplus config interface vlan2 awplus config if no ipv6 rip metric offset 1 Validation Commands show running confi...

Page 875: ... horizon command omits routes learned from one neighbor in updates sent to that neighbor Using the poisoned parameter with this command includes such routes in updates but sets their metrics to infinity Thus advertising that these routes are not reachable Examples To perform split horizon with poisoned reverse on the VLAN interface vlan2 enter the below commands awplus configure terminal awplus co...

Page 876: ...lt RIPng routing is disabled by default Mode Interface Configuration for a VLAN interface only Usage This command can only be configured on VLAN interfaces Examples To enable RIPng routing on the VLAN interface vlan2 enter the below commands awplus configure terminal awplus config router ipv6 rip awplus config router exit awplus config interface vlan2 awplus config if ipv6 router rip To disable RI...

Page 877: ...additional neighbors The passive interface IPv6 RIPng command disables sending routing updates on an interface Use the neighbor command in conjunction with the passive interface IPv6 RIPng command to send routing updates to specific neighbors Examples awplus configure terminal awplus config router ipv6 rip awplus config router neighbor 2001 db8 1 1 vlan2 awplus configure terminal awplus config rou...

Page 878: ...g metric When the networks match the access list the offset is applied to the metrics No change occurs if the offset value is zero Example In this example the router examines the RIPng updates being sent out from interface vlan2 and adds 8 hops to the routes matching the ip addresses specified in the access list 2 awplus configure terminal awplus config router ipv6 rip awplus config router offset ...

Page 879: ...f this command to disable this function Syntax passive interface interface no passive interface interface Default Disabled Mode Router Configuration Examples To enable suppression of routing updates use the following commands awplus configure terminal awplus config router ipv6 rip awplus config router passive interface vlan2 awplus configure terminal awplus config router ipv6 rip awplus config rou...

Page 880: ...d set it back to the system default of 196608 bits Syntax recv buffer size 8192 2147483647 no recv buffer size 8192 2147483647 Default The RIPng UDP receive buffer size is 196608 bits by default and is reset to the default using the no variant of this command Mode Router Configuration Examples To configure the RIPng UPD use the following commands awplus configure terminal awplus config router ipv6...

Page 881: ...IPng metric value is set to 1 Mode Router Configuration Example To redistribute information from other routing protocols into RIPng use the following commands awplus configure terminal awplus config router ipv6 rip awplus config router redistribute static route map mymap awplus config router redistribute static metric 8 Related Commands default metric IPv6 RIPng Parameter Description 0 16 Optional...

Page 882: ...efix length Mode Router Configuration Usage Use this command to add a static RIPng route After adding the RIPng route the route can be checked in the RIPng routing table Example To configure static RIPng routes use the following commands awplus configure terminal awplus config router ipv6 rip awplus config router route 2001 db8 1 64 Related Commands show ipv6 rip clear ipv6 rip route Parameter Des...

Page 883: ...se this global command to enter Router Configuration mode to enable a RIPng routing process Use the no variant of this command to disable the RIPng routing process Syntax router ipv6 rip no router ipv6 rip Mode Global Configuration Example To enable a RIPng routing process use the following commands awplus configure terminal awplus config router ipv6 rip awplus config router ...

Page 884: ...g options of nsm debugging RIPng eventdebugging RIPng packetdebugging and RIPng nsm debugging For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging ipv6 rip Mode User Exec and Privileged Exec Usage Use this command to display the debug status of RIPng Example To display the RIPng debugging ...

Page 885: ...ntax show ipv6 protocols rip Mode User Exec and Privileged Exec Example To display RIPng process parameters and statistics use the following command awplus show ipv6 protocols rip Output awplus show ipv6 protocols rip Routing Protocol is RIPng Sending updates every 30 seconds with 5 seconds next due in 6 seconds Timeout after 180 seconds garbage collect after 120 seconds Outgoing update filter lis...

Page 886: ...uration Guide Syntax show ipv6 rip Mode User Exec and Privileged Exec Example To display RIPng routes use the following command awplus show ipv6 rip Output Related Commands show ipv6 rip database Codes R RIP Rc RIP connected Rs RIP static Ra RIP aggregated Rcx RIP connect suppressed Rsx RIP static suppressed C Connected S Static O OSPF Network Next Hop If Met Tag Time R 2001 db8 1 48 2001 db8 2 48...

Page 887: ...l Mode User Exec and Privileged Exec Example To display information about the RIPng database use the following command awplus show ipv6 rip database Output Related Commands show ipv6 rip Parameter Description full Display all IPv6 RIPng full database entries including sub optimal routes Codes R RIP Rc RIP connected Rs RIP static Ra RIP aggregated Rcx RIP connect suppressed Rsx RIP static suppresse...

Page 888: ...uide Syntax show ipv6 rip interface interface Mode User Exec and Privileged Exec Example To display RIPng interface information use the following command awplus show ipv6 rip interface Output Parameter Description interface The interface to display information about For instance vlan2 lo is up line protocol is up RIPng is not enabled on this interface vlan1 is up line protocol is up RIPng is not e...

Page 889: ...imer is 120 seconds The no variant of this command restores the default RIPng routing timers Mode Router Configuration Example To adjust the RIPng routing network timers use the following commands awplus configure terminal awplus config router ipv6 rip awplus config router timers basic 30 180 120 Parameter Description update 5 2147483647 Specifies the RIPng routing table update timer in seconds Th...

Page 890: ...ebugging options use the following command awplus undebug ipv6 rip events awplus undebug ipv6 rip all awplus undebug ipv6 rip packet send awplus undebug ipv6 rip packet recv detail Related Commands debug ipv6 rip Parameter Description all Disables all RIPng debugging events Disable the display of RIPng events information nsm Disable the display of RIPng and NSM communication packet Disable debuggi...

Page 891: ...cost on page 894 area authentication on page 895 area filter list on page 896 area nssa on page 897 area range on page 899 area stub on page 901 area virtual link on page 902 auto cost reference bandwidth on page 905 bandwidth on page 907 capability opaque on page 908 capability restart on page 909 clear ip ospf process on page 910 compatible rfc1583 on page 911 debug ospf events on page 912 debug...

Page 892: ...f disable all on page 932 ip ospf hello interval on page 933 ip ospf message digest key on page 934 ip ospf mtu on page 936 ip ospf mtu ignore on page 937 ip ospf network on page 938 ip ospf priority on page 939 ip ospf resync timeout on page 940 ip ospf retransmit interval on page 941 ip ospf transmit delay on page 942 max concurrent dd on page 943 maximum area on page 944 neighbor OSPF on page 9...

Page 893: ...n page 972 show ip ospf database opaque area on page 974 show ip ospf database opaque as on page 975 show ip ospf database opaque link on page 976 show ip ospf database router on page 977 show ip ospf database summary on page 979 show ip ospf interface on page 982 show ip ospf neighbor on page 983 show ip ospf route on page 985 show ip ospf virtual links on page 986 show ip protocols ospf on page ...

Page 894: ...NSSA or stub area Refer to the RFC 3101 for information on NSSA Example To set the default cost to 10 in area 1 for the OSPF instance 100 use the commands awplus configure terminal awplus config router ospf 100 awplus config router area 1 default cost 10 Related Commands area nssa area stub Parameter Description area id The OSPF area that you are specifying the default summary route cost for Use o...

Page 895: ... the correct password may join the routing domain Give all routers that are to communicate with each other through OSPF the same authentication password Use the ip ospf authentication key command to specify a Simple Text password Use the ip ospf message digest key command to specify MD5 password Example awplus configure terminal awplus config router ospf 100 awplus config router area 1 authenticat...

Page 896: ...igure filters to advertise summary routes use the following commands awplus configure terminal awplus config access list 1 deny 172 22 0 0 awplus config router ospf 100 awplus config router area 1 filter list access 1 in Parameter Description area id The OSPF area that you are configuring the filter for Use one of the following formats This can be entered in either dotted decimal format or normal ...

Page 897: ... an NSSA not both The no variant of this command removes this designation Syntax area area id nssa default information originate metric no redistribution no summary translator role role no area area id nssa default information originate no redistribution no summary translator role Parameter Description area id The OSPF area that you are configuring as an NSSA Use one of the following formats This ...

Page 898: ...ig router area 0 0 0 51 nssa awplus config router area 3 nssa translator role candidate no redistribution default information originate metric 34 metric type 2 Related Commands area default cost role The role type Specify one of the following keywords always Router always translate NSSA LSA to Type 5 LSA candidate Router may translate NSSA LSA to Type 5 LSA if it is elected never Router never tran...

Page 899: ...is function and restores default behavior Syntax area area id range ip addr prefix length advertise not advertise no area area id range ip addr prefix length Default The area range is not configured by default The area range is advertised if it is configured Mode Router Configuration Usage You can configure multiple ranges on a single area with multiple instances of this command so OSPF summarizes...

Page 900: ...ersion 5 4 6 1 x OSPF COMMANDS AREA RANGE Ensure OSPF IPv4 routes exist in the area range for advertisement before using this command Example awplus configure terminal awplus config router ospf 100 awplus config router area 1 range 192 16 0 0 16 awplus config router area 1 range 203 18 0 0 16 ...

Page 901: ...e the area default cost command The no variant of this command removes this definition Syntax area area id stub no summary no area area id stub no summary Mode Router Configuration Example awplus configure terminal awplus config router ospf 100 awplus config router area 1 stub Related Commands area default cost Parameter Description area id The OSPF area that you are configuring as a stub area Use...

Page 902: ...5 retransmit interval 1 3600 transmit delay 1 3600 no area area id virtual link ip addr authentication dead interval hello interval retransmit interval transmit delay Parameter Description area id The area ID of the transit area that the virtual link passes through Use one of the following formats This can be entered in either dotted decimal format or normal decimal format ip addr OSPF Area ID exp...

Page 903: ...ransmissions The transmit delay is the time taken to transmit a link state update packet on the interface Before transmission the link state advertisements in the update packet are incremented by this amount Set the transmit delay to be greater than zero Also take into account the transmission and propagation delays for the interface Example awplus configure terminal awplus config router ospf 100 ...

Page 904: ...02 01 REV C Command Reference for x510 Series 904 AlliedWare Plus Operating System Version 5 4 6 1 x OSPF COMMANDS AREA VIRTUAL LINK Related Commands area authentication show ip ospf show ip ospf virtual links ...

Page 905: ...eference bandwidth value to differentiate the costs on those links Cost is calculated by dividing the reference bandwidth Mbps by the layer 3 interface Switched Virtual Interface SVI Loopback or Ethernet interface bandwidth Interface bandwidth may be altered by using the bandwidth command as the SVI does not auto detect the bandwidth based on the speed of associated switch ports When the reference...

Page 906: ...erface cost is 1 The auto cost reference bandwidth value should be consistent across all OSPF routers in the OSPF process Note that using the ip ospf cost command on a layer 3 interface will override the cost calculated by the reference bandwidth command Mode Router Configuration Example awplus configure terminal awplus config router ospf 100 awplus config router auto cost reference bandwidth 1000...

Page 907: ...value equal to the lowest port speed within that VLAN Syntax bandwidth bandwidth setting no bandwidth Mode Interface Configuration for a VLAN interface Example awplus configure terminal awplus config interface vlan2 awplus config if bandwidth 1000000 Related Commands show running config access list show interface Parameter Description bandwidth setting Sets the bandwidth for the interface Enter a ...

Page 908: ...denablesopaque LSAs Opaque LSAs are Type9 10and11LSAs that deliver information used by external applications By default opaque LSAs are enabled Use the no variant of this command to disables opaque LSAs Syntax capability opaque no capability opaque Mode Router Configuration Example awplus configure terminal awplus config router ospf 100 awplus config router no capability opaque ...

Page 909: ...ault this is enabled Use the no variant of this command to disable OSPF Graceful Restart and restart signaling features Syntax capability restart graceful signaling no capability restart Default Graceful restart Mode Router Configuration Example awplus configure terminal awplus config router ospf 100 awplus config router capability restart graceful Parameter Description graceful Enable graceful OS...

Page 910: ...process Overview This command clears and restarts the OSPF routing process Specify the Process ID to clear one particular OSPF process When no Process ID is specified this command clears all running OSPF processes Syntax clear ip ospf 0 65535 process Mode Privileged Exec Example awplus clear ip ospf process Parameter Description 0 65535 The Routing Process ID ...

Page 911: ... metric of the component paths available RFC 2328 specifies a method for calculating metrics based on maximum cost It is possible that some ABRs in an area might conform to RFC 1583 and others support RFC 2328 which could lead to incompatibility in their interoperation This command addresses this issue by allowing you to selectively disable compatibility with RFC 2328 Use the no variant of this co...

Page 912: ...s command disable OSPF debugging Use this command without parameters to disable all the options Syntax debug ospf events abr asbr lsa nssa os router vlink no debug ospf events abr asbr lsa nssa os router vlink Mode Privileged Exec and Global Configuration Example awplus debug ospf events asbr lsa Related Commands terminal monitor undebug ospf events Parameter Description abr Shows ABR events asbr ...

Page 913: ...o and undebug variant of this command disable OSPF IFSM debugging Use this command without parameters to disable all the options Syntax debug ospf ifsm status events timers no debug ospf ifsm status events timers Mode Privileged Exec and Global Configuration Example awplus no debug ospf ifsm events status awplus debug ospf ifsm status awplus debug ospf ifsm timers Related Commands terminal monitor...

Page 914: ...e refresh Mode Privileged Exec and Global Configuration Examples awplus undebug ospf lsa refresh Output Figure 26 1 Example output from the debug ospf lsa command Related Commands terminal monitor undebug ospf lsa Parameter Description flooding Displays LSA flooding generate Displays LSA generation install Show LSA installation maxage Shows maximum age of the LSA in seconds refresh Displays LSA re...

Page 915: ...dundebug variantof this commanddisableOSPF NFSMdebugging Use this command without parameters to disable all the options Syntax debug ospf nfsm events status timers no debug ospf nfsm events status timers Mode Privileged Exec and Global Configuration Examples awplus debug ospf nfsm events awplus no debug ospf nfsm timers awplus undebug ospf nfsm events Related Commands terminal monitor undebug ospf...

Page 916: ...d undebug variant of this command disable OSPF NSM debugging Use this command without parameters to disable both options Syntax debug ospf nsm interface redistribute no debug ospf nsm interface redistribute Mode Priviledged Exec and Global Configuration Examples awplus debug ospf nsm interface awplus no debug ospf nsm redistribute awplus undebug ospf nsm interface Related Commands terminal monitor...

Page 917: ...uest ls update recv send Mode Privileged Exec and Global Configuration Examples awplus debug ospf packet detail awplus debug ospf packet dd send detail awplus no debug ospf packet ls request recv detail awplus undebug ospf packet ls request recv detail Related Commands terminal monitor undebug ospf packet Parameter Description dd Specifies debugging for OSPF database descriptions detail Sets the d...

Page 918: ... route debugging Use this command without parameters to disable all options Syntax debug ospf route ase ia install spf no debug ospf route ase ia install spf Mode Privileged Exec and Global Configuration Examples awplus debug ospf route awplus no debug ospf route ia awplus debug ospf route install awplus undebug ospf route install Related Commands terminal monitor undebug ospf route Parameter Desc...

Page 919: ...e either Type 1 or 2 The default is Type 2 The no variant of this command disables this feature Syntax default information originate always metric metric metric type 1 2 route map route map no default information originate always metric metric type route map Mode Router Configuration Example awplus configure terminal awplus config router ospf 100 awplus config router default information originate ...

Page 920: ...c facilitates redistributing routes even with incompatible metrics If the metrics do not convert the default metric provides an alternative and enables the redistribution to continue The effect of this command is that OSPF will use the same metric value for all redistributed routes Use this command in conjunction with the redistribute OSPF command Examples awplus configure terminal awplus config r...

Page 921: ...e ospf 1 255 Default The default OSPF administrative distance is 110 The default Administrative Distance for each type of route intra inter or external is 110 Mode Router Configuration Usage The administrative distance rates the trustworthiness of a routing information source The distance could be any integer from 0 to 255 A higher distance value indicates a lower trust rating For example an admin...

Page 922: ... for intra area routes 40 for external routes use the commands awplus config router ospf 100 awplus config router distance ospf inter area 20 intra area 10 external 40 To set the administrative distance for all routes in OSPF 100 back to the default of 110 use the commands awplus config router ospf 100 awplus config router no distance ospf ...

Page 923: ...ee the ACL Feature Overview and Configuration Guide and the Route Map Feature Overview and Configuration Guide The no variant of this command removes the configured distribute list command entry Syntax distribute list access list name route map route map name in no distribute list access list name in Mode Router Configuration Usage There are in and out distribute lists which carry out different ro...

Page 924: ...e list will not be redistributed into OSPF Examples The following example shows the installation of OSPF routes into the IP route table with route map mymap1 applied which will process routes that have been tagged 100 awplus configure terminal awplus config route map mymap1 permit 10 awplus config route map match tag 100 awplus config route map exit awplus config router ospf 100 awplus config rout...

Page 925: ...s enabled the database exchange process is optimized by removing the LSA from the database summary list for the neighbor if the LSA instance in the database summary list is the same as or less recent than the listed LSA in the database description packet received from the neighbor Examples To enable OSPF database summary list optimization use the commands awplus configure terminal awplus config ro...

Page 926: ...ost ip address area area id cost 0 65535 no host ip address area area id cost 0 65535 Default By default no host entry is configured Mode Router Configuration Example awplus configure terminal awplus config router ospf 100 awplus config router host 172 16 10 100 area 1 awplus config router host 172 16 10 101 area 2 cost 10 Parameter Description ip address The IPv4 address of the host in dotted dec...

Page 927: ...uthentication Mode Interface Configuration for a VLAN interface Usage Use the ip ospf authentication command to specify a Simple Text password Use the ip ospf message digest key command to specify MD5 password Example In this example VLAN interface vlan2 is configured to have no authentication This will override any text or MD5 authentication configured on this interface awplus configure terminal ...

Page 928: ...twork with the same password exchange OSPF routing data The key can be used only when authentication is enabled for an area Use the area authentication command to enable authentication Simple password authentication allows a password to be configured for each area Configure the routers in the same routing domain with the same password Example In the following example an authentication key test is ...

Page 929: ... the cost value calculated automatically with the auto cost reference bandwidth feature The interface cost indicates the overhead required to send packets across a certain VLAN interface This cost is stated in the Router LSA s link Typically the cost is inversely proportional to the bandwidth of an interface By default the cost of a VLAN interface is calculated according to the following formula r...

Page 930: ...terface Mode Interface Configuration for a VLAN interface Usage OSPF floods new LSAs over all interfaces in an area except the interface on which the LSA arrives This redundancy ensures robust flooding However too much redundancy can waste bandwidth and might lead to excessive link and CPU usage in certain topologies resulting in destabilizing the network To avoid this use the ip ospf database fil...

Page 931: ...he no variant of this command returns the interval to the default of 40 seconds If you have configured this command specifying the IP address of the interface and want to remove the configuration specify the IP address no ip ospf ip address dead interval Syntax ip ospf ip address dead interval 1 65535 no ip ospf ip address dead interval Mode Interface Configuration for a VLAN interface Example The...

Page 932: ...essing on a VLAN interface It overrides the network area command and disables the processing of packets on the specific interface Use the no variant of this command to restore OSPF packet processing on a selected interface Syntax ip ospf disable all no ip ospf disable all Mode Interface Configuration for a VLAN interface Example awplus configure terminal awplus config interface vlan2 awplus config...

Page 933: ... traffic The no variant of this command returns the interval to the default of 10 seconds Syntax ip ospf ip address hello interval 1 65535 no ip ospf ip address hello interval Default The default interval is 10 seconds Mode Interface Configuration for a VLAN interface Example The following example shows setting the hello interval to 3 seconds on VLAN interface vlan2 awplus configure terminal awplu...

Page 934: ... duplicate one copy of the packet will be transmitted for each of the current keys This is helpful for administrators who want to change the OSPF password without disrupting communication The system begins a rollover process until all the neighbors have adopted the new password This allows neighboring routers to continue communication while the network administrator is updating them with a new pas...

Page 935: ...config if ip ospf authentication message digest awplus config if ip ospf message digest key 1 md5 yourpass The following example shows configuring OSPF authentication on the VLAN interface vlan2 for the IP address 1 1 1 1 If the interface has two IP addresses assigned 1 1 1 1 2 2 2 2 OSPF authentication will be enabled only for the IP address 1 1 1 1 awplus configure terminal awplus config interfa...

Page 936: ...t of this command to return the MTU size to the default Syntax ip ospf mtu 576 65535 no ip ospf mtu Default By default OSPF uses interface MTU derived from the VLAN interface Mode Interface Configuration for a VLAN interface Usage This command allows an administrator to configure the MTU size recognized by the OSPF protocol It does not configure the MTU settings on the VLAN interface OSPF will not...

Page 937: ...re no ip ospf ip address mtu ignore Mode Interface Configuration for a VLAN interface Usage By default during the DD exchange process OSPF checks the MTU size described in the DD packets received from the neighbor If the MTU size does not match the interface MTU the neighbor adjacency is not established Using this command makes OSPF ignore this check and allows establishing of adjacency regardless...

Page 938: ...t OSPF network type for a VLAN interface Mode Interface Configuration for a VLAN interface Usage This command forces the interface network type to the specified type Depending on the network type OSPF changes the behavior of the packet transmission and the link description in LSAs Example The following example shows setting the network type to point to point on the VLAN interface vlan2 awplus conf...

Page 939: ... OSPF Designated Router DR for a network If two routers attempt to become the DR the router with the higher router priority becomes the DR If the router priority is the same for two routers the router with the higher router ID takes precedence Only routers with nonzero router priority values are eligible to become the designated or backup designated router Configure router priority for multi acces...

Page 940: ...eighbor Use the no variant of this command to return to the default Syntax ip ospf ip address resync timeout 1 65535 no ip ospf ip address resync timeout Mode Interface Configuration for a VLAN interface Example The following exampleshows setting the OSPF resynchronization timeout value to 65 seconds on the VLAN interface vlan2 awplus configure terminal awplus config interface vlan2 awplus config ...

Page 941: ...guration for a VLAN interface Usage After sending an LSA to a neighbor the router keeps the LSA until it receives an acknowledgment In case the router does not receive an acknowledgment during the set time the retransmit interval value it retransmits the LSA Set the retransmission interval value conservatively to avoid needless retransmission The interval should be greater than the expected round ...

Page 942: ...nterface Configuration for a VLAN interface Usage The transmit delay value adds a specified time to the age field of an update If the delay is not added the time in which the LSA transmits over the link is not considered This command is especially useful for low speed links Add transmission and propagation delays when setting the transmit delay value Example Thefollowingexampleshows settingthe OSP...

Page 943: ...rrent dd 1 65535 no max concurrent dd Mode Router Configuration Usage This command is useful when a router s performance is affected from simultaneously bringing up several OSPF adjacencies This command limits the maximum number of DD exchanges that can occur concurrently per OSPF instance thus allowing for all of the adjacencies to come up Example The following example sets the max concurrent dd ...

Page 944: ...the maximum number of OSPF areas is 4294967294 Mode Router Configuration Usage Use this command in router OSPF mode to specify the maximum number of OSPF areas Examples The following example sets the maximum number of OSPF areas to 2 awplus configure terminal awplus config router ospf 100 awplus config router maximum area 2 The following example removes the maximum number of OSPF areas and resets ...

Page 945: ...s the reduced rate at which routers continue to send hello packets when a neighboring router has become inactive Setthe poll interval to be much larger than hello interval Examples This example shows a neighbor configured with a priority value poll interval time and cost awplus configure terminal awplus config router ospf 100 awplus config router neighbor 1 2 3 4 priority 1 poll interval 90 awplus...

Page 946: ...ork bits and consecutive 1 s as host bits Examples The following commands show the use of the network area command with OSPF multiple instance support disabled awplus configure terminal awplus config router ospf 100 awplus config router network 10 0 0 0 8 area 3 awplus config router network 10 0 0 0 8 area 1 1 1 1 Parameter Description network address ip network m ip addr reverse mask ip network m...

Page 947: ...AlliedWare Plus Operating System Version 5 4 6 1 x OSPF COMMANDS NETWORK AREA The following commands disable OSPF routing with Area ID 3 on all interfaces awplus configure terminal awplus config router ospf 100 awplus config router no network 10 0 0 0 8 area3 ...

Page 948: ...BR Type By this definition a router is considered an ABR if it has more than one area actively attached and one of them is the backbone area IBM ABR Type By this definition a router is considered an ABR if it has more than one area actively attached and the backbone area is configured In this case the configured backbone need not be actively connected Standard ABR Type By this definition a router ...

Page 949: ...e running config The restart grace period is not displayed in the running config if it has been reset to the default using the no variant of this command When a master failover happens on a VCStack the grace period will be the longer of the default value 180 seconds and the configured value from this command Therefore the configured grace period value will only be used in a master failover if it i...

Page 950: ... the OSPF restart helper while the no ospf restart helper max grace period command resets the max grace period rather than the helper policy itself Example awplus configure terminal awplus config ospf restart helper only reload awplus configure terminal awplus config ospf restart helper never router id 10 10 10 1 awplus configure terminal awplus config no ospf restart helper max grace period Param...

Page 951: ...3 50102 01 REV C Command Reference for x510 Series 951 AlliedWare Plus Operating System Version 5 4 6 1 x OSPF COMMANDS OSPF RESTART HELPER Related Commands ospf restart grace period restart ospf graceful ...

Page 952: ...dress no ospf router id Mode Router Configuration Usage Configure each router with a unique router id In an OSPF router process that has active neighbors a new router id takes effect at the next reload or when you restart OSPF manually Example The following example shows a specified router ID 2 3 4 5 awplus configure terminal awplus config router ospf 100 awplus config router ospf router id 2 3 4 ...

Page 953: ...ard with this command if a shutdown is required if the number of LSAs exceeds the specified number Use soft with this command if a shutdown is not required but a warning message is required if the number of LSAs exceeds the specified number Example The following example shows setting the database overflow to 500 and a shutdown to occur if the number of LSAs exceeds 500 awplus configure terminal aw...

Page 954: ...LSAs a router can receive once it is in the wait state It takes the number of seconds specified as the recover time to recover from this state Example The following example shows setting the maximum number of LSAs to 5 and the time to recover from overflow state to be 3 awplus configure terminal awplus config router ospf 100 awplus config router overflow database external 50 3 Parameter Descriptio...

Page 955: ...ge Configure an interface to be passive if you wish its connected route to be treated as an OSPF route rather than an AS external route but do not wish to actually exchange any OSPF packets via this interface Examples To configure passive interface mode on interface vlan2 enter the following commands awplus config router ospf 100 awplus config router passive interface vlan2 To configure passive in...

Page 956: ...m other routing protocols into the OSPF domain to generate AS external LSAs If a route map is configured by this command then that route map is used to control which routes are redistributed and can set metric and tag values on particular routes The metric metric type and tag values specified on this command are applied to any redistributed routes that are not explicitly given a different metric m...

Page 957: ...plus config route map rmap2 permit 3 awplus config route map match interface vlan1 awplus config route map set metric type 1 awplus config route map exit awplus config router ospf 100 awplus config router redistribute rip route map rmap2 Note that configuring a route map and applying it with the redistribute route map command allows you to filter which routes are distributed from another routing p...

Page 958: ...utes installed by OSPF are preserved until the grace period expires When a restart ospf graceful command is issued the OSPF configuration is reloaded from the last saved configuration Ensure you first enter the command copy running config startup config When a master failover happens on a VCStack the grace period will be the longer of the default value 180 seconds and the configured value from thi...

Page 959: ...ommand then all OSPF routing processes are terminated and all OSPF configuration is removed Syntax router ospf process id no router ospf process id Default No routing process is defined by default Mode Global Configuration Usage The process ID of OSPF is an optional parameter forthe novariant of this command only When removing all instances of OSPF you do not need to specify each Process ID but wh...

Page 960: ...router id ip address no router id Mode Router Configuration Usage Configure each router with a unique router id In an OSPF router process that has active neighbors a new router id is used at the next reload or when you restart OSPF manually Example The following example shows a fixed router ID 10 10 10 60 awplus configure terminal awplus config router ospf 100 awplus config router router id 10 10 ...

Page 961: ...are currently enabled For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging ospf Mode User Exec and Privileged Exec Example awplus show debugging ospf Output Figure 26 2 Example output from the show debugging ospf command OSPF debugging status OSPF packet Link State Update debugging is on O...

Page 962: ...ow ip ospf 100 Parameter Description process id 0 65535 The ID of the router process for which information will be displayed If this parameter is included only the information for the specified routing process is displayed Table 1 Example output from the show ip ospf command Route Licence Route Limit 0 Allocated 0 Visible 0 Internal 0 Route Licence Breach Current 0 Watermark 0 Routing Process ospf...

Page 963: ...SPF algorithm executed 0 times Number of LSA 0 Checksum 0x000000 Table 1 Example output from the show ip ospf command cont Table 2 Example output from the show ip ospf process id command Routing Process ospf 100 with ID 10 10 11 146 Process uptime is 0 minute Conforms to RFC2328 and RFC1583Compatibility flag is disabled Supports only single TOS TOS0 routes Supports opaque LSA SPF schedule delay 5 ...

Page 964: ...icence Route Limit The maximum number of OSPF routes which may be used for forwarding Allocate d The current total number of OSPF routes allocated in the OSPF module Visible The current number of OSPF routes which may be used for forwarding Internal The number of OSPF internal routes used for calculating paths to ASBRs Number of external LSA The number of external link state advertisements Number ...

Page 965: ...mmand output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip ospf border routers show ip ospf process id border routers Mode User Exec and Privileged Exec Output Figure 26 3 Example output from the show ip ospf border routers command Parameter Description process id 0 65535 The ID of the router process for which information will be displayed OSP...

Page 966: ...and awplus show ip ospf 721 border routers Output Figure 26 4 Example output from the show ip ospf database command Parameter Description process id 0 65535 The ID of the router process for which information will be displayed self originate Displays self originated link states max age Displays LSAs in MaxAge list It maintains the list of the all LSAs in the database which have reached the max age ...

Page 967: ...output from the show ip ospf database self originate command OSPF Router process 100 with ID 10 10 11 50 Router Link States Area 0 0 0 1 NSSA Link ID ADV Router Age Seq CkSum Link count 10 10 11 50 10 10 11 50 20 0x80000007 0x65c3 2 Area Local Opaque LSA Area 0 0 0 1 NSSA Link ID ADV Router Age Seq CkSum Opaque ID 67 1 4 217 10 10 11 50 37 0x80000001 0x2129 66777 AS Global Opaque LSA Link ID ADV R...

Page 968: ...rted with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip ospf database asbr summary ip addr self originate advrouter Mode User Exec and Privileged Exec Examples awplus show ip ospf database asbr summary 1 2 3 4 self originate awplus show ip ospf database asbr summary self originate awplus show ip ospf database asbr summary 1 2 3 4 adv router 2 3 4 5 Parameter Description a...

Page 969: ...how ip ospf database external 1 2 3 4 adv router 2 3 4 5 Output Figure 26 6 Example output from the show ip ospf database external self originate command Parameter Description adv router Displays all the LSAs of the specified router self originate Displays self originated link states adv router id The Advertising Router ID usually entered in IPv4 address format A B C D Note that this ID component ...

Page 970: ...atabase external adv router command awplus show ip ospf database external adv router 1 1 1 1 AS External Link States LS age 273 Options 0x2 E LS Type AS external LSA Link State ID 172 16 0 0 External Network Number Advertising Router 1 1 1 1 LS Seq Number 80000004 Checksum 0x02f8 Length 36 Network Mask 24 Metric Type 2 Larger than any link state path TOS 0 Metric 20 Forward Address 0 0 0 0 Externa...

Page 971: ...f originate awplus show ip ospf database network 1 2 3 4 adv router 2 3 4 5 Output Figure 26 8 Example output from the show ip ospf database network command Parameter Description adv router id The router ID of the advertising router in IPv4 address format Note however that this no longer represents a real address self originate Displays self originated link states adv router Displays all the LSAs ...

Page 972: ...f database nssa external self originate awplus show ip ospf database nssa external 1 2 3 4 adv router 2 3 4 5 Output Figure 26 9 Example output from the show ip ospf database nssa external adv router command Parameter Description advrouter adv router ip address adv router Displays all the LSAs of the specified router ip address A link state ID as an IP address self originate Displays self originat...

Page 973: ...l Link States Area 0 0 0 0 NSSA external Link States Area 0 0 0 1 NSSA LS age 78 Options 0x0 LS Type AS NSSA LSA Link State ID 0 0 0 0 External Network Number For NSSA Advertising Router 10 10 11 50 LS Seq Number 80000001 Checksum 0xc9b6 Length 36 Network Mask 0 Metric Type 2 Larger than any link state path TOS 0 Metric 1 NSSA Forward Address 0 0 0 0 External Route Tag 0 NSSA external Link States ...

Page 974: ...and Privileged Exec Examples awplus show ip ospf database opaque area 1 2 3 4 self originate awplus show ip ospf database opaque area self originate awplus show ip ospf database opaque area 1 2 3 4 adv router 2 3 4 5 Output Figure 26 10 Example output from the show ip ospf database opaque area command Parameter Description advrouter adv router ip address adv router Displays all the LSAs of the spe...

Page 975: ...xec and Privileged Exec Examples awplus show ip ospf database opaque as 1 2 3 4 self originate awplus show ip ospf database opaque as self originate awplus show ip ospf database opaque as 1 2 3 4 adv router 2 3 4 5 Output Figure 26 11 Example output from the show ip ospf database opaque as command Parameter Description advrouter adv router ip address adv router Displays all the LSAs of the specifi...

Page 976: ...us show ip ospf database opaque link 1 2 3 4 self originate awplus show ip ospf database opaque link self originate awplus show ip ospf database opaque link 1 2 3 4 adv router 2 3 4 5 Output Figure 26 12 Example output from the show ip ospf database opaque link command Parameter Description advrouter adv router ip address adv router Displays all the LSAs of the specified router ip address A link s...

Page 977: ...nate awplus show ip ospf database router 1 2 3 4 adv router 2 3 4 5 Output Figure 26 13 Example output from the show ip ospf database router command Parameter Description adv router Displays all the LSAs of the specified router self originate Displays self originated link states adv router id The router ID of the advertising router in IPv4 address format Note however that this no longer represents...

Page 978: ...Link States Area 0 0 0 1 LS age 877 Options 0x2 E Flags 0x3 ABR ASBR LS Type router LSA Link State ID 10 10 11 50 Advertising Router 10 10 11 50 LS Seq Number 80000003 Checksum 0xee93 Length 36 Number of Links 1 Link connected to Stub Network Link ID Network subnet number 10 10 11 0 Link Data Network Mask 255 255 255 0 Number of TOS metrics 0 TOS 0 Metric 10 ...

Page 979: ...ary 1 2 3 4 self originate awplus show ip ospf database summary self originate awplus show ip ospf database summary 1 2 3 4 adv router 2 3 4 5 Output Figure 26 14 Example output from the show ip ospf database summary command Parameter Description advrouter adv router ip address adv router Displays all the LSAs of the specified router ip address A link state ID as an IP address self originate Displ...

Page 980: ...twork Number Advertising Router 10 10 11 50 LS Seq Number 80000001 Checksum 0x36ac Length 28 Network Mask 24 TOS 0 Metric 10 Summary Link States Area 0 0 0 1 LS age 1061 Options 0x2 E LS Type summary LSA Link State ID 10 10 11 0 summary Network Number Advertising Router 10 10 11 50 LS Seq Number 80000001 Checksum 0x36ac Length 28 Network Mask 24 TOS 0 Metric 10 Summary Link States Area 0 0 0 1 LS ...

Page 981: ... 10 11 50 Summary Link States Area 0 0 0 0 LS age 989 Options 0x2 E LS Type summary LSA Link State ID 10 10 11 0 summary Network Number Advertising Router 10 10 11 50 LS Seq Number 80000001 Checksum 0x36ac Length 28 Network Mask 24 TOS 0 Metric 10 Summary Link States Area 0 0 0 1 LS age 989 Options 0x2 E LS Type summary LSA Link State ID 10 10 11 0 summary Network Number Advertising Router 10 10 1...

Page 982: ... 17 Example output from the show ip ospf interface command Parameter Description interface name The VLAN name for example vlan3 vlan2 is up line protocol is up Internet Address 1 1 1 1 24 Area 0 0 0 0 MTU 1500 Process ID 0 Router ID 33 33 33 33 Network Type BROADCAST Cost 10 Transmit Delay is 1 sec State Waiting Priority 1 TE Metric 0 No designated router on this network No backup designated route...

Page 983: ...0 10 10 50 detail all Output Note that before a device enters OSPF Graceful Restart it first informs its OSPF neighbors In the show output the symbol beside the Dead Time parameter indicates that the device has been notified of a neighbor entering the graceful restart state as shown in the figures below Figure 26 18 Example output from the show ip ospf neighbor command Parameter Description ospf i...

Page 984: ...in 00 00 38 Neighbor is up for 00 53 07 Database Summary List 0 Link State Request List 0 Link State Retransmission List 0 Crypt Sequence Number is 0 Thread Inactivity Timer on Thread Database Description Retransmission off Thread Link State Request Retransmission off Thread Link State Update Retransmission on Neighbor 10 10 11 50 interface address 10 10 11 50 In the area 0 0 0 0 via interface vla...

Page 985: ... ip ospf route Output Figure 26 21 Example output from the show ip ospf route command for a specific process Parameter Description ospf id 0 65535 The ID of the router process for which information will be displayed If this parameter is included only the information for this specified routing process is displayed OSPF process 1 Codes C connected D Discard O OSPF IA OSPF inter area N1 OSPF NSSA ext...

Page 986: ...Exec Examples To display virtual link information use the command awplus show ip ospf virtual links Output Figure 26 22 Example output from the show ip ospf virtual links command Virtual Link VLINK0 to router 10 10 0 9 is up Transit area 0 0 0 1 via interface vlan5 Transmit Delay is 1 sec State Point To Point Timer intervals configured Hello 10 Dead 40 Wait 40 Retransmit 5 Hello due in 00 00 02 Ad...

Page 987: ...Mode User Exec and Privileged Exec Examples To display OSPF process parameters and statistics use the command awplus show ip protocols ospf Output Figure 26 23 Example output from the show ip protocols ospf command Routing Protocol is ospf 200 Invalid after 0 seconds hold down 0 flushed after 0 Outgoing update filter list for all interfaces is Redistributed kernel filtered by filter1 Incoming upda...

Page 988: ...ach route individually in an external LSA Use the summary address command to advertise one summary route for all redistributed routes covered by a specified network address and mask This helps decrease the size of the OSPF link state database Ensure OSPF routes exist in the summary address range for advertisement before using this command Example The following example uses the summary address comm...

Page 989: ... the calculation of the Shortest Path First SPF Examples To set the minimum delay time to 5 milliseconds and maximum delay time to 10 milliseconds use the commands awplus configure terminal awplus config router ospf 100 awplus config router timers spf exp 5 10 To reset the minimum and maximum delay times to the default values use the commands awplus configure terminal awplus config router ospf 100...

Page 990: ...mmand Reference for x510 Series 990 AlliedWare Plus Operating System Version 5 4 6 1 x OSPF COMMANDS UNDEBUG OSPF EVENTS undebug ospf events Overview This command applies the functionality of the no debug ospf events command ...

Page 991: ... Command Reference for x510 Series 991 AlliedWare Plus Operating System Version 5 4 6 1 x OSPF COMMANDS UNDEBUG OSPF IFSM undebug ospf ifsm Overview This command applies the functionality of the no debug ospf ifsm command ...

Page 992: ...C Command Reference for x510 Series 992 AlliedWare Plus Operating System Version 5 4 6 1 x OSPF COMMANDS UNDEBUG OSPF LSA undebug ospf lsa Overview This command applies the functionality of the no debug ospf lsa command ...

Page 993: ... Command Reference for x510 Series 993 AlliedWare Plus Operating System Version 5 4 6 1 x OSPF COMMANDS UNDEBUG OSPF NFSM undebug ospf nfsm Overview This command applies the functionality of the no debug ospf nfsm command ...

Page 994: ...C Command Reference for x510 Series 994 AlliedWare Plus Operating System Version 5 4 6 1 x OSPF COMMANDS UNDEBUG OSPF NSM undebug ospf nsm Overview This command applies the functionality of the no debug ospf nsm command ...

Page 995: ...mmand Reference for x510 Series 995 AlliedWare Plus Operating System Version 5 4 6 1 x OSPF COMMANDS UNDEBUG OSPF PACKET undebug ospf packet Overview This command applies the functionality of the no debug ospf packet command ...

Page 996: ...ommand Reference for x510 Series 996 AlliedWare Plus Operating System Version 5 4 6 1 x OSPF COMMANDS UNDEBUG OSPF ROUTE undebug ospf route Overview This command applies the functionality of the no debug ospf route command ...

Page 997: ...v6 OSPF on page 1003 area encryption ipsec spi esp on page 1004 area range IPv6 OSPF on page 1007 area stub IPv6 OSPF on page 1009 area virtual link IPv6 OSPF on page 1010 area virtual link authentication ipsec spi on page 1012 area virtual link encryption ipsec spi on page 1014 auto cost reference bandwidth IPv6 OSPF on page 1017 bandwidth on page 1019 clear ipv6 ospf process on page 1020 debug i...

Page 998: ...page 1047 ipv6 router ospf area on page 1048 max concurrent dd IPv6 OSPF on page 1050 passive interface IPv6 OSPF on page 1051 redistribute IPv6 OSPF on page 1052 restart ipv6 ospf graceful on page 1054 router ipv6 ospf on page 1055 router id IPv6 OSPF on page 1056 show debugging ipv6 ospf on page 1057 show ipv6 ospf on page 1058 show ipv6 ospf database on page 1060 show ipv6 ospf database externa...

Page 999: ...inks on page 1081 summary address IPv6 OSPF on page 1082 timers spf IPv6 OSPF deprecated on page 1084 timers spf exp IPv6 OSPF on page 1085 undebug ipv6 ospf events on page 1086 undebug ipv6 ospf ifsm on page 1087 undebug ipv6 ospf lsa on page 1088 undebug ipv6 ospf nfsm on page 1089 undebug ipv6 ospf packet on page 1090 undebug ipv6 ospf route on page 1091 ...

Page 1000: ...ype By this definition a router is considered an ABR if it has more than one area actively attached and one of them is the backbone area IBM ABR Type By this definition a router is considered an ABR if it has more than one area actively attached and the backbone area is configured In this case the configured backbone need not be actively connected Standard ABR Type By this definition a router is c...

Page 1001: ...h link interfaces Use the sha1 keyword to choose SHA 1 authentication instead of entering the md5 keyword to use MD5 authentication The SHA 1 algorithm is more secure than the MD5 algorithm SHA 1 uses a 40 hexadecimal character key instead of a 32 hexadecimal character key as used for MD5 authentication See the OSPFv3 Feature Overview and Configuration Guide for more information and examples Param...

Page 1002: ...epartofarea authentication not being authenticated So neighbors time out Example To enable MD5 authentication with a 32 hexadecimal character key for OPSPF area 1 use the commands awplus configure terminal awplus config router ipv6 ospf awplus config router area 1 authentication ipsec spi 1000 md5 1234567890ABCDEF1234567890ABCDEF To enable SHA 1 authentication with a 40 hexadecimal character key f...

Page 1003: ...n area border router that is attached to the stub area Example To set the default cost to 10 in area 1 for the OSPF process P2 use the commands awplus configure terminal awplus config router ipv6 ospf P2 awplus config router area 1 default cost 10 Related Commands area stub IPv6 OSPF Parameter Description area id The OSPF area that you are specifying the summary route default cost for This can be ...

Page 1004: ...l decimal format Use one of the following formats ip addr OSPF area ID expressed in IPv4 address format A B C D 0 4294967295 OSPF area ID expressed as a decimal number within the range shown For example the values 0 0 1 2 and decimal 258 would both define the same area ID 256 4294967295 Specify an SPI Security Parameters Index value in the range 256 to 4294967295 entered as a decimal integer esp S...

Page 1005: ...5 authentication See the OSPFv3 Feature Overview and Configuration Guide for more information and examples NOTE You can configure an encryption security policy SPI on an OSPFv3 area with this command or on a VLAN interface with the ipv6 ospf encryption spi esp command When you configure encryption for an area the security policy is applied to all VLAN interfaces in the area However Allied Telesis ...

Page 1006: ...le ESP encryption with a 32 hexadecimal character AES CBC key and a 40 hexadecimal character SHA 1 authentication key for OPSPF area 1 use the commands awplus configure terminal awplus config router ipv6 ospf awplus config router area 1 encryption ipsec spi 1000 esp aes cbc 1234567890ABCDEF1234567890ABCDEF sha1 1234567890ABCDEF1234567890ABCDEF12345678 To disable ESP encryption for OPSPF area 1 use...

Page 1007: ...restores default behavior Syntax area area id range ipv6address prefix length advertise not advertise no area area id range ipv6address prefix length Default The area range is not configured by default The area range is advertised if it is configured Mode Router Configuration Usage You can configure multiple ranges on a single area with multiple instances of this command so OSPFv3 summarizes addre...

Page 1008: ...rating System Version 5 4 6 1 x OSPFV3 FOR IPV6 COMMANDS AREA RANGE IPV6 OSPF Ensure OSPFv3 IPv6 routes exist in the area range for advertisement before using this command Example awplus configure terminal awplus config router ipv6 ospf P2 awplus config router area 1 range 2000 3 ...

Page 1009: ...n all routers attached to the stub area configure the area by using the area stub command For an area border router ABR attached to the stub area also use the area default cost command Example awplus configure terminal awplus config router ipv6 ospf 100 awplus config router area 100 stub Related Commands area default cost IPv6 OSPF Parameter Description area id The OSPF area that you are configuri...

Page 1010: ...erval retransmit interval transmit delay Parameter Description area id The area ID of the transit area that the virtual link passes through This can be entered in either dotted decimal format or normal decimal format as shown below A B C D OSPF area ID expressed in the IPv4 address format A B C D 0 4294967295 OSPF area ID expressed as a decimal number within the range shown For example the values ...

Page 1011: ...terdetectingtopologicalchanges faster but also an increase in the routing traffic The retransmit interval is the expected round trip delay between any two routersin anetwork Setthevaluetobegreaterthanthe expected round tripdelay to avoid needless retransmissions The transmit delay is the time taken to transmit a link state update packet on the interface Before transmission the link state advertise...

Page 1012: ...eter Description area id The OSPF area that you are specifying the summary route default cost for This can be entered in either dotted decimal format or normal decimal format Use one of the following formats ip addr OSPF area ID expressed in IPv4 address format A B C D 0 4294967295 OSPF area ID expressed as a decimal number within the range shown For example the values 0 0 1 2 and decimal 258 woul...

Page 1013: ... OSPFv3 Feature Overview and Configuration Guide for more information and examples Example To enable MD5 authentication with a 32 hexadecimal character key for virtual links in OPSPF area 1 use the commands awplus configure terminal awplus config router ipv6 ospf awplus config router area 1 virtual link 10 0 0 1 authentication ipsec spi 1000 md5 1234567890ABCDEF1234567890ABCDEF To enable SHA 1 aut...

Page 1014: ...format or normal decimal format Use one of the following formats ip addr OSPF area ID expressed in IPv4 address format A B C D 0 4294967295 OSPF area ID expressed as a decimal number within the range shown For example the values 0 0 1 2 and decimal 258 would both define the same area ID virtual link Specify a virtual link and its parameters router ID Enter a router ID associated with a virtual lin...

Page 1015: ...onfiguration If an interface configuration is removed then an area configuration is applied to an interface instead Use the sha1 keyword to choose SHA 1 authentication instead of entering the md5 keyword to use MD5 authentication The SHA 1 algorithm is more secure than the MD5 algorithm SHA 1 uses a 40 hexadecimal character key instead of a 32 hexadecimal character key as used for MD5 authenticati...

Page 1016: ...router ipv6 ospf awplus config router area 1 virtual link 10 0 0 1 encryption ipsec spi 1000 esp aes cbc 1234567890ABCDEF1234567890ABCDEF sha1 1234567890ABCDEF1234567890ABCDEF12345678 To enable ESP encryption with a 48 hexadecimal character 3DES key and a 40 hexadecimal character SHA 1 authentication key for virtual links in OPSPF area 1 use the commands awplus configure terminal awplus config rou...

Page 1017: ...ecify a larger reference bandwidth value to differentiate the costs on those links Cost is calculated by dividing the reference bandwidth Mbps by the layer 3 interface Switched Virtual Interface SVI Loopback or Ethernet interface bandwidth Interface bandwidth may be altered by using the bandwidth command as the SVI does not auto detect the bandwidth based on the speed of associated device ports Wh...

Page 1018: ...r 1 Interface cost is 1 The auto cost reference bandwidth value should be consistent across all OSPF routers in the OSPF process Note that using the ipv6 ospf cost command on a layer 3 interface will override the cost calculated by the reference bandwidth command Mode Router Configuration Example awplus configure terminal awplus config router ipv6 ospf 20 awplus config router auto cost reference b...

Page 1019: ...hin that VLAN Syntax bandwidth bandwidth setting no bandwidth Mode Interface Configuration for a VLAN interface Example To set the bandwidth on VLAN2 to be 1 Mbps use the following commands awplus configure terminal awplus config interface vlan2 awplus config if bandwidth 1000000 Or awplus config if bandwidth 1m Related Commands show running config access list show interface Parameter Description ...

Page 1020: ...pf process Overview This command clears and restarts the IPv6 OSPF routing process Specify the Process ID to clear one particular OSPF process When no Process ID is specified this command clears all running OSPF processes Syntax clear ipv6 ospf 0 65535 process Mode Privileged Exec Example awplus clear ipv6 ospf process Parameter Description 0 65535 The routing process ID ...

Page 1021: ...ug variants of this command disable OSPF debugging Using this command with no parameters entered will disable debugging for all parameter options Syntax debug ipv6 ospf events abr asbr os router vlink no debug ipv6 ospf events abr asbr os router vlink Mode Privileged Exec and Global Configuration Example To enable IPv6 event debugging and show ABR events use the following command awplus debug ipv6...

Page 1022: ...ants of this command disable IPv6 OSPF IFSM debugging Use these commands without parameters to disable all the options Syntax debug ipv6 ospf ifsm events status timers no debug ipv6 ospf ifsm events status timers Mode Privileged Exec and Global Configuration Example To specify IPv6 OSPF debugging options to display IPv6 OSPF IFSM events information use the following commands awplus debug ipv6 ospf...

Page 1023: ...riants of this command disable IPv6 OSPF LSA debugging Use this command without parameters to disable all the options Syntax debug ipv6 ospf lsa flooding generate install maxage refresh no debug ipv6 ospf lsa flooding generate install maxage refresh Mode Privileged Exec and Global Configuration Examples To enable debugging for IPv6 OSPF refresh LSA use the following commands awplus debug ipv6 ospf...

Page 1024: ...variants of this command disable IPv6 OSPF NFSM debugging Use this command without parameters to disable all the options Syntax debug ipv6 ospf nfsm events status timers no debug ipv6 ospf nfsm events status timers Mode Privileged Exec and Global Configuration Examples To enable IPv6 debugging option to display timer information use the following command awplus debug ipv6 ospf nfsm timers Related ...

Page 1025: ...pv6 ospf packet dd detail hello ls ack ls request ls update recv send Mode Privileged Exec and Global Configuration Examples To enable debugging for hello packets use the following command awplus debug ipv6 ospf packet hello Related Commands terminal monitor undebug ipv6 ospf packet Parameter Description dd Specifies debugging for IPv6 OSPF database descriptions detail Sets the debug option to det...

Page 1026: ...out parameters to disable all options Syntax debug ipv6 ospf route ase ia install spf no debug ipv6 ospf route ase ia install spf Mode Privileged Exec and Global Configuration Examples To enable IPv6 route debugging of inter area route calculations use the following command awplus debug ipv6 ospf route ia Related Commands terminal monitor undebug ipv6 ospf route Parameter Description ase Specifies...

Page 1027: ...ould be either Type 1 or 2 The default is Type 2 The no variant of this command disables this feature Syntax default information originate always metric metric metric type 1 2 route map route map no default information originate always metric metric type route map Mode Router Configuration Example awplus configure terminal awplus config router ospf 100 awplus config router default information orig...

Page 1028: ...sage A default metric facilitates redistributing routes even with incompatible metrics If the metrics do not convert the default metric provides an alternative and enables theredistributionto continue Theeffect ofthis commandis thatIPv6OSPFwill use the same metric value for all redistributed routes Use this command in conjunction with the redistribute IPv6 OSPF command Examples awplus configure te...

Page 1029: ... area 1 254 no distance ospfv3 1 254 Default The default OSPFv3 administrative distance is 110 The default Administrative Distance for each type of route intra inter or external is 110 Mode Router Configuration Usage The administrative distance rates the trustworthiness of a routing information source The distance could be any integer from 0 to 254 A higher distance value indicates a lower trust r...

Page 1030: ...rea routes 10 for intra area routes 40 for external routes use the commands awplus config router ipv6 ospf 100 awplus config router distance ospfv3 inter area 20 intra area 10 external 40 To set the administrative distance for all routes in OSPFv3 100 back to the default of 110 use the commands awplus config router ipv6 ospf 100 awplus config router no distance ospfv3 ...

Page 1031: ...outer Configuration Usage This command applies filtering to the transfer of routing information between OSPFv3 and the IPv6 route table You can apply filtering in either direction from OSPFv3 to the IPv6 route table using an in distribute list or from the IPv6 route table to OSPFv3 using an out distribute list The effect of an in filter is that some route information that OSPFv3 has learned from L...

Page 1032: ...h deny entries in the distribute list will not be redistributed into OSPFv3 Example Thebelowcommandsredistributeincomingroute updatesfromnetworksdefined with the standard named access list called myacl awplus configure terminal awplus config ipv6 access list standard myacl permit 2001 db8 1 64 awplus config router ipv6 ospf awplus config router distribute list myacl in The below commands redistrib...

Page 1033: ...word to choose SHA 1 authentication instead of entering the md5 keyword to use MD5 authentication The SHA 1 algorithm is more secure than the MD5 algorithm SHA 1 uses a 40 hexadecimal character key instead of a 32 hexadecimal character key as used for MD5 authentication Use the null keyword to override existing area authentication Apply the null keyword if area authentication is already configured...

Page 1034: ...Fv3 area ThisisduetoOSPFv3hellomessagesingressingVLANinterfaces whicharepartofarea authentication not being authenticated So neighbors time out Example To enable MD5 authentication with a 32 hexadecimal character key for interface VLAN 2 use the commands awplus configure terminal awplus config interface vlan2 awplus config if area 1 authentication ipsec spi 1000 md5 1234567890ABCDEF1234567890ABCDE...

Page 1035: ...ding packets out the interface Using this command overrides the cost value calculated automatically with the auto cost reference bandwidth IPv6 OSPF feature The link state metric cost is stated in the Router LSA s link Typically the cost is inversely proportional to the bandwidth of an interface By default the cost of a VLAN interface is calculated according to the following formula reference band...

Page 1036: ... s hello packets It must be a multiple of the hello interval and be the same for all routers on a specific network The no variant of this command returns the interval to the default of 40 seconds Syntax ipv6 ospf dead interval 1 65535 inst id no ipv6 ospf dead interval Mode Interface Configuration for a VLAN interface Example The following example shows configuring the dead interval to 10 seconds ...

Page 1037: ... line Overview Use this command to change the result of the show ipv6 route command to display each route entry on a single line Syntax ipv6 ospf display route single line no ipv6 ospf display route single line Mode Global Configuration Example To display each route entry on a single line awplus configure terminal awplus config ipv6 ospf display route single line Related Commands show ipv6 ospf ro...

Page 1038: ...x value on all interfaces that connect to the same link SPI values are used by link interfaces Use a different SPI value for a different link interface when using OSPFv3 with link interfaces Parameter Description 256 4294967295 Specify an SPI Security Parameters Index value in the range 256 to 4294967295 entered as a decimal integer esp Specify the esp keyword Encapsulating Security Payload to the...

Page 1039: ...igure an encryption security policy SPI on a VLAN interface with this command or an OSPFv3 area with the area encryption ipsec spi esp command When you configure encryption for an area the security policy is applied to all VLAN interfaces in the area Allied Telesis recommends a different encryption security policy is applied for each interface for higher security If you apply the ipv6 ospf encrypt...

Page 1040: ...decimal character key and SHA 1 authentication with a 40 hexadecimal character key for interface VLAN 2 use the commands awplus configure terminal awplus config interface vlan2 awplus config if ipv6 ospf encryption ipsec spi 1000 esp aes cbc 1234567890ABCDEF1234567890ABCDEF sha1 1234567890ABCDEF1234567890ABCDEF12345678 To specify no ESP encryption is applied to interface VLAN 2 use the commands aw...

Page 1041: ...gical changes but results in more routing traffic The no variant of this command returns the interval to the default of 10 seconds Syntax ipv6 ospf hello interval 1 65535 no ipv6 ospf hello interval Default The default interval is 10 seconds Mode Interface Configuration for a VLAN interface Example The following example shows setting the hello interval to 3 seconds on the VLAN interface vlan2 awpl...

Page 1042: ...he neighbor s primary IPv6 address on the interface where that neighbor connects to the NBMA network The poll interval is the reduced rate at which routers continue to send hello packets when a neighboring router has become inactive Setthe poll interval to be much larger than hello interval You can use this command to configure static OSPFv3 IPv6 neighbors for Layer 3 interfaces such as Ethernet o...

Page 1043: ... NEIGHBOR Examples This example shows a neighbor configured with a priority value poll interval time and cost awplus configure terminal awplus config interface eth1 awplus config if ipv6 ospf neighbor fe80 c 20 0 1 priority 1 poll interval 90 awplus config router ipv6 ospf neighbor fe80 c 20 0 1 cost 15 Related Commands show ipv6 ospf neighbor ...

Page 1044: ... broadcast OSPF network type for a VLAN interface Mode Interface Configuration for a VLAN interface Usage This command forces the interface network type to the specified type Depending on the network type OSPF changes the behavior of the packet transmission and the link description in LSAs Example The following example shows setting the network type to point to point on the VLAN interface vlan1 aw...

Page 1045: ...he OSPF Designated Router DR for a link If two routers attempt to become the DR the router with the higher router priority becomes the DR If the router priority is the same for two routers the router with the higher router ID takes precedence Routers with zero router priority values cannot become the designated or backup designated router Example The following example shows setting the OSPFv3 prio...

Page 1046: ...ode Interface Configuration for a VLAN interface Usage After sending an LSA to a neighbor the router keeps the LSA until it receives an acknowledgment In case the router does not receive an acknowledgment during the set time the retransmit interval value it retransmits the LSA Set the retransmission interval value conservatively to avoid needless retransmission The interval should be greater than ...

Page 1047: ...s 1 second Mode Interface Configuration for a VLAN interface Usage The transmit delay value adds a specified time to the age field of an update If the delay is not added the time in which the LSA transmits over the link is not considered This command is especially useful for low speed links Add transmission and propagation delays when setting the transmit delay value Example To set the IPv6 OSPF t...

Page 1048: ...ture Overview and Configuration Guide for more information and examples Examples The following commands enable IPv6 OSPF on VLAN interface vlan2 OSPF area 1 tag PT2 and instance 2 awplus configure terminal awplus config interface vlan2 awplus config if ipv6 router ospf area 1 tag PT2 instance id 2 Parameter Description area id The ID of the IPv6 OSPF routing area Can be entered as either an IPv4 A...

Page 1049: ...e Plus Operating System Version 5 4 6 1 x OSPFV3 FOR IPV6 COMMANDS IPV6 ROUTER OSPF AREA The following commands disable IPv6 OSPF on VLAN interface vlan2 and OSPF area 1 awplus configure terminal awplus config interface vlan2 awplus config if no ipv6 router ospf area 1 ...

Page 1050: ...um number of LSAs Syntax max concurrent dd max neighbors no max concurrent dd Mode Router Configuration Usage This command is useful where bringing up several adjacencies on a router is affecting performance In this situation you can often enhance the system performance by limiting the number of neighbors that can be processed concurrently Example The following example sets the max concurrent dd v...

Page 1051: ...iguration Usage Configure an interface to be passive if you wish its connected route to be treated as an OSPF route rather than an AS external route but do not wish to actually exchange any OSPF packets via this interface Examples To configure passive interface mode on interface vlan2 enter the following commands awplus config router ipv6 ospf awplus config router passive interface vlan2 To config...

Page 1052: ...ol which routes are redistributed and can set metric and tag values on particular routes The metric metric type and tag values specified on this command are applied to any redistributed routes that are not explicitly given a different metric metric type or tag value by the route map See the OSPF Feature Overview and Configuration Guide for more information about metrics and about behavior when con...

Page 1053: ...OSPFV3 FOR IPV6 COMMANDS REDISTRIBUTE IPV6 OSPF Example The following example shows the redistribution of RIP routes into the IPv6 OSPF routing table with a metric of 10 and a metric type of 1 awplus configure terminal awplus config router ipv6 ospf awplus config router redistribute rip metric 10 metric type 1 ...

Page 1054: ...PF grace period is 120 seconds Mode Privileged Exec Usage After this command is executed the OSPFv3 process immediately shuts down It notifies the system that OSPF has performed a graceful shutdown Routes installed by OSPF are preserved until the grace period expires When a restart ospf graceful command is issued the OSPF configuration is reloaded from the last saved configuration Ensure you first...

Page 1055: ... and LSAs issued from each process will appear as if coming from a separate physical router To a large extent the requirement for multiple processes has been replaced by the ability within IPv6 OSPF of running simultaneous router instances The process ID of IPv6 OSPF is an optional parameter for the no variant of this command only When removing all IPv6 OSPF processes on the device you do not need...

Page 1056: ...uter id router id no router id Mode Router Configuration Usage Configure each router with a unique router id In an IPv6 OSPF router process that has active neighbors a new router id takes effect at the next reload or when you restart OSPF manually Example The following example shows a specified router ID 0 0 4 5 awplus configure terminal awplus config router ipv6 ospf awplus config router router i...

Page 1057: ... command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging ipv6 ospf Mode User Exec and Privileged Exec Example awplus show debugging ipv6 ospf Output Figure 27 1 Example output from the show debugging ipv6 ospf command OSPFv3 debugging status OSPFv3 all packet detail debugging is on OSPFv3 all IFSM debugging is on OSPFv3 all NFSM de...

Page 1058: ...ses For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ipv6 ospf show ipv6 ospf process id Mode User Exec and Privileged Exec Examples To display general information about all IPv6 OSPF routing processes use the command awplus show ipv6 ospf To display general informationaboutIPv6 OSPF OSPFv3 rout...

Page 1059: ...Internal 0 Route Licence Breach Current 0 Watermark 0 Process uptime is 6 minutes Current grace period is 120 secs default SPF schedule delay min 0 500 secs SPF schedule delay max 50 0 secs Minimum LSA interval 5 secs Minimum LSA arrival 1 secs Number of incoming current DD exchange neighbors 0 5 Number of outgoing current DD exchange neighbors 0 5 Number of external LSA 0 Checksum Sum 0x0000 Numb...

Page 1060: ...outer adv router id Mode User Exec and Privileged Exec Example To display the database summary for IPv6 OSPF information on process P10 use the command awplus show ipv6 ospf P10 database Output Figure 27 3 Example output from the show ipv6 ospf P10 database command Parameter Description process id 0 65535 The ID of the router process for which information will be displayed self originate Displays ...

Page 1061: ... 0 1 2 979 0x800000d8 0xad2b 1 0 0 0 0 0 0 1 3 1005 0x800000cf 0xefed 1 Network LSA Area 0 0 0 0 Link State ID ADV Router Age Seq CkSum 0 0 0 202 0 0 1 2 1764 0x800000c2 0x94c3 0 0 0 203 0 0 1 3 1010 0x800000c4 0x8ac8 Intra Area Prefix LSA Area 0 0 0 0 Link State ID ADV Router Age Seq CkSum Prefix Reference 0 0 0 2 0 0 1 2 978 0x800000a1 0x699a 1 Router LSA 0 0 0 4 0 0 1 2 1764 0x800000c2 0xca4d 1...

Page 1062: ... information about the external LSAs use the following command awplus show ipv6 ospf database external adv router 10 10 10 1 Output Figure 27 4 Example output from the show ipv6 ospf database external command Parameter Description adv router id The Advertising Router ID usually entered in IPv4 address format A B C D Note that this ID component no longer represents an address it is simply a charact...

Page 1063: ...information about the grace LSAs use the following command awplus show ipv6 ospf database grace adv router 10 10 10 1 Output Figure 27 5 Example output from the show ipv6 ospf database grace command Parameter Description adv router id The Advertising Router ID usually entered in IPv4 address format A B C D Note that this ID component no longer represents an address it is simply a character string ...

Page 1064: ...play information about the inter prefix LSAs use the following command awplus show ipv6 ospf database external adv router 10 10 10 1 Output Figure 27 6 Example output from the show ipv6 ospf database inter prefix command Parameter Description adv router id The Advertising Router ID usually entered in IPv4 address format A B C D Note that this ID component no longer represents an address it is simp...

Page 1065: ...ay information about the inter router LSAs use the following command awplus show ipv6 ospf database inter router adv router 10 10 10 1 Output Figure 27 7 Example output from the show ipv6 ospf database inter router command Parameter Description adv router id The Advertising Router ID usually entered in IPv4 address format A B C D Note that this ID component no longer represents an address it is si...

Page 1066: ...ay information about the intra prefix LSAs use the following command awplus show ipv6 ospf database intra prefix adv router 10 10 10 1 Output Figure 27 8 Example output from the show ipv6 ospf database intra prefix command Parameter Description adv router id The Advertising Router ID usually entered in IPv4 address format A B C D Note that this ID component no longer represents an address it is si...

Page 1067: ...nformation about the link LSAs use the following command awplus show ipv6 ospf database link adv router 10 10 10 1 Output Figure 27 9 Example output from the show ipv6 ospf database link command Parameter Description adv router id The Advertising Router ID usually entered in IPv4 address format A B C D Note that this ID component no longer represents an address it is simply a character string that...

Page 1068: ...r Exec and Privileged Exec Examples To display information about the OSPFv3 network LSAs use the following command awplus show ipv6 ospf database network Output Figure 27 10 Example output from the show ipv6 ospf database network command Parameter Description adv router id The router ID of the advertising router in IPv4 address format Note however that this no longer represents a real address self...

Page 1069: ...System Version 5 4 6 1 x OSPFV3 FOR IPV6 COMMANDS SHOW IPV6 OSPF DATABASE NETWORK LS age 1144 LS Type Network LSA Link State ID 0 0 0 203 Advertising Router 0 0 1 3 LS Seq Number 0x800000C4 Checksum 0x8AC8 Length 32 Options 0x000013 R E V6 Attached Router 0 0 1 3 Attached Router 0 0 1 1 ...

Page 1070: ...dv router id Mode User Exec and Privileged Exec Examples To display information about the OSPFv3 router LSAs use the following command awplus show ipv6 ospf database router Output Figure 27 11 Example output from the show ipv6 ospf database router command Parameter Description adv router id The router ID of the advertising router in IPv4 address format Note however that this no longer represents a...

Page 1071: ... LS Type Router LSA Link State ID 0 0 0 0 Advertising Router 0 0 1 2 LS Seq Number 0x800000D5 Checksum 0xB328 Length 40 Flags 0x00 Options 0x000013 R E V6 Link connected to a Transit Network Metric 1 Interface ID 202 Neighbor Interface ID 202 Neighbor Router ID 0 0 1 2 LS age 543 LS Type Router LSA Link State ID 0 0 0 0 Advertising Router 0 0 1 3 LS Seq Number 0x800000CC Checksum 0xF5EA Length 40 ...

Page 1072: ... 0 0 1 1 LS Seq Number 0x80000009 Checksum 0xD696 Length 52 Metric Type 2 Larger than any link state path Metric 20 Prefix 2011 2222 64 Prefix Options 0 Forwarding Address 2003 1111 1 LS age 1384 LS Type AS External LSA Link State ID 0 0 0 15 Advertising Router 0 0 1 1 LS Seq Number 0x80000009 Checksum 0xD892 Length 52 Metric Type 2 Larger than any link state path Metric 20 Prefix 2012 2222 64 Pre...

Page 1073: ... 0 0 1 1 LS Seq Number 0x8000000C Checksum 0xD295 Length 52 Metric Type 2 Larger than any link state path Metric 20 Prefix 2012 2222 64 Prefix Options 0 Forwarding Address 2003 1111 1 LS age 1087 LS Type AS External LSA Link State ID 0 0 0 16 Advertising Router 0 0 1 1 LS Seq Number 0x8000000C Checksum 0xD491 Length 52 Metric Type 2 Larger than any link state path Metric 20 Prefix 2013 2222 64 Pre...

Page 1074: ...PFV3 FOR IPV6 COMMANDS SHOW IPV6 OSPF DATABASE ROUTER LS age 1087 LS Type AS External LSA Link State ID 0 0 0 18 Advertising Router 0 0 1 1 LS Seq Number 0x8000000C Checksum 0xD889 Length 52 Metric Type 2 Larger than any link state path Metric 20 Prefix 2015 2222 64 Prefix Options 0 Forwarding Address 2003 1111 1 ...

Page 1075: ...from the show ipv6 ospf interface command showing OSPFv3 Authentication configuration information highlighted in bold Parameter Description interface name An alphanumeric string that is the interface name Omit the optional interface to display OSPF awplus show ipv6 ospf interface vlan2 is up line protocol is up Interface ID 302 IPv6 Prefixes fe80 215 77ff fead f87e 64 Link Local Address Security P...

Page 1076: ... ospf interface vlan3 vlan3 is up line protocol is up Interface ID 203 IPv6 Prefixes fe80 200 cdff fe24 daae 64 Link Local Address 2003 1111 2 64 OSPFv3 Process P1 Area 0 0 0 0 Instance ID 0 Router ID 0 0 1 1 Network Type BROADCAST Cost 1 Transmit Delay is 1 sec State DR Priority 1 Designated Router ID 0 0 1 1 Interface Address fe80 200 cdff fe24 daae No backup designated router on this link Timer...

Page 1077: ...onfiguration Guide Syntax show ipv6 ospf process id neighbor neighbor id show ipv6 ospf process id neighbor detail show ipv6 ospf process id neighbor interface detail Mode User Exec and Privileged Exec Examples awplus show ipv6 ospf neighbor Output Figure 27 14 Example output from show ipv6 ospf neighbor Parameter Description process id character string The ID of the OSPF process for which informa...

Page 1078: ...rom show ipv6 ospf neighbor detail awplus show ipv6 ospf neighbor detail Neighbor 0 0 1 2 interface address fe80 215 77ff fec9 7472 In the area 0 0 0 0 via interface vlan2 Neighbor priority is 1 State is Full 6 state changes DR is 0 0 1 2 BDR is 0 0 1 1 Options is 0x000013 R E V6 Dead timer due in 00 00 33 Database Summary List 0 Link State Request List 0 Link State Retransmission List 0 ...

Page 1079: ...ay the OSPF routing table for specified processes For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ipv6 ospf process id route Mode User Exec and Privileged Exec Examples To display the OSPF routing table use the command awplus show ipv6 ospf route Parameter Description process id A character str...

Page 1080: ... 1 E2 OSPF external type 2 Destination Metric Next hop O 2002 1111 64 2 via fe80 200 cdff fe24 daae vlan3 Area 0 0 0 0 C 2003 1111 64 1 directly connected vlan3 Area 0 0 0 0 O 2004 1111 64 3 via fe80 200 cdff fe24 daae vlan3 Area 0 0 0 0 C 2005 1111 64 1 directly connected vlan5 Area 0 0 0 0 E2 2010 2222 64 1 20 via 2003 1111 1 vlan3 E2 2011 2222 64 1 20 via 2003 1111 1 vlan3 E2 2012 2222 64 1 20 ...

Page 1081: ... Overview and Configuration Guide for more information and examples Examples To display virtual link information use the command awplus show ipv6 ospf virtual links Output Figure 27 17 Example output from the show ipv6 ospf virtual links command showing OSPFv3 Authentication configuration information highlighted in bold Related Commands area virtual link authentication ipsec spi area virtual link ...

Page 1082: ...v3 requires the router to advertise each route individually in an external LSA Use this command to advertise one summary route for all redistributed routes covered by a specified prefix to decrease the size of the OSPFv3 link state database For example if the specified address range is 2001 0db8 44 48 then summary address functionality will match 2001 0db8 4400 0000 1 128 through 2001 0db8 44ff ff...

Page 1083: ...s that match the IPv6 prefix 2001 0db8 32 and assigns a tag value of 3 awplus configure terminal awplus config router ipv6 ospf awplus config router summary address 2001 0db8 32 tag 3 The following example uses the no summary address command to stop summarizing IPv6 addresses in the address range covered within the IPv6 prefix 2001 0db8 32 awplus configure terminal awplus config router ipv6 ospf a...

Page 1084: ...on 5 4 6 1 x OSPFV3 FOR IPV6 COMMANDS TIMERS SPF IPV6 OSPF DEPRECATED timers spf IPv6 OSPF deprecated Overview This command has been deprecated because SPF timers have been replaced by exponential SPF timers To configure the exponential timers please use the timers spf exp IPv6 OSPF command instead ...

Page 1085: ...rs and triggers a new SPF run before the last SPF holdtimer has finished The time between runs may increase up to the max holdtime value This increase in holdtime prevents too many SPF runs from occurring if multiple OSPF topology change events occur Examples To set the minimum delay time to 5 milliseconds and maximum delay time to 2 seconds use the commands awplus configure terminal awplus config...

Page 1086: ...e for x510 Series 1086 AlliedWare Plus Operating System Version 5 4 6 1 x OSPFV3 FOR IPV6 COMMANDS UNDEBUG IPV6 OSPF EVENTS undebug ipv6 ospf events Overview This command applies the functionality of the no debug ipv6 ospf events command ...

Page 1087: ...ence for x510 Series 1087 AlliedWare Plus Operating System Version 5 4 6 1 x OSPFV3 FOR IPV6 COMMANDS UNDEBUG IPV6 OSPF IFSM undebug ipv6 ospf ifsm Overview This command applies the functionality of the no debug ipv6 ospf ifsm command ...

Page 1088: ...erence for x510 Series 1088 AlliedWare Plus Operating System Version 5 4 6 1 x OSPFV3 FOR IPV6 COMMANDS UNDEBUG IPV6 OSPF LSA undebug ipv6 ospf lsa Overview This command applies the functionality of the no debug ipv6 ospf lsa command ...

Page 1089: ...ence for x510 Series 1089 AlliedWare Plus Operating System Version 5 4 6 1 x OSPFV3 FOR IPV6 COMMANDS UNDEBUG IPV6 OSPF NFSM undebug ipv6 ospf nfsm Overview This command applies the functionality of the no debug ipv6 ospf nfsm command ...

Page 1090: ...e for x510 Series 1090 AlliedWare Plus Operating System Version 5 4 6 1 x OSPFV3 FOR IPV6 COMMANDS UNDEBUG IPV6 OSPF PACKET undebug ipv6 ospf packet Overview This command applies the functionality of the no debug ipv6 ospf packet command ...

Page 1091: ...nce for x510 Series 1091 AlliedWare Plus Operating System Version 5 4 6 1 x OSPFV3 FOR IPV6 COMMANDS UNDEBUG IPV6 OSPF ROUTE undebug ipv6 ospf route Overview This command applies the functionality of the no debug ipv6 ospf route command ...

Page 1092: ...ute map entry and to put you into route map mode match commands used to determine which routes the route map applies to set commands used to modify matching routes Command List match interface on page 1093 match ip address on page 1094 match ip next hop on page 1097 match ipv6 address on page 1099 match metric on page 1100 match route type on page 1101 match tag on page 1102 route map on page 1103...

Page 1093: ...m the route map entry Use the no variant of this command without a specified interface to remove all interfaces Syntax match interface interface no match interface interface Mode Route map Configuration Usage This command is valid for RIP and OSPF routes only Example To add entry 10 to the route map called mymap1 which will process routes if they use the interface vlan1 use the commands awplus con...

Page 1094: ...pecify the prefix or prefixes to match by either specifying the name of an access list To create the access list enter Global Configuration mode and use the access list command specifying the name of a prefix list To create the prefix list enter Global Configuration mode and use the ip prefix list command A route matches the route map entry if the route s prefix matches the access list or prefix l...

Page 1095: ...cations This command is valid for OSPF routes RIP routes Examples To add entry 3 to the route map called myroute which will process routes that match the ACL called List1 use the commands awplus configure terminal awplus config route map myroute permit 3 awplus config route map match ip address List1 To add entry 3 to the route map called rmap1 which will process routes that match the prefix list ...

Page 1096: ...r x510 Series 1096 AlliedWare Plus Operating System Version 5 4 6 1 x ROUTE MAP COMMANDS MATCH IP ADDRESS Related Commands access list extended numbered access list standard numbered ip prefix list route map show ip access list show route map ...

Page 1097: ...Note that access lists prefix lists and route map entries all specify an action of deny or permit The action in the access list or prefix list determines whether the route map checks update messages and routes for a given next hop value The route map action and its set clauses determine what the route map does with update messages and routes that contain that next hop Use the no variant of this co...

Page 1098: ...terminal awplus config route map rmap1 permit 3 awplus config route map match ip next hop mylist To add entry 3 to the route map called mymap which will process routes whose next hop matches the prefix list called list1 use the commands awplus configure terminal awplus config route map mymap permit 3 awplus config route map match ip next hop prefix list list1 Related Commands access list extended ...

Page 1099: ...r accepted nor forwarded irrespective of permit or deny specifications The match ipv6 address prefix list command specifies the entries of prefix lists to be matched If there is a match for the specified prefix list entries and permit is specified the route is redistributed or controlled as specified by the set action If the match criteria are met and deny is specified the route is not redistribut...

Page 1100: ...metric match clause entering this command replaces that match clause with the new clause Use the no variant of this command to remove the metric match clause from the route map entry Syntax match metric metric no match metric metric Mode Route map Configuration Usage This command is valid for OSPF routes RIP routes Example To stop entry 3 of the route map called myroute from processing routes with...

Page 1101: ...te type match clause from the route map entry Syntax match route type external type 1 type 2 no match route type external type 1 type 2 Mode Route map Configuration Usage Use the match route type externalcommand to match specific external route types AS external LSA is either Type 1 or Type 2 external type 1 matches only Type 1 external routes and external type 2 matches only Type 2 external route...

Page 1102: ...clause If the route map entry already has a tag match clause entering this command replaces that match clause with the new clause Use the no variant of this command to remove the tag match clause from the route map entry Syntax match tag 0 4294967295 no match tag 0 4294967295 Mode Route map Configuration Usage This command is valid for OSPF routes only Example To add entry 10 to the route map call...

Page 1103: ...rmit seq Mode Global Configuration Usage Route maps allow you to control and modify routing information by filtering routes and setting route attributes You can apply route maps when the device redistributes routes from one routing protocol into another redistributes static routes into routing protocols When a routing protocol passes a route through a route map it checks the entries in order of th...

Page 1104: ...entry 2 of the route map called route1 and then add a match and set clause to it use the commands awplus configure terminal awplus config route map route1 permit 2 awplus config route map match interface vlan2 awplus config route map set metric 20 Note how the prompt changes when you go into route map configuration mode To make the device process non matching routes instead of discarding them add ...

Page 1105: ...he set clause Syntax set ip next hop ip address no set ip next hop ip address Mode Route map Configuration Usage Use this command to set the next hop IP address to the routes This command is valid for OSPF routes RIP routes Example To use entry 3 of the route map called mymap to give matching routes a next hop of 10 10 0 67 use the commands awplus configure terminal awplus config route map mymap p...

Page 1106: ... The default metric value for routes redistributed into OSPF and OSPFv3 is 20 Mode Route map Configuration Usage This command is valid for OSPF routes RIP routes Note that defining the OSPF metric in a route map supersedes the metric defined using a redistribute OSPF or a redistribute IPv6 OSPF command For more information see the OSPFv3 Feature Overview and Configuration Guide and the OSPF Featur...

Page 1107: ...4 6 1 x ROUTE MAP COMMANDS SET METRIC To use entry 3 of the route map called rmap1 to increase the metric of matching routes by 2 use the commands awplus configure terminal awplus config route map rmap1 permit 3 awplus config route map set metric 2 Related Commands match metric route map show route map ...

Page 1108: ... 2 no set metric type type 1 type 2 Mode Route map Configuration Usage This command is valid for OSPF routes only Example To use entry 3 of the route map called rmap1 to redistribute matching routes into OSPF as type 1 external routes use the commands awplus configure terminal awplus config route map rmap1 permit 3 awplus config route map set metric type 1 Related Commands default information orig...

Page 1109: ...his command to remove the set clause Syntax set tag tag value no set tag tag value Mode Route map Configuration Usage This command is valid only when redistributing routes into OSPF Example To use entry 3 of the route map called rmap1 to tag matching routes with the number 6 use the commands awplus configure terminal awplus config route map rmap1 permit 3 awplus config route map set tag 6 Related ...

Page 1110: ...xec and Privileged Exec Example To display information about the route map named example map use the command awplus show route map example map Output Figure 28 1 Example output from the show route map command Related Commands route map Parameter Description map name A name to identify the route map route map example map permit sequence 1 Match clauses ip address prefix list example pref Set clause...

Page 1111: ...C613 50102 01 REV C Command Reference for x510 Series 1111 AlliedWare Plus Operating System Version 5 4 6 1 x Part 4 Multicast Applications ...

Page 1112: ...ing This chapter describes the commands to configure IGMP Querier behaviour and selection IGMP Snooping and IGMP Proxy Command List clear ip igmp on page 1114 clear ip igmp group on page 1115 clear ip igmp interface on page 1116 debug igmp on page 1117 ip igmp on page 1118 ip igmp access group on page 1119 ip igmp flood specific query on page 1120 ip igmp immediate leave on page 1121 ip igmp last ...

Page 1113: ...igmp snooping routermode on page 1143 ip igmp snooping tcn query solicit on page 1145 ip igmp source address check on page 1147 ip igmp ssm on page 1148 ip igmp ssm map enable on page 1149 ip igmp ssm map static on page 1150 ip igmp static group on page 1152 ip igmp startup query count on page 1154 ip igmp startup query interval on page 1155 ip igmp trusted on page 1156 ip igmp version on page 115...

Page 1114: ...AND IGMP SNOOPING COMMANDS CLEAR IP IGMP clear ip igmp Overview Use this command to clear all IGMP group membership records on all interfaces Syntax clear ip igmp Mode Privileged Exec Example awplus clear ip igmp Related Commands clear ip igmp group clear ip igmp interface show ip igmp interface show running config ...

Page 1115: ...p an interface can be specified Specifying this will mean that only entries with the group learned on the interface will be deleted Examples To delete all group records use the command awplus clear ip igmp group To delete records for 224 1 1 1 on vlan1 use the command awplus clear ip igmp group 224 1 1 1 vlan1 Related Commands clear ip igmp clear ip igmp interface show ip igmp interface show runni...

Page 1116: ...cular interface Syntax clear ip igmp interface interface Mode Privileged Exec Usage This command applies to interfaces configured for IGMP IGMP Snooping or IGMP Proxy Example To delete records for vlan1 use the command awplus clear ip igmp interface vlan1 Related Commands clear ip igmp clear ip igmp group show ip igmp interface show running config Parameter Description interface Specifies the name...

Page 1117: ...component of IGMP Syntax debug igmp all decode encode events fsm tib no debug igmp all decode encode events fsm tib Modes Privileged Exec and Global Configuration Example awplus configure terminal awplus config debug igmp all Related Commands show debugging igmp undebug igmp Parameter Description all Enable or disable all debug options for IGMP decode Debug of IGMP packets that have been received ...

Page 1118: ...t of this command to return all IGMP related configuration to the default on this interface Syntax ip igmp no ip igmp Default Disabled Mode Interface Configuration for a VLAN interface Usage An IP address must be assigned to the interface first before this command will work Example To specify an interface as an IGMP querier use the commands awplus configure terminal awplus config interface vlan2 a...

Page 1119: ...Syntax ip igmp access group access list number access list name no ip igmp access group Default By default there are no access lists configured on any interface Mode Interface Configuration for a VLAN interface Usage This command applies to VLAN interfaces configured for IGMP IGMP Snooping or IGMP Proxy Example In the following example hosts serviced by VLAN interface vlan2 can only join the group...

Page 1120: ...n L2 switched network running IGMP it is considered more robust to flood all specific queries In most cases the benefit of flooding specific queries to all VLAN member ports outweighs the disadvantages However sometimes this is not the case For example if hosts with very low CPU capability receive specific queries for multicast groups they are not members of their performance may degrade unaccepta...

Page 1121: ... no ip igmp immediate leave Default Disabled by default Mode Interface Configuration for a VLAN interface Usage This command applies to VLAN interfaces configured for IGMP IGMP Snooping or IGMP Proxy Example The following example shows how to enable the immediate leave feature on the VLAN interface vlan2 for a specific range of multicast groups awplus configure terminal awplus config interface vla...

Page 1122: ...ount 2 7 no ip igmp last member query count Default The default last member query count value is 2 Mode Interface Configuration for a VLAN interface Usage This command applies to VLAN interfaces configured for IGMP IGMP Snooping or IGMP Proxy Example To set the last member query count to 3 on vlan2 use the commands awplus configure terminal awplus config interface vlan2 awplus config if ip igmp la...

Page 1123: ...ery interval Default 1000 milliseconds Mode Interface Configuration for a VLAN interface Usage This command applies to VLAN interfaces configured for IGMP IGMP Snooping or IGMP Proxy Example To change the IGMP group specific host query message interval to 2 seconds 2000 milliseconds on vlan2 use the commands awplus configure terminal awplus config interface vlan2 awplus config if ip igmp last memb...

Page 1124: ...ault limit which is reset by the no variant of this command is 512 Mode Global Configuration and Interface Configuration for a VLAN interface Usage This command applies to VLAN interfaces configured for IGMP IGMP Snooping or IGMP Proxy Example To configure an IGMP limit of 100 group membership entries on vlan2 use the commands awplus configure terminal awplus config interface vlan2 awplus config i...

Page 1125: ... IGMP snooping fast leave on the relevant VLANs To enable fast leave use the command awplus config if ip igmp snooping fast leave Thedevicekeepscountofthe numberofgroups learned byeachport This counter is incremented when group joins are received via IGMP reports It is decremented when Group memberships time out Group leaves are received via leave messages or reports Also the port s group counter ...

Page 1126: ...ents to 10 groups on port 1 0 1 which is in vlan1 use the commands awplus configure terminal awplus config interface port1 0 1 awplus config if ip igmp maximum groups 10 awplus config if exit awplus config interface vlan1 awplus config if ip igmp snooping fast leave Related Commands clear ip igmp group ip igmp snooping fast leave show ip igmp interface show ip igmp snooping statistics ...

Page 1127: ... for IGMP Proxy You must also enable the IGMP proxy service on the upstream interface using the ip igmp proxy service command You can associate one or more downstream mroute proxy interfaces on the device with a single upstream proxy service interface This downstream mroute proxy interface listens for IGMP reports and forwards them to the upstream IGMP proxy service interface IGMP Proxy does not w...

Page 1128: ...am proxy service interface Syntax ip igmp proxy service no ip igmp proxy service Mode Interface Configuration for a VLAN interface Usage This command applies to VLAN interfaces configured for IGMP Proxy This command is used with the ip igmp mroute proxy command to enable forwardingof IGMP reports to aproxy serviceinterface forall forwarding entries for thisinterface YoumustalsoenablethedownstreamI...

Page 1129: ...lt The default timeout interval is 255 seconds Mode Interface Configuration for a VLAN interface Usage This command applies to VLAN interfaces configured for IGMP The timeout value should not be less than the current active querier s general query interval Example To configure thedevice towait130 seconds from thetime it received thelast query before it takes over as the querier for vlan2 use the c...

Page 1130: ... DoS Denial of Service attack if a stream of Query Solicitation QS packets are sent to the IGMP Querier eliciting a rapid stream of IGMP Queries This command applies to interfaces on which the device is acting as an IGMP Querier Use the ip igmp query interval command when a delay for IGMP general query messages is required and IGMP general query messages are required The ip igmp query holdtime com...

Page 1131: ...ANDS IP IGMP QUERY HOLDTIME To reset the IGMP query holdtime to the default 500 ms for vlan10 use the following commands awplus configure terminal awplus config interface vlan10 awplus config if no ip igmp query holdtime Related Commands ip igmp query interval ip igmp snooping tcn query solicit show ip igmp interface show running config ...

Page 1132: ...ed for IGMP Note that the IGMP query interval is automatically set to a greater value than the IGMP query max response time For example if you set the IGMP query max response time to 2 seconds using the ip igmp query max response time command and the IGMP query interval is currently less than 3 seconds then the IGMP query interval period will be automatically reconfigured to be 3 seconds so it is ...

Page 1133: ... reset the period between sending IGMP host query messages to the default 125 seconds for vlan10 use the following commands awplus configure terminal awplus config interface vlan10 awplus config if no ip igmp query interval Related Commands ip igmp query holdtime ip igmp query max response time ip igmp startup query interval show ip igmp interface show running config ...

Page 1134: ...mple if you set the IGMP query interval to 3 seconds using the ip igmp query interval command and the current IGMP query interval is less than 3 seconds then the IGMP query maximum response time will be automatically reconfigured to be 2 seconds so it is less than the IGMP query interval time To get the network to converge faster use the ip igmp query max response time command and set a low respon...

Page 1135: ... Reference for x510 Series 1135 AlliedWare Plus Operating System Version 5 4 6 1 x IGMP AND IGMP SNOOPING COMMANDS IP IGMP QUERY MAX RESPONSE TIME Related Commands ip igmp query interval show ip igmp interface show running config ...

Page 1136: ...ption enabled IGMP packets without RA options are ignored Syntax ip igmp ra option no ip igmp ra option Default The default state of RA validation is unset Mode Interface Configuration for a VLAN interface Usage This command applies to interfaces configured for IGMP and IGMP Snooping Examples To enable strict Router Alert RA option validation on vlan20 use the following commands awplus configure t...

Page 1137: ...ce Syntax ip igmp robustness variable 1 7 no ip igmp robustness variable Default The default robustness variable value is 2 Mode Interface Configuration for a VLAN interface Usage This command applies to interfaces configured for IGMP and IGMP Snooping Examples To set the robustness variable to 3 on vlan20 use the following commands awplus configure terminal awplus config interface vlan20 awplus c...

Page 1138: ...disabled globally Syntax ip igmp snooping no ip igmp snooping Default By default IGMP Snooping is enabled both globally and on all VLANs Mode Global Configuration and Interface Configuration for a VLAN interface Usage For IGMP snooping to operate on particular VLAN interfaces it must be enabled both globally by using this command in Global Configuration mode and on individual VLAN interfaces by us...

Page 1139: ...up message is received without sending out a group specific query Use the no variant of this command to disable fast leave processing Syntax ip igmp snooping fast leave no ip igmp snooping fast leave Default IGMP Snooping fast leave processing is disabled Mode Interface Configuration for a VLAN interface Usage This IGMP Snooping command can only be configured on VLAN interfaces Example To enable f...

Page 1140: ... to remove the static configuration of the port as a multicast router port Syntax ip igmp snooping mrouter interface port no ip igmp snooping mrouter interface port Mode Interface Configuration for a VLAN interface Example To configure port1 0 2 statically as a multicast router interface for vlan2 use the commands awplus configure terminal awplus config interface vlan2 awplus config if ip igmp sno...

Page 1141: ... IP address because it only masquerades as a proxy IGMP querier for faster network convergence It does not start or automatically cease the IGMP Querier operation if it detects query message s from a multicast router If an IP address is assigned to a VLAN which has IGMP querier enabled on it then the IGMP Snooping querier uses the VLAN s IP address as the Source IP Address in IGMP queries The IGMP...

Page 1142: ...re already downstream ports for this group on this interface Use the no variant of this command to disable report suppression Syntax ip igmp snooping report suppression no ip igmp snooping report suppression Default Report suppression does not apply to IGMPv3 and is turned on by default for IGMPv1 and IGMPv2 reports Mode Interface Configuration for a VLAN interface Example To enable report suppres...

Page 1143: ...iguration Parameter Description all All reserved multicast addresses 224 0 0 x Packets from all possible addresses in range 224 0 0 x are treated as coming from routers default Default set of reserved multicast addresses Packets from 224 0 0 1 224 0 0 2 224 0 0 4 224 0 0 5 224 0 0 6 224 0 0 9 224 0 0 13 224 0 0 15 and 224 0 0 24 are treated as coming from routers ip Custom reserved multicast addre...

Page 1144: ...TERMODE Examples To set ip igmp snooping routermode for all default reserved addresses enter awplus config ip igmp snooping routermode default To remove the multicast address 224 0 0 5 from the custom list of multicast addresses enter awplus config no ip igmp snooping routermode address 224 0 0 5 Related commands ip igmp trusted show ip igmp snooping routermode ...

Page 1145: ...s enabled by default and cannot be disabled using the Global Configuration mode command However Query Solicitation can be disabled for specified interfaces using the no variant of this command from the Interface Configuration mode Mode Global Configuration and Interface Configuration for a VLAN interface Usage Once enabled if the device is not an IGMP Querier on detecting a topology change the dev...

Page 1146: ...it To disable Query Solicitation on a device use the commands awplus configure terminal awplus config no ip igmp snooping tcn query solicit To enable Query Solicitation for vlan2 use the commands awplus configure terminal awplus config interface vlan2 awplus config if ip igmp snooping tcn query solicit To disable Query Solicitation for vlan2 use the commands awplus configure terminal awplus config...

Page 1147: ...iguration for a VLAN interface Usage This is a security feature and should be enabled unless IGMP Reports from outside the local subnet are expected for example if Multicast VLAN Registration is active in the network The no variant of this command is required to disable the IGMP Report source address checkingfeatureinnetworks that use MulticastVLANRegistration to allow IGMP Reports from devices ou...

Page 1148: ...ist parameter options Use the no variant of this command to change the SSM range in IGMP back to the default Syntax ip igmp ssm range access list number access list name no ip igmp ssm Default By default the SSM range is 232 8 Mode Global Configuration Examples To configure a non default SSM range to be used in IGMP enter the commands awplus configure terminal awplus config access list 10 permit 2...

Page 1149: ...able Source Specific Multicast SSM mapping on the device Use the no variant of this command to disable SSM mapping Syntax ip igmp ssm map enable no ip igmp ssm map enable Mode Global Configuration Usage This command applies to VLAN interfaces configured for IGMP Example To enable SSM on the device enter the commands awplus configure terminal awplus config ip igmp ssm map enable Related Commands ip...

Page 1150: ...pplies to VLAN interfaces configured for IGMP You can use Standard numbered and Standard named ACLs plus Expanded Numbered ACLs Examples This example shows how to configure an SSM static mapping for group address 224 1 1 1 using a standard numbered ACL shown as 10 awplus configure terminal awplus config access list 10 permit 224 1 1 1 0 0 0 0 awplus config ip igmp ssm map static 10 1 2 3 4 This ex...

Page 1151: ... COMMANDS IP IGMP SSM MAP STATIC This example shows how to configure an SSM static mapping for group address 224 1 1 1 using a standard named ACL shown as sales awplus configure terminal awplus config access list sales permit 224 1 1 1 0 0 0 0 awplus config ip igmp ssm map static sales 1 2 3 4 Related Commands ip igmp ssm map enable ...

Page 1152: ...ic group ip address source ip source addr ssm map interface port no ip igmp static group ip address source ip source addr ssm map interface port Mode Interface Configuration for a VLAN interface Usage This command applies to IGMP operation or to IGMP Snooping on a VLAN interface Parameter Description ip address Standard IP Multicast group address entered in the form A B C D to be configured as a s...

Page 1153: ... 6 1 x IGMP AND IGMP SNOOPING COMMANDS IP IGMP STATIC GROUP Example The following example show how to statically add group and source records for IGMP on vlan3 awplus configure terminal awplus config interface vlan3 awplus config if ip igmp awplus config if ip igmp static group 226 1 2 4 source 10 2 3 4 ...

Page 1154: ...variant of this command to return an interface s configured IGMP startup query count to the default Syntax ip igmp startup query count startup query count no ip igmp startup query count Default The default IGMP startup query count is 2 Mode Interface Configuration for a VLAN interface Example To set the IGMP startup query count to 4 on vlan2 use the commands awplus configure terminal awplus config...

Page 1155: ...rval startup query interval no ip igmp startup query interval Default The default IGMP startup query interval is one quarter of the IGMP query interval value NOTE The IGMP startup query interval must be one quarter of the IGMP query interval Mode Interface Configuration for a VLAN interface Example To set the IGMP startup query interval to 15 seconds for vlan2 which is one quarter of the IGMP quer...

Page 1156: ...e switch ports or aggregators Usage Because all ports are trusted by default use this command in its no variant to stop IGMP processing packets on ports you do not trust For example you can use this command to make sure that only ports attached to approved IGMP routers are treated as router ports Example To stop ports port1 0 3 port1 0 6 from being treated as router ports by IGMP use the commands ...

Page 1157: ...rface Use the no variant of this command to return to the default version Syntax ip igmp version 1 3 no ip igmp version Default The default IGMP version is 3 Mode Interface Configuration for a VLAN interface Example To set the IGMP version to 2 for vlan2 use the commands awplus configure terminal awplus config interface vlan2 awplus config if ip igmp version 2 Related Commands show ip igmp interfa...

Page 1158: ...the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging igmp Mode User Exec and Privileged Exec Example To display the IGMP debugging options set enter the command awplus show debugging igmp Output Figure 29 1 Example output from the show debugging igmp command Related Commands debug igmp IGMP Debugging status IGMP Decoder debugging is on IGMP Encode...

Page 1159: ... A B C D interface Interface name for which to display local information IGMP Connected Group Membership Group Address Interface Uptime Expires Last Reporter 224 0 1 1 port1 0 1 00 00 09 00 04 17 10 10 0 82 224 0 1 24 port1 0 2 00 00 06 00 04 14 10 10 0 84 224 0 1 40 port1 0 3 00 00 09 00 04 15 10 10 0 91 224 0 1 60 port1 0 3 00 00 05 00 04 15 10 10 0 7 224 100 100 100 port1 0 1 00 00 11 00 04 13 ...

Page 1160: ...ion 5 4 6 1 x IGMP AND IGMP SNOOPING COMMANDS SHOW IP IGMP GROUPS Expires Time in hours minutes and seconds until the entry expires Last Reporter Last host to report being a member of the multicast group Table 1 Parameters in the output of the show ip igmp groups command cont Parameter Description ...

Page 1161: ...terface If you specify a switch port number the output displays the number of groups the port belongs to and the port s group membership limit if a limit has been set with the command ip igmp maximum groups awplus show ip igmp interface vlan2 Interface vlan2 Index 202 IGMP Disabled Inactive Version 3 default IGMP interface has 0 group record states IGMP activity 0 joins 0 leaves IGMP robustness va...

Page 1162: ...ime is 500 milliseconds IGMP querier timeout is 255 seconds IGMP max query response time is 10 seconds Last member query response interval is 1000 milliseconds Group Membership interval is 260 seconds Strict IGMPv3 ToS checking is disabled on this interface Source Address checking is enabled IGMP Snooping is globally enabled IGMP Snooping query solicitation is globally disabled Num query solicit p...

Page 1163: ...w ip igmp proxy groups vlan multicast group detail Mode User Exec and Privileged Exec Example To display the state of IGMP Proxy services for all interfaces enter the command awplus show ip igmp proxy To display the state of IGMP Proxy services for VLAN interface vlan1 enter the command awplus show ip igmp proxy groups vlan1 To display the detailed state of IGMP Proxy services for VLAN interface v...

Page 1164: ...ec and Privileged Exec Example To show all multicast router interfaces use the command awplus show ip igmp snooping mrouter To show the multicast router interfaces in vlan1 use the command awplus show ip igmp snooping mrouter interface vlan1 Output Figure 29 3 Example output from the show ip igmp snooping mrouter command Figure 29 4 Example output from the show ip igmp snooping mrouter interface v...

Page 1165: ...ng command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip igmp snooping routermode Mode User Exec and Privileged Exec Example To show the routermode and the list of router multicast addresses use the command awplus show ip igmp snooping routermode Output Figure 29 5 Example output from the show ip igmp snooping router mode command Relate...

Page 1166: ...nterface vlan1 vlan2 Output Figure 29 6 Example output from the show ip igmp snooping statistics command for VLANs Parameter Description ip address Optionally specify the address of the multicast group entered in the form A B C D interface Specify the name of the interface or interface range If you specify a port number the output displays the number of groups the port belongs to and the port s gr...

Page 1167: ... 4 6 1 x IGMP AND IGMP SNOOPING COMMANDS SHOW IP IGMP SNOOPING STATISTICS Figure 29 7 Example output from the show ip igmp snooping statistics command for a switch port awplus show ip igmp interface port1 0 1 IGMP information for port1 0 1 Maximum groups limit set 10 Number of groups port belongs to 0 ...

Page 1168: ...ommand Reference for x510 Series 1168 AlliedWare Plus Operating System Version 5 4 6 1 x IGMP AND IGMP SNOOPING COMMANDS UNDEBUG IGMP undebug igmp Overview This command applies the functionality of the no debug igmp command ...

Page 1169: ...lticast routing The IPv6 Multicast addresses shown can be derived from IPv6 unicast prefixes as per RFC 3306 The IPv6 unicast prefix reserved for documentation is 2001 0db8 32 as per RFC 3849 Using the base 32 prefix the IPv6 multicast prefix for 2001 0db8 32 is ff3x 20 2001 0db8 64 Where an RP address is 2001 0db8 1 the embedded RP multicast prefix is ff7x 120 2001 0db8 96 For ASM Any Source Mult...

Page 1170: ...out on page 1184 ipv6 mld query interval on page 1185 ipv6 mld query max response time on page 1186 ipv6 mld robustness variable on page 1187 ipv6 mld snooping on page 1188 ipv6 mld snooping fast leave on page 1190 ipv6 mld snooping mrouter on page 1191 ipv6 mld snooping querier on page 1193 ipv6 mld snooping report suppression on page 1194 ipv6 mld ssm map enable on page 1196 ipv6 mld ssm map sta...

Page 1171: ...6 MLD clear ipv6 mld Overview Use this command to clear all MLD local memberships on all interfaces Syntax clear ipv6 mld Mode Privileged Exec Usage This command applies to interfaces configured for MLD Layer 3 multicast protocols and learned by MLD Snooping Example awplus clear ipv6 mld Related Commands clear ipv6 mld group clear ipv6 mld interface ...

Page 1172: ...dress Mode Privileged Exec Usage This command applies to interfaces configured for MLD Layer 3 multicast protocols and learned by MLD Snooping Example awplus clear ipv6 mld group Related Commands clear ipv6 mld clear ipv6 mld interface Parameter Description Clears all groups on all interfaces This is an alias to the clear ipv6 mld command ipv6 address Specify the group address for which MLD local ...

Page 1173: ...clear MLD interface entries Syntax clear ipv6 mld interface interface Mode Privileged Exec Usage This command applies to interfaces configured for MLD Layer 3 multicast protocols and learned by MLD Snooping Example awplus clear ipv6 mld interface vlan2 Related Commands clear ipv6 mld clear ipv6 mld group Parameter Description interface Specifies name of the interface all groups learned from this i...

Page 1174: ...ll decode encode events fsm tib Mode Privileged Exec and Global Configuration Usage This command applies to interfaces configured for MLD Layer 3 multicast protocols and learned by MLD Snooping Examples awplus configure terminal awplus config debug mld all awplus configure terminal awplus config debug mld decode awplus configure terminal awplus config debug mld encode awplus configure terminal awp...

Page 1175: ...wplus NSM 1406 MLD ENCODE Send Group Source Query Sent G S Query on port2 0 1 05 15 01 awplus NSM 1406 MLD FSM State Change Include 1 Exclude 2 05 15 01 awplus NSM 1406 MLD TIB Source Rec Del S 2002 3 Intf vlan1 05 15 01 awplus NSM 1406 MLD ENCODE Send Group Report HST IF vlan1 No Router Ports found 05 15 01 awplus NSM 1406 MLD DECODE Socket Read Ignoring MLD Message on L3 socketsince Snooping is ...

Page 1176: ...emory usage max 51200000 kB 05 15 06 awplus appmond 1244 monitoring lldpd memory usage max 51200000 kB 05 15 06 awplus NSM 1406 MLD EVENTS Querier Timer Exipry on port2 0 1 Send ing General Query 05 15 06 awplus NSM 1406 MLD ENCODE MLD Enc Hdr MLD Listener Query Checksum 14706 MsgLen 28 05 15 06 awplus NSM 1406 MLD ENCODE Send Gen Query Sent General Query on port2 0 1 ret 90 05 15 06 awplus NSM 14...

Page 1177: ...e the required multicast structures added to the interfaces that allow multicast routing The device has a 512 MLD group limit for G and S G entries Syntax ipv6 mld no ipv6 mld Default MLD is disabled by default Mode Interface Configuration for a specified VLAN interface or a range of VLAN interfaces Usage MLD requires memory for storing data structures as well as the hardware tables to implement h...

Page 1178: ... ff1e 0db8 0001 64 awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing awplus config ipv6 access list standard group1 permit ff1e 0db8 0001 64 awplus config interface vlan2 awplus config if ipv6 enable awplus config if ipv6 mld access group group1 In the following example the VLAN interfaces vlan2 vlan4 will only accept MLD joins for groups in the range ff1...

Page 1179: ...enable the immediate leave feature on an interface for a specific range of multicast groups In this example the router assumes that the group access list consists of groups that have only one node membership at a time per interface awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing awplus config interface vlan2 awplus config if ipv6 enable awplus config if...

Page 1180: ...fault on an interface Syntax ipv6 mld last member query count value no ipv6 mld last member query count Default The default last member query count value is 2 Mode Interface Configuration for a specified VLAN interface or a range of VLAN interfaces Example awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing awplus config interface vlan2 awplus config if ipv...

Page 1181: ... no ipv6 mld last member query interval Default 1000 milliseconds Mode Interface Configuration for a specified VLAN interface or a range of VLAN interfaces Example The following example changes the MLD group specific host query message interval to 2 seconds awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing awplus config interface vlan2 awplus config if ip...

Page 1182: ...an be learned with the ipv6 mld limit command The default limit of group membership entries that can be learned is 512 entries Mode Global Configuration and Interface Configuration for a specified VLAN interface or a range of VLAN interfaces Usage This command applies to interfaces configured for MLD Layer 3 multicast protocols and learned by MLD Snooping Examples The following example configures ...

Page 1183: ...rwarding awplus config ipv6 multicast routing awplus config interface vlan2 awplus config if ipv6 enable awplus config if ipv6 mld limit 100 The following example configures an MLD limit of 100 group membership states on the VLAN interfaces vlan2 vlan4 awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing awplus config interface vlan2 vlan4 awplus config if i...

Page 1184: ...pecified VLAN interface or a range of VLAN interfaces Usage This command applies to interfaces configured for MLD Layer 3 multicast protocols Example The following example configures the router to wait 120 seconds from the time it received the last query before it takes over as the querier for the interface awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routin...

Page 1185: ...erface Configuration for a specified VLAN interface or a range of VLAN interfaces Usage This command applies to interfaces configured for MLD Layer 3 multicast protocols Example The following example changes the frequency of sending MLD host query messages to 2 minutes awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing awplus config interface vlan2 awplus ...

Page 1186: ...y max response time Default 10 seconds Mode Interface Configuration for a specified VLAN interface or a range of VLAN interfaces Usage This command applies to interfaces configured for MLD Layer 3 multicast protocols Example The following example configures a maximum response time of 8 seconds awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing awplus confi...

Page 1187: ...x ipv6 mld robustness variable value no ipv6 mld robustness variable Default The default robustness variable value is 2 Mode Interface Configuration for a specified VLAN interface or a range of VLAN interfaces Usage This command applies to interfaces configured for MLD Layer 3 multicast protocols Example awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing a...

Page 1188: ...e the required multicast structures added to the interfaces that allow multicast routing The device has a 512 MLD group limit for G and S G entries Syntax ipv6 mld snooping no ipv6 mld snooping Default By default MLD Snooping is enabled both globally and on all VLANs Mode Global Configuration and Interface Configuration for a specified VLAN interface or a range of VLAN interfaces Usage For MLD Sno...

Page 1189: ... vlan2 vlan4 awplus config if ipv6 mld snooping To disable MLD Snooping for the VLAN interface vlan2 enter the following commands awplus configure terminal awplus config interface vlan2 awplus config no ipv6 mld snooping To disable MLD Snooping for the VLAN interfaces vlan2 vlan4 enter the following commands awplus configure terminal awplus config interface vlan2 vlan4 awplus config no ipv6 mld sn...

Page 1190: ...sable fast leave processing Syntax ipv6 mld snooping fast leave no ipv6 mld snooping fast leave Default MLD Snooping fast leave processing is disabled Mode Interface Configuration for a specified VLAN interface or a range of VLAN interfaces Usage This MLD Snooping command can only be configured on VLAN interfaces Examples This example shows how to enable fast leave processing on the VLAN interface...

Page 1191: ...ter interface Note that if static IPv6 multicast routing is being used with EPSR and the destination VLAN is an EPSR data VLAN then multicast router mrouter ports must be statically configured This minimizes disruption for multicast traffic in the event of ring failure or restoration When configuring the EPSR data VLAN statically configure mrouter ports so that the multicast router can be reached ...

Page 1192: ...e multicast router for VLAN interface vlan2 awplus configure terminal awplus config interface vlan2 awplus config if ipv6 mld snooping mrouter interface port1 0 5 This example shows how to specify the next hop interface to the multicast router for VLAN interfaces vlan2 vlan4 awplus configure terminal awplus config interface vlan2 vlan4 awplus config if ipv6 mld snooping mrouter interface port1 0 5...

Page 1193: ...ce Configuration for a specified VLAN interface Usage This command can only be configured on a single VLAN interface not on multiple VLANs The MLD Snooping querier uses the 0 0 0 0 Source IP address because it only masquerades as an MLD querier for faster network convergence The MLD Snooping querier does not start or automatically cease the MLD Querier operation if it detects query message s from ...

Page 1194: ...ing maybe configured to suppress reports from hosts When a querier sends a query only the first report for particular set of group s from a host will be forwarded to the querier by the MLD Snooping device Similar reports to the same set of groups from other hosts which would not change group memberships in the querier will be suppressed by the MLD Snooping device to prevent flooding of query respo...

Page 1195: ...on 5 4 6 1 x MLD AND MLD SNOOPING COMMANDS IPV6 MLD SNOOPING REPORT SUPPRESSION This example shows how to disable report suppression for MLD reports on VLAN interfaces vlan2 vlan4 awplus configure terminal awplus config interface vlan2 vlan4 awplus config if no ipv6 mld snooping report suppression ...

Page 1196: ...his command to disable the SSM mapping feature on the device Syntax ipv6 mld ssm map enable no ipv6 mld ssm map enable Mode Global Configuration Usage This command enables the SSM mapping feature for group members in the defined SSM range Configure the group member and the SSM range using the ipv6 mld ssm map static command Example This example shows how to enable the MLD SSM mapping feature on th...

Page 1197: ...s list name X X X X no ipv6 mld ssm map static access list name X X X X Mode Global Configuration Usage Use this command to configure SSM mappings after enabling SSM mapping with the ipv6 mld ssm map enable command Example This example shows how to configure an SSM static mapping for the group address ff0e 1 128 awplus configure terminal awplus config ipv6 mld ssm map enable awplus config ipv6 acc...

Page 1198: ...inal awplus config interface vlan2 awplus config if ipv6 mld static group ff1e 10 To add a static group and source record use the following commands awplus configure terminal awplus config interface vlan2 awplus config if ipv6 mld static group ff1e 10 source fe80 2fd 6cff fe1c b Parameter Description ipv6 group address Specify a standard IPv6 Multicast group address to be configured as a static gr...

Page 1199: ...a specific port on vlan2 use the following commands awplus configure terminal awplus config interface vlan2 awplus config if ipv6 mld static group ff1e 10 interface port1 0 4 To add an SSM mapping record on a specific port on vlan2 use the following commands awplus configure terminal awplus config interface vlan2 awplus config if ipv6 mld static group ff1e 10 source ssm map interface port1 0 4 ...

Page 1200: ...figuration for a VLAN interface Usage This command applies to interfaces configured for MLD Layer 3 multicast protocols and MLD Snooping Note this command is intended for use where there is another querier when there is another device with MLD enabled on the same link that can only operate with MLD version 1 Otherwise the default MLD version 2 is recommended for performance Example awplus configur...

Page 1201: ...ebug mld command For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging mld Mode Privileged Exec Example awplus show debugging mld Output Related Commands debug mld show debugging mld MLD Debugging status MLD Decoder debugging is on MLD Encoder debugging is on MLD Events debugging is on MLD ...

Page 1202: ... output for show ipv6 mld groups The following command displays local membership information for all interfaces awplus show ipv6 mld groups detail Output Figure 30 3 Example output for show ipv6 mld groups detail Parameter Description ipv6 address Optional Specify Address of the multicast group in format X X X X interface Optional Specify the Interface name for which to display local information a...

Page 1203: ... interfaces enabled for MLD awplus show ipv6 mld interface Output Parameter Description interface Interface name awplus show ipv6 mld interface Interface vlan1 Index 301 MLD Enabled Active Querier Version 2 default Internet address is fe80 215 77ff fec9 7468 MLD interface has 0 group record states MLD activity 0 joins 0 leaves MLD robustness variable is 2 MLD last member query count is 2 MLD query...

Page 1204: ...r Exec and Privileged Exec Examples The following command displays the multicast router interfaces in vlan2 awplus show ipv6 mld snooping mrouter vlan2 Output The following command displays the multicast router interfaces for all VLAN interfaces awplus show ipv6 mld snooping mrouter Output Parameter Description interface Optional Specify the name of the VLAN interface Note If you do not specify a ...

Page 1205: ...snooping statistics interface interface Mode User Exec and Privileged Exec Example The following command displays MLDv2 statistical information for vlan1 awplus show ipv6 mld snooping statistics interface vlan1 Output Parameter Description interface The name of the VLAN interface awplus show ipv6 mld snooping statistics interface vlan1 MLD Snooping statistics for vlan1 Interface port1 0 1 Group ff...

Page 1206: ...the ipv6 multicast routing command Static IPv6 multicast routes take priority over dynamic IPv6 multicast routes Use the clear ipv6 mroute command to clear static IPv6 multicast routes and ensure dynamic IPv6 multicast routes can take over from previous static IPv6 multicast routes The IPv6 Multicast addresses shown can be derived from IPv6 unicast prefixes as per RFC 3306 The IPv6 unicast prefix ...

Page 1207: ...ute statistics on page 1211 ipv6 multicast forward slow path packet on page 1212 debug nsm mcast on page 1213 debug nsm mcast6 on page 1214 ip mroute on page 1215 ip multicast forward first packet on page 1217 ip multicast route on page 1218 ip multicast route limit on page 1220 ip multicast wrong vif suppression on page 1221 ip multicast routing on page 1222 ipv6 mroute on page 1223 ipv6 multicas...

Page 1208: ...in its IPv4 multicast route table and removes the entries from the multicast forwarder The MRIB sends a clear message to the multicast protocols Each multicast protocol has its own clear multicast route command The protocol specific clear command clears multicast routes from PIM Sparse Mode and also clears the routes from the MRIB Examples awplus clear ip mroute 225 1 1 1 192 168 3 3 awplus clear ...

Page 1209: ...ntries from the IP multicast routing table Syntax clear ip mroute statistics ipv4 group addr ipv4 source addr Mode Privileged Exec Example awplus clear ip mroute statistics 225 1 1 2 192 168 4 4 awplus clear ip mroute statistics Parameter Description All multicast route entries ipv4 group addr Group IPv4 address in dotted decimal notation in the format A B C D ipv4 source addr Source IPv4 address ...

Page 1210: ...elevant IPv6 multicast route entries in its IPv6 multicast route table and removes the entries from the multicast forwarder The MRIB sends a clear message to the multicast protocols Each multicast protocol has its own clear multicast route command This command does not remove static routes from the routing table or the configuration To remove static routes use the no parameter of the command ipv6 ...

Page 1211: ...se the clear ipv6 mroute command to clear static IPv6 multicast routes and ensure dynamic IPv6 multicast routes cantake over from previous static IPv6 multicast routes Syntax clear ipv6 mroute statistics ipv6 group address ipv6 source address Mode Privileged Exec Examples awplus clear ipv6 mroute statistics 2001 2 ff08 1 awplus clear ipv6 mroute statistics Parameter Description All multicast route...

Page 1212: ...f the smallest MTU among the outgoing interfaces for the multicast group It will also ensure that a received packet that is larger than the MTU value will result in the generation of an ICMP Too Big message Use the no variant of this command to disable the above functionality Syntax ipv6 multicast forward slow path packet no ipv6 multicast forward slow path packet Default Disabled Mode Privileged ...

Page 1213: ... nsm mcast fib msg awplus configure terminal awplus config debug nsm mcast mrt awplus configure terminal awplus config debug nsm mcast mtrace awplus configure terminal awplus config debug nsm mcast mtrace detail awplus configure terminal awplus config debug nsm mcast register awplus configure terminal awplus config debug nsm mcast stat awplus configure terminal awplus config debug nsm mcast vif Pa...

Page 1214: ...awplus configure terminal awplus config debug nsm mcast6 all awplus configure terminal awplus config debug nsm mcast6 fib msg awplus configure terminal awplus config debug nsm mcast6 mif awplus configure terminal awplus config debug nsm mcast6 mrt awplus configure terminal awplus config debug nsm mcast6 register awplus configure terminal awplus config debug nsm mcast6 stats Parameter Description a...

Page 1215: ...that source This command enables the user to statically configure the device with multicast routes back to given sources When performing the RPF check on a stream from a given IPv4 source the multicast routing protocol will look at these static entries as well as looking into the unicast routing table The route with the lowest Parameter Description ipv4 source address mask length A multicast sourc...

Page 1216: ...raversed in order to arrive at the current router Examples The following example creates a static multicast IPv4 route back to the sources in the 10 10 3 0 24 subnet The multicast route is via the host 192 168 2 3 and has an administrative distance of 2 awplus configure terminal awplus config ip mroute 10 10 3 0 24 static 2 192 168 2 3 2 The following example creates a static multicast IPv4 route ...

Page 1217: ... that create the multicast route possibly causing degradation in the quality of the multicast stream such as the pixelation of video and audio data NOTE If you use this command ensure that the ip igmp snooping command is enabled the default setting otherwise the device will not process the first packets of the multicast stream correctly The device will forward the first multicast packets to all in...

Page 1218: ... is configured PIM will not be able to update this multicast route in any way If a dynamic multicast route exists you cannot create a static multicast route with same source IPv4 address group IPv4 address upstream VLAN and downstream VLANs An error message is displayed and logged To add a new static multicast route either wait for the dynamic multicast route to timeout or clear the dynamic multic...

Page 1219: ...dress 2 2 2 2 and group IPv4 address 224 9 10 11 specifying the upstream VLAN interface as vlan10 use the following commands awplus configure terminal awplus config ip multicast route 2 2 2 2 224 9 10 11 vlan10 To create an IPv4 static multicast route for the multicast source IPv4 address 2 2 2 2 and group IP address 224 9 10 11 specifying the upstream VLAN interface as vlan10 and the downstream V...

Page 1220: ...Configuration Usage This command limits the number of multicast IPv4 routes mroutes that can be added to a router and generates an error message when the limit is exceeded If the threshold parameter is set a threshold warning message is generated when this threshold is exceeded and the message continues to occur until the number of mroutes reaches the limit set by the limit argument Examples awplu...

Page 1221: ...ong vif suppression no ip multicast wrong vif suppression Default By default this feature is disabled Mode Global Configuration Usage Use this command if there is excessive CPU load and multicast traffic is enabled To confirm that VIF messages are being sent to the CPU use the debug nsm mcast6 command Examples To enable the suppression of wrong VIF packets use the following commands awplus configu...

Page 1222: ...st routing no ip multicast routing Default By default IPv4 multicast routing is off Mode Global Configuration Usage When the no variant of this command is used the Multicast Routing Information Base MRIB cleans up Multicast Routing Tables MRT stops IGMP operation and stops relaying multicast forwarder events to multicast protocols When multicast routing is enabled the MRIB starts processing any MR...

Page 1223: ...via different paths to those used for unicast In this case the interface via which a multicast stream from a given source enters a router may not be the same as the interface that connects to the best unicast route to that source This command enables the user to statically configure the switch with multicast routes back to given sources When performing the RPF check on a stream from a Parameter De...

Page 1224: ...e current router will forward multicast instead it refers to the route the multicast will have traversed in order to arrive at the current router Examples The following example creates a static multicast route back to the sources in the 2001 1 64 subnet The multicast route is via the host 2002 2 and has an administrative distance of 2 awplus configure terminal awplus config ipv6 mroute 2001 1 64 s...

Page 1225: ...eam vlan id downstream vlan id Default By default no static routes exist Mode Global Configuration Usage Only one multicast route entry per IPv6 address and multicast group can be specified Therefore if one entry for an IPv6 static multicast route is configured PIM will not be able to update this multicast route in any way If a dynamic multicast route exists you cannot create a static multicast ro...

Page 1226: ...e or restoration When configuring the EPSR data VLAN statically configure mrouter ports so that the multicast router can be reached in either direction around the EPSR ring For example if port1 0 1 and port1 0 14 are ports on an EPSR data VLAN vlan101 which is the destination for a static IPv6 multicast route then configure both ports as multicast router mrouter ports as shown in the example comma...

Page 1227: ...specifying the upstream VLAN interface as vlan10 and the downstream VLAN range as vlan20 25 use the following commands awplus configure terminal awplus config ipv6 multicast route 2001 1 ff08 1 vlan10 vlan20 25 To remove the downstream VLAN 23 from the IPv6 static multicast route created with the above command use the following commands awplus configure terminal awplus config no ipv6 multicast rou...

Page 1228: ...l Configuration Usage This command limits the number of multicast IPv6 routes mroutes that can be added to a router and generates an error message when the limit is exceeded If the threshold parameter is set a threshold warning message is generated when this threshold is exceeded and the message continues to occur until the number of mroutes reaches the limit set by the limit argument Examples awp...

Page 1229: ...ticast routing Default By default IPv6 multicast routing is off Mode Global Configuration Usage When the no variant of this command is used the Multicast Routing Information Base MRIB cleans up Multicast Routing Tables MRT and stops relaying multicast forwarder events to multicast protocols When multicast routing is enabled the MRIB starts processing any MRT addition deletion requests and any mult...

Page 1230: ...but ports in the same VLANs as the receiving port will still receive the multicast packets CAUTION We do not recommend disabling multicast routing in a live network Some non multicast protocols use multicast packets and will not function correctly if you disable it Syntax multicast no multicast Default By default all device ports route multicast packets Mode Interface Configuration Examples To dis...

Page 1231: ...oup and source IPv4 address Figure 31 2 Example output from the show ip mroute command Parameter Description ipv4 group addr Group IPv4 address in dotted decimal notation in the format A B C D ipv4 source addr Source IPv4 address in dotted decimal notation in the format A B C D dense Display dense IPv4 multicast routes sparse Display sparse IPv4 multicast routes count Display the route and packet ...

Page 1232: ... 3 uptime 00 03 24 stat expires 00 01 28 Owner PIM SM Flags TF Incoming interface vlan2 Outgoing interface list vlan3 1 awplus show ip mroute count IP Multicast Statistics Total 1 routes using 132 bytes memory Route limit Route threshold 2147483647 2147483647 Total NOCACHE WRONGVIF WHOLEPKT recv from fwd 1 0 0 Total NOCACHE WRONGVIF WHOLEPKT sent to clients 1 0 0 Immediate Timed stat updates sent ...

Page 1233: ...Output Figure 31 6 Example output from the show ip mvif command Figure 31 7 Example output from the show ip mvif command with the interface parameter vlan2 specified Parameter Description interface The interface to display information about Interface Vif Owner TTL Local Remote Uptime Idx Module Address Address vlan2 0 PIM SM 1 192 168 1 53 0 0 0 0 00 04 26 Register 1 1 192 168 1 53 0 0 0 0 00 04 2...

Page 1234: ...F show ip rpf Overview Use this command to display Reverse Path Forwarding RPF information for the specified IPv4 source address Syntax show ip rpf source addr Mode User Exec and Privileged Exec Example awplus show ip rpf 10 10 10 50 Parameter Description ipv4 source addr Source IPv4 address in dotted decimal notation in the format A B C D ...

Page 1235: ...ample output of this command displaying the IPv6 multicast routing table for a single static IPv6 Multicast route Figure 31 8 Example output from the show ipv6 mroute command Parameter Description ipv6 group addr Group IPv6 address in hexadecimal notation in the format X X X X ipv6 source addr Source IPv6 address in hexadecimal notation in the format X X X X count Display the route and packet coun...

Page 1236: ...atistics Total 1 routes using 152 bytes memory Route limit Route threshold 1024 1024 Total NOCACHE WRONGmif WHOLEPKT recv from fwd 6 0 0 Total NOCACHE WRONGmif WHOLEPKT sent to clients 6 0 0 Immediate Timed stat updates sent to clients 0 0 Reg ACK recv Reg NACK recv Reg pkt sent 0 0 0 Next stats poll 00 01 14 Forwarding Counts Pkt count Byte count Other Counts Wrong If pkts Fwd msg counts WRONGmif...

Page 1237: ...status of multicast forwarding slow path packet setting Syntax show ipv6 multicast forwarding Mode User Exec Example To show the status of the multicast forwarding slow path packet setting use the following command awplus show ipv6 multicast forwarding Output Figure 31 11 Example output from the show ipv6 multicast forwarding command Related Commands ipv6 multicast forward slow path packet ipv6 mu...

Page 1238: ...how ipv6 mif awplus show ipv6 mif vlan2 Output Figure 31 12 Example output from the show ipv6 mif command Figure 31 13 Example output from the show ipv6 mif command with the interface parameter vlan2 specified Parameter Description interface The interface to display information about awplus show ipv6 mif Interface Mif Owner Uptime Idx Module vlan3 0 MLD MLD Proxy Service 03 28 48 vlan2 1 MLD MLD P...

Page 1239: ...3 debug pim sparse mode timer on page 1244 ip pim accept register list on page 1246 ip pim anycast rp on page 1247 ip pim bsr border on page 1248 ip pim bsr candidate on page 1249 ip pim cisco register checksum on page 1250 ip pim cisco register checksum group list on page 1251 ip pim crp cisco prefix on page 1252 ip pim dr priority on page 1253 ip pim exclude genid on page 1254 ip pim ext srcs di...

Page 1240: ... pim spt threshold on page 1271 ip pim spt threshold group list on page 1272 ip pim ssm on page 1273 show debugging pim sparse mode on page 1274 show ip pim sparse mode bsr router on page 1275 show ip pim sparse mode interface on page 1276 show ip pim sparse mode interface detail on page 1278 show ip pim sparse mode local members on page 1279 show ip pim sparse mode mroute on page 1281 show ip pim...

Page 1241: ...r multicast clients note that one router will be automatically or statically designated as the RP and all routers must explicitly join through the RP A Designated Router DR sends periodic Join Prune messages toward a group specific RP for each group that it has active members For multicast sources note that the Designated Router DR unicasts Register messages to the RP encapsulating the data packet...

Page 1242: ...oup address and optionally a specified multicast source address Syntax clear ip mroute Group IP address pim sparse mode clear ip mroute Group IP address Source IP address pim sparse mode Mode Privileged Exec Example awplus clear ip mroute pim sparse mode 224 0 0 0 awplus clear ip mroute 192 168 7 1 pim sparse mode 224 0 0 0 Parameter Description Group IP address Specify a multicast group IPv6 addr...

Page 1243: ...nfig debug pim sparse mode all Related Commands show debugging pim sparse mode undebug all pim sparse mode Parameter Description all Activates deactivates all PIM SM debugging events Activates debug printing of events mfc Activates debug printing of MFC Multicast Forwarding Cache in kernel add delete updates mib Activates debug printing of PIM SM MIBs nexthop Activates debug printing of PIM SM nex...

Page 1244: ... Enable or disable debugging for the Assert timers at Enable or disable debugging for the Assert Timer bsr Enable or disable debugging for the specified Bootstrap Router timer or all Bootstrap Router timers bst Enable or disable debugging for the Bootstrap Router Bootstrap Timer crp Enable or disable debugging for the Bootstrap Router Candidate RP Timer hello Enable or disable debugging for the sp...

Page 1245: ... SM Hello neighbor liveness timer use the command awplus config debug pim sparse mode timer hello ht To enable debugging for the PIM SM Joinprune expiry timer use the command awplus debug pim sparse mode timer joinprune et To disable debugging for the PIM SM Register timer use the command awplus no debug pim sparse mode timer register Related Commands show debugging pim sparse mode ot Enable or di...

Page 1246: ...or the packets sent by the specified sources By default the RP accepts register packets from all multicast sources Use the no variant of this command to revert to default Syntax ip pim accept register list simplerange exprange access list no ip pim accept register Mode Global Configuration Example awplus configure terminal awplus config ip pim accept register list 121 awplus config access list 121...

Page 1247: ...ddress identifies a set of receiver endpoints from which only one receiver endpoint is chosen Use this command to specify the Anycast RP configuration in the Anycast RP set Use the no variant of this command to remove the Anycast RP configuration Note that the member RP address is optional when using the no parameter to remove the Anycast RP configuration removing the anycast RP address also remov...

Page 1248: ...sages will be sent or received through the interface Configure an interface bordering another PIM domain with this command to avoid BSR messages from being exchanged between the two PIM domains BSR messages should not be exchanged between different domains because devices in one domain may elect Rendezvous Points RPs in the other domain resulting in loss of isolation between the two PIM domains th...

Page 1249: ...ult priority parameter value is 64 Examples To set the BSR candidate to the VLAN interface vlan2 with the optional mask length and BSR priority parameters enter the commands shown below awplus configure terminal awplus config ip pim bsr candidate vlan2 20 30 To withdraw the address of vlan2 from being offered as a BSR candidate enter awplus configure terminal awplus config no ip pim bsr candidate ...

Page 1250: ...he Register checksum over the whole packet This command is used to inter operate with older Cisco IOS versions Use the no variant of this command to disable this option Syntax ip pim cisco register checksum no ip pim cisco register checksum Default This command is disabled by default By default Register Checksum is calculated only over the header Mode Global Configuration Example awplus configure ...

Page 1251: ...to inter operate with older Cisco IOS versions Use the no variant of this command to revert to default settings Syntax ip pim cisco register checksum group list simplerange exprange access list no ip pim cisco register checksum group list simplerange exprange access ist Mode Global Configuration Example awplus configure terminal awplus config ip pim cisco register checksum group list 34 awplus con...

Page 1252: ... the default IPv4 multicast group range 224 4 are sent with a prefix of 1 Use the no variant of this command to revert to the default settings Syntax ip pim crp cisco prefix no ip pim crp cisco prefix Mode Global Configuration Usage Cisco s BSR code does not conform to the latest BSR draft It does not accept candidate RPs with a group prefix number of zero To make the candidate RP work with a Cisc...

Page 1253: ...ult Mode Interface Configuration for a VLAN interface Examples To set the Designated Router priority value to 11234 for the VLAN interface vlan2 apply the commands as shown below awplus configure terminal awplus config interface vlan2 awplus config if ip pim dr priority 11234 To disable the Designated Router priority value for the VLAN interface vlan2 apply the commands as shown below awplus confi...

Page 1254: ...y the PIM module on a particular interface This command is used to inter operate with older Cisco IOS versions Use the no variant of this command to revert to default settings Syntax ip pim exclude genid no ip pim exclude genid Default By default this command is disabled the GenID option is included Mode Interface Configuration for a VLAN interface Example awplus configure terminal awplus config i...

Page 1255: ...ctly connected Syntax ip pim ext srcs directly connected no ip pim ext srcs directly connected Default The no variant of this command is the default behavior Mode Interface Configuration for a VLAN interface Example To configure PIM to treat all sources as directly connected for VLAN interface vlan2 use the following commands awplus configure terminal awplus config interface vlan2 awplus config if...

Page 1256: ...lo holdtime value is 3 5 the current hello interval The default hello holdtime is restored using the negated form of this command Mode Interface Configuration for a VLAN interface Usage Each time the hello interval is updated the hello holdtime is also updated according to the following rules If the hello holdtime is not configured or if the hello holdtime is configured and less than the current h...

Page 1257: ...value is 30 seconds The default is restored using the negated form of this command Mode Interface Configuration for a VLAN interface Usage When the hello interval is configured and the hello holdtime is not configured or when the configured hello holdtime value is less than the new hello interval value the holdtime value is modified to the 3 5 hello interval Otherwise the hello holdtime value is t...

Page 1258: ...this command to ignore the RP SET priority value and use only the hashing mechanism for RP selection This command is used to inter operate with older Cisco IOS versions Use the no variant of this command to disable this setting Syntax ip pim ignore rp set priority no ip pim ignore rp set priority Mode Global Configuration Example awplus configure terminal awplus config ip pim ignore rp set priorit...

Page 1259: ...he PIM SM join prune timer to its default value of 60 seconds which corresponds to a join prune packet holdtime of 210 seconds Syntax ip pim jp timer 1 65535 no ip pim jp timer 1 65535 Default The default join prune timer value is 60 seconds Mode Global Configuration Example To set the join prune timer value to 300 seconds use the commands awplus configure terminal awplus config ip pim jp timer 30...

Page 1260: ...he neighbor or terminate adjacency with the existing neighbors if denied by the filtering access list Use the no variant of this command to disable this function Syntax ip pim neighbor filter number accesslist no ip pim neighbor filter number accesslist Default By default there is no filtering Mode Interface Configuration for a VLAN interface Example awplus configure terminal awplus config interfa...

Page 1261: ...figure the rate of register packets sent by this DR in units of packets per second Use the no variant of this command to remove the limit Syntax ip pim register rate limit 1 65535 no ip pim register rate limit Mode Global Configuration Example awplus configure terminal awplus config ip pim register rate limit 3444 Parameter Description 1 65535 Specifies the maximum number of packets that can be se...

Page 1262: ...achability check for PIM Register processing at the DR The default setting is no checking for RP reachability Use the no variant of this command to disable this processing Syntax ip pim register rp reachability no ip pim register rp reachability Default This command is disabled by default there is no checking for RP reachability Mode Global Configuration Example awplus configure terminal awplus co...

Page 1263: ...rd the source host Syntax ip pim register source source_address interface no ip pim register source Usage The configured address must be a reachable address to be used by the RP to send corresponding Register Stop messages in response It is normally the local loopback interface address but can also be a physical address This address must be advertised by unicast routing protocols on the DR The con...

Page 1264: ... this value modifies register suppression time at the DR Configuring this value at the RP modifies the RP keepalive period value if the ip pim rp register kat command is not used Use the no variant of this command to reset the value to its default of 60 seconds Syntax ip pim register suppression 1 65535 no ip pim register suppression Mode Global Configuration Example awplus configure terminal awpl...

Page 1265: ...ically are both available for a group range then the RP address configured through BSR is chosen over the statically configured RP address A single static RP can be configured for multiple group ranges using Access Lists However configuring multiple static RPs using ip pim rp address command with the same RP address is not allowed The static RP can either be configured for the whole multicast grou...

Page 1266: ... list is sorted in a descending order of IP addresses When selecting static RPs for a group range the first element which is the static RP with highest IP address is chosen RP address deletion is handled by removing the static RP from all the existing group ranges and recalculating the RPs for existing TIB states if required Group mode and RP address mappings learned through BSR take precedence ov...

Page 1267: ...erval or grouplist parameters will configure the candidate RP with a priority value of 192 Examples To specify a priority of 3 use the following commands awplus configure terminal awplus config ip pim rp candidate vlan2 priority 3 To use the ACL numbered 3 to specify the group prefixes that are advertised in association with the RP address use the following commands awplus configure terminal awplu...

Page 1268: ...ant of this command to return the PIM SM KAT timer to its default value of 210 seconds Syntax ip pim rp register kat 1 65535 no ip pim rp register kat Mode Global Configuration Default The default PIM SM KAT timer value is 210 seconds Examples awplus configure terminal awplus config ip pim rp register kat 3454 awplus configure terminal awplus config no ip pim rp register kat Related Commands ip pi...

Page 1269: ...e PIM SM on the VLAN interface Use the no variant of this command to disable PIM SM on the VLAN interface Syntax ip pim sparse mode no ip pim sparse mode Mode Interface Configuration for a VLAN interface Examples awplus configure terminal awplus config interface vlan2 awplus config if ip pim sparse mode awplus configure terminal awplus config interface vlan2 awplus config if no ip pim sparse mode ...

Page 1270: ...pim sparse mode passive no ip pim sparse mode passive Mode Interface Configuration for a VLAN interface Usage Passive mode essentially stops PIM transactions on the interface allowing only IGMP mechanism to be active To turn off passive mode use the no ip pim sparse mode passive or the ip pim sparse mode command To turn off PIM activities on the VLAN interface use the no ip pim sparse mode command...

Page 1271: ...ch to SPT NOTE The switching to SPT happens either at the receiving of the first data packet or not at all it is not rate based Syntax ip pim spt threshold no ip pim spt threshold Mode Global Configuration Examples To enable the last hop PIM SM router to switch to SPT use the following commands awplus configure terminal awplus config ip pim spt threshold To stop the last hop PIM SM router from bei...

Page 1272: ...of this command to turn off switching to the SPT Syntax ip pim spt threshold group list simplerange expandedrange named accesslist no ip pim spt threshold group list simplerange expandedrange named accesslist Mode Global Configuration Usage Turn on off the ability for the last hop PIM router to switch to SPT for multicast group addresses specified by the given access list Example awplus configure ...

Page 1273: ...ion Usage When an SSM range of IP multicast addresses is defined by the ip pim ssm command the no G or S G rpt state will be initiated for groups in the SSM range The messages corresponding to these states will not be accepted or originated in the SSM range Examples The following commands show how to configure SSM service for the IP address range defined by access list 10 awplus configure terminal...

Page 1274: ...re Overview and Configuration Guide Syntax show debugging pim sparse mode Mode User Exec and Privileged Exec Example To display PIM SM debugging settings use the command awplus show debugging pim sparse mode Figure 32 1 Output from the show debugging pim sparse mode command Related Commands debug pim sparse mode Debugging status PIM event debugging is on PIM Hello THT timer debugging is on PIM eve...

Page 1275: ... command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip pim sparse mode bsr router Mode User Exec and Privileged Exec Output Figure 32 2 Output from the show ip pim sparse mode bsr router command Related Commands show ip pim sparse mode rp mapping show ip pim sparse mode neighbor PIMv2 Bootstrap information BSR address 10 10 11 35 Uptime...

Page 1276: ...es 16 Maximum allowed 31 Total active interfaces 12 Address Interface VIFindex Ver Nbr DR DR Mode Count Prior 192 168 1 53 vlan2 0 v2 S 2 2 192 168 1 53 192 168 10 53 vlan3 2 v2 S 0 2 192 168 10 53 Note that this screen has been edited to remove any additional interfaces Table 1 Parameters in the output from the show ip pim sparse mode interface command Parameters Description Total configured inte...

Page 1277: ...OW IP PIM SPARSE MODE INTERFACE Related Commands ip pim sparse mode show ip pim sparse mode rp mapping show ip pim sparse mode neighbor DR Priority Designated Router priority DR The IP address of the Designated Router Table 1 Parameters in the output from the show ip pim sparse mode interface command cont Parameters Description ...

Page 1278: ...ng Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip pim sparse mode interface detail Mode User Exec and Privileged Exec Output Figure 32 3 Example output from the show ip pim sparse mode interface detail command vlan3 vif 3 Address 192 168 1 149 DR 192 168 1 149 Hello period 30 seconds Next Hello in 15 seconds Triggered Hello period 5 seconds Neighbors 192 168 1...

Page 1279: ...ure Overview and Configuration Guide Syntax show ipv6 pim sparse mode local members interface Mode User Exec and Privileged Exec Example To show detailed PIM SM information for all PIM SM configured VLAN interfaces use the command awplus show ipv6 pim sparse mode local members Output Figure 32 4 Example output from the show ip pim sparse mode local members command Example To show detailed PIM SMv6...

Page 1280: ...ng System Version 5 4 6 1 x PIM SM COMMANDS SHOW IP PIM SPARSE MODE LOCAL MEMBERS Output Figure 32 5 Example output from the show ip pim sparse mode local members vlan1 command awplus show ip pim sparse mode local members vlan1 PIM Local membership information vlan1 224 0 0 4 Include ...

Page 1281: ...ow ip pim sparse mode mroute group address source address show ip pim sparse mode mroute source address group address show ip pim sparse mode mroute group address source address Mode User Exec and Privileged Exec Usage Note that when a feature license is enabled the output for show ip pim sparse mode mroute command will only show 32 interfaces because of the terminal display width limit Use the sh...

Page 1282: ... show ip pim sparse mode mroute device1 sh ip pim sparse mode mrouteIP Multicast Routing Table RP Entries 0 G Entries 64 S G Entries 128 S G rpt Entries 64 FCR Entries 0 MRIB Msg Cache Hit 0 192 168 2 101 224 1 1 1 RPF nbr 0 0 0 0 RPF idx None SPT bit 1 Upstream State JOINED Local Joined Asserted Outgoing Interop listener rx data flags ES EDW RXD DAJ EOE 0x00000000 0x00000000 0x00000001 ...

Page 1283: ...ode mroute group address source address detail show ip pim sparse mode mroute group address source address detail show ip pim sparse mode mroute source address group address detail Usage Based on the group and source address the output is the selected route if present in the multicast route tree Mode User Exec and Privileged Exec Examples awplus show ip pim sparse mode mroute detail awplus show ip...

Page 1284: ...l command IP Multicast Routing Table RP Entries 0 G Entries 4 S G Entries 0 S G rpt Entries 0 FCR Entries 0 224 0 1 24 Uptime 00 06 42 RP 0 0 0 0 RPF nbr None RPF idx None Upstream State JOINED SPT Switch Disabled JT off Macro state Join Desired Downstream vlan2 State NO INFO ET off PPT off Assert State NO INFO AT off Winner 0 0 0 0 Metric 4294967295l Pref 4294967295l RPT bit on Macro state Could ...

Page 1285: ... 8 Example output from the show ip pim sparse mode neighbor command Figure 32 9 Example output from the show ip pim sparse mode neighbor interface detail command Parameter Description interface Interface name e g vlan2 Show neighbors on an interface ip address Show neighbors with a particular address on an interface The IP address entered in the form A B C D detail Show detailed information Neighb...

Page 1286: ...op Nexthop Nexthop Nexthop Metric Pref Refcnt Num Addr Ifindex Name ____________________________________________________________________________ 10 10 0 9 RS 1 0 0 0 0 4 0 0 1 Table 2 Parameters in output of the show ip pim sparse mode nexthop command Parameter Description Destination The destination address for which PIM SM requires next hop information Type The type of destination as indicated b...

Page 1287: ...saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip pim sparse mode rp hash group addr Mode User Exec and Privileged Exec Example awplus show ip pim sparse mode rp hash 224 0 1 3 Figure 32 11 Output from the show ip pim sparse mode rp hash command Related Commands show ip pim sparse mode rp mapping Parameter Description group a...

Page 1288: ...tering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip pim sparse mode rp mapping Mode User Exec and Privileged Exec Example awplus show ip pim sparse mode rp mapping Figure 32 12 Output from the show ip pim sparse mode rp mapping command Related Commands show ip pim sparse mode rp hash PIM Group to RP Mappings Group s ...

Page 1289: ...tem Version 5 4 6 1 x PIM SM COMMANDS UNDEBUG ALL PIM SPARSE MODE undebug all pim sparse mode Overview Use this command to disable all PIM SM debugging Syntax undebug all pim sparse mode Mode Privileged Exec Example awplus undebug all pim sparse mode Related Commands debug pim sparse mode ...

Page 1290: ...v6 Multicast addresses showncanbederivedfromIPv6unicastprefixes as per RFC 3306 The IPv6 unicast prefix reserved for documentation is 2001 0db8 32 as per RFC 3849 Using the base 32 prefix the IPv6 multicast prefix for 2001 0db8 32 is ff3x 20 2001 0db8 64 Where an RP address is 2001 0db8 1 the embedded RP multicast prefix is ff7x 120 2001 0db8 96 For ASM Any Source Multicast the IPV6 multicastaddre...

Page 1291: ...llo interval on page 1312 ipv6 pim ignore rp set priority on page 1313 ipv6 pim jp timer on page 1314 ipv6 pim neighbor filter on page 1315 ipv6 pim register rate limit on page 1316 ipv6 pim register rp reachability on page 1317 ipv6 pim register source on page 1318 ipv6 pim register suppression on page 1319 ipv6 pim rp address on page 1320 ipv6 pim rp candidate on page 1322 ipv6 pim rp embedded o...

Page 1292: ...de mroute on page 1339 show ipv6 pim sparse mode mroute detail on page 1341 show ipv6 pim sparse mode neighbor on page 1343 show ipv6 pim sparse mode nexthop on page 1344 show ipv6 pim sparse mode rp hash on page 1345 show ipv6 pim sparse mode rp mapping on page 1346 show ipv6 pim sparse mode rp nexthop on page 1347 undebug all ipv6 pim sparse mode on page 1349 undebug ipv6 pim sparse mode on page...

Page 1293: ...verdynamicIPv6multicastroutes Use the clear ipv6 mroute command to clear static IPv6 multicast routes and ensure dynamic IPv6 multicast routes cantake over from previous static IPv6 multicast routes Syntax clear ipv6 mroute pim sparse mode Mode Privileged Exec Example awplus clear ipv6 mroute pim sparse mode awplus clear ipv6 mroute pim sparse mode Parameter Description Clears all PIM SMv6 multica...

Page 1294: ...micIPv6multicastroutes Use the clear ipv6 mroute command to clear static IPv6 multicast routes and ensure dynamic IPv6 multicast routes cantake over from previous static IPv6 multicast routes Syntax clear ipv6 mroute Group IPv6 add pim sparse mode clear ipv6 mroute Group IPv6 add Source IPv6 add pim sparse mode Mode Privileged Exec Example awplus clear ipv6 mroute 2001 db8 pim sparse mode awplus c...

Page 1295: ...ake over from previous static IPv6 multicast routes Syntax clear ipv6 pim sparse mode bsr rp set Mode Privileged Exec Usage For multicast clients note that one router will be automatically or statically designated as the RP and all routers must explicitly join through the RP A Designated Router DR sends periodic Join Prune messages toward a group specific RP for each group that it has active membe...

Page 1296: ...lus configure terminal awplus config terminal monitor awplus config debug ipv6 pim sparse mode all awplus configure terminal awplus config terminal monitor awplus config debug ipv6 pim sparse mode events awplus configure terminal awplus config terminal monitor awplus config debug ipv6 pim sparse mode nexthop Parameter Description all Activates deactivates all PIM SMv6 debugging events Activates de...

Page 1297: ...mode packet awplus show debugging ipv6 pim sparse mode PIM SMv6 debugging status PIM event debugging is on PIM MFC debugging is off PIM state debugging is on PIM packet debugging is on PIM Hello HT timer debugging is off PIM Hello NLT timer debugging is off PIM Hello THT timer debugging is off PIM Join Prune JT timer debugging is off PIM Join Prune ET timer debugging is off PIM Join Prune PPT time...

Page 1298: ...onfigure terminal awplus config terminal monitor awplus config debug ipv6 pim sparse mode packet in awplus configure terminal awplus config terminal monitor awplus config debug ipv6 pim sparse mode packet out awplus configure terminal awplus config terminal monitor awplus config no debug ipv6 pim sparse mode packet in awplus configure terminal awplus config terminal monitor awplus config no debug ...

Page 1299: ... pim ipv6 sparse mode timer register rst Parameter Description assert Enable or disable debugging for the Assert timers at Enable or disable debugging for the Assert Timer bsr Enable or disable debugging for the specified Bootstrap Router timer or all Bootstrap Router timers bst Enable or disable debugging for the Bootstrap Router Bootstrap Timer crp Enable or disable debugging for the Bootstrap R...

Page 1300: ...e command awplus config debug ipv6 pim sparse mode timer hello ht To enable debugging for the PIM SMv6 Joinprune expiry timer use the command awplus debug ipv6 pim sparse mode timer joinprune et To disable debugging for the PIM SMv6 Register timer use the command awplus no debug ipv6 pim sparse mode timer register Related commands show debugging ipv6 pim sparse mode kat Enable or disable debugging...

Page 1301: ...he RP accepts register packets from all multicast sources Use the no variant of this command to revert to default Syntax ipv6 pim accept register list access list no ipv6 pim accept register Mode Global Configuration Example awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing awplus config ipv6 pim accept register list G2 awplus config ipv6 access list stan...

Page 1302: ...ints from which only one receiver endpoint is chosen Use this command to specify the Anycast RP configuration in the Anycast RP set Use the no variant of this command to remove the Anycast RP configuration Note that the member RP address is optional when using the no parameter to remove the Anycast RP configuration removing the anycast RP address also removes the member RP address Examples The fol...

Page 1303: ...figure an interface bordering another PIM SMv6 domain with this command to avoid BSR messages from being exchanged between the two PIM SMv6 domains BSR messages should not be exchanged between different domains because devices in one domain may elect Rendezvous Points RPs in the other domain resulting in loss of isolation between the two PIM domains that would stop the PIM SMv6 protocol from worki...

Page 1304: ... set the BSR candidate to the VLAN interface vlan2 with the optional mask length and BSR priority parameters enter the commands shown below awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing awplus config ipv6 pim bsr candidate vlan2 20 30 To withdraw the address of vlan2 from being offered as a BSR candidate enter awplus configure terminal awplus config n...

Page 1305: ...r operate with older Cisco IOS versions Use the no variant of this command to disable this option Syntax ipv6 pim cisco register checksum no ipv6 pim cisco register checksum Default This command is disabled by default By default Register Checksum is calculated only over the header Mode Global Configuration Example awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast...

Page 1306: ...t no ipv6 pim cisco register checksum group list IPv6 access list Mode Global Configuration Default This command is disabled by default By default Register Checksum is calculated only over the header Example awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing awplus config ipv6 pim cisco register checksum group list G1 awplus config ipv6 access list standar...

Page 1307: ... variant of this command to revert to the default settings Syntax ipv6 pim crp cisco prefix no ipv6 pim crp cisco prefix Mode Global Configuration Usage Cisco s BSR code does not conform to the latest BSR draft it does not accept candidate RPs with a group prefix number of zero To make the candidate RP work with a Cisco BSR use the ipv6 pim crp cisco prefix command when interoperating with older v...

Page 1308: ...s To set the Designated Router priority value to 11234 for the VLAN interface vlan2 apply the commands as shown below awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing awplus config interface vlan2 awplus config if ipv6 enable awplus config if ipv6 pim dr priority 11234 To disable the Designated Router priority value for the VLAN interface vlan2 apply the...

Page 1309: ...co IOS versions Use the no variant of this command to revert to default settings Syntax ipv6 pim exclude genid no ipv6 pim exclude genid Default By default this command is disabled the GenID option is included Mode Interface Configuration for a VLAN interface Examples awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing awplus config interface vlan2 awplus c...

Page 1310: ...ed no ipv6 pim ext srcs directly connected Default The no variant of this command is the default behavior Mode Interface Configuration for a VLAN interface Example To configure PIM SMv6 to treat all sources as directly connected for VLAN interface vlan2 use the following commands awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing awplus config interface vl...

Page 1311: ... The default hello holdtime is restored using the negated form of this command Mode Interface Configuration for a VLAN interface Usage Each time the hello interval is updated the hello holdtime is also updated according to the following rules If the hello holdtime is not configured or if the hello holdtime is configured and less than the current hello interval value it is modified to the 3 5 hello...

Page 1312: ...tored using the negated form of this command Mode Interface Configuration for a VLAN interface Usage When the hello interval is configured and the hello holdtime is not configured or when the configured hello holdtime value is less than the new hello interval value the holdtime value is modified to the 3 5 hello interval Otherwise the hello holdtime value is the configured value Example awplus con...

Page 1313: ...mechanism for RP selection Use the no variant of this command to disable this setting Syntax ipv6 pim ignore rp set priority no ipv6 pim ignore rp set priority Mode Global Configuration Usage This command is used to inter operate with older Cisco IOS versions Example awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing awplus config ipv6 pim ignore rp set pr...

Page 1314: ...s neighbors Use the no variant of this command to return the PIM SMv6 join prune timer to its default value of 210 seconds Syntax ipv6 pim jp timer 1 65535 no ipv6 pim jp timer 1 65535 Default The default PIM SMv6 join prune timer value is 210 seconds Mode Global Configuration Example awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing awplus config ipv6 pi...

Page 1315: ... ipv6 pim neighbor filter IPv6 accesslist Default By default there is no neighbor filtering applied to an interface Mode Interface Configuration for a VLAN interface Example awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing awplus config interface vlan2 awplus config ipv6 enable awplus config if ipv6 pim neighbor filter filter1 awplus config if ipv6 acces...

Page 1316: ...his command to remove the limit and reset to the default rate limit Syntax ipv6 pim register rate limit 1 65535 no ipv6 pim register rate limit Mode Global Configuration Default The default is 0 as reset with the no variant which also specifies an unlimited rate limit Examples awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing awplus config ipv6 pim regist...

Page 1317: ...ing is no checking for RP reachability Use the no variant of this command to disable this processing Syntax ipv6 pim register rp reachability no ipv6 pim register rp reachability Default This command is disabled by default there is no checking for RP reachability Mode Global Configuration Examples awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing awplus c...

Page 1318: ...d by the RP to send corresponding Register Stop messages in response It is normally the local loopback IPv6 interface address but can also be a physical IPv6 address This IPv6 addressmustbeadvertised byunicastroutingprotocols ontheDR Theconfigured interface does not have to be PIM SMv6 enabled Mode Global Configuration Examples awplus configure terminal awplus config ipv6 forwarding awplus config ...

Page 1319: ...er suppression Mode Global Configuration Default The default PIM SMv6 register suppression time is 60 seconds and is restored with the no variant of this command Usage Configuring this value modifies register suppression time at the DR Configuring this value at the RP modifies the RP keepalive period value if the ipv6 pim rp register kat command is not used Examples awplus configure terminal awplu...

Page 1320: ... BSR is chosen over the statically configured RP address A single static RP can be configured for multiple group ranges using software IPv6 access lists ACLs However configuring multiple static RPs using ipv6 pim rp address command with the same RP address is not allowed The static RP can either be configured for the whole multicast group range ff00 8 without using IPv6 ACLs or for specific group ...

Page 1321: ...is the static RP with highest IPv6 address is chosen RP address deletion is handled by removing the static RP from all the existing group ranges and recalculating the RPs for existing TIB states if required Group mode and RP address mappings learned through BSR take precedence over mappings statistically defined by the ipv6 pim rp address command Commands with the override keyword take precedence ...

Page 1322: ...ure the candidate RP with a priority value of 192 Examples To specify a priority of 3 use the following commands awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing awplus config ipv6 pim rp candidate vlan2 priority 3 To use the ACL named G2 to specify the group prefixes that are advertised in association with the RP address use the following commands awplu...

Page 1323: ...ing System Version 5 4 6 1 x PIM SMV6 COMMANDS IPV6 PIM RP CANDIDATE To stop the device from being an RP candidate on vlan2 use the following commands awplus configure terminal awplus config no ipv6 pim rp candidate vlan2 Related commands ipv6 pim rp address ipv6 pim rp register kat ...

Page 1324: ...ort is enabled by default use the no variant of this command to disable the default Syntax ipv6 pim rp embedded no ipv6 pim rp embedded Mode Global Configuration Default Embedded RP is enabled by default in the AlliedWare Plus implementation of PIM SMv6 Examples The following example re enables embedded RP support the default state in PIM SMv6 awplus configure terminal awplus config ipv6 forwardin...

Page 1325: ... SMv6 KAT timer to its default value of 210 seconds Syntax ipv6 pim rp register kat 1 65535 no ipv6 pim rp register kat Mode Global Configuration Default The default PIM SMv6 KAT timer value is 210 seconds Examples awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing awplus config ipv6 pim rp register kat 3454 awplus configure terminal awplus config no ipv6 ...

Page 1326: ... of this command to disable PIM SMv6 on a VLAN interface Syntax ipv6 pim sparse mode no ipv6 pim sparse mode Mode Interface Configuration for a VLAN interface Examples awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing awplus config interface vlan2 awplus config if ipv6 enable awplus config if ipv6 pim sparse mode awplus configure terminal awplus config in...

Page 1327: ...r local members on a VLAN interface Syntax ipv6 pim sparse mode passive no ipv6 pim sparse mode passive Mode Interface Configuration for a VLAN interface Usage Passive mode essentially stops PIM SMv6 transactions on the interface allowing only the MLD mechanism to be active Examples awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing awplus config interface...

Page 1328: ...SPT happens either at the receiving of the first data packet or not at all it is not rate based Syntax ipv6 pim spt threshold no ipv6 pim spt threshold Mode Global Configuration Examples To enable the last hop PIM SMv6 router to switch to SPT use the following commands awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing awplus config ipv6 pim spt threshold ...

Page 1329: ... spt threshold group list IPv6 access list Mode Global Configuration Examples To enable the last hop PIM SMv6 router to switch to SPT for groups specified by the ACL named G1 use the following commands awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing awplus config ipv6 pim spt threshold group list G1 awplus config ipv6 access list standard G1 permit 2001...

Page 1330: ...ulticast groups addresses within the range are not installed in PIM SMv6 mroute table Examples The following example shows how to configure SSM service for the IPv6 address range defined by IPv6 access list IPv6 PIM SSM RANGE awplus configure terminal awplus config ipv6 access list standard IPv6 PIM SSM RANGE permit ff3e 32 awplus config ipv6 pim ssm range IPv6 PIM SSM RANGE The following commands...

Page 1331: ...rface Configuration for a VLAN interface Default Unicast BSM is disabled by default on an interface Usage This command provides backward compatibility with older versions of the Boot Strap Router BSR specification which directs unicast BSM to refresh the state of new or restarting neighbors The current BSR specification defines a No Forward BSM to achieve the same result Examples awplus configure ...

Page 1332: ...im sparse mode Figure 33 2 Example output from the show debugging ipv6 pim sparse mode command Related commands debug ipv6 pim sparse mode undebug ipv6 pim sparse mode awplus show debugging ipv6 pim sparse mode Debugging status PIM event debugging is on PIM MFC debugging is on PIM state debugging is on PIM packet debugging is on PIM Hello HT timer debugging is on PIM Hello NLT timer debugging is o...

Page 1333: ...im sparse mode bsr router Mode User Exec and Privileged Exec Example To display the BSR IPv6 address use the command awplus show ipv6 pim sparse mode bsr router Output Figure 33 3 Example output from the show ipv6 pim sparse mode bsr router command Related commands show ipv6 pim sparse mode rp mapping show ipv6 pim sparse mode neighbor awplus show ipv6 pim sparse mode bsr router PIM6v2 Bootstrap i...

Page 1334: ... Mode User Exec and Privileged Exec Examples To display information about all PIM SMv6 interfaces use the command awplus show ipv6 pim sparse mode interface awplus show ipv6 pim sparse mode interface Interface VIFindex Ver Nbr DR Mode Count Priority vlan2 0 v2 S 2 1 Address fe80 207 e9ff fe02 81d Global Address 3ffe 192 168 1 53 DR fe80 20e cff fe01 facc vlan3 2 v2 S 2 1 Address fe80 207 e9ff fe02...

Page 1335: ...e for x510 Series 1335 AlliedWare Plus Operating System Version 5 4 6 1 x PIM SMV6 COMMANDS SHOW IPV6 PIM SPARSE MODE INTERFACE Related commands ipv6 pim sparse mode show ipv6 pim sparse mode rp mapping show ipv6 pim sparse mode neighbor ...

Page 1336: ... Example To show detailed PIM SMv6 information for all PIM SMv6 configured interfaces use the command awplus show ipv6 pim sparse mode interface detail Output Figure 33 4 Example output from the show ipv6 pim sparse mode interface detail command awplus show ipv6 pim sparse mode interface detail vlan2 vif 0 Address fe80 207 e9ff fe02 81d DR fe80 20e cff fe01 facc Hello period 30 seconds Next Hello ...

Page 1337: ... Overview and Configuration Guide Syntax show ipv6 pim sparse mode local members interface Mode User Exec and Privileged Exec Example To show detailed PIM SMv6 information for all PIM SMv6 configured VLAN interfaces use the command awplus show ipv6 pim sparse mode local members Output Figure 33 5 Example output from the show ipv6 pim sparse mode local members command Example To show detailed PIM S...

Page 1338: ...m Version 5 4 6 1 x PIM SMV6 COMMANDS SHOW IPV6 PIM SPARSE MODE LOCAL MEMBERS Output Figure 33 6 Example output from the show ipv6 pim sparse mode local members vlan1 command awplus show ipv6 pim sparse mode local members vlan1 PIM Local membership information vlan1 ff02 1 ff6b 4783 Include ...

Page 1339: ...ow ipv6 pim sparse mode mroute source IPv6 address group IPv6 address Mode User Exec and Privileged Exec Usage Note that when a feature license is enabled the output for the show ipv6 pim sparse mode mroute command will only show 100 interfaces because of the terminal display width limit Use the show ipv6 pim sparse mode mroute detail command to display detailed entries of the IPv6 multicast routi...

Page 1340: ...RP Entries 0 G Entries 2 S G Entries 0 S G rpt Entries 0 FCR Entries 2 ff0x db8 0 0 96 RP 3ffe 10 10 5 153 RPF nbr fe80 202 b3ff fed4 69fe RPF idx wm0 Upstream State JOINED Local l Joined Asserted FCR Source 3ffe 10 10 1 96 Outgoing o KAT timer running 205 seconds remaining Packet count 1 ff0x db8 0 0 96 RP 3ffe 10 10 5 153 RPF nbr fe80 202 b3ff fed4 69fe RPF idx wm0 Upstream State JOINED Local l ...

Page 1341: ...ss source IPv6 address detail show ipv6 pim sparse mode mroute group IPv6 address source IPv6 address detail show ipv6 pim sparse mode mroute source IPv6 address group IPv6 address detail Usage Based on the group and source IPv6 address the output is the selected route if present in the multicast route tree Mode User Exec and Privileged Exec Examples awplus show ipv6 pim sparse mode mroute detail ...

Page 1342: ...l IPv6 Multicast Routing Table RP Entries 0 G Entries 1 S G Entries 0 S G rpt Entries 0 FCR Entries 0 ff13 10 Uptime 00 00 09 RP RPF nbr None RPF idx None Upstream State JOINED SPT Switch Enabled JT off Macro state Join Desired Downstream vlan2 State NO INFO ET off PPT off Assert State NO INFO AT off Winner Metric 4294967295l Pref 4294967295l RPT bit on Macro state Could Assert Assert Track Local ...

Page 1343: ...tput from the show ipv6 pim sparse mode neighbor command Figure 33 10 Example output from the show ipv6 pim sparse mode neighbor interface detail command Parameter Description interface Interface name e g vlan2 Show neighbors on an interface IPv6 address Show neighbors with a particular address on an interface The IPv6 address entered in the form X X X X detail Show detailed information awplus sho...

Page 1344: ...pe Nexthop Nexthop Nexthop Nexthop Metric Pref Refcnt Num Addr Ifindex Name _____________________________________________________________________________________ 3ffe 10 10 5 153 RS 1 fe80 20e cff fe01 facc 2 30 110 1 Table 2 Parameters in output of the show ipv6 pim sparse mode nexthop command Parameter Description Destination The destination address for which PIM SMv6 requires next hop informati...

Page 1345: ...e Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ipv6 pim sparse mode rp hash IPv6 group addr Mode User Exec and Privileged Exec Example awplus show ipv6 pim sparse mode rp hash ff04 10 Figure 33 12 Output from the show ipv6 pim sparse mode rp hash command Related commands show ipv6 pim sparse mode rp mapping Parameter Description IPv6 group addr The IPv6...

Page 1346: ...ommand output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ipv6 pim sparse mode rp mapping Mode User Exec and Privileged Exec Example awplus show ipv6 pim sparse mode rp mapping Figure 33 13 Output from the show ipv6 pim sparse mode rp mapping command Related commands show ipv6 pim sparse mode rp hash awplus show ipv6 pim sparse mode rp mapping ...

Page 1347: ...to display next hop RP information entered in the form X X X X awplus show ipv6 pim sparse mode rp nexthop 3ffe 10 10 5 153 Flags N New R RP S Source U Unreachable Destination Type Nexthop Nexthop Nexthop Nexthop Metric Pref Refcnt Num Addr Ifindex Name _____________________________________________________________________________________ 3ffe 10 10 5 153 RS 1 fe80 20e cff fe01 facc 2 30 110 1 Tabl...

Page 1348: ...x PIM SMV6 COMMANDS SHOW IPV6 PIM SPARSE MODE RP NEXTHOP Metric The metric of the route towards the destination Preference The preference of the route towards destination Refcnt Only used for debugging Table 3 Parameters in output of the show ipv6 pim sparse mode rp nexthop command cont Parameter Description ...

Page 1349: ...4 6 1 x PIM SMV6 COMMANDS UNDEBUG ALL IPV6 PIM SPARSE MODE undebug all ipv6 pim sparse mode Overview Use this command to disable all PIM SMv6 debugging Syntax undebug all ipv6 pim sparse mode Mode Privileged Exec Example awplus undebug all ipv6 pim sparse mode Related commands debug ipv6 pim sparse mode ...

Page 1350: ...ebug ipv6 pim sparse mode all awplus configure terminal awplus config terminal monitor awplus config undebug ipv6 pim sparse mode events awplus configure terminal awplus config terminal monitor awplus config undebug ipv6 pim sparse mode nexthop Parameter Description all Deactivates all PIM SMv6 debugging events Deactivates debug printing of PIM SMv6 events mfc Deactivates debug printing of MFC Mul...

Page 1351: ... sparse mode PIM SMv6 debugging status PIM event debugging is off PIM MFC debugging is off PIM state debugging is off PIM packet debugging is off PIM Hello HT timer debugging is off PIM Hello NLT timer debugging is off PIM Hello THT timer debugging is off PIM Join Prune JT timer debugging is off PIM Join Prune ET timer debugging is off PIM Join Prune PPT timer debugging is off PIM Join Prune KAT t...

Page 1352: ...ug pim dense mode fsm on page 1358 debug pim dense mode mrt on page 1359 debug pim dense mode nexthop on page 1360 debug pim dense mode nsm on page 1361 debug pim dense mode vif on page 1362 ip pim dense mode on page 1363 ip pim dense mode passive on page 1364 ip pim ext srcs directly connected PIM DM on page 1365 ip pim hello holdtime PIM DM on page 1366 ip pim hello interval PIM DM on page 1367 ...

Page 1353: ...5 4 6 1 x PIM DM COMMANDS show ip pim dense mode interface detail on page 1376 show ip pim dense mode mroute on page 1377 show ip pim dense mode neighbor on page 1378 show ip pim dense mode neighbor detail on page 1379 show ip pim dense mode nexthop on page 1380 undebug all pim dense mode on page 1381 ...

Page 1354: ...awplus configure terminal awplus config debug pim dense mode all Output Figure 34 1 Example output from the debug pim dense mode all command Validation Commands show debugging pim dense mode Related Commands debug pim dense mode context debug pim dense mode decode debug pim dense mode encode debug pim dense mode fsm debug pim dense mode mrt debug pim dense mode nexthop debug pim dense mode nsm deb...

Page 1355: ...s command disables debugging of general configuration context Syntax debug pim dense mode context no debug pim dense mode context Mode Privileged Exec and Global Configuration Example awplus configure terminal awplus config debug pim dense mode context Related Commands debug pim dense mode all debug pim dense mode decode debug pim dense mode encode debug pim dense mode fsm debug pim dense mode mrt...

Page 1356: ...s command disables debugging of the PIM DM message decoder Syntax debug pim dense mode decode no debug pim dense mode decode Mode Privileged Exec and Global Configuration Example awplus configure terminal awplus config debug pim dense mode decoder Related Commands debug pim dense mode all debug pim dense mode context debug pim dense mode encode debug pim dense mode fsm debug pim dense mode mrt deb...

Page 1357: ...s command disables debugging of the PIM DM message encoder Syntax debug pim dense mode encode no debug pim dense mode encode Mode Privileged Exec and Global Configuration Example awplus configure terminal awplus config debug pim dense mode encoder Related Commands debug pim dense mode all debug pim dense mode context debug pim dense mode decode debug pim dense mode fsm debug pim dense mode mrt deb...

Page 1358: ...s command disables debugging of Finite State Machine FSM specific information of all Multicast Routing Table MRT and MRT Virtual Multicast Interface MRT VIF entries Syntax debug pim dense mode fsm no debug pim dense mode fsm Mode Privileged Exec and Global Configuration Example awplus configure terminal awplus config debug pim dense mode fsm Related Commands debug pim dense mode all debug pim dens...

Page 1359: ...e no variant of this command disables debugging of MRT and MRT VIF entry handling Syntax debug pim dense mode mrt no debug pim dense mode mrt Mode Privileged Exec and Global Configuration Example awplus configure terminal awplus config debug pim dense mode mrt Related Commands debug pim dense mode all debug pim dense mode context debug pim dense mode decode debug pim dense mode encode debug pim de...

Page 1360: ...s command disables debugging of Reverse Path Forwarding RPF neighbor next hop cache handling Syntax debug pim dense mode nexthop no debug pim dense mode nexthop Mode Privileged Exec and Global Configuration Example awplus configure terminal awplus config debug pim dense mode nexthop Related Commands debug pim dense mode all debug pim dense mode context debug pim dense mode decode debug pim dense m...

Page 1361: ...s command disables debugging of PIM DM interface with NSM Syntax debug pim dense mode nsm no debug pim dense mode nsm Mode Privileged Exec and Global Configuration Example awplus configure terminal awplus config debug pim dense mode nsm Related Commands debug pim dense mode all debug pim dense mode context debug pim dense mode decode debug pim dense mode encode debug pim dense mode fsm debug pim d...

Page 1362: ...s command disables debugging of VIF handling Syntax debug pim dense mode vif no debug pim dense mode vif Mode Privileged Exec and Global Configuration Example awplus configure terminal awplus config debug pim dense mode vif Related Commands debug pim dense mode all debug pim dense mode context debug pim dense mode decode debug pim dense mode encode debug pim dense mode fsm debug pim dense mode mrt...

Page 1363: ... on the current VLAN interface This command also disables passive mode on the VLAN interface if passive mode has been enabled using an ip pim dense mode passive command The no variant of this command disables all PIM DM activities on the interface Syntax ip pim dense mode no ip pim dense mode Mode Interface Configuration for a VLAN interface Example awplus configure terminal awplus config interfac...

Page 1364: ...ssive no ip pim dense mode passive Mode Interface Configuration for a VLAN interface Usage Configuring a VLAN interface as a passive PIM DM interface indicates that the VLAN interface is connected to a stub network i e a network that does not contain any PIM Routers So multicast streams that arrive on other PIM DM interfaces can be routed to hosts on the passive PIM DM interface but no PIM neighbo...

Page 1365: ... CONNECTED PIM DM ip pim ext srcs directly connected PIM DM Overview Use this command to configure PIM to treat all source traffic arriving on the interface as though it was sent from a host directly connected to the interface This command is described in detail in the PIM SM Commands chapter See the ip pim ext srcs directly connected PIM SM command ...

Page 1366: ... is less than the current hello interval Eachtimethehello intervalisupdated the hello holdtimeisalso updated according to the following rules If the hello holdtime is not configured or if the hello holdtime is configured and less than the current hello interval value it is modified to 3 5 times the hello interval value Otherwise it retains the configured value Use the no variant of this command to...

Page 1367: ...nfigured or when the configured hello holdtime value is less than the new hello interval value the hello holdtime value is modified to 3 5 times the hello interval value Otherwise the hello holdtime value is the configured value The default is 30 seconds Use the no variant of this command to reset the hello interval to the default Syntax ip pim hello interval interval no ip pim hello interval Mode...

Page 1368: ...latency when a previously pruned branch of the source tree must be grafted back when a member joins the group after the PIM DM device has sent a Prune message to prune unwanted traffic Graft messages are the only PIM DM messages that receive an acknowledgment If Graft messages were not used then the member waiting for pruned off traffic would have to wait up to 3 minutes for the periodic re floodi...

Page 1369: ...AFT RETRIES To configure PIM DM on the VLAN interface vlan2 to send Graft message retries forever which is the default behavior use the following commands awplus configure terminal awplus config interface vlan2 awplus config if no ip pim max graft retries Validation Commands show ip mroute show ip pim dense mode mroute show running config ...

Page 1370: ...hbor or terminate adjacency with the existing neighbors if denied by the filtering access list Use the no variant of this command to disable this function Syntax ip pim neighbor filter number accesslist no ip pim neighbor filter number accesslist Default By default there is no filtering Mode Interface Configuration for a VLAN interface Example awplus configure terminal awplus config interface vlan...

Page 1371: ...variant of this command to return the propagation delay to the default 1000 milliseconds Syntax ip pim propagation delay delay no ip pim propagation delay Default The propagation delay is set to 1000 milliseconds by default Mode Interface Configuration for a VLAN interface Examples awplus configure terminal awplus config interface vlan2 awplus config if ip pim propagation delay 2000 awplus configu...

Page 1372: ...no variant of this command to return the origination interval to the default Syntax ip pim state refresh origination interval interval no ip pim state refresh origination interval Default The state refresh origination interval is set to 60 seconds by default and is reset using negation Mode Interface Configuration for a VLAN interface Example awplus configure terminal awplus config interface vlan2...

Page 1373: ...ut see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging pim dense mode Mode User Exec and Privileged Exec Output Figure 34 2 Example output from the show debugging pim dense mode command Related Commands debug pim dense mode all PIM DM Debugging status PIM DM Decoder debugging is off PIM DM Encoder debugging is off PIM DM FSM debugging is off ...

Page 1374: ...Total configured interfaces 24 Maximum allowed 32 Total active interfaces 22 Address Interface VIFIndex Ver Nbr Mode Count 192 168 1 53 24 vlan2 0 v2 D 2 192 168 2 1 vlan3 2 v2 D 0 Note that this screen has been edited to remove any additional interfaces Table 1 Parameters in the output of the show ip pim dense mode interface command Parameter Description Total configured interfaces The number of ...

Page 1375: ...1 REV C Command Reference for x510 Series 1375 AlliedWare Plus Operating System Version 5 4 6 1 x PIM DM COMMANDS SHOW IP PIM DENSE MODE INTERFACE Related Commands ip pim dense mode show ip pim dense mode neighbor ...

Page 1376: ...e Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip pim dense mode interface detail Mode User Exec and Privileged Exec Example awplus show ip pim dense mode interface detail Output Figure 34 3 Example output from the show ip pim dense mode interface detail command vlan2 vif id 0 Address 192 168 1 53 24 Hello period 30 seconds Next Hello in 30 seconds Neig...

Page 1377: ...Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip pim dense mode mroute Mode User Exec and Privileged Exec Example awplus show ip pim dense mode mroute Output Figure 34 4 Example output from the show ip pim dense mode mroute command PIM DM Multicast Routing Table 192 168 10 52 224 1 1 1 Source directly connected on vlan3 State Refresh Originator State Ori...

Page 1378: ...ighbors is restricted to 500 PIM DM neighbors When the 500 PIM DM neighbor limit is reached as a result of receiving hello packets from new PIM DM neighbors a log entry will be issued to the log file in the below format Example awplus show ip pim dense mode neighbor Output Figure 34 5 Example output from the show ip pim dense mode neighbor command date time facility severity program pid message 20...

Page 1379: ...on on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip pim dense mode neighbor detail Mode User Exec and Privileged Exec Example awplus show ip pim dense mode neighbor detail Output Figure 34 6 Example output from the show ip pim dense mode neighbor detail command Neighbor 192 168 1 152 vlan2 Up since 17 16 20 ...

Page 1380: ...de nexthop Mode User Exec and Privileged Exec Example awplus show ip pim dense mode nexthop Output Figure 34 7 Example output from the show ip pim dense mode neighbor nexthop command Destination Nexthop Nexthop Nexthop Metric Pref Num Addr Interface 192 168 10 52 1 0 0 0 0 vlan2 3 1 Table 2 Parameters in the output of the show ip pim dense mode neighbor nexthop command Parameter Description Destin...

Page 1381: ...tion mode to disable all PIM DM debugging Syntax undebug all pim dense mode Mode Global Configuration Example awplus configure terminal awplus config undebug all pim dense mode Related Commands debug pim dense mode all debug pim dense mode context debug pim dense mode decode debug pim dense mode encode debug pim dense mode fsm debug pim dense mode mrt debug pim dense mode nexthop debug pim dense m...

Page 1382: ...C613 50102 01 REV C Command Reference for x510 Series 1382 AlliedWare Plus Operating System Version 5 4 6 1 x Part 5 Access and Security ...

Page 1383: ...e access list hardware named indicates named IPv4 hardware ACLs entered as access list hardware name where name is a placeholder not a keyword Parenthesis surrounding ACL filters indicates the type of ACL filter not the keyword entry in the CLI such as access list standard numbered filter represents command entry in the format shown in the syntax sequence number deny permit source host host addres...

Page 1384: ...ist hardware TCP UDP filter on page 1412 commit IPv4 on page 1415 show access list IPv4 Hardware ACLs on page 1416 show interface access group on page 1418 access group Global Configuration awplus config access list hardware IP numbered Global Configuration awplus config access list hardware MAC numbered Global Configuration awplus config access list hardware named Global Configuration awplus conf...

Page 1385: ...does not explicitly match a filter is permitted Usage FirstcreateanIPaccess listthatappliestheappropriatepermit denyrequirements with the access list hardware IP numbered command the access list hardware MAC numbered command or the access list hardware named command Then use this command to apply this hardware access list to a specific port or port range Note that this command will apply the acces...

Page 1386: ...ed hardware access list hw acl to switch port interface port1 0 2 enter the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if access group hw acl To apply an ACL to static channel group 2 containing switch port1 0 5 and port1 0 6 use the commands awplus configure terminal awplus config interface port1 0 5 1 0 6 awplus config if static channel group 2 a...

Page 1387: ... 3000 3699 deny permit copy to cpu copy to mirror send to mirror send to cpu ip source destination vlan 1 4094 Syntax icmp access list 3000 3699 deny permit copy to cpu copy to mirror send to mirror send to cpu icmp source destination icmp type type number no access list 3000 3699 Table 36 Parameters in the access list hardware IP numbered command ip icmp Parameter Description 3000 3699 Hardware I...

Page 1388: ...ing 192 168 1 1 0 0 0 255 is the same as entering 192 168 1 1 24 destination The destination address of the packets You can specify a single host a subnet or all destinations The following are the valid formats for specifying the destination any Matches any destination IP address host ip addr Matches a single destination host with the IP address given by ip addr in dotted decimal notation ip addr ...

Page 1389: ...e type 0 Echo replies 3 Destination unreachable messages 4 Source quench messages 5 Redirect change route messages 8 Echo requests 11 Time exceeded messages 12 Parameter problem messages 13 Timestamp requests 14 Timestamp replies 15 Information requests 16 Information replies 17 Address mask requests 18 Address mask replies Table 36 Parameters in the access list hardware IP numbered command ip icm...

Page 1390: ...hen the prefix length This matches any source IP address within the specified subnet ip addr reverse mask Alternatively you can enter a reverse mask in dotted decimal format For example entering 192 168 1 1 0 0 0 255 is the same as entering 192 168 1 1 24 destination The destination address of the packets You can specify a single host a subnet or all destinations The following are the valid format...

Page 1391: ...hes port numbers that are less than the port number specified immediately after this parameter gt Matches port numbers that are greater than the port number specified immediately after this parameter ne Matches port numbers that are not equal to the port number specified immediately after this parameter Table 37 Parameters in the access list hardware IP numbered command tcp udp cont Parameter Desc...

Page 1392: ...ering 192 168 1 1 24 destination The destination address of the packets You can specify a single host a subnet or all destinations The following are the valid formats for specifying the destination any Matches any destination IP address host ip addr Matches a single destination host with the IP address given by ip addr in dotted decimal notation ip addr prefix An IPv4 address followed by a forward...

Page 1393: ...ing RFC869 27 RDP Reliable Data Protocol RFC908 28 IRTP Internet Reliable Transaction Protocol RFC938 29 ISO TP4 ISO Transport Protocol Class 4 RFC905 30 Bulk Data Transfer Protocol RFC969 33 DCCP Datagram Congestion Control Protocol RFC4340 48 DSR Dynamic Source Routing Protocol RFC4728 50 ESP Encap Security Payload RFC2406 51 AH Authentication Header RFC2402 54 NARP NBMA Address Resolution Proto...

Page 1394: ...it access unless explicitly denied by an ACL action ICMP Example To create an access list that will permit ICMP packets with a source address of 192 168 1 0 24 with any destination address and an ICMP type of 5 enter the following commands awplus configure terminal awplus config access list 3000 permit icmp 192 168 1 0 24 any icmp type 5 To destroy the access list with an access list identity of 3...

Page 1395: ... a destination address of 192 168 1 1 a destination port of 80 and any source address and source port enter the commands awplus configure terminal awplus config access list 3000 permit tcp any 192 168 1 1 32 eq 80 copy to mirror Example To create an access list that will copy to mirror TCP packets with a destination address of 192 168 1 1 a destination port of 80 and any source address and source ...

Page 1396: ...94 no access list 4000 4699 Parameter Description 4000 4699 Hardware MAC access list copy to cpu Specify packets to copy to the CPU copy to mirror Specify packets to copy to the mirror port deny Access list rejects packets that match the source and destination filtering permit Access list permits packets that match the source and destination filtering send to cpu Specify packets to send to the CPU...

Page 1397: ...create an access list that will permit packets with an initial MAC address component of 0000 00ab and any destination address enter the commands awplus configure terminal awplus config access list 4001 permit 0000 00ab 1234 0000 0000 FFFF any To create an access list that will copy to mirror packets with an initial MAC address component of 0000 00ab and any destination address for use with the mir...

Page 1398: ...RDWARE ACCESS CONTROL LIST ACL COMMANDS ACCESS LIST HARDWARE MAC NUMBERED To destroy the access list with an access list identity of 4000 enter the commands awplus configure terminal awplus config no access list 4000 Related Commands access group mirror interface show running config show access list IPv4 Hardware ACLs ...

Page 1399: ...ed after entry If the named hardware ACL does exist then you can enter IPv4 Hardware ACL Configuration mode for that existing ACL Entering this command with the hardware ACL name moves you to the config ip hw acl prompt for the IPv4 Hardware ACL Configuration mode so you can enter ACL filters with sequence numbers From this prompt configure the filters for the ACL See the ACL Feature Overview and ...

Page 1400: ...sion 5 4 6 1 x IPV4 HARDWARE ACCESS CONTROL LIST ACL COMMANDS ACCESS LIST HARDWARE NAMED Related Commands access group access list hardware ICMP filter access list hardware IP protocol filter access list hardware TCP UDP filter access list standard named filter show access list IPv4 Hardware ACLs ...

Page 1401: ... filter entry for removal by entering either its sequence number e g no 10 or by entering its ICMP filter profile without specifying its sequence number Note that the sequence number can be found by running the command the show access list IPv4 Hardware ACLs command Syntax icmp sequence number deny permit send to cpu copy to cpu copy to mirror icmp source destination icmp icmp value no deny permit...

Page 1402: ...P address within the specified subnet ip addr reverse mask Alternatively you can enter a reverse mask in dotted decimal format For example entering 192 168 1 1 0 0 0 255 is the same as entering 192 168 1 1 24 host ip addr Matches a single source host with the IP address given by ip addr in dotted decimal notation any Matches any source IP address destination The destination address of the packets ...

Page 1403: ...entering an appropriate access list name Hardware ACLs will permit access unless explicitly denied by an ACL action Examples To add an access list filter entry with a sequence number of 100 to the access list named my list that will permit ICMP packets with a source address of 192 168 1 0 24 any destination address and an icmp type of 5 use the commands awplus configure terminal awplus config acce...

Page 1404: ... by entering either its sequence number e g no 10 or by entering its IP protocol type filter profile without specifying its sequence number Notethat thesequence numbercanbefound by running theshowaccess list IPv4 Hardware ACLs command Syntax any ip proto sequence number deny permit send to cpu copy to cpu copy to mirror any ip proto ip protocol source dhcpsnooping any destination any mac mac sourc...

Page 1405: ...on ip addr prefix An IPv4 address followed by a forward slash then the prefix length This matches any source IP address within the specified subnet ip addr reverse mask Alternatively you can enter a reverse mask in dotted decimal format For example entering 192 168 1 1 0 0 0 255 is the same as entering 192 168 1 1 24 destination The destination address of the packets You can specify a single host ...

Page 1406: ...F Ignore and Hex 00 Match any Matches any destination MAC address Table 35 2 IP protocol number and description Protocol Number Protocol Description RFC 1 Internet Control Message RFC792 2 Internet Group Management RFC1112 3 Gateway to Gateway RFC823 4 IP in IP RFC2003 5 Stream RFC1190 RFC1819 6 TCP Transmission Control Protocol RFC793 8 EGP Exterior Gateway Protocol RFC888 9 IGP Interior Gateway ...

Page 1407: ...st by specifying the appropriate sequence number NOTE The access control list being configured is selected by running the access list hardware named command with the required access control list number or name but with no further parameters selected Hardware ACLs will permit access unless explicitly denied by an ACL action 54 NARP NBMA Address Resolution Protocol RFC1735 58 ICMP for IPv6 RFC1883 5...

Page 1408: ...st named my list that will permit any type of IP packet with a source address of 192 168 1 1and a MAC source address of ffee ddcc bbaa with any IP and MAC destination address use the commands awplus configure terminal awplus config access list hardware my list awplus config ip hw acl permit ip 192 168 1 1 32 any mac ffee ddcc bbaa any To add an access list filter entry to the access list named my ...

Page 1409: ...r by entering its MAC filter profile without specifying its sequence number Notethat thesequence numbercanbefound by running theshowaccess list IPv4 Hardware ACLs command Syntax mac sequence number deny permit send to cpu copy to cpu copy to mirror mac source mac address source mac mask any destination mac address destination mac mask any no deny permit send to cpu copy to cpu copy to mirror mac s...

Page 1410: ...t number or name but with no further parameters selected Hardware ACLs will permit access unless explicitly denied by an ACL action Examples To add an access list filter entry to the access list named my list that will permit packets with a source MAC address of 0000 00ab 1234 and any destination MAC address use the commands awplus configure terminal awplus config access list hardware my list awpl...

Page 1411: ...MAC FILTER To remove an access list filter entry that permit packets with a source MAC address of 0000 00ab 1234 and any destination MAC address use the commands awplus configure terminal awplus config access list hardware my list awplus config ip hw acl no permit mac 0000 00ab 1234 0000 0000 0000 any Related Commands access group access list hardware named show running config ...

Page 1412: ...hat thesequence numbercanbefound by running theshowaccess list IPv4 Hardware ACLs command Syntax tcp udp sequence number deny permit send to cpu copy to cpu copy to mirror tcp udp source eq sourceport gt sourceport lt sourceport ne sourceport range start range end range destination eq destport gt destport lt destport ne destport range start range end range no deny permit send to cpu copy to cpu co...

Page 1413: ...ecimal format For example entering 192 168 1 1 0 0 0 255 is the same as entering 192 168 1 1 24 sourceport The source TCP or UDP port number specified as an integer between 0 and 65535 destination The destination address of the packets You can specify a single host a subnet or all destinations The following are the valid formats for specifying the destination any Matches any destination IP address...

Page 1414: ... the appropriate sequence number NOTE The access control list being configured is selected by running the access list hardware named command with the required access control list number or name but with no further parameters selected Hardware ACLs will permit access unless explicitly denied by an ACL action Example To add anaccess listfilter entrytoaccess listnamed my hw listthatwill permit TCP pa...

Page 1415: ...e IPv4 ACL is not written to hardware until you exit IPv4 Hardware ACL Configuration mode By entering this command you can ensure that the current state of a hardware access list that is being edited is written to hardware immediately Scripts typically do not include the exit command to exit configuration modes potentially leading to IPv4 ACL filters in hardware not being correctly updated Using t...

Page 1416: ...ID of 20 awplus show access list 20 Note the below error message if you attempt to show an undefined access list awplus show access list 2 Parameter Description 1 99 IP standard access list 100 199 IP extended access list 1300 1999 IP standard access list standard expanded range 2000 2699 IP extended access list extended expanded range 3000 3699 Hardware IP access list 4000 4499 Hardware MAC acces...

Page 1417: ...lliedWare Plus Operating System Version 5 4 6 1 x IPV4 HARDWARE ACCESS CONTROL LIST ACL COMMANDS SHOW ACCESS LIST IPV4 HARDWARE ACLS Related Commands access list extended named access list hardware MAC numbered access list hardware named Can t find access list 2 ...

Page 1418: ...st access group 3000 3699 4000 4699 Mode User Exec and Privileged Exec Example To show all access lists attached to port1 0 1 use the command awplus show interface port1 0 1 access group Output Figure 35 1 Example output from the show interface access group command Related Commands access group Parameter Description port list Specify the ports to display information A port list can be either a swi...

Page 1419: ...elf For more information on link aggregation see the following references the Link Aggregation Feature Overview_and_Configuration_Guide Link Aggregation Commands NOTE Text in parenthesis in command names indicates usage not keyword entry For example access list hardware named indicates named IPv4 hardware ACLs enteredasaccess list hardware name where name isaplaceholdernot a keyword Parenthesis su...

Page 1420: ...rivileged Exec awplus access group Global Configuration awplus config access list extended named Global Configuration awplus config access list extended numbered Global Configuration awplus config access list standard named Global Configuration awplus config access list standard numbered Global Configuration awplus config ip prefix list Global Configuration awplus config maximum access list Global...

Page 1421: ...CESS CONTROL LIST ACL COMMANDS clear ip prefix list on page 1452 dos on page 1453 ip prefix list on page 1456 maximum access list on page 1458 show access list IPv4 Software ACLs on page 1459 show dos interface on page 1461 show ip access list on page 1464 show ip prefix list on page 1465 vty access class numbered on page 1466 ...

Page 1422: ...s list extended list name no access list extended list name Syntax icmp access list extended list name deny permit icmp source destination icmp type type number log no access list extended list name deny permit icmp source destination icmp type type number log Parameter Description list name A user defined name for the access list Table 36 2 Parameters in the access list extended named command icm...

Page 1423: ...n enter a reverse mask in dotted decimal format For example entering 192 168 1 1 0 0 0 255 is the same as entering 192 168 1 1 24 destination The destination address of the packets You can specify a single host a subnet or all destinations The following are the valid formats for specifying the destination any Matches any destination IP address host ip addr Matches a single destination host with th...

Page 1424: ... Echo replies 3 Destination unreachable messages 4 Source quench messages 5 Redirect change route messages 8 Echo requests 11 Time exceeded messages 12 Parameter problem messages 13 Timestamp requests 14 Timestamp replies 15 Information requests 16 Information replies 17 Address mask requests 18 Address mask replies log Logs the results Table 36 2 Parameters in the access list extended named comma...

Page 1425: ...r all destinations The following are the valid formats for specifying the destination any Matches any destination IP address host ip addr Matches a single destination host with the IP address given by ip addr in dotted decimal notation ip addr prefix An IPv4 address followed by a forward slash then the prefix length This matches any destination IP address within the specified subnet ip addr revers...

Page 1426: ...ejects packets that match the type source and destination filtering specified with this command permit The access list permits packets that match the type source and destination filtering specified with this command proto Matches only a specified type of IP Protocol any The access list matches any type of IP packet ip The access list matches only IP packets source The source address of the packets...

Page 1427: ...ormat For example entering 192 168 1 1 0 0 0 255 is the same as entering 192 168 1 1 24 log Logs the results ip protocol The IP protocol number as defined by IANA Internet Assigned Numbers Authority www iana org assignments protocol numbers See below for a list of IP protocol numbers and their descriptions Table 36 5 IP protocol number and description Protocol Number Protocol Description RFC 1 Int...

Page 1428: ...agram Congestion Control Protocol RFC4340 48 DSR Dynamic Source Routing Protocol RFC4728 50 ESP Encap Security Payload RFC2406 51 AH Authentication Header RFC2402 54 NARP NBMA Address Resolution Protocol RFC1735 58 ICMP for IPv6 RFC1883 59 No Next Header for IPv6 RFC1883 60 Destination Options for IPv6 RFC1883 88 EIGRP Enhanced Interior Gateway Routing Protocol 89 OSPFIGP RFC1583 97 Ethernet withi...

Page 1429: ...tware ACLs will deny access unless explicitly permitted by an ACL action Examples You can enter the extended named ACL in the Global Configuration mode together with the ACL filter entry on the same line as shown below awplus configure terminal awplus config access list extended TK deny tcp 2 2 2 3 24 eq 14 3 3 3 4 24 eq 12 log Alternatively you can enter the extended named ACL in Global Configura...

Page 1430: ...ination no access list 100 199 2000 2699 deny permit ip source destination Parameter Description 100 199 IP extended access list 2000 2699 IP extended access list expanded range Parameter Description 100 199 IP extended access list 2000 2699 IP extended access list expanded range deny Access list rejects packets that match the source and destination filtering specified with this command permit Acc...

Page 1431: ...ermitted by an ACL action Examples You can enter the extended ACL in the Global Configuration mode together with the ACL filter entry on the same line as shown below awplus configure terminal awplus config access list 101 deny ip 172 16 10 0 0 0 0 255 any Alternatively you can enter the extended ACL in Global Configuration mode before specifying the ACL filter entry in the IPv4 Extended ACL Config...

Page 1432: ...permit icmp source destination icmp type icmp value log no sequence number Parameter Description sequence number 1 65535 The sequence number for the filter entry of the selected access control list deny Access list rejects packets that match the source and destination filtering specified with this command permit Access list permits packets that match the source and destination filtering specified ...

Page 1433: ...ered command or the access list extended named command with the required access control list number or name but with no further parameters selected Software ACLs will deny access unless explicitly permitted by an ACL action Examples To add a new entry in access list called my listthatwill reject ICMP packets from 10 0 0 1 to 192 168 1 1 use the commands awplus configure terminal awplus config acce...

Page 1434: ...efound by running theshowaccess list IPv4 Software ACLs command Syntax ip sequence number deny permit ip source destination no deny permit ip source destination no sequence number Parameter Description sequence number 1 65535 The sequence number for the filter entry of the selected access control list deny Access list rejects packets that match the source and destination filtering specified with t...

Page 1435: ...he following commands to enter the IPv4 Extended ACL Configuration mode and define a numbered extended access list 101 awplus configure terminal awplus config access list 101 awplus config ip ext acl Then use the following commands to add a new entry to the numbered extended access list 101 that will reject packets from 10 0 0 1 to 192 168 1 1 awplus config ip ext acl deny ip host 10 0 0 1 host 19...

Page 1436: ...ost 10 0 0 1 host 192 168 1 1 awplus config ip ext acl 20 permit ip any any Example 3 list number Use the following commands to remove the access list filter entry with sequence number 20 from extended numbered access list 101 awplus configure terminal awplus config access list 101 awplus config ip ext acl no 20 Example 4 list name Use the following commands to remove the access list filter entry ...

Page 1437: ...Ls command Syntax proto sequence number deny permit proto ip protocol source destination log no deny permit proto ip protocol source destination log no sequence number Parameter Description sequence number 1 65535 The sequence number for the filter entry of the selected access control list deny Access list rejects packets that match the source and destination filtering specified with this command ...

Page 1438: ...Description RFC 1 Internet Control Message RFC792 2 Internet Group Management RFC1112 3 Gateway to Gateway RFC823 4 IP in IP RFC2003 5 Stream RFC1190 RFC1819 6 TCP Transmission Control Protocol RFC793 8 EGP Exterior Gateway Protocol RFC888 9 IGP Interior Gateway Protocol IANA 11 Network Voice Protocol RFC741 17 UDP User Datagram Protocol RFC768 20 Host monitoring RFC869 27 RDP Reliable Data Protoc...

Page 1439: ...selected Software ACLs will deny access unless explicitly permitted by an ACL action Example 1 creating a list Use the following commands to add a new access list filter entry to the access list named my list that will reject IP packets from source address 10 10 1 1 32 to destination address 192 68 1 1 32 awplus configure terminal awplus config access list extended my list awplus config ip ext acl...

Page 1440: ...COL FILTER Example 2 adding to a list Use the following commands to add a new access list filter entry at sequence position 5 in the access list named my list that will accept packets from source address 10 10 1 1 24 to destination address 192 68 1 1 24 awplus configure terminal awplus config access list extended my list awplus config ip ext acl 5 permit ip 10 10 1 1 24 192 168 1 1 24 ...

Page 1441: ...ort lt sourceport gt sourceport ne sourceport destination eq destport lt destport gt destport ne destport log no sequence number deny permit tcp udp source eq sourceport lt sourceport gt sourceport ne sourceport destination eq destport lt destport gt destport ne destport log no sequence number Parameter Description sequence number 1 65535 The sequence number for the filter entry of the selected ac...

Page 1442: ... creating a list To add a new entry to the access list named my list that will reject TCP packets from 10 0 0 1on TCP port 10 to 192 168 1 1 on TCP port 20 use the commands awplus configure terminal awplus config access list extended my list awplus config ip ext acl deny tcp 10 0 0 1 32 eq 10 192 168 1 1 32 eq 20 destination The destination address of the packets You can specify a single host a su...

Page 1443: ...DED TCP UDP FILTER Example 2 adding to a list To insert a new entry with sequence number 5 of the access list named my list that will accept UDP packets from 10 1 1 0 24 network to 192 168 1 0 24 network on UDP port 80 use the commands awplus configure terminal awplus config access list extended my list awplus config ip ext acl 5 permit udp 10 1 1 0 24 192 168 1 0 24 eq 80 ...

Page 1444: ...permit access list standard standard access list name deny permit source no access list standard standard access list name deny permit source Mode Global Configuration Default Any traffic controlled by a software ACL that does not explicitly match a filter is denied Parameter Description standard access list name Specify a name for the standard access list Parameter Description standard access lis...

Page 1445: ... you can configure your access lists by using the command access list standard named filter NOTE Software ACLs will deny access unless explicitly permitted by an ACL action Examples To define a standard access list named my list and deny any packets from any source use the commands awplus configure terminal awplus config access list standard my list deny any Alternatively to define a standard acce...

Page 1446: ...999 deny permit source no access list 1 99 1300 1999 deny permit source Mode Global Configuration Default Any traffic controlled by a software ACL that does not explicitly match a filter is denied Usage Use this command when configuring a standard numbered access list for filtering IP software packets Parameter Description 1 99 IP standard access list 1300 1999 IP standard access list expanded ran...

Page 1447: ... access list standard numbered filter NOTE Software ACLs will deny access unless explicitly permitted by an ACL action Examples To create ACL number 67 that will deny packets from subnet 172 16 10 use the commands awplus configure terminal awplus config access list 67 deny 172 16 10 0 0 0 0 255 Alternatively to enter the IPv4 Standard ACL Configuration mode to create the ACL filter and deny packet...

Page 1448: ...sequence numbercanbefound by running theshowaccess list IPv4 Software ACLs command Syntax sequence number deny permit source exact match any no deny permit source exact match any no sequence number Mode IPv4 Standard ACL Configuration Default Any traffic controlled by a software ACL that does not explicitly match a filter is denied Parameter Description sequence number 1 65535 The sequence number ...

Page 1449: ...the access list standard named command with the required access control list name but with no further parameters selected Software ACLs will deny access unless explicitly permitted by an ACL action Examples Use the following commands to add a new filter entry to access list my list that will reject IP address 10 1 1 1 awplus configure terminal awplus config access list standard my list awplus conf...

Page 1450: ...ence numbercanbefound by running theshowaccess list IPv4 Software ACLs command Syntax sequence number deny permit source host host address any no deny permit source host host address any no sequence number Mode IPv4 Standard ACL Configuration Default Any traffic controlled by a software ACL that does not explicitly match a filter is denied Parameter Description sequence number 1 65535 The sequence...

Page 1451: ...f an existing list by specifying the appropriate sequence number NOTE The access control list being configured is selected by running the access list standard numbered command with the required access control list number but with no further parameters selected Software ACLs will deny access unless explicitly permitted by an ACL action Example To add a new entry accepting the IP network 10 1 1 0 24...

Page 1452: ...REFIX LIST clear ip prefix list Overview Use this command to reset the hit count to zero in the prefix list entries Syntax clear ip prefix list list name ip address mask Mode Privileged Exec Example To clear a prefix list named List1 awplus clear ip prefix list List1 Parameter Description list name The name of the prefix list ip address mask The IP prefix and length ...

Page 1453: ...dos ipoptions land ping of death smurf broadcast ip address synflood teardrop action shutdown trap mirror Mode Interface Configuration for a switch port interface Default DoS attack detection is not configured by default on any switch port interface Usage See the below table for more information about the DoS attacks recognized by this command Parameter Description dos Denial Of Service ipoptions ...

Page 1454: ...ect normal traffic switching between ports but other protocols such as IGMP and STP may be affected This defense is not recommended where a large number of fragmented packets are expected smurf This type of attack is an ICMP ping packet to a broadcast address Although routers should not forward packets to local broadcast addresses anymore see RFC2644 the Smurf attack can still be explicitly discar...

Page 1455: ...the interface if an attack is detected use the commands awplus configure terminal awplus config interface port1 0 1 awplus config if dos ipoptions action shutdown To configure ping of death DoS detection on port1 0 1 and shutdown the interface if an attack is detected use the commands awplus configure terminal awplus config interface port1 0 1 awplus config if dos ping of death action shutdown To ...

Page 1456: ...erated in a sequence of 5 The parameters ge and le specify the range of the prefix lengths to be matched When setting these parameters set the levalueto be less than 32 and the gevalue to be less than or equal to the le value and greater than the ip prefix mask length Prefix lists implicitly exclude prefixes that are not explicitly permitted in the prefix list This means if a prefix that is being ...

Page 1457: ...ROL LIST ACL COMMANDS IP PREFIX LIST Example To deny the IP addresses between 10 0 0 0 14 10 0 0 0 255 252 0 0 and 10 0 0 0 22 10 0 0 0 255 255 252 0 within the 10 0 0 0 8 10 0 0 0 255 0 0 0 addressing range enter the following commands awplus configure terminal awplus config ip prefix list mylist seq 12345 deny 10 0 0 0 8 ge 14 le 22 ...

Page 1458: ...e access lists within the ranges 1 199 1300 1999 and 2000 2699 and named standard and extended access lists The no variant of this command removes the limit on the number of filters that can be added to a software access list Syntax maximum access list 1 4294967294 no maximum access list Mode Global Configuration Example To set the maximum number of software filters to 200 awplus configure termina...

Page 1459: ...To show all access lists configured on the switch awplus show access list To show the access list with an ID of 20 awplus show access list 20 Parameter Description 1 99 IP standard access list 100 199 IP extended access list 1300 1999 IP standard access list standard expanded range 2000 2699 IP extended access list extended expanded range 3000 3699 Hardware IP access list 4000 4499 Hardware MAC ac...

Page 1460: ...PV4 SOFTWARE ACLS Note the following error message is displayed if you attempt to show an undefined access list awplus show access list 2 Related Commands access list standard named access list standard numbered access list extended numbered Standard IP access list 20 deny 192 168 10 0 wildcard bits 0 0 0 255 deny 192 168 12 0 wildcard bits 0 0 0 255 Can t find access list 2 ...

Page 1461: ... 1 Example output from the show dos interface command prior to a DoS attack Parameter Description port list Specify the switch port or port list to display DoS configuration options set with the dos command awplus configure terminal Enter configuration commands one per line End with CTNTL Z awplus config interface port1 0 1 awplus config if dos synflood action shutdown awplus config if exit awplus...

Page 1462: ...y down with the shutdown command ipoptions Displays Enabled when the ipoptions parameter is configured with thedos command plus the action Shutdown port Mirror port or Trap port and the number of instances of any ipoptions DoS attacks that have occurred on the interface Displays Disabled when the ipoptions parameter is not configured with the dos command land Displays Enabled when the land paramet...

Page 1463: ...ys Enabled when the synflood parameter is configured with the dos command plus the action Shutdown port Mirror port or Trap port and the number of instances of any synflood DoS attacks that have occurred on the interface Displays Disabled when the synflood parameter is not configured with the dos command teardrop Displays Enabled when the teardrop parameter is configured with the dos command plus ...

Page 1464: ...9 2000 2699 access list name Mode User Exec and Privileged Exec Example awplus show ip access list Output Figure 36 3 Example output from the show ip access list command Parameter Description 1 99 IP standard access list 100 199 IP extended access list 1300 1999 IP standard access list expanded range 2000 2699 IP extended access list expanded range access list name IP named access list Standard IP...

Page 1465: ... RIP and BGP routing protocols only Syntax show ip prefix list name detail summary Mode User Exec and Privileged Exec Example awplus show ip prefix list awplus show ip prefix list 10 10 0 98 8 awplus show ip prefix list detail Related Commands ip prefix list Parameter Description name Specify the name of a prefix list in this placeholder detail Specify this parameter to show detailed output for al...

Page 1466: ...uld be to permit a specific address or range of addresses and rely on the deny all filter to block all other access Use the no variant of this command to remove the access list Syntax vty access class 1 99 1300 1999 no vty access class 1 99 1300 1999 Mode Global Configuration Examples To set access list 4 to be the management ACL use the following commands awplus configure terminal awplus config v...

Page 1467: ...f For more information on link aggregation see the following references the Link Aggregation Feature Overview_and Configuration Guide Link Aggregation Commands Note that text in parenthesis in command names indicates usage not keyword entry For example ipv6 access list named indicates named IPv6 ACLs entered as ipv6 access list name where name is a placeholder not a keyword Note also that parenthe...

Page 1468: ...ble 37 1 IPv6 Hardware Access List Commands and Prompts Command Name Command Mode Prompt show ipv6 access list IPv6 Hardware ACLs Privileged Exec awplus ipv6 access list named Global Configuration awplus config ipv6 traffic filter Interface Configuration awplus config if commit IPv6 IPv6 Hardware ACL Configuration awplus config ipv6 hw acl ipv6 access list named IPv6 filter IPv6 Hardware ACL Confi...

Page 1469: ...ate of the IPv6 ACL is not written to hardware until you exit IPv6 Hardware ACL Configuration mode By entering this command you can ensure that the current state of a hardware access list that is being edited is written to hardware immediately Scripts typically do not include the exit command to exit configuration modes potentially leading to IPv6 ACL filters in hardware not being correctly update...

Page 1470: ...ter is permitted Usage Use IPv6 hardware named access lists to control the transmission of IPv6 packets on an interface and restrict the content of routing updates The switch stops checking the IPv6 hardware named access list when a match is encountered This command moves you to the config ipv6 hw acl prompt for the selected IPv6 hardware named access list number From there you can configure the f...

Page 1471: ...Operating System Version 5 4 6 1 x IPV6 HARDWARE ACCESS CONTROL LIST ACL COMMANDS IPV6 ACCESS LIST NAMED ipv6 access list named IPv6 filter ipv6 access list named protocol filter ipv6 access list named TCP UDP filter ipv6 traffic filter show ipv6 access list IPv6 Hardware ACLs ...

Page 1472: ...the current named IPv6 access list You can specify the filter entry for removal by entering either its sequence number or its filter entry profile NOTE Hardware ACLs will permit access unless explicitly denied by an ACL action Syntax sequence number deny permit send to cpu send to mirror copy to cpu copy to mirror icmp ipv6 source address prefix length ipv6 source address ipv6 source wildcard host...

Page 1473: ...d Specifies source wildcard bits in IPv6 format X X X X Note that binary 1 represents a don t care condition and binary 0 represents a match host ipv6 source host Specifies a single source host address The IPv6 address uses the format X X X X any Specifies any Source host ipv6 destination address prefix length Specifies a destination address and prefix length The IPv6 address uses the format X X X...

Page 1474: ... icmp 2001 0db8 0 64 any To specify anACL named my acl1 and add a filter entry that blocks all ICMP6echo requests enter the commands awplus configure terminal awplus config ipv6 access list my acl1 awplus config ipv6 hw acl deny icmp any any icmp type 128 To specify anACL named my acl2 and add a filter entry that blocks all ICMP6echo requests on the default VLAN vlan1 enter the following commands ...

Page 1475: ...rentry profile NOTE Hardware ACLs will permit access unless explicitly denied by an ACL action Syntax sequence number deny permit send to cpu send to mirror copy to cpu copy to mirror ipv6 ipv6 source address prefix length ipv6 source address ipv6 source wildcard host ipv6 source host any ipv6 destination address prefix length ipv6 destintation addr ipv6 destination wildcard host ipv6 destination ...

Page 1476: ...IPv6 format X X X X Note that binary 1 represents a don t care condition and binary 0 represents a match host ipv6 source host Specifies a single source host address The IPv6 address uses the format X X X X any Specifies any Source host ipv6 destination address prefix length Specifies a destination address and prefix length The IPv6 address uses the format X X X X Prefix Length The prefix length i...

Page 1477: ...from network 2001 0db8 0 64 use the commands awplus configure terminal awplus config ipv6 access list my acl awplus config ipv6 hw acl deny ipv6 2001 0db8 0 64 any To remove a filter entry from the ACL named my acl that blocks all IPv6 traffic sent from network 2001 0db8 0 64 use the commands awplus configure terminal awplus config ipv6 access list my acl awplus config ipv6 hw acl no deny ipv6 200...

Page 1478: ...ce number deny permit send to cpu send to mirror copy to cpu copy to mirror proto ip protocol ipv6 source prefix prefix length ipv6 source address ipv6 source wildcard host ipv6 source host any ipv6 destination prefix prefix length ipv6 destination address ipv6 destination wildcard host ipv6 destination host any vlan 1 4094 no sequence number deny permit send to cpu send to mirror copy to cpu copy...

Page 1479: ...dest prefix prefix length Specifies a destination address and mask The IPv6 address prefix uses the format X X prefix length The prefix length is usually set between 0 and 64 ipv6 destination address Specify destination address The IPv6 address uses the format X X X X ipv6 destination wildcard Specify destination wildcard bits in IPv6 format X X X X host ipv6 destination host Specify a single dest...

Page 1480: ...ayload RFC2406 51 AH Authentication Header RFC2402 54 NARP NBMA Address Resolution Protocol RFC1735 58 ICMP for IPv6 RFC1883 59 No Next Header for IPv6 RFC1883 60 Destination Options for IPv6 RFC1883 88 EIGRP Enhanced Interior Gateway Routing Protocol 89 OSPFIGP RFC1583 97 Ethernet within IP Encapsulation RFC3378 98 Encapsulation Header RFC1241 108 IP Payload Compression Protocol RFC2393 112 Virtu...

Page 1481: ...y be specified if an address does not matter NOTE Hardware ACLs will permit access unless explicitly denied by an ACL action Examples To add a filter entry to the ACL named my acl to deny IGMP packets from 2001 0db8 0 64 use the commands awplus configure terminal awplus config ipv6 access list my acl awplus config ipv6 hw acl deny proto 2 2001 0db8 0 64 any To remove a filter entry that blocks IGM...

Page 1482: ...r its sequence number or its filter entry profile Syntax sequence number deny permit send to cpu send to mirror copy to cpu copy to mirror tcp udp ipv6 source prefix prefix length ipv6 source address ipv6 source wildcard host ipv6 source host any eq sourceport lt sourceport gt sourceport ne sourceport range start range end range ipv6 destination prefix prefix length ipv6 destination address ipv6 d...

Page 1483: ...es the source address The IPv6 address uses the format X X X X ipv6 source wildcard Specifies the source wildcard bits in IPv6 format X X X X host ipv6 source host Specifies the a single source host The IPv6 address uses the format X X X X any Specifies any Source host An abbreviation for the IPv6 prefix 0 eq Equal to lt Less than gt Greater than ne Not equal to sourceport The source port number s...

Page 1484: ...lter entry that blocks all SSH traffic from network 2001 0db8 0 64 on the default VLAN vlan1 to the hardware IPv6 access list named my acl use the commands awplus configure terminal awplus config ipv6 access list my acl awplus config ipv6 hw acl deny tcp 2001 0db8 0 64 any eq 22 vlan 1 To remove an ACL filter entry that blocks all SSH traffic from network 2001 0db8 0 64 from the hardware IPv6 acce...

Page 1485: ...dWare Plus Operating System Version 5 4 6 1 x IPV6 HARDWARE ACCESS CONTROL LIST ACL COMMANDS IPV6 ACCESS LIST NAMED TCP UDP FILTER ipv6 access list named IPv6 filter ipv6 access list named protocol filter ipv6 traffic filter show ipv6 access list IPv6 Hardware ACLs ...

Page 1486: ...terface The number of access lists that can be added is determined by the amount of available space in the hardware based packet classification tables To apply the access list to all ports on the switch execute the command in the Global Configuration mode To apply the access list to a Layer 2 interface or Layer 2 interface range apply the command in the Interface Configuration mode See the example...

Page 1487: ... Operating System Version 5 4 6 1 x IPV6 HARDWARE ACCESS CONTROL LIST ACL COMMANDS IPV6 TRAFFIC FILTER ipv6 access list named IPv6 filter ipv6 access list named protocol filter ipv6 access list named TCP UDP filter ipv6 traffic filter show ipv6 access list IPv6 Hardware ACLs ...

Page 1488: ... access list name show ipv6 access list standard access list name Mode User Exec and Privileged Exec Examples To show the standard named ipv6 access list acl_name use the following command awplus show ipv6 access list standard acl_name Output Figure 37 1 Example output from the show ipv6 access list standard command To show all configured ipv6 access lists use the command awplus show ipv6 access l...

Page 1489: ...dWare Plus Operating System Version 5 4 6 1 x IPV6 HARDWARE ACCESS CONTROL LIST ACL COMMANDS SHOW IPV6 ACCESS LIST IPV6 HARDWARE ACLS ipv6 access list named IPv6 filter ipv6 access list named protocol filter ipv6 access list named TCP UDP filter ipv6 traffic filter ...

Page 1490: ... more information on link aggregation see the following references the Link Aggregation Feature Overview_and_Configuration Guide Link Aggregation Commands Note that text in parenthesis in command names indicates usage not keyword entry For example ipv6 access list named indicates named IPv6 ACLs entered as ipv6 access list name where name is a placeholder not a keyword Note also that parenthesis s...

Page 1491: ...access list IPv6 Software ACLs on page 1510 show ipv6 prefix list on page 1512 vty ipv6 access class named on page 1513 Table 38 1 IPv6 Software Access List Commands and Prompts Command Name Command Mode Prompt show ipv6 access list IPv6 Software ACLs Privileged Exec awplus ipv6 access list extended named Global Configuration awplus config ipv6 access list standard named Global Configuration awplu...

Page 1492: ...ss prefix length any ipv6 destination address prefix length any icmp type icmp type log Syntax tcp udp ipv6 access list extended list name deny permit tcp udp ipv6 source address prefix length any eq sourceport lt sourceport gt sourceport ne sourceport ipv6 destination address prefix length any eq destport lt destport gt destport ne destport log no ipv6 access list extended list name deny permit t...

Page 1493: ...estination address prefix length Specifies a destination address and prefix length The IPv6 address uses the format X X X X Prefix Length The prefix length is usually set between 0 and 64 any Matches any IPv6 address sourceport For TCP UDP The source port number specified as an integer between 0 and 65535 destport For TCP UDP The destination port number specified as an integer between 0 and 65535 ...

Page 1494: ...ess list extended followed by only the IPv6 extended access list name This latter and preferred method moves you to the config ipv6 ext acl prompt for the selected IPv6 extended access list number and from here you can configure the filters for this selected access list NOTE Software ACLs will deny access unless explicitly permitted by an ACL action icmp type For ICMP IP The ICMP type as defined i...

Page 1495: ...o insert a new filter at sequence number 5 of the access list named my listthat will accept ICMP type 8 packets from the 2001 0db8 0 64 network to the 2001 0db8 f 64 network use the commands awplus configure terminal awplus config ipv6 access list extended my list awplus config ipv6 ext acl 5 icmp 2001 0db8 0 64 2001 0db8 f 64 Example 3 list with filter To create the access list named TK to deny T...

Page 1496: ... user defined name for the IPv6 software extended access list deny Specifies the packets to reject permit Specifies the packets to accept proto The IP Protocol type specified by its protocol number in the range 1 to 255 ip protocol The IP protocol number as defined by IANA Internet Assigned Numbers Authority www iana org assignments protocol numbers See below for a list of IP protocol numbers and ...

Page 1497: ...ata Transfer Protocol RFC969 33 DCCP Datagram Congestion Control Protocol RFC4340 48 DSR Dynamic Source Routing Protocol RFC4728 50 ESP Encap Security Payload RFC2406 51 AH Authentication Header RFC2402 54 NARP NBMA Address Resolution Protocol RFC1735 58 ICMP for IPv6 RFC1883 59 No Next Header for IPv6 RFC1883 60 Destination Options for IPv6 RFC1883 88 EIGRP Enhanced Interior Gateway Routing Proto...

Page 1498: ...ACLs will deny access unless explicitly permitted by an ACL action Examples To create the IPv6 access list named ACL 1 to deny IP protocol 9 packets from 2001 0db8 1 1 128 to 2001 0db8 f 1 128 use the commands awplus configure terminal awplus config ipv6 access list extended ACL 1 deny proto 9 2001 0db8 1 1 128 2001 0db8 f 1 128 To remove the IPv6 access list named ACL 1 to deny IP protocol 9 pack...

Page 1499: ...ip any proto ip protocol ipv6 source address prefix any ipv6 destination address prefix any log no deny permit ip any proto ip protocol ipv6 source address prefix any ipv6 destination address prefix any log no sequence number Parameter Description sequence number 1 65535 The sequence number for the filter entry of the selected access control list deny Specifies the packets to reject permit Specifi...

Page 1500: ...onitoring RFC869 27 RDP Reliable Data Protocol RFC908 28 IRTP Internet Reliable Transaction Protocol RFC938 29 ISO TP4 ISO Transport Protocol Class 4 RFC905 30 Bulk Data Transfer Protocol RFC969 33 DCCP Datagram Congestion Control Protocol RFC4340 48 DSR Dynamic Source Routing Protocol RFC4728 50 ESP Encap Security Payload RFC2406 51 AH Authentication Header RFC2402 54 NARP NBMA Address Resolution...

Page 1501: ... access list named my list with sequence number 5 rejecting the IPv6 packet from 2001 db8 1 1 to 2001 db8 f 1 use the commands awplus configure terminal awplus config ipv6 access list extended my list awplus config ipv6 ext acl 5 deny ip 2001 db8 1 1 128 2001 db8 f 1 128 To remove the ACL filter entry to the extended IPv6 access list named my list with sequence number 5 use the commands awplus con...

Page 1502: ...emoval by entering either its sequence number or its filter entry profile Syntax tcp udp sequence number deny permit tcp udp ipv6 source address prefix any eq sourceport lt sourceport gt sourceport ne sourceport IPv6 destination address prefix any eq destport lt destport gt destport ne destport log no deny permit tcp udp ipv6 source address prefix any eq sourceport lt sourceport gt sourceport ne s...

Page 1503: ...ess list extended my list awplus config ipv6 ext acl 5 deny tcp 2001 0db8 0 64 eq 10 2001 0db8 f 64 eq 20 To add a new filter entry with sequence number 5 to the extended IPv6 access list named my list to reject UDP packets from 2001 0db8 0 64 port 10 to 2001 0db8 f 64 port 20 use the following commands awplus configure terminal awplus config ipv6 access list extended my list awplus config ipv6 ex...

Page 1504: ...led by a software ACL that does not explicitly match a filter is denied Usage Use IPv6 standard access lists to control the transmission of IPv6 packets on an interface and restrict the content of routing updates The switch stops checking the IPv6 standard access list when a match is encountered Parameter Description ipv6 acl list name A user defined name for the IPv6 software standard access list...

Page 1505: ... and preferred method moves you to the config ipv6 std acl prompt for the selected IPv6 standard access list and from here you can configure the filters for this selected IPv6 standard access list NOTE Software ACLs will deny access unless explicitly permitted by an ACL action Example To enter the IPv6 Standard ACL Configuration mode for the access list named my list use the commands awplus config...

Page 1506: ...t ipv6 source address prefix length any no sequence number Mode IPv6 Standard ACL Configuration Default Any traffic controlled by a software ACL that does not explicitly match a filter is denied Usage The filter entry will match on any IPv6 packet that has the specified IPv6 source address and prefix length The parameter any may be specified if an address does not matter NOTE Software ACLs will de...

Page 1507: ...med my list enter the commands awplus configure terminal awplus config ipv6 access list standard my list awplus config ipv6 std acl no deny any Alternately to remove the ACL filter entry with sequence number 5 to the standard IPv6 access list named my list enter the commands awplus configure terminal awplus config ipv6 access list standard my list awplus config ipv6 std acl no 5 Related Commands i...

Page 1508: ...5 The parameters ge and le specify the range of the prefix lengths to be matched The parameters ge and le are only used if an ip prefix is stated When setting these parameters set the le value to be less than 128 and the ge value to be less than or equal to the le value and greater than the ip prefix mask length Prefix lists implicitly exclude prefixes that are not explicitly permitted in the pref...

Page 1509: ...T Example To check the first 32 bits of the prefix 2001 db8 and the subnet mask must be greater than or equal to 34 and less than or equal to 40 enter the following commands awplus configure terminal awplus config ipv6 prefix list mylist seq 12345 permit 2001 db8 32 ge 34 le 40 Related Commands match ipv6 address show ipv6 prefix list show running config ipv6 prefix list ...

Page 1510: ...ow all configured IPv6 access lists use the following command awplus show ipv6 access list Output Figure 38 1 Example output from show ipv6 access list Example To show the IPv6 access list named deny_icmp use the following command awplus show ipv6 access list deny_icmp Output Figure 38 2 Example output from show ipv6 access list for a named ACL Parameter Description access list name Only display i...

Page 1511: ...n 5 4 6 1 x IPV6 SOFTWARE ACCESS CONTROL LIST ACL COMMANDS SHOW IPV6 ACCESS LIST IPV6 SOFTWARE ACLS Related Commands ipv6 access list extended named ipv6 access list extended IP protocol filter ipv6 access list standard named ipv6 access list extended TCP UDP filter ipv6 access list standard filter ...

Page 1512: ...g and BGP4 routing protocols only Syntax show ipv6 prefix list name detail summary Mode User Exec and Privileged Exec Example awplus show ipv6 prefix list awplus show ipv6 prefix list 10 10 0 98 8 awplus show ipv6 prefix list detail Related Commands ipv6 prefix list Parameter Description name Specify the name of an individual IPv6 prefix list detail Specify this parameter to show detailed output f...

Page 1513: ...address or range of addresses and rely on the deny all filter to block all other access Use the no variant of this command to remove the access list Syntax vty ipv6 access class access name no vty ipv6 access class access name Mode Global Configuration Examples To set the named standard access list named access ctrl to be the IPv6 management ACL use the following commands awplus configure terminal...

Page 1514: ...6 class map on page 1517 clear mls qos interface policer counters on page 1518 default action on page 1519 description QoS policy map on page 1520 egress rate limit on page 1521 match access group on page 1522 match cos on page 1524 match dscp on page 1525 match eth format protocol on page 1526 match inner cos on page 1529 match inner vlan on page 1530 match ip precedence on page 1531 match mac ty...

Page 1515: ...ls qos on page 1555 show mls qos interface on page 1556 show mls qos interface policer counters on page 1559 show mls qos interface queue counters on page 1561 show mls qos interface storm status on page 1563 show mls qos maps cos queue on page 1564 show mls qos maps premark dscp on page 1565 show platform classifier statistics utilization brief on page 1566 show policy map on page 1567 storm acti...

Page 1516: ...ass map If your class map does not exist you can create it by using the class map command Syntax class name default no class name Mode Policy Map Configuration Example The following example creates the policy map pmap1 using the policy map command then associates this to an already existing class map named cmap1 use the commands awplus configure terminal awplus config policy map pmap1 awplus confi...

Page 1517: ...mand to create a class map Use the no variant of this command to delete the named class map Syntax class map name no class map name Mode Global Configuration Example This example creates a class map called cmap1 use the commands awplus configure terminal awplus config class map cmap1 awplus config cmap Parameter Description name Name of the class map to be created ...

Page 1518: ...aps by not specifying a class map Syntax clear mls qos interface port policer counters class map class map Mode Privileged Exec Example To reset the policy counters to zero for all class maps for port1 0 1 use the command awplus clear mls qos interface port1 0 1 policer counters Related Commands show mls qos interface policer counters Parameter Description port The port may be a switch port e g po...

Page 1519: ...ult action of permit Syntax default action permit deny send to cpu copy to cpu copy to mirror send to mirror no default action Default The default is permit Mode Policy Map Configuration Examples To set the action for the default class map to deny use the command awplus config pmap default action deny To set the action for the default class map to copy to mirror for use with the mirror interface c...

Page 1520: ...al description of the policy map This can be up to 80 characters long Use the no variant of this command to remove the current description from the policy map Syntax description line no description Mode Policy Map Configuration Example To add the description VOIP traffic use the command awplus config pmap description VOIP traffic Parameter Description line Up to 80 character long line description ...

Page 1521: ...nfig interface port1 0 1 awplus config if egress rate limit 64k Egress rate limit has been set to 64 Kb To disable egress rate limiting on a port use the commands awplus configure terminal awplus config interface port1 0 1 awplus config if no egress rate limit Parameter Description bandwidth Bandwidth 1 10000000 units per second usable units k m g The egress rate limit can be configured in multipl...

Page 1522: ... to incoming data packets Examples Toconfigureaclass mapnamedcmap1withonematchcriterion access list 3001 which allows IP traffic from any source to any destination use the commands awplus configure terminal awplus config access list 3001 permit ip any any awplus config class map cmap1 awplus config cmap match access group 3001 Toconfigureaclass mapnamedcmap2withonematchcriterion access list 3001 w...

Page 1523: ...ureaclass mapnamedcmap3withonematchcriterion access list hw_acl which allows IP traffic from any source to any destination use the commands awplus configure terminal awplus config access list hardware hw_acl awplus config ip hw acl permit ip any any awplus config class map cmap3 awplus config cmap match access group hw_acl Related Commands class map ...

Page 1524: ... variant of this command to remove CoS Syntax match cos 0 7 no match cos Mode Class Map Configuration Examples To set the class map s CoS to 4 use the commands awplus configure terminal awplus config class map cmap1 awplus config cmap match cos 4 To remove CoS from a class map use the commands awplus configure terminal awplus config class map cmap1 awplus config cmap no match cos Parameter Descrip...

Page 1525: ...tion Usage Use the match dscp command to define the match criterion after creating a class map Examples To configure a class map named cmap1 with criterion that matches DSCP 56 use the commands awplus configure terminal awplus config class map cmap1 awplus config cmap match dscp 56 To remove a previously defined DSCP from a class map named cmap1 use the commands awplus configure terminal awplus co...

Page 1526: ...s enter the parameter name ethii untagged EthII Untagged Packets enter the parameter name ethii any EthII Tagged or Untagged Packets enter the parameter name netwareraw tagged Netware Raw Tagged Packets enter the parameter name netwareraw untagged Netware Raw Untagged Packets enter the parameter name snap tagged SNAP Tagged Packets enter the parameter name snap untagged SNAP Untagged Packets enter...

Page 1527: ...mber 0807 enter the parameter name or its number banyan systems Protocol Number 0BAD enter the parameter name or its number bbn simnet Protocol Number 5208 enter the parameter name or its number dec mop dump ld Protocol Number 6001 enter the parameter name or its number dec mop rem cdons Protocol Number 6002 enter the parameter name or its number dec decnet Protocol Number 6003 enter the parameter...

Page 1528: ...ass map cmap1 awplus config cmap no match eth format protocol appletalk Protocol Number 809B enter the parameter name or its number ibm sna Protocol Number 80D5 enter the parameter name or its number appletalk aarp Protocol Number 80F3 enter the parameter name or its number snmp Protocol Number 814CV ethertalk 2 Protocol Number 809B enter the parameter name or its number ethertalk 2 aarp Protocol ...

Page 1529: ...d to remove CoS Syntax match inner cos 0 7 no match inner cos Mode Class Map Configuration Examples To set the class map s inner cos to 4 use the commands awplus configure terminal awplus config class map cmap1 awplus config cmap match inner cos 4 To remove CoS from the class map use the commands awplus configure terminal awplus config class map cmap1 awplus config cmap no match inner cos Paramete...

Page 1530: ...ed in double tagged networks to match on a VLAN ID belonging to the client network For more information on VLAN double tagged networks see the VLAN Feature Overview and Configuration Guide Examples To configure a class mapnamedcmap1to matchtraffic frominner VLAN3 use the commands awplus configure terminal awplus config class map cmap1 awplus config cmap match inner vlan 3 To disable the configured...

Page 1531: ... Use the no variant of this command to remove IP precedence values from a class map Syntax match ip precedence 0 7 no match ip precedence Mode Class Map Configuration Example To configure a class map named cmap1 to match all IPv4 packets with a precedence value of 5 use the commands awplus configure terminal awplus config class map cmap1 awplus config cmap match ip precedence 5 Parameter Descripti...

Page 1532: ...bcast l2mcast l2ucast no match mac type Mode Class Map Configuration Examples To set the class map s MAC type to Layer 2 multicast use the commands awplus configure terminal awplus config class map cmap1 awplus config cmap match mac type l2mcast To remove the class map s MAC type entry use the commands awplus configure terminal awplus config class map cmap1 awplus config cmap no match mac type Par...

Page 1533: ...Syntax match tcp flags ack fin psh rst syn urg no match tcp flags ack fin psh rst syn urg Mode Class Map Configuration Examples To set the class map s TCP flags to ack and syn use the commands awplus configure terminal awplus config class map awplus config cmap match tcp flags ack syn To remove the TCP flags ack and rst use the commands awplus configure terminal awplus config class map awplus conf...

Page 1534: ...eria Syntax match vlan 1 4094 no match vlan Mode Class Map Configuration Examples To configure a class map named cmap1 to include traffic from VLAN 3 use the commands awplus configure terminal awplus config class map cmap1 awplus config cmap match vlan 3 To disable the configured VLAN ID as a match criteria for the class map named cmap1 use the commands awplus configure terminal awplus config clas...

Page 1535: ...interface to the default CoS setting for untagged frames entering the interface Syntax mls qos cos 0 7 no mls qos cos Default By default all untagged frames are assigned a CoS value of 0 Note that for tagged frames the default behavior is not to alter the CoS value Mode Interface Configuration Example To assign a CoS user priority value of 2 to all untagged packets entering ports 1 0 1 to 1 0 6 us...

Page 1536: ... of this command to globally disable QoS and remove all QoS configuration The no variant of this command removes all class maps policy maps and policers that have been created Running the no mls qos command will therefore remove all pre existing QoS configurations on the switch Mode Global Configuration Syntax mls qos enable no mls qos Example To enable QoS on the switch use the commands awplus co...

Page 1537: ...t setting The default mappings for this command are Syntax mls qos map cos queue cos priority to queue number no mls qos map cos queue Mode Global Configuration Examples To map CoS 2 to queue 0 use the command awplus configure terminal awplus config mls qos map cos queue 2 to 0 To set the cos queue map back to its defaults use the command awplus configure terminal awplus config no mls qos map cos ...

Page 1538: ...cp command set this command mls qos map premark dscp enables you to make the following changes remap the DSCP leaving the other settings unchanged remap any or all of CoS outputqueue or bandwidth class values leaving the DSCP unchanged NOTE If you attempt to remap both the DSCP and another setting only the DSCP remap will take effect Parameter Description premark dscp 0 63 The DSCP value on ingres...

Page 1539: ...o use a new DSCP of 2 a new CoS of 3 and a new bandwidth class of yellow use the command awplus configure terminal awplus config mls qos map premark dscp 1 to new dscp 2 new cos 3 new bandwidth class yellow Example To reset the entry for DSCP 1 use the command awplus configure terminal awplus config no mls qos map premark dscp 1 Related Commands show mls qos maps premark dscp trust dscp ...

Page 1540: ...onfigured on the class map Syntax no police Mode Policy Map Class Configuration Usage This command disables any policer previously configured on the class map Example To disable policing on a class map use the command awplus configure terminal awplus config policy map name awplus config pmap class classname awplus config pmap c no police Related Commands police single rate action police twin rate ...

Page 1541: ...p does not only apply to red traffic If a remark map is configured on the same class map as the policer then the remark map will apply to green colored and yellow colored traffic irrespectiveof the value configured on the action parameter of the policer So even if action is configured to drop red the remark map will be applied to green and yellow traffic So the action parameter only applies to red...

Page 1542: ...action of the remark map applied to it and is then transmitted Example To configure a single rate meter measuring traffic of 10 Mbps that drops a sustained burst of traffic over this rate use the commands awplus configure terminal awplus config policy map name awplus config pmap class classname awplus config pmap c police single rate 10000 1875000 1875000 action drop red Related Commands no police...

Page 1543: ...ackets classed as red will be discarded Parameter Description cir Specify the Committed Information Rate CIR 1 40000000 kbps pir Specify the Peak Information Rate PIR 1 40000000 kbps cbs Specify the Committed Burst Size CBS 0 16777216 bytes pbs Specify the Peak Burst Size PBS 0 16777216 bytes action Specify the action if rate is exceeded drop red Drop the red packets remark transmit Modify the pac...

Page 1544: ...parameter of the policer So even if action is configured to drop red the remark map will be applied to green and yellow traffic So the action parameter only applies to red colored traffic If action is set to drop red then red traffic is dropped if action is set to remark transmit then the red traffic has the action of the remark map applied to it and is then transmitted Example To configure a twin...

Page 1545: ...cy Map Configuration mode to configure the specified policy map Use the no variant of this command to delete an existing policy map Syntax policy map name no policy map name Mode Global Configuration Example To create a policy map called pmap1 use the commands awplus configure terminal awplus config policy map pmap1 awplus config pmap Related Commands class map Parameter Description name Name of t...

Page 1546: ... You can then use the priority queue command to reset the selected queues to priority queuing Note that the emptying sequence for priority queuing is always highest queue number to lowest queue number Example To apply priority based scheduling to egress queues 1 and 2 use the commands awplus configure terminal awplus config interface port1 0 1 awplus config if priority queue 1 2 Related Commands s...

Page 1547: ...ts Syntax remark map bandwidth class green yellow red to new dscp 0 63 new bandwidth class green yellow red no remark map bandwidth class green yellow red to new dscp 0 63 new bandwidth class green yellow red Mode Policy Map Class Configuration Examples To remark the policed green traffic to a new DSCP of 2 and a new bandwidth class of yellow use the commands awplus configure terminal awplus confi...

Page 1548: ...s configure terminal awplus config policy map pmap1 awplus config pmap class cmap1 awplus config pmap c remark map bandwidth class green to new dscp 2 To reset the DSCP for all bandwidth classes use the commands awplus configure terminal awplus config policy map pmap1 awplus config pmap class cmap1 awplus config pmap c no remark map to new dscp Related Commands police single rate action police twi...

Page 1549: ...new cos internal external both Mode Policy Map Class Configuration Usage The default CoS to Queue mappings are shown in the following table The relationship between this command and the CoS to queue map is shown in the following figure Parameter Description 0 7 The new value for the CoS flag and or the input into the CoS to queue map external Remarks the CoS flag in the packet internal Remarks the...

Page 1550: ... INPUT FROM THE XISTING O3 VALUE 7ITH THE REMARK NEW COS COMMAND SET TO INTERNAL OR BOTH THE QUEUE MAPPING TAKES ITS INPUT FROM THE VALUE SET BY THE COMMAND REMARK NEW COS OTE THAT ALTHOUGH THE O3 TO 1UEUE MAP APPLIES TO THE WHOLE SWITCH THE REMARK NEW COS COMMAND APPLIES PER INDIVIDUAL CLASS MAP XISTING O3 VALUE EW O3 INTERNAL GRESS QUEUE VALUE O36ALUE GRESS 1UEUE 1O3 1 AP OS TO 1UEUE APPING 2EMA...

Page 1551: ...nterface association Syntax service policy input policy map no service policy input policy map Mode Interface Configuration Usage This command can be applied to switch ports or static channel groups but not to dynamic LACP channel groups Example To apply a policy map named pmap1 to interface port1 0 2 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if ser...

Page 1552: ...command set ip next hop The remaining traffic will be conventionally routed according to the rules set for the default class map providing that this is not subject to the set ip next hop The situation becomes more complex if the traffic requiring conventional routing is a subset of the traffic to be policy routed To configure this make a policy map that contains one or more class maps that match t...

Page 1553: ...C613 50102 01 REV C Command Reference for x510 Series 1553 AlliedWare Plus Operating System Version 5 4 6 1 x QOS COMMANDS SET IP NEXT HOP PBR Related commands class map ...

Page 1554: ...for classifying traffic Syntax show class map class map name Mode User Exec and Privileged Exec Example To display a QoS class map s match criteria for classifying traffic use the command awplus show class map cmap1 Output Figure 39 2 Example output from the show class map command Related Commands class map Parameter Description class map name Name of the class map CLASS MAP NAME cmap1 Set IP DSCP...

Page 1555: ...verview Use this command to display whether QoS is enabled or disabled on the switch Syntax show mls qos Mode User Exec and Privileged Exec Example To display whether QoS is enabled or disabled use the command awplus show mls qos Output Figure 39 3 Example output from the show mls qos command Related Commands mls qos enable awplus show mls qos Enable ...

Page 1556: ... qos interface port Mode User Exec and Privileged Exec Example To display current CoS and queue settings for interface port1 0 1 use the command awplus show mls qos interface port1 0 1 Output Figure 39 4 Example output from the show mls qos interface command Parameter Description port Switch port Default CoS 7 Default Queue 7 Number of egress queues 8 Queue Set 1 Egress Queue 0 Status Enabled Sche...

Page 1557: ... Queue 6 Status Enabled Scheduler Strict Priority Queue Limit 12 Egress Rate Limit 0 Kb Egress Queue 7 Status Enabled Scheduler Strict Priority Queue Limit 12 Egress Rate Limit 0 Kb Table 40 Parameters in the output of the show mls qos interface command Parameter Description Default CoS The default CoS priority that will be applied to all packets arriving on this interface Default Queue The defaul...

Page 1558: ... INTERFACE Queue Limit The percentage of the port s buffers that have been allocated to this queue Egress Rate Limit The amount of traffic that can be transmitted via this queue per second 0 Kb means there is currently no rate limiting enabled Table 40 Parameters in the output of the show mls qos interface command Parameter Description ...

Page 1559: ...he counters are based on metering performed on the specified class map Therefore the Dropped Bytes counter is the number of bytes dropped due to metering This is different from packets dropped via a deny action in the ACL If a policer is configured to perform re marking bytes can be marked Red but are not dropped and is shown with a value of 0 for the Dropped field and a non 0 value for the Red By...

Page 1560: ...Version 5 4 6 1 x QOS COMMANDS SHOW MLS QOS INTERFACE POLICER COUNTERS This output shows a policer configured with remarking through action remark transmit so although bytes are marked as Red none are dropped Therefore the Non dropped Bytes field shows a summation of Green Yellow and Red bytes ...

Page 1561: ...eport s queue which will be a sum of all egress queues Syntax show mls qos interface port queue counters queue number Mode User Exec and Privileged Exec Example To show the counters for all queues on port1 0 1 use the command awplus show mls qos interface port1 0 1 queue counters Output Figure 39 6 Example output from the show mls qos interface queue counters command Parameter Description port Swi...

Page 1562: ...SHOW MLS QOS INTERFACE QUEUE COUNTERS Port queue length Number of frames in the port s queue This will be the sum of all egress queues on the port Egress Queue length Number of frames in a specific egress queue Table 41 Parameters in the output of the show mls qos interface queue counters command cont Parameter Description ...

Page 1563: ...ser Exec and Privileged Exec Example To see the QSP status on port1 0 1 use the command awplus show mls qos interface port1 0 1 storm status Output Figure 39 7 Example output from the show mls qos interface storm status command Related Commands storm action storm downtime storm protection storm rate storm window Parameter Description port Switch port Interface port1 0 1 Storm Protection Enabled Po...

Page 1564: ... current configuration of the cos queue map Syntax show mls qos maps cos queue Mode User Exec and Privileged Exec Example To display the current configuration of the cos queue map use the command awplus show mls qos maps cos queue Output Figure 39 8 Example output from show mls qos maps cos queue Related Commands mls qos map cos queue to COS TO QUEUE MAP COS 0 1 2 3 4 5 6 7 QUEUE 2 0 1 3 4 5 6 7 ...

Page 1565: ...SCP CoS and or bandwidth class of a packet matching the class map based on a lookup DSCP value Syntax show mls qos maps premark dscp 0 63 Mode User Exec and Privileged Exec Example To display the premark dscp map for DSCP 1 use the command awplus show mls qos maps premark dscp 1 Output Figure 39 9 Example output from the show mls qos maps premark dscp command Related Commands mls qos map premark d...

Page 1566: ...presents of the total available Syntax show platform classifier statistics utilization brief Mode Privileged Exec Example To display the platform classifier utilization statistics use the following command awplus show platform classifier statistics utilization brief Output Figure 39 10 Output from the show platform classifier statistics utilization brief command Related Commands show platform awpl...

Page 1567: ...ws their associated class maps Syntax show policy map name Mode User Exec and Privileged Exec Example To display a listing of the policy maps configured on the switch use the command awplus show policy map Output Figure 39 11 Example output from the show policy map command Related Commands service policy input Parameter Description name The name of a specific policy map POLICY MAP NAME general tra...

Page 1568: ... action portdisable vlandisable linkdown no storm action Mode Policy Map Class Configuration Examples To apply the storm protection of vlandisable to the policy map named pmap2 and the class map named cmap1 use the following commands awplus configure terminal awplus config policy map pmap2 awplus config pmap class cmap1 awplus config pmap c storm action vlandisable To negate the storm protection s...

Page 1569: ...10 seconds Syntax storm downtime 1 86400 no storm downtime Default 10 seconds Mode Policy Map Class Configuration Examples To re enable the port in 1 minute use the following commands awplus configure terminal awplus config policy map pmap2 awplus config pmap class cmap1 awplus config pmap c storm downtime 60 To re set the port to the default 10 seconds use the following commands awplus configure ...

Page 1570: ...ariant of this command disables Policy Based Storm Protection Syntax storm protection no storm protection Default By default storm protection is disabled Mode Policy Map Class Configuration Examples To enable QSP on cmap2 in pmap2 use the following commands awplus configure terminal awplus config policy map pmap2 awplus config pmap class cmap2 awplus config pmap c storm protection To disable QSP o...

Page 1571: ...te Default No default Mode Policy Map Class Configuration Usage This setting is made in conjunction with the storm window command Examples To limit the data rate to 100Mbps use the following commands awplus configure terminal awplus config policy map pmap2 awplus config pmap class cmap2 awplus config pmap c storm rate 100000 To negate the limit set previously use the following commands awplus conf...

Page 1572: ...default Mode Policy Map Class Configuration Usage This command should be set in conjunction with the storm rate command Examples To set the QSP window size to 5000 ms use the following commands awplus configure terminal awplus config policy map pmap2 awplus config pmap class cmap2 awplus config pmap c storm window 5000 To negate the QSP window size set previously use the following commands awplus ...

Page 1573: ...ents of the packet existing either at ingress or applied by the class map will pass unchanged Syntax trust dscp no trust Mode Policy Map Configuration Because policy maps are applied to ports you can think of trust dscp as a per port setting Examples To enable the premark dscp map lookup for policy map pmap1 use the commands awplus configure terminal awplus config policy map pmap1 awplus config pm...

Page 1574: ...able queues 0 1 2 3 4 5 6 7 no wrr queue disable queues 0 1 2 3 4 5 6 7 Mode Interface Configuration Examples To disable queue 1 from transmitting traffic use the commands awplus configure terminal awplus config interface port1 0 1 awplus config if wrr queue disable queues 1 To enable queue 1 to transmit traffic use the commands awplus configure terminal awplus config interface port1 0 1 awplus co...

Page 1575: ...cified The minimum is 651Kb Syntax wrr queue egress rate limit bandwidth queues 0 1 2 3 4 5 6 7 no wrr queue egress rate limit bandwidth queues 0 1 2 3 4 5 6 7 Mode Interface Configuration Example To limit the egress rate of queues 0 1 and 2 use the commands awplus configure terminal awplus config interface port1 0 1 awplus config if wrr queue egress rate limit 500M queues 0 1 2 Related Commands s...

Page 1576: ...hted round robin based scheduling to static aggregated interfaces for example awplus config interface sa2 Attempting to apply weighted round robin based scheduling on aggregated interfaces will display the console error shown below awplus configure terminal awplus config interface sa2 awplus config if wrr queue weight Invalid input detected at marker Example To apply a WRR weight of 6 to queues 0 ...

Page 1577: ...thentication on page 1580 debug dot1x on page 1581 dot1x control direction on page 1582 dot1x eap on page 1584 dot1x eapol version on page 1585 dot1x initialize interface on page 1587 dot1x initialize supplicant on page 1588 dot1x keytransmit on page 1589 dot1x max auth fail on page 1590 dot1x max reauth req on page 1592 dot1x port control on page 1594 dot1x timeout tx period on page 1596 show deb...

Page 1578: ...EV C Command Reference for x510 Series 1578 AlliedWare Plus Operating System Version 5 4 6 1 x 802 1X COMMANDS show dot1x supplicant on page 1611 show dot1x supplicant interface on page 1613 undebug dot1x on page 1616 ...

Page 1579: ...efault list name no dot1x accounting Default The default method list is applied to an interface by default Mode Interface Mode Example To apply the named list vlan10_acct on the vlan10 interface use the commands awplus configure terminal awplus config interface vlan10 awplus config if dot1x accounting vlan10_acct To remove the named list from the vlan10 interface and set the authentication method ...

Page 1580: ...1x authentication Default The default method list is applied to an interface by default Mode Interface Mode Example To apply the named list vlan10_auth on the vlan10 interface use the commands awplus configure terminal awplus config interface vlan10 awplus config if dot1x authentication vlan10_auth To remove the named list from the vlan10 interface and set the authentication method back to default...

Page 1581: ... aware that this is a very verbose output It is mostly useful to capture this as part of escalating an issue to ATI support Examples Use this command without any parameters to turn on normal 802 1X debug information awplus debug dot1x awplus show debugging dot1x Related Commands show debugging dot1x undebug dot1x Parameter Description all Used with the no variant of this command exclusively turns ...

Page 1582: ...yntax dot1x control direction in both no dot1x control direction Default The authentication port direction is set to both by default Mode Interface Configuration for a static channel a dynamic LACP channel group or a switch port or Authentication Profile mode Examples To set the port direction to the default both for port1 0 2 use the commands awplus configure terminal awplus config interface port...

Page 1583: ...CONTROL DIRECTION To set the port direction to the default both for authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config auth profile no dot1x control direction Related Commands auth profile Global Configuration show dot1x show dot1x interface show auth interface ...

Page 1584: ...he commands awplus configure terminal awplus config dot1x eap forward To set the transmit mode of EAP packet to discard to discard EAP packets use the commands awplus configure terminal awplus config dot1x eap discard To set the transmit mode of EAP packet to forward untagged vlan to forward EAP packets to ports with the same untagged vlan use the commands awplus configure terminal awplus config d...

Page 1585: ... Examples To set the EAPOL protocol version to 2 for port1 0 2 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if dot1x eapol version 2 To set the EAPOL protocol version to the default version 1 for interface port1 0 2 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if no dot1x eapol version To set the EAPOL prot...

Page 1586: ...EV C Command Reference for x510 Series 1586 AlliedWare Plus Operating System Version 5 4 6 1 x 802 1X COMMANDS DOT1X EAPOL VERSION Validation Commands auth profile Global Configuration show dot1x show dot1x interface ...

Page 1587: ...0 2 use the command awplus dot1x initialize interface port1 0 2 To unauthorize switch port1 0 1 and attempt reauthentication on switch port1 0 1 use the command awplus dot1x initialize interface port1 0 1 To unauthorize all switch ports for a 24 port device and attempt reauthentication use the command awplus dot1x initialize interface port1 0 1 port1 0 24 Validation Commands show dot1x show dot1x ...

Page 1588: ...hiscommand Theattemptistriggered by the first packet from the supplicant trying to access the network resources Syntax dot1x initialize supplicant macadd username Mode Privileged Exec Example To initialize the supplicant authentication use the commands awplus configure terminal awplus config dot1x initialize supplicant 0090 99ab a020 awplus config dot1x initialize supplicant guest Validation Comma...

Page 1589: ... LACP channel group or a switch port Usage Use this command to enable key transmission over an Extensible Authentication Protocol EAP packet between the authenticator and supplicant Use the no variant of this command to disable key transmission Examples To enable the key transmit feature on interface port1 0 2 after it has been disabled by negation use the commands awplus configure terminal awplus...

Page 1590: ...maximum number of login attempts for supplicants on an interface The supplicant is moved to the auth fail VLAN from the Guest VLAN after the number of failed login attempts using 802 1X authentication is equal to the number set with this command See the AAA and Port Authentication Feature Overview and Configuration Guide for information about the auth fail VLAN feature and restrictions regarding c...

Page 1591: ...al awplus config auth profile student awplus config auth profile dot1x max auth fail 1 To configure the maximum number of login attempts for a supplicant on authentication profile student to the default number of three 3 login attempts use the commands awplus configure terminal awplus config auth profile student awplus config auth profile no dot1x max auth fail Validation Commands show running con...

Page 1592: ...tication attempts after failure Examples To configure the maximum number of reauthentication attempts for interface port1 0 2 to a single 1 reauthentication request use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if dot1x max reauth req 1 To configure the maximum number of reauthentication attempts for interface port1 0 2 to the default maximum number of ...

Page 1593: ...eauthentication attempts for authentication profile student to the default maximum number of two 2 reauthentication attempts use the commands awplus configure terminal awplus config auth profile student awplus config auth profile no dot1x max reauth req Validation Commands show running config Related Commands auth profile Global Configuration dot1x max auth fail show dot1x interface ...

Page 1594: ...rt controlis set to auto the 802 1X authentication feature is executed on the interface but only if the aaa authentication dot1x command has been issued Examples To enable port authentication on the interface port1 0 2 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if dot1x port control auto To enable port authentication force authorized on the interface...

Page 1595: ...minal awplus config auth profile student awplus config auth profile dot1x port control auto To enable port authentication force authorized on authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config auth profile dot1x port control force authorized To disable port authentication on authentication profile student use the commands awpl...

Page 1596: ...ttempts to request an ID Examples To set the transmit timeout period to 5 seconds on interface port1 0 2 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if dot1x timeout tx period 5 To reset transmit timeout period to the default 30 seconds on interface port1 0 2 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if...

Page 1597: ... C Command Reference for x510 Series 1597 AlliedWare Plus Operating System Version 5 4 6 1 x 802 1X COMMANDS DOT1X TIMEOUT TX PERIOD Validation Commands auth profile Global Configuration show dot1x show dot1x interface ...

Page 1598: ...ing and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging dot1x Mode User Exec and Privileged Exec Usage This is a sample output from the show debugging dot1x command awplus debug dot1x awplus show debugging dot1x Related Commands debug dot1x 802 1X debugging status 802 1X events debugging is on 802 1X timer debugging ...

Page 1599: ... show dot1x all Parameter Description all Displays all authentication information for each port available on the switch Table 1 Example output from the show dot1x command awplus show dot1x all 802 1X Port Based Authentication Enabled RADIUS server address 150 87 18 89 1812 Next radius message id 5 RADIUS client address not configured Authentication info for interface port1 0 6 portEnabled true por...

Page 1600: ...ted false KR rxKey false KT keyAvailable false keyTxEnabled false criticalState off dynamicVlanId 2 802 1X statistics for interface port1 0 6 EAPOL Frames Rx 5 EAPOL Frames Tx 16 EAPOL Start Frames Rx 0 EAPOL Logoff Frames Rx 0 EAP Rsp Id Frames Rx 3 EAP Response Frames Rx 2 EAP Req Id Frames Tx 8 EAP Request Frames Tx 2 Invalid EAPOL Frames Rx 0 EAP Length Error Frames Rx 0 EAPOL Last Frame Versi...

Page 1601: ...NDS SHOW DOT1X authEaplogoggWhileAuthenticating 0 authReauthsWhileAuthenticated 0 authEapstartWhileAuthenticated 0 authEaplogoffWhileAuthenticated 0 BackendResponses 2 BackendAccessChallenges 1 BackendOtherrequestToSupplicant 3 BackendAuthSuccess 1 BackendAuthFails 0 Table 1 Example output from the show dot1x command cont ...

Page 1602: ...figuration Guide Syntax show dot1x diagnostics interface interface list Mode Privileged Exec Example See the sample output below showing 802 1X authentication diagnostics for port1 0 5 awplus show dot1x diagnostics interface port1 0 5 Parameter Description interface Specify a port to show interface list The interfaces or ports to configure An interface list can be an interface e g vlan2 a switch p...

Page 1603: ...Supplicant address 00d0 59ab 7037 authEnterConnecting 2 authEaplogoffWhileConnecting 1 authEnterAuthenticating 2 authSuccessWhileAuthenticating 1 authTimeoutWhileAuthenticating 1 authFailWhileAuthenticating 0 authEapstartWhileAuthenticating 0 authEaplogoggWhileAuthenticating 0 authReauthsWhileAuthenticated 0 authEapstartWhileAuthenticated 0 authEaplogoffWhileAuthenticated 0 BackendResponses 2 Back...

Page 1604: ... saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show dot1x interface interface list diagnostics sessionstatistics statistics supplicant brief Mode Privileged Exec Examples See the sample output below showing 802 1X authentication status for port1 0 6 awplus show dot1x interface port1 0 6 Parameter Description interface list The in...

Page 1605: ...rized reAuthenticate disabled reAuthPeriod 3600 PAE quietPeriod 60 maxReauthReq 2 txPeriod 30 PAE connectTimeout 30 BE suppTimeout 30 serverTimeout 30 CD adminControlledDirections in KT keyTxEnabled false critical disabled guestVlan disabled dynamicVlanCreation single dynamic vlan assignFailActionRule deny hostMode multi supplicant maxSupplicant 1024 dot1x enabled protocolVersion 1 authMac enabled...

Page 1606: ...EaplogoggWhileAuthenticating 0 authReauthsWhileAuthenticated 0 authEapstartWhileAuthenticated 0 authEaplogoffWhileAuthenticated 0 BackendResponses 2 BackendAccessChallenges 1 BackendOtherrequestToSupplicant 3 BackendAuthSuccess 1 awplus show dot1x interface port1 0 6 supplicant authenticationMethod dot1x totalSupplicantNum 1 authorizedSupplicantNum 1 macBasedAuthenticationSupplicantNum 0 dot1xAuth...

Page 1607: ... status of the port for 802 1X control portStatus 802 1X status of the port authorized unauthorized reAuthenticate Reauthentication enabled disabled status on port reAuthPeriod Value holds meaning only if reauthentication is enabled abort Indicates that authentication should be aborted when set to true fail Indicates failed authentication attempt when set to false start Indicates authentication sh...

Page 1608: ...nt CD Controlled Directions State machine adminControlledDi r ections Administrative value Both In operControlledDir e ctions Operational Value Both In KR Key receive state machine rxKey True when EAPOL Key message is received by supplicant or authenticator false when key is transmitted KT Ket Transmit State machine keyAvailable False when key has been transmitted by authenticator true when new ke...

Page 1609: ... authentication session statistics for port1 0 6 awplus show dot1x sessionstatistics interface port1 0 6 Parameter Description interface Specify a port to show interface list The interfaces or ports to configure An interface list can be an interface e g vlan2 a switch port e g port1 0 6 a static channel group e g sa2 or a dynamic LACP channel group e g po2 a continuous range of interfaces ports st...

Page 1610: ...x statistics interface port1 0 6 Parameter Description interface list The interfaces or ports to configure An interface list can be an interface e g vlan2 a switch port e g port1 0 6 a static channel group e g sa2 or a dynamic LACP channel group e g po2 a continuous range of interfaces ports static channel groups or dynamic LACP channel groups separated by a hyphen e g vlan2 8 or port1 0 1 1 0 4 o...

Page 1611: ...meter awplus show dot1x supplicant 00d0 59ab 7037 brief Parameter Description macadd MAC hardware address of the Supplicant brief Brief summary of the Supplicant state authenticationMethod dot1x totalSupplicantNum 1 authorizedSupplicantNum 1 macBasedAuthenticationSupplicantNum 0 dot1xAuthenticationSupplicantNum 1 webBasedAuthenticationSupplicantNum 0 Supplicant name manager Supplicant address 00d0...

Page 1612: ...icationMethod dot1x totalSupplicantNum 1 authorizedSupplicantNum 1 macBasedAuthenticationSupplicantNum 0 dot1xAuthenticationSupplicantNum 1 webBasedAuthenticationSupplicantNum 0 Interface VID Mode MAC Address Status IP Address Username port1 0 6 2 D 00d0 59ab 7037 Authenticated 192 168 2 201 manager Interface port1 0 6 authenticationMethod dot1x web Two Step Authentication firstMethod dot1x second...

Page 1613: ...Configuration Guide Syntax show dot1x supplicant interface interface list brief Mode Privileged Exec Examples See sample output below showing the supplicant on the interface port1 0 6 awplus show dot1x interface port1 0 6 Parameter Description interface list The interfaces or ports to configure An interface list can be aninterface e g vlan2 aswitchport e g port1 0 6 a static channel group e g sa2 ...

Page 1614: ...cant address 0000 cd07 7b60 authenticationMethod 802 1X Two Step Authentication firstAuthentication Pass Method mac secondAuthentication Pass Method dot1x portStatus Authorized currentId 3 abort F fail F start F timeout F success T PAE state Authenticated portMode Auto PAE reAuthCount 0 rxRespId 0 PAE quietPeriod 60 maxReauthReq 2 BE state Idle reqCount 0 idFromServer 2 CD adminControlledDirection...

Page 1615: ...rface sa1 supplicant brief Interface sa1 authenticationMethod dot1x Two Step Authentication firstMethod mac secondMethod dot1x totalSupplicantNum 1 authorizedSupplicantNum 1 macBasedAuthenticationSupplicantNum 0 dot1xAuthenticationSupplicantNum 1 webBasedAuthenticationSupplicantNum 0 otherAuthenticationSupplicantNum 0 Interface VID Mode MAC Address Status IP Address Username sa1 1 D 00d0 59ab 7037...

Page 1616: ...mmand Reference for x510 Series 1616 AlliedWare Plus Operating System Version 5 4 6 1 x 802 1X COMMANDS UNDEBUG DOT1X undebug dot1x Overview This command applies the functionality of the no variant of the debug dot1x command ...

Page 1617: ...ynamic vlan creation on page 1623 auth guest vlan on page 1626 auth guest vlan forward on page 1629 auth host mode on page 1631 auth log on page 1633 auth max supplicant on page 1635 auth profile Global Configuration on page 1637 auth profile Interface Configuration on page 1638 auth reauthentication on page 1639 auth roaming disconnected on page 1640 auth roaming enable on page 1642 auth supplica...

Page 1618: ...mode on page 1680 auth web server dhcp ipaddress on page 1681 auth web server dhcp lease on page 1682 auth web server dhcp wpad option on page 1683 auth web server host name on page 1684 auth web server intercept port on page 1685 auth web server ipaddress on page 1686 auth web server page language on page 1687 auth web server login url on page 1688 auth web server page logo on page 1689 auth web ...

Page 1619: ...ption Authentication Profile on page 1707 erase proxy autoconfig file on page 1708 erase web auth https file on page 1709 platform l3 vlan hashing algorithm on page 1710 platform mac vlan hashing algorithm on page 1711 show auth on page 1712 show auth diagnostics on page 1714 show auth interface on page 1716 show auth sessionstatistics on page 1719 show auth statistics interface on page 1720 show ...

Page 1620: ...n feature enables assignment to a different VLAN if a supplicant fails authentication To enable the auth fail vlan feature with Web Authentication you need to set the Web Authentication Server virtual IP address by using the auth web server ipaddress command or the auth web server dhcp ipaddress command When using 802 1X port authentication use a dot1x max auth fail command to set the maximum numb...

Page 1621: ... following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth auth fail vlan 100 To disable the auth fail vlan feature for port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if no auth auth fail vlan To enable the auth fail vlan feature on authentication profile student use the commands awplus confi...

Page 1622: ...ode Examples To enable the critical port feature on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth critical To disable the critical port feature on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if no auth critical To enable the critical port f...

Page 1623: ...LANs are assigned to ports Dynamic VLANs may be associated with authenticated MAC addresses if the type parameter is applied with the rule parameter The rule parameter deals with the case where there are multiple supplicants attached to a port and the type parameter has been set to single vlan The parameter specifies how the switch should act if different VLAN IDs end up being assigned to differen...

Page 1624: ...VLAN ID assigned for the MAC Base VLAN is displayed using the show platform table vlan command To configure Dynamic Vlan with Web Authentication you need to set Web Authentication Server virtual IP address by using the auth web server ipaddress command or the auth web server dhcp ipaddress command You also need to create a hardware access list that can be applied to the switch port interface You n...

Page 1625: ...nable the Dynamic VLAN assignment feature on authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config auth profile auth dynamic vlan creation To disable the Dynamic VLAN assignment feature on authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config auth profile no aut...

Page 1626: ...f a port is in multi supplicant mode with per port dynamic VLAN configuration after the first successful authentication subsequent hosts cannot use the guest VLAN due to the change in VLAN ID This may be avoided by using per user dynamic VLAN assignment When using the Guest VLAN feature with the multi host mode a number of supplicants can communicate via a guest VLAN before authentication A suppli...

Page 1627: ...ands awplus configure terminal awplus config vlan database awplus config vlan vlan 100 awplus config vlan exit awplus config interface port1 0 2 awplus config if dot1x port control auto awplus config if auth guest vlan 100 routing To disable the guest VLAN feature on port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if no auth guest vlan...

Page 1628: ...ommand Reference for x510 Series 1628 AlliedWare Plus Operating System Version 5 4 6 1 x AUTHENTICATION COMMANDS AUTH GUEST VLAN auth guest vlan forward dot1x port control show dot1x show dot1x interface show running config ...

Page 1629: ...ng is disabled by default Mode Interface Configuration mode for a specified switch port or Authentication Profile mode Usage Before using this command you must configure the guest VLAN with the auth guest vlan command Example To enable packet forwarding from the guest VLAN to the destination IP address on interface port1 0 2 use the commands awplus configure terminal awplus config interface port1 ...

Page 1630: ...th guest vlan forward 10 0 0 1 dns To enable the tcp forwarding port 137 on authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config auth profile auth guest vlan forward 10 0 0 1 tcp 137 To disable the tcp forwarding port 137 authentication profile student use the commands awplus configure terminal awplus config auth profile student...

Page 1631: ...use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth host mode multi supplicant Parameter Description single host Single host mode In this mode only one host may be authorized with the port If other hosts out the interface attempt to authenticate the authenticator blocks the attempt multi host Multi host mode In this mode multiple hosts may b...

Page 1632: ...h host mode To set the host mode to multi supplicant on authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config auth profile auth host mode multi supplicant To set the host mode to default single host on authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config auth p...

Page 1633: ...ging of MAC authentication failures to the log file for supplicants client devices connected to interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth log auth mac failure Parameter Description dot1x Specify only 802 1X Authentication log messages are output to the log file auth mac Specify only MAC Authentication log messag...

Page 1634: ...gure the logging of web authentication failures to the log file for supplicants client devices connected to authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config auth profile auth log auth web failure To disable the logging of all types of authentication log messages to the log file for supplicants client devices connected to aut...

Page 1635: ...rofile mode Examples To set the maximum number of supplicants to 10 on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth max supplicant 10 To reset the maximum number of supplicant to default on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if no...

Page 1636: ... Reference for x510 Series 1636 AlliedWare Plus Operating System Version 5 4 6 1 x AUTHENTICATION COMMANDS AUTH MAX SUPPLICANT Related Commands auth profile Global Configuration show dot1x show dot1x interface show running config ...

Page 1637: ...No port authentication profiles are created by default Mode Global Configuration Usage A port authentication profile is a configuration object that aggregates multiple port authentication commands These profiles are attached or detached from an interface using the auth profile Interface Configuration command Example To create a new authentication profile student use the following commands awplus c...

Page 1638: ...s a authentication profile created using the auth profile Global Configuration command to a static channel a dynamic LACP channel group or a switch port You can only attach one profile to an interface at a time use the no variant of the command to detach a profile before attempting to attach another one Example To attach the authentication profile student to port1 0 1 use the following commands aw...

Page 1639: ...t or Authentication Profile mode Examples To enable reauthentication on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth reauthentication To disable reauthentication on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if no auth reauthentication To...

Page 1640: ...ace goes down so supplicants must reauthenticate Mode Interface Configuration for a static channel a dynamic LACP channel group or a switch port or Authentication Profile mode Usage Note that 802 1X port authentication MAC authentication or Web authentication must be configured before using this feature The port that the supplicant is moving to must have the same authentication configuration as th...

Page 1641: ...nal awplus config auth profile student awplus config auth profile auth roaming disconnected To require supplicants using authentication profile student to reauthenticate when moving between ports if the link is down use the commands awplus configure terminal awplus config auth profile student awplus config auth profile no auth roaming disconnected Related Commands auth profile Global Configuration...

Page 1642: ...tion MAC authentication or Web authentication must be configured before using this feature The port that the supplicant is moving to must have the same authentication configuration as the port the supplicant is moving from This command only enables roaming authentication for links that are up If you want roaming authentication on links that are down you must also use the command auth roaming disco...

Page 1643: ...ing authentication for authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config auth profile no auth roaming enable Related Commands auth profile Global Configuration auth mac enable auth roaming disconnected auth web enable dot1x port control show auth interface show dot1x interface show running config ...

Page 1644: ...t entry in A B C D P format max reauth req The number of reauthentication attempts before becoming unauthorized 1 10 Count of reauthentication attempts default 2 port control Port control commands auto A port control parameter that allows port clients to negotiate authentication force authorized A port control parameter that forces the port state to authorized force unauthorized A port control par...

Page 1645: ...nterface port1 0 2 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if no auth supplicant ip 192 168 10 0 24 To disable reauthentication for the supplicant s IP address 192 168 10 0 24 for interface port1 0 2 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if no auth supplicant ip 192 168 10 0 24 reauthentication ...

Page 1646: ...ontaining a specific string mac addr mask The mask comprises a string of three period separated bytes where each byte comprises four hexadecimal characters that will generally be either 1or 0 When the mask is applied to a specific MAC address a match is only required for characters that correspond to a 1 in the mask Characters that correspond to a 0 in the mask are effectively ignored In the examp...

Page 1647: ... for port 1 0 2 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth supplicant mac 0000 5E00 0000 mask ffff ff00 0000 port control force authorized To delete the supplicant MAC address 0000 5E00 5343 for port1 0 2 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if no auth supplicant mac 0000 5E00 5343 To rese...

Page 1648: ...43 port control force authorized To delete the supplicant MAC address 0000 5E00 5343 for authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config auth profile no auth supplicant mac 0000 5E00 5343 To disable reauthentication for the supplicant MAC address 0000 5E00 5343 for authentication profile student use the commands awplus conf...

Page 1649: ...ant has the state connecting then the supplicant is deleted When auth web server session keep or auth two step enableis enabled we recommend you configure a longer connect timeout period Examples To set the connect timeout period to 3600 seconds for port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth timeout connect timeout 3600 To...

Page 1650: ...TIMEOUT CONNECT TIMEOUT To reset the connect timeout period to the default 30 seconds for authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config auth profile no auth timeout connect timeout Related Commands auth profile Global Configuration show dot1x show dot1x interface ...

Page 1651: ...0 seconds for interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth timeout quiet period 10 To reset the quiet period to the default 60 seconds for interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if no auth timeout quiet period To set the quiet period ...

Page 1652: ...a switch port or Authentication Profile mode Examples To set the reauthentication period to 1 day for interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth timeout reauth period 86400 To reset the reauthentication period to the default 3600 seconds for interface port1 0 2 use the following commands awplus configure terminal...

Page 1653: ...x510 Series 1653 AlliedWare Plus Operating System Version 5 4 6 1 x AUTHENTICATION COMMANDS AUTH TIMEOUT REAUTH PERIOD Related Commands auth profile Global Configuration auth reauthentication show dot1x show dot1x interface show running config ...

Page 1654: ...to 120 seconds for interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth timeout server timeout 120 To set the server timeout to the default 30 seconds for interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if no auth timeout server timeout To set the ser...

Page 1655: ...erence for x510 Series 1655 AlliedWare Plus Operating System Version 5 4 6 1 x AUTHENTICATION COMMANDS AUTH TIMEOUT SERVER TIMEOUT Related Commands auth profile Global Configuration show dot1x show dot1x interface show running config ...

Page 1656: ...r timeout to 2 seconds for interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth timeout supp timeout 2 To reset the server timeout to the default 30 seconds for interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if no auth timeout supp timeout To set the...

Page 1657: ...ference for x510 Series 1657 AlliedWare Plus Operating System Version 5 4 6 1 x AUTHENTICATION COMMANDS AUTH TIMEOUT SUPP TIMEOUT Related Commands auth profile Global Configuration show dot1x show dot1x interface show running config ...

Page 1658: ...security risk an unauthorized user can access the network with an authorized device or an authorized user can access the network with an unauthorized device Two step authentication solves this problem by authenticating both the user and the device The supplicant will only become authenticated if both these steps are successful If the first authentication step fails then the second step is not star...

Page 1659: ...ing commands awplus configure terminal awplus config interface port1 0 2 awplus config if switchport mode access awplus config if auth web enable awplus config if dot1x port control auto awplus config if auth dynamic vlan creation awplus config if auth two step enable To enable the two step authentication feature for authentication profile student use the commands awplus configure terminal awplus ...

Page 1660: ...s Operating System Version 5 4 6 1 x AUTHENTICATION COMMANDS AUTH TWO STEP ENABLE Relat ed Commands auth profile Global Configuration show auth two step supplicant brief show auth show auth interface show auth supplicant show dot1x show dot1x interface show dot1x supplicant ...

Page 1661: ...t list name no auth mac accounting Default The default method list is applied to an interface by default Mode Interface Mode Example To apply the named list vlan10_acct on the vlan10 interface use the commands awplus configure terminal awplus config interface vlan10 awplus config if auth mac accounting vlan10_acct To remove the named list from the vlan10 interface and set the accounting method bac...

Page 1662: ...uth mac authentication Default The default method list is applied to an interface by default Mode Interface Mode Example To apply the named list vlan10_auth on the vlan10 interface use the commands awplus configure terminal awplus config interface vlan10 awplus config if auth mac authentication vlan10_auth To remove the named list from the vlan10 interface and set the authentication method back to...

Page 1663: ...is enabled Note that re authentication is correct behavior without spanning tree edgeport enabled Applying switchport mode access on ports is also good practice to set the ports to access mode with ingress filtering turned on whenever ports for MAC Authentication are in a VLAN Examples To enable MAC Authentication on interface port1 0 2 and enable spanning tree edgeport to avoid unnecessary re aut...

Page 1664: ...CATION COMMANDS AUTH MAC ENABLE To disable MAC authentication on authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config auth profile no auth mac enable Related Commands auth profile Global Configuration show auth show auth interface show running config ...

Page 1665: ...ce Configuration for a static channel a dynamic LACP channel group or a switch port or Authentication Profile mode Examples To set the MAC Authentication method to pap on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth mac method pap To set the MAC Authentication method to the default on interface port1 0 2 use the fo...

Page 1666: ...CATION COMMANDS AUTH MAC METHOD To disable MAC authentication on authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config auth profile no auth mac enable Related Commands auth profile Global Configuration show auth show auth interface show running config ...

Page 1667: ...s particularly important if some MAC based supplicants on the network are intelligent devices such as computers and or you are using two step authentication see the Ensuring Authentication Methods Require Different Usernames and Passwords section of the AAA and Port Authentication Feature_Overview and Configuration Guide Examples To change the password to verySecurePassword use the commands awplus...

Page 1668: ...ntication re learning feature on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth mac reauth relearning To disable the re authentication re learning feature on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awpl us config if no auth mac reauth relearning To en...

Page 1669: ...s provided to allow other vendors AlliedWare and AlliedWare Plus switches to share the same format on the RADIUS server Example To configure the format of the MAC address in the username and password field to be changed to IETF and upper case use the following commands awplus configure terminal awplus config auth mac username ietf upper case Related Commands auth mac username show running config P...

Page 1670: ...list name no auth web accounting Default The default method list is applied to an interface by default Mode Interface Mode Example To apply the named list vlan10_acct on the vlan10 interface use the commands awplus configure terminal awplus config interface vlan10 awplus config if auth web accounting vlan10_acct To remove the named list from the vlan10 interface and set the accounting method back ...

Page 1671: ...th web authentication Default The default method list is applied to an interface by default Mode Interface Mode Example To apply the named list vlan10_auth on the vlan10 interface use the commands awplus configure terminal awplus config interface vlan10 awplus config if auth web authentication vlan10_auth To remove the named list from the vlan10 interface and set the authentication method back to ...

Page 1672: ...ands awplus configure terminal awplus config interface port1 0 2 awplus config if static channel group 2 awplus config if exit awplus config interface sa2 awplus config if auth web enable To disable Web Authentication on static channel group 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if static channel group 2 awplus config if exit awplus ...

Page 1673: ...and Reference for x510 Series 1673 AlliedWare Plus Operating System Version 5 4 6 1 x AUTHENTICATION COMMANDS AUTH WEB ENABLE Related Commands auth profile Global Configuration show auth show auth interface show running config ...

Page 1674: ...p address ip address prefix length dns tcp 1 65535 udp 1 65535 Or no auth web forward arp dhcp dns tcp 1 65535 udp 1 65535 Default Packet forwarding for port authentication is enabled by default for arp dhcp and dns Mode Interface Configuration for a static channel a dynamic LACP channel group or a switch port or Authentication Profile mode Usage For more information about the ip address parameter...

Page 1675: ...hport mode access awplus config if auth web enable awplus config if auth dynamic vlan creation awplus config if auth web forward 192 168 1 10 dns To disable the ARP forwarding feature on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if no auth web forward arp To delete the TCP forwarding port 137 on interface port1 0 2 use ...

Page 1676: ... student use the commands awplus configure terminal awplus config auth profile student awplus config auth profile no auth web forward arp To delete the tcp forwarding port 137 on authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config auth profile no auth web forward tcp 137 To delete all tcp forwarding on authentication profile st...

Page 1677: ... channel group or a switch port or Authentication Profile mode Examples To set the lock count to 5 on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth web max auth fail 5 To set the lock count to the default on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 aw...

Page 1678: ... x510 Series 1678 AlliedWare Plus Operating System Version 5 4 6 1 x AUTHENTICATION COMMANDS AUTH WEB MAX AUTH FAIL Related Commands auth profile Global Configuration auth timeout quiet period show auth show auth interface show running config ...

Page 1679: ...ntication Profile mode Example To set the Web Authentication method to eap md5 on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth web method eap md5 To set the web authentication method to eap md5 for authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus co...

Page 1680: ...disable blocking mode for the Web Authentication server Syntax auth web server blocking mode no auth web server blocking mode Default By default blocking mode is disabled for the Web Authentication server Mode Global Configuration Example To enable blocking mode for the Web Authentication server use the following commands awplus configure terminal awplus config auth web server blocking mode To dis...

Page 1681: ...ication Feature Overview and Configuration Guide for information about using DHCP with web authentication and restrictions regarding combinations of authentication enhancements working together You cannot use the IPv4 address assigned to the device s interface as the Web Authentication server address Examples To assign the IP address 10 0 0 1 to the Web Authentication server use the following comm...

Page 1682: ... See the AAA and Port Authentication Feature Overview and Configuration Guide for information about using DHCP with web authentication and restrictions regarding combinations of authentication enhancements working together Examples To set the DHCP lease time to 1 minute for supplicants using the DHCP service on the Web Authentication server use the following commands awplus configure terminal awpl...

Page 1683: ...ed to use WPAD the supplicant s web browser will use TCP port 80 as usual Therefore the packet can be intercepted by Web Authentication as normal and the Web Authentication Login page can be sent However after authentication the browser does not know where to get the WPAD file and so cannot access external web pages The WPAD file is usually named proxy pac file and tells the browser what web proxy...

Page 1684: ...TTPS protocol the web browser will validate the certificate If the certificate is invalid the web page gives a warning message before displaying server content However the web page will not give warning message if the server has a hostname same as the one stored in the installed certificate Examples To set the auth example com as the hostname of the web authentication server use the commands awplu...

Page 1685: ... port number In this case Web Authentication cannot intercept the connection To overcome this limitation you can use this command to tell the switch which additional port it should intercept and then send the Web Authentication Login page to the supplicant When the web authentication switch is in a guest network the switch does not know the proxy server s port number in the supplicant s proxy sett...

Page 1686: ...h web server ipaddress ip address no auth web server ipaddress Default The Web Authentication server address on the system is not set by default Mode Global Configuration Examples To set the IP address 10 0 0 1 to the Web Authentication server use the following commands awplus configure terminal awplus config auth web server ipaddress 10 0 0 1 To delete the IP address from the Web Authentication s...

Page 1687: ... English by default Mode Global Configuration Examples To set Japanese as the presentation language of Web authentication pages use the following commands awplus configure terminal awplus config auth web server page language japanese To set English as the presentation language of Web authentication pages use the following commands awplus configure terminal awplus config auth web server page langua...

Page 1688: ...Configuration Guide for details Use the no variant of this command to delete the URL Syntax auth web server login url URL no auth web server login url Default The built in login page is set by default Mode Global Configuration Examples To set http example com login html as the login page use the commands awplus configure terminal awplus config auth web server login url http example com login html ...

Page 1689: ...and Port Authentication Feature Overview and Configuration Guide Syntax auth web server page logo auto default hidden no auth web server page logo Default Logo type is auto by default Mode Global Configuration Examples To display the default logo with ignoring installed custom logo use the commands awplus configure terminal awplus config auth web server page logo default To set back to the default...

Page 1690: ...re Overview and Configuration Guide Syntax auth web server page sub title hidden text sub title no auth web server page sub title Default Allied Telesis is displayed by default Mode Global Configuration Examples To set the custom sub title use the commands awplus configure terminal awplus config auth web server page sub title text Web Authentication To hide the sub title use the commands awplus co...

Page 1691: ...and Port Authentication Feature Overview and Configuration Guide Syntax auth web server page success message text success message no auth web server page success message Default No success message is set by default Mode Global Configuration Examples To set the success message on the web authentication page use the commands awplus configure terminal awplus config auth web server page success messag...

Page 1692: ...e Syntax auth web server page title hidden text title no auth web server page title Default Web Access Authentication Gateway is displayed by default Mode Global Configuration Examples To set the custom title on the web authentication page use the commands awplus configure terminal awplus config auth web server page title text Login To hide the title on the web authentication page use the commands...

Page 1693: ...A and Port Authentication Feature Overview and Configuration Guide Syntax auth web server page welcome message text welcome message no auth web server page welcome message Default No welcome message is set by default Mode Global Configuration Examples To set the welcome message on the web authentication page use the commands awplus configure terminal awplus config auth web server page welcome mess...

Page 1694: ...enticated by Web Authentication Syntax auth web server ping poll enable no auth web server ping poll enable Default The ping polling feature for Web Authentication is disabled by default Mode Global Configuration Examples To enable the ping polling feature for Web Authentication use the following commands awplus configure terminal awplus config auth web server ping poll enable To disable the ping ...

Page 1695: ...Use the no variant of this command to resets the fail count for the ping polling feature to the default 5 pings Syntax auth web server ping poll failcount 1 100 no auth web server ping poll failcount Default The default failcount for ping polling is 5 pings Mode Global Configuration Examples To set the failcount of ping polling to 10 pings use the following commands awplus configure terminal awplu...

Page 1696: ...ing polling 30 seconds Syntax auth web server ping poll interval 1 65535 no auth web server ping poll interval Default The interval for ping polling is 30 seconds by default Mode Global Configuration Examples To set the interval of ping polling to 60 seconds use the following commands awplus configure terminal awplus config auth web server ping poll interval 60 To set the interval of ping polling ...

Page 1697: ... no variant of this command to reset the reauth timer refresh parameter to the default setting disabled Syntax auth web server ping poll reauth timer refresh no auth web server ping poll reauth timer refresh Default The reauth timer refresh parameter is disabled by default Mode Global Configuration Examples To enable the reauth timer refresh timer use the following commands awplus configure termin...

Page 1698: ... reset the timeout of ping polling to the default 1 second Syntax auth web server ping poll timeout 1 30 no auth web server ping poll timeout Default The default timeout for ping polling is 1 second Mode Global Configuration Examples To set the timeout of ping polling to 2 seconds use the command awplus configure terminal awplus config auth web server ping poll timeout 2 To set the timeout of ping...

Page 1699: ... Authentication server HTTP port number is set to 80 by default Mode Global Configuration Examples To set the HTTP port number 8080 for the Web Authentication server use the following commands awplus configure terminal awplus config auth web server port 8080 To reset to the default HTTP port number 80 for the Web Authentication server use the following commands awplus configure terminal awplus con...

Page 1700: ...irect delay time Default The default redirect delay time is 5 seconds Mode Global Configuration Examples To set the delay time to 60 seconds for the Web Authentication server use the following commands awplus configure terminal awplus config auth web server redirect delay time 60 To reset the delay time use the following commands awplus configure terminal awplus config no auth web server redirect ...

Page 1701: ...ntax auth web server redirect url url no auth web server redirect url Default The redirect URL for the Web Authentication server feature is not set by default null Mode Global Configuration Examples To enable and set redirect a URL string www alliedtelesis com for the Web Authentication server use the following commands awplus configure terminal awplus config auth web server redirect url http www ...

Page 1702: ... is disabled by default Mode Global Configuration Usage This function doesn t ensure to keep session information in all cases Authenticated supplicant may be redirected to unexpected page when session keep is enabled This issue occurred by supplicant sending HTTP packets automatically after authentication page is displayed and the URL is written Examples To enable the session keep feature use the ...

Page 1703: ...yntax auth web server ssl no auth web server ssl Default HTTPS functionality for the Web Authentication server feature is disabled by default Mode Global Configuration Examples To enable HTTPS functionality for the Web Authentication server feature use the following commands awplus configure terminal awplus config auth web server ssl To disable HTTPS functionality for the Web Authentication server...

Page 1704: ...variant of this command to delete registered port number Syntax auth web server ssl intercept port 1 65535 no auth web server ssl intercept port 1 65535 Default 443 TCP is registered by default Mode Global Configuration Examples To register HTTPS port number 3128 use the commands awplus configure terminal awplus config auth web server ssl intercept port 3128 To delete HTTPS port number 3128 use th...

Page 1705: ...to configuration PAC file to your switch The Web Authentication supplicant can get the downloaded file from the system web server Syntax copy filename proxy autoconfig file Mode Privileged Exec Example To download the PAC file to this device use the command awplus copy tftp server proxy pac proxy autoconfig file Related Commands show proxy autoconfig file erase proxy autoconfig file Parameter Desc...

Page 1706: ... be in PEM Privacy Enhanced Mail format and contain the private key and the server certificate Syntax copy filename web auth https file Mode Privileged Exec Example To download the server certificate file veriSign_cert pem from the TFTP server directory server use the command awplus copy tftp server veriSign_cert pem web auth https file Related Commands auth web server ssl erase web auth https fil...

Page 1707: ...ault No description configured by default Mode Authentication Profile Example To add a description to the authentication profile student use the following commands awplus configure terminal awplus config auth profile student awplus config auth profile description student room setting To remove a description from the authentication profile student use the following commands awplus configure termina...

Page 1708: ...Y AUTOCONFIG FILE erase proxy autoconfig file Overview Use this command to remove the proxy auto configuration file Syntax erase proxy autoconfig file Mode Privileged Exec Example To remove the proxy auto configuration file use the command awplus erase proxy autoconfig file Related Commands show proxy autoconfig file copy proxy autoconfig file ...

Page 1709: ...auth https file Overview Use this command to remove the SSL server certificate for web based authentication Syntax erase web auth https file Mode Privileged Exec Example To remove the SSL server certificate file for web based authentication use the command awplus erase web auth https file Related Commands auth web server ssl copy web auth https file show auth web server ...

Page 1710: ...ore than four different IP addresses produce the same hash key When this situation occurs collisions can sometimes be avoided by changing the hashing algorithm from its default of crc32l Several different algorithms may need to be tried to rectify the problem You must restart the switch for this command to take effect Note that this command is intended for technical support staff or advanced end u...

Page 1711: ... more than four different MAC addresses produce the same hash key When this situation occurs collisions can sometimes be avoided by changing the hashing algorithm from its default of crc32l Several different algorithms may need to be tried to rectify the problem You must restart the switch for this command to take effect Note that this command is intended for technical support staff or advanced en...

Page 1712: ...namic or LACP channel group or a switch port awplus show auth all 802 1X Port Based Authentication Enabled MAC based Port Authentication Disabled WEB based Port Authentication Enabled RADIUS server address auth 150 87 17 192 1812 Last radius message id 4 Authentication Info for interface port1 0 1 portEnabled true portControl Auto portStatus Authorized reAuthenticate disabled reAuthPeriod 3600 PAE...

Page 1713: ...authenticationMethod WEB based Authentication Two Step Authentication firstAuthentication Pass Method dot1x secondAuthentication Pass Method web portStatus Authorized currentId 3 abort F fail F start F timeout F success T PAE state Authenticated portMode Auto PAE reAuthCount 0 rxRespId 0 PAE quietPeriod 60 maxReauthReq 2 BE state Idle reqCount 0 idFromServer 2 CD adminControlledDirections in operC...

Page 1714: ...face list Mode Privileged Exec Example To display authentication diagnostics for port1 0 6 enter the command awplus show auth diagnostics interface port1 0 6 Parameter Description interface Specify ports to show interface list The interfaces or ports to configure An interface list can be an interface e g vlan2 a switch port e g port1 0 6 a static channel group e g sa2 or a dynamic LACP channel gro...

Page 1715: ...r interface port1 0 6 Supplicant address 00d0 59ab 7037 authEnterConnecting 2 authEaplogoffWhileConnecting 1 authEnterAuthenticating 2 authSuccessWhileAuthenticating 1 authTimeoutWhileAuthenticating 1 authFailWhileAuthenticating 0 authEapstartWhileAuthenticating 0 authEaplogoggWhileAuthenticating 0 authReauthsWhileAuthenticated 0 authEapstartWhileAuthenticated 0 authEaplogoffWhileAuthenticated 0 B...

Page 1716: ...nterface interface list diagnostics sessionstatistics statistics supplicant brief Mode Privileged Exec Example To display the Web based authentication status for port1 0 6 enter the command awplus show auth interface port1 0 6 If web based authentication is not configured the output will be Parameter Description interface list The interfaces or ports to configure An interface list can be aninterfa...

Page 1717: ...t1 0 1 Authentication Info for interface port1 0 1 portEnabled true portControl Auto portStatus Authorized reAuthenticate disabled reAuthPeriod 3600 PAE quietPeriod 60 maxReauthReq 2 txPeriod 30 BE suppTimeout 30 serverTimeout 30 CD adminControlledDirections in KT keyTxEnabled false critical disabled guestVlan disabled guestVlanForwarding none authFailVlan disabled dynamicVlanCreation disabled hos...

Page 1718: ...ionstatistics show dot1x statistics interface show dot1x supplicant interface Authentication Diagnostics for interface port1 0 6 Supplicant address 00d0 59ab 7037 authEnterConnecting 2 authEaplogoffWhileConnecting 1 authEnterAuthenticating 2 authSuccessWhileAuthenticating 1 authTimeoutWhileAuthenticating 1 authFailWhileAuthenticating 0 authEapstartWhileAuthenticating 0 authEaplogoggWhileAuthentica...

Page 1719: ...1 3 Example output from the show auth sessionstatistics command Parameter Description interface Specify ports to show interface list The interfaces or ports to configure An interface list can be an interface e g vlan2 a switch port e g port1 0 6 a static channel group e g sa2 or a dynamic LACP channel group e g po2 a continuous range of interfaces ports static channel groups or dynamic LACP channe...

Page 1720: ...play Web Authentication statistics for port1 0 4 enter the command awplus show auth statistics interface port1 0 4 Related Commands show dot1x interface Parameter Description interface list The interfaces or ports to configure An interface list can be an interface e g vlan2 a switch port e g port1 0 6 a static channel group e g sa2 or a dynamic LACP channel group e g po2 a continuous range of inte...

Page 1721: ...nt To display authenticated supplicant information for device with MAC address 0000 5E00 5301 enter the command awplus show auth supplicant 0000 5E00 5301 Output Figure 41 4 Example output from show auth supplicant brief Parameter Description macadd Mac hardware address of the supplicant Entry format is HHHH HHHH HHHH hexadecimal brief Brief summary of the supplicant state awplus show auth supplic...

Page 1722: ...l F start F timeout F success T PAE state Authenticated portMode Auto PAE reAuthCount 0 rxRespId 0 PAE quietPeriod 60 maxReauthReq 2 BE state Idle reqCount 0 idFromServer 0 CD adminControlledDirections in operControlledDirections in CD bridgeDetected false KR rxKey false KT keyAvailable false keyTxEnabled false RADIUS server group auth radius RADIUS server auth 192 168 1 40 awplus show auth suppli...

Page 1723: ...lliedWare Plus Operating System Version 5 4 6 1 x AUTHENTICATION COMMANDS SHOW AUTH SUPPLICANT Related Commands aaa accounting auth mac aaa accounting auth web aaa accounting dot1x aaa authentication auth mac aaa authentication auth web aaa authentication dot1x ...

Page 1724: ...uthenticated supplicant on the interface port1 0 3 enter the command awplus show auth supplicant interface port1 0 3 To display brief summary output for the authenticated supplicant enter the command awplus show auth supplicant brief Parameter Description interface list The interfaces or ports to configure An interface list can be an interface e g vlan2 a switch port e g port1 0 6 a static channel...

Page 1725: ...step supplicant interface port1 0 6 brief Output Figure 41 7 Example output from show auth two step supplicant brief Related Commands auth two step enable Parameter Description interface The interface selected for display ifrange The interface types which can be specified as ifrange Switch port e g port1 0 6 Static channel group e g sa3 Dynamic LACP channel group e g po4 interface port1 0 6 authen...

Page 1726: ...1 8 Example output from the show auth web server command Related Commands auth web server ipaddress auth web server port auth web server redirect delay time auth web server redirect url auth web server session keep auth web server ssl Web authentication server Server status enabled Server mode none Server address 192 168 1 1 24 DHCP server enabled DHCP lease time 20 DHCP WPAD Option URL http 192 1...

Page 1727: ...how the web authentication page information use the command awplus show auth web server page Figure 41 9 Example output from the show auth web server page command Related Commands auth web forward auth web server page logo auth web server page sub title auth web server page success message auth web server page title auth web server page welcome message awplus show auth web server page Web authenti...

Page 1728: ...Syntax show proxy autoconfig file Mode Privileged Exec Example To display the contents of the proxy auto configuration PAC file enter the command awplus show auth proxy autoconfig file Output Figure 41 10 Example output from the show proxy autoconfig file Related Commands copy proxy autoconfig file erase proxy autoconfig file function FindProxyForURL url host if isPlainHostName host isInNet host 1...

Page 1729: ... 1735 aaa accounting dot1x on page 1737 aaa accounting login on page 1739 aaa accounting update on page 1742 aaa authentication auth mac on page 1744 aaa authentication auth web on page 1746 aaa authentication dot1x on page 1748 aaa authentication enable default group tacacs on page 1750 aaa authentication enable default local on page 1752 aaa authentication login on page 1753 aaa group server on ...

Page 1730: ...n on page 1763 proxy port on page 1764 radius secure proxy aaa on page 1765 server radsecproxy aaa on page 1766 server name check on page 1768 server trustpoint on page 1769 show aaa local user locked on page 1771 show aaa server group on page 1772 show debugging aaa on page 1773 show radius server group on page 1774 undebug aaa on page 1776 ...

Page 1731: ...ly none group group name radius no aaa accounting auth mac default list name Default RADIUS accounting for MAC based Authentication is disabled by default Mode Global Configuration Usage This command can be used to configure either the default accounting method list or a named accounting method list default the default accounting method list which is automatically applied to all interfaces with MA...

Page 1732: ...DIUS servers use the commands awplus configure terminal awplus config aaa accounting auth mac default start stop group radius To disable RADIUS accounting for MAC based Authentication use the commands awplus configure terminal awplus config no aaa accounting auth mac default To enable a named RADIUS accounting method list vlan10_acct for MAC based authentication with the RADIUS server group rad_gr...

Page 1733: ...ly none group group name radius no aaa accounting auth web default list name Default RADIUS accounting for Web based authentication is disabled by default Mode Global Configuration Usage This command can be used to configure either the default accounting method list or a named accounting method list default the default accounting method list which is automatically applied to all interfaces with We...

Page 1734: ...ervers use the commands awplus configure terminal awplus config aaa accounting auth web default start stop group radius To disable the default RADIUS accounting method for Web based authentication use the commands awplus configure terminal awplus config no aaa accounting auth web default To enable a named RADIUS accounting method list vlan10_acct for Web based authentication with the RADIUS server...

Page 1735: ...led by default Mode Global Configuration Usage This command only supports a default method list this means that it is applied to every console and vty line The stop only parameter indicates that the command accounting messages are sent to the TACACS server when the commands have stopped executing The group tacacs parameters signifies that the command accounting messages are sent to the TACACS serv...

Page 1736: ...privilege levels 1 7 and 15 use the following commands awplus configure terminal awplus config aaa accounting commands 1 default stop only group tacacs awplus config aaa accounting commands 7 default stop only group tacacs awplus config aaa accounting commands 15 default stop only group tacacs To disable command accounting for privilege levels 1 7 and 15 use the following commands awplus configure...

Page 1737: ...me start stop stop only none group group name radius no aaa accounting dot1x default list name Default RADIUS accounting for 802 1X based authentication is disabled by default there is no default server set by default Mode Global Configuration Usage This command can be used to configure either the default accounting method list or a named accounting method list default the default accounting metho...

Page 1738: ...and use all available RADIUS Servers use the commands awplus configure terminal awplus config aaa accounting dot1x default start stop group radius To disable RADIUS accounting for 802 1X based authentication use the commands awplus configure terminal awplus config no aaa accounting dot1x default To enable a named RADIUS accounting method list vlan10_acct for 802 1X based authentication with the RA...

Page 1739: ...counting method list for login shell sessions configured by an aaa accounting login command If the method list being deleted isalready applied toa console orvty line accounting onthatlinewill be disabled If the default method list name is removed by this command it will disable accounting on every line that has the default accounting configuration Syntax aaa accounting login default list name star...

Page 1740: ...p name use the specified RADIUS server group configured with the aaa group server command There is one way to define servers where TACACS accounting messages are sent group tacacs use all TACACS servers configured by tacacs server host command The accounting event to send to the RADIUS or TACACS server is configured with the following options start stop sends a start accounting message at the begi...

Page 1741: ... 1741 AlliedWare Plus Operating System Version 5 4 6 1 x AAA COMMANDS AAA ACCOUNTING LOGIN Related Commands aaa accounting commands aaa authentication login aaa accounting login aaa accounting update accounting login radius server host tacacs server host ...

Page 1742: ...ode Global Configuration Usage Use this command to enable the device to send periodic AAA login accounting reports to the accounting server When periodic accounting report is enabled interim accounting records are sent according to the interval specified by the periodic parameter The accounting updates are start messages If the no variant of this command is used to disable periodic accounting repo...

Page 1743: ...AAA COMMANDS AAA ACCOUNTING UPDATE To disable periodic accounting update wherever accounting has been configured use the following commands awplus configure terminal awplus config no aaa accounting update Related Commands aaa accounting auth mac aaa accounting auth web aaa accounting dot1x aaa accounting login ...

Page 1744: ...sed Port Authentication is disabled by default Mode Global Configuration Usage This command can be used to configure either the default authentication method list or a named authentication method list default the default authentication method list which is automatically applied to all interfaces with Web based authentication enabled list name a user named list which can be applied to an interface ...

Page 1745: ... commands awplus configure terminal awplus config no aaa authentication auth mac default To enable MAC based authentication for named list vlan10_auth with RADIUS server group rad_group_vlan10 use the commands awplus configure terminal awplus config aaa authentication auth mac vlan10_auth group rad_group_vlan10 To disable MAC based authentication for named list vlan10_auth use the commands awplus ...

Page 1746: ...web default list name Default Web based authentication is disabled by default Mode Global Configuration Usage This command can be used to configure either the default authentication method list or a named authentication method list default the default authentication method list which is automatically applied to all interfaces with Web based authentication enabled list name a user named list which ...

Page 1747: ...tication use the commands awplus configure terminal awplus config no aaa authentication auth web default To enable Web based authentication for named list vlan10_auth with RADIUS server group rad_group_vlan10 use the commands awplus configure terminal awplus config aaa authentication auth web vlan10_auth group rad_group_vlan10 To disable Web based authentication for named list vlan10_auth use the ...

Page 1748: ...ation is disabled by default Mode Global Configuration Usage This command can be used to configure either the default authentication method list or a named authentication method list default the default authentication method list which is automatically applied to all interfaces with 802 1X based authentication enabled list name a user named list which can be applied to an interface using the aaa a...

Page 1749: ...d authentication for named list vlan10_auth with RADIUS server group rad_group_vlan10 use the commands awplus configure terminal awplus config aaa authentication dot1x vlan10_auth group rad_group_vlan10 To disable 802 1X based authentication for named list vlan10_auth use the commands awplus configure terminal awplus config no aaa authentication dot1x vlan10_acct Related Commands aaa accounting do...

Page 1750: ...ified privilege level is equal to or less than the users maximum privilege level then they are granted access to that level If the user attempts to access a privilege level that is higher than their maximum configured privilege level then the authentication session will fail and they will remain at their current privilege level NOTE If both local and none are specified you must always specify loca...

Page 1751: ...LI Examples To enable a privilege level authentication method that will not allow the user to access Privileged Exec mode if the TACACS server goes offline or is not reachable during enable password authentication use the following commands awplus configure terminal awplus config aaa authentication enable default group tacacs To enable a privilege level authentication method that will allow the us...

Page 1752: ...tion Usage The privilege level configured for a particular user in the local user database is the privilege threshold above which the user is prompted for an enable Privileged Exec mode command Examples To enable local privilege level authentication command use the following commands awplus configure terminal awplus config aaa authentication enable default local To disable privilege level authenti...

Page 1753: ...e default method list This will return the default method list to its default state local is the default Syntax aaa authentication login default list name local group radius tacacs group name no aaa authentication login default list name Default If the default server is not configured using this command user login authentication uses the local user database only If the default method list name is ...

Page 1754: ... for user login to first use all available RADIUS servers for user login authentication and then use the local user database use the following commands awplus configure terminal awplus config aaa authentication login default group radius local To configure a user login authentication method list called USERS to first use the RADIUS servergroup RAD_GROUP1 foruserloginauthentication andthenusethe lo...

Page 1755: ...bal Configuration Usage Use this command to create an AAA group of RADIUS servers and to enter Server Group Configurationmode inwhich you canadd servers to thegroup Use a server groupto specify a subset of RADIUS servers in AAA commands Each RADIUS server must be configured by the radius server host command To add RADIUS servers to a server group use the server command Examples To create a RADIUS ...

Page 1756: ... x AAA COMMANDS AAA GROUP SERVER Related Commands aaa accounting auth mac aaa accounting auth web aaa accounting dot1x aaa accounting login aaa authentication auth mac aaa authentication auth web aaa authentication dot1x aaa authentication login radius server host server Server Group show radius server group ...

Page 1757: ...iguration Default The default for the lockout time is 300 seconds 5 minutes Usage While locked out all attempts to login with the locked account will fail The lockout can be manually cleared by another privileged account using the clear aaa local user lockout command Examples To configure the lockout period to 10 minutes 600 seconds use the commands awplus configure terminal awplus config aaa loca...

Page 1758: ...ed login counter reaches the limit configured by this command that user account is locked out for a specified duration configured by the aaa local authentication attempts lockout time command When a successful login occurs the failed login counter is reset to 0 When a user account is locked out all attempts to login using that user account will fail Examples To configure the number of login failur...

Page 1759: ...the console SSH and Telnet Use the novariantof this commandtoresetthe minimumtimeperiod to itsdefault value Syntax aaa login fail delay 1 10 no aaa login fail delay 1 10 Default 1 second Mode Global configuration Example To apply a delay of at least 5 seconds between login attempts use the following commands awplus configure terminal awplus config aaa login fail delay 5 Related Commands aaa authen...

Page 1760: ...of this command resets AAA Accounting applied to console or VTY lines for local or remote login default login accounting is applied after issuing the no accounting login command Accounting is disabled with default Syntax accounting login default list name no accounting login Default By default login accounting is disabled in the default accounting server No accounting will be performed until accou...

Page 1761: ...ear aaa local user lockout username username all Mode Privileged Exec Examples To unlock the user account bob use the following command awplus clear aaa local user lockout username bob To unlock all user accounts use the following command awplus clear aaa local user lockout all Related Commands aaa local authentication attempts lockout time Parameter Description username Clear lockout for the spec...

Page 1762: ...accounting all authentication authorization Default AAA debugging is disabled by default Mode Privileged Exec Examples To enable authentication debugging for AAA use the command awplus debug aaa authentication To disable authentication debugging for AAA use the command awplus no debug aaa authentication Related Commands show debugging aaa undebug aaa Parameter Description accounting Accounting deb...

Page 1763: ...tication on these console or VTY lines Command Syntax login authentication default list name no login authentication Default The default login authentication method list as specified by the aaa authentication login command is used to authenticate user login If this has not been specified the default is to use the local user database Mode Line Configuration Examples To reset user authentication con...

Page 1764: ...o proxy port Default The default port is 1645 Mode RadSecProxy AAA Configuration Mode Usage It is not necessary to change the value from the default unless UDP port 1645 is required for another purpose RADIUS requests received on this port from external devices will be ignored The port is only used for local intra device communication Example To configure change the UDP port to 7001 use the follow...

Page 1765: ...figuration mode This application allows local RADIUS based clients on system to communicate with remote RadSec servers via a secure TLS proxy Syntax radius secure proxy aaa Mode Global Configuration Mode Example To change mode from User Exec mode to the RadSecProxy AAA configuration mode use the commands awplus configure terminal awplus config radius secure proxy aaa awplus config radsecproxy aaa ...

Page 1766: ...ut value for RADIUS servers will be used The global timeout may be changed using the radius server timeout command The default global timeout is 5 seconds Each server may be configured to use certificate name checking if not specified the global behavior defined by server name check or no server name check will be used If name checking is enabled the Common Name portion of the subject field of the...

Page 1767: ...ERVER RADSECPROXY AAA Example To add a server which waits 3 seconds before receiving replies use the commands awplus configure terminal awplus config radius secure proxy aaa awplus config radsecproxy aaa client mynas local name check off Related Commands proxy port radius secure proxy aaa server name check server trustpoint ...

Page 1768: ...subject field of the client s X 509 certificate must match the domain name or IP address specified in the server radsecproxy aaa command Use the no variant of this command to set the global behavior for certificate name checking to off Syntax server name check no server name check Default Certificate name checking is on by default Mode RadSecProxy AAA Configuration Mode Example Disable certificate...

Page 1769: ...server must have an issuer chain that terminates with the root CA certificate for any of the trustpoints that are associated with the application If no trustpoints are specified in the command the trustpoint list will be unchanged If no server trustpoint is issued without specifying any trustpoints then all trustpoints will be disassociated from the application Example You can add multiple trustpo...

Page 1770: ...C613 50102 01 REV C Command Reference for x510 Series 1770 AlliedWare Plus Operating System Version 5 4 6 1 x AAA COMMANDS SERVER TRUSTPOINT server radsecproxy aaa server name check ...

Page 1771: ...ocked account successfully logs into the system after waiting for the lockout time this command will display nothing for that particular account Syntax show aaa local user locked Mode User Exec and Privileged Exec Example To display the current failed attempts for local users use the command awplus show aaa local user locked Output Figure 42 1 Example output from the show aaa local user locked com...

Page 1772: ...aaa accounting auth mac aaa authentication auth web aaa authentication dot1x awplus show aaa server group User List Name Method Acct Event login auth default local login acct dot1x auth default radius group dot1x auth vlan30_auth rad_group_1 group dot1x auth vlan40_auth rad_group_2 group dot1x acct vlan30_acct rad_group_4 group start stop dot1x acct vlan40_acct rad_group_5 group start stop auth ma...

Page 1773: ...displays the current debugging status for AAA Authentication Authorization Accounting Syntax show debugging aaa Mode User Exec and Privileged Exec Example To display the current debugging status of AAA use the command awplus show debug aaa Output Figure 42 3 Example output from the show debug aaa command AAA debugging status Authentication debugging is on Accounting debugging is off ...

Page 1774: ...er groups use the command awplus show radius server group To display a information for a RADIUS server group named rad_group_list1 use the command awplus show radius server group rad_group_list1 Output Figure 42 4 Example output from show radius server group Parameter Description group name RADIUS server group name awplus show radius server group RADIUS Group Configuration Group Name radius Server...

Page 1775: ...DIUS SERVER GROUP Figure 42 5 Example output from show radius server group rad_group_list1 Related Commands aaa group server awplus show radius server group rad_group_list1 RADIUS Group Configuration Group Name rad_group_list1 Server Host Auth Acct Auth Acct IP Address Port Port Status Status 192 168 1 101 1812 1813 Active Active ...

Page 1776: ... 01 REV C Command Reference for x510 Series 1776 AlliedWare Plus Operating System Version 5 4 6 1 x AAA COMMANDS UNDEBUG AAA undebug aaa Overview This command applies the functionality of the no debug aaa command ...

Page 1777: ...entifier on page 1778 auth radius send service type on page 1779 deadtime RADIUS server group on page 1780 debug radius on page 1781 ip radius source interface on page 1782 radius server deadtime on page 1783 radius server host on page 1784 radius server key on page 1787 radius server retransmit on page 1788 radius server timeout on page 1790 server Server Group on page 1792 show debugging radius ...

Page 1778: ...entifierof NASID100 as the NAS Identifier attribute use the commands awplus configure terminal awplus config auth radius send nas identifier NASID100 To use the VLAN ID as the NAS Identifier attribute use the commands awplus configure terminal awplus config auth radius send nas identifier vlan id To stop sending the NAS Identifier attribute use the commands awplus configure terminal awplus config ...

Page 1779: ...n requests The Service Type attribute has a value of Framed 2 for 802 1x Call Check 10 for MAC authentication Unbound 5 for Web authentication Use the no variant of this command to stop including the Service Type attribute Syntax auth radius send service type no auth radius send service type Mode Global Configuration Example To send the Service Type attribute use the commands awplus configure term...

Page 1780: ...RADIUS server is set to 0 minutes by default Syntax deadtime 0 1440 no deadtime Default The deadtime is set to 0 minutes by default Mode Server Group Configuration Usage If the RADIUS server does not respond to a request packet the packet is retransmitted the number of times configured for the retransmit parameter after waiting for a timeout period to expire The server is then marked dead and the ...

Page 1781: ... all Default RADIUS debugging is disabled by default Mode Privileged Exec Examples To enable debugging for RADIUS packets use the command awplus debug radius packet To enable debugging for RADIUS events use the command awplus debug radius event To disable debugging for RADIUS packets use the command awplus no debug radius packet To disable debugging for RADIUS events use the command awplus no debu...

Page 1782: ...ce interface interface ip address no ip radius source interface Default Source IP address of outgoing RADIUS packets depends on the interface the packets leave Mode Global Configuration Examples To configure all outgoing RADIUS packets to use the IP address of the interface vlan1 for the source IP address use the following commands awplus configure terminal awplus config ip radius source interface...

Page 1783: ...S deadtime configured on the system is 0 seconds Mode Global Configuration Usage The RADIUS client considers a RADIUS server to be dead if it fails to respond to a request after it has been retransmitted as often as specified globally by the radius server retransmit command or for the server by the radius server host command To improve RADIUS response times when some servers may be unavailable set...

Page 1784: ...0 65535 auth port 0 65535 key key string retransmit 0 100 timeout 1 1000 no radius server host host name ip address acct port 0 65535 auth port 0 65535 Parameter Description host name Server host name The DNS name of the RADIUS server host ip address The IP address of the RADIUS server host acct port Accounting port Specifies the UDP destination port for RADIUS accounting requests If 0 is specifie...

Page 1785: ...The time interval in seconds to wait for the RADIUS server to reply before retransmitting a request or considering the server dead This setting overrides the global value set by the radius server timeout command If no timeout value is specified for this server the global value is used retransmit Specifies the number of retries before skip to the next server If this parameter is not specified the g...

Page 1786: ...er 10 0 0 20 use the following commands awplus configure terminal awplus config no radius server host 10 0 0 20 To configure rad1 company com for authentication only use the following commands awplus configure terminal awplus config radius server host rad1 company com acct port 0 To remove the RADIUS server rad1 company com configured for authentication only use the following commands awplus confi...

Page 1787: ...t key shared between this client and its RADIUS servers If no secret key is specified for a particular RADIUS server using the radius server host c ommand this global key is used After enabling AAA authentication with the aaa authentication login command set the authentication and encryption key using the radius server key command so the key entered matches the key used on the RADIUS server Exampl...

Page 1788: ...ault RADIUS retransmit count on the device is 3 Mode Global Configuration Examples To set the RADIUS retransmit count to 1 use the following commands awplus configure terminal awplus config radius server retransmit 1 To set the RADIUS retransmit count to the default 3 use the following commands awplus configure terminal awplus config no radius server retransmit To configure the RADIUS retransmit c...

Page 1789: ...EV C Command Reference for x510 Series 1789 AlliedWare Plus Operating System Version 5 4 6 1 x RADIUS COMMANDS RADIUS SERVER RETRANSMIT Related Commands radius server deadtime radius server host show radius statistics ...

Page 1790: ...is 5 seconds Mode Global Configuration Examples To globally set the device to wait 20 seconds before retransmitting a RADIUS request to unresponsive RADIUS servers use the following commands awplus configure terminal awplus config radius server timeout 20 To set the RADIUS timeout parameter to 1 second use the following commands awplus configure terminal awplus config radius server timeout 1 To se...

Page 1791: ...1 x RADIUS COMMANDS RADIUS SERVER TIMEOUT To reset the global timeout period for RADIUS servers to the default use the following command awplus configure terminal awplus config no radius server timeout Related Commands radius server deadtime radius server host radius server retransmit show radius statistics ...

Page 1792: ...on port for accounting requests to the server To disable accounting for the server set acct port to 0 If the accounting port is missing the default port number is 1812 Use the no variant of this command to remove a RADIUS server from the server group Syntax server hostname ip address auth port 0 65535 acct port 0 65535 no server hostname ip address auth port 0 65535 acct port 0 65535 Parameter Des...

Page 1793: ...minal awplus config aaa group server radius RAD_AUTH1 awplus config sg server 192 168 1 1 acct port 0 awplus config sg server 192 168 2 1 auth port 1000 acct port 0 To create a RADIUS server group RAD_ACCT1 for accounting use the following commands awplus configure terminal awplus config aaa group server radius RAD_ACCT1 awplus config sg server 192 168 2 1 auth port 0 acct port 1001 awplus config ...

Page 1794: ...displays the current debugging status for the RADIUS servers Syntax show debugging radius Mode User Exec and Privileged Exec Example To display the current debugging status of RADIUS servers use the command awplus show debugging radius Output Figure 43 1 Example output from the show debugging radius command RADIUS debugging status RADIUS event debugging is off RADIUS packet debugging is off ...

Page 1795: ...he show radius command showing RADIUS servers Example See the sample output below showing RADIUS client status and RADIUS configuration awplus show radius RADIUS Global Configuration Source Interface not configured Secret Key secret Timeout 5 sec Retransmit Count 3 Deadtime 20 min Server Host 192 168 1 10 Authentication Port 1812 Accounting Port 1813 Secret Key secret Timeout 3 sec Retransmit Coun...

Page 1796: ...e Interface The interface name or IP address to be used for the source address of all outgoing RADIUS packets Secret Key A shared secret key to a radius server Timeout A time interval in seconds Retransmit Count The number of retry count if a RADIUS server does not response Deadtime A time interval in minutes to mark a RADIUS server as dead Interim Update A time interval in minutes to send Interim...

Page 1797: ...as been dead for Alive The server is alive Error The server is not responding Dead The server is detected as dead and it will not be used for deadtime period The time displayed in the output shows the server is in dead status for that amount of time Unknown The server is never used or the status is unknown Acct Status The status of the accounting port The status dead error or alive of the RADIUS a...

Page 1798: ...vileged Exec Example See the sample output below showing RADIUS client statistics and RADIUS configuration awplus show radius statistics Output Figure 43 4 Example output from the show radius statistics command RADIUS statistics for Server 150 87 18 89 Access Request Tx 5 Retransmit 0 Access Accept Rx 1 Access Reject Rx 2 Access Challenge Rx 2 Unknown Type 0 Bad Authenticator 0 Malformed Access Re...

Page 1799: ...V C Command Reference for x510 Series 1799 AlliedWare Plus Operating System Version 5 4 6 1 x RADIUS COMMANDS UNDEBUG RADIUS undebug radius Overview This command applies the functionality of the no debug radius command ...

Page 1800: ...roxy srv on page 1806 client name check on page 1807 client trustpoint on page 1808 clear radius local server statistics on page 1809 copy fdb radius users to file on page 1810 copy local radius user db from file on page 1812 copy local radius user db to file on page 1813 crypto pki enroll local on page 1814 crypto pki enroll local local radius all users on page 1815 crypto pki enroll local user o...

Page 1801: ... page 1830 server enable on page 1831 show crypto pki certificates on page 1832 show crypto pki certificates local radius all users on page 1834 show crypto pki certificates user on page 1836 show crypto pki trustpoints on page 1838 show radius local server group on page 1839 show radius local server nas on page 1840 show radius local server statistics on page 1841 show radius local server user on...

Page 1802: ...r group If the specified attribute is already defined then it is replaced with the new value Use the no variant of this command to delete an attribute from the local RADIUS server user group Syntax attribute attribute name attribute id help attribute attribute name attribute id value no attribute attribute name attribute id Default By default no attributes are configured Mode RADIUS Server Group C...

Page 1803: ...mes use the following commands awplus configure terminal awplus config radius server local awplus config radsrv group Admin awplus config radsrv group attribute help A list of Vendor specific Attributes displays after the list of defined Standard Attributes To get help for valid RADIUS attribute values for the attribute Service Type use the following commands awplus configure terminal awplus confi...

Page 1804: ...e following commands awplus configure terminal awplus config radius server local awplus config radsrv group Admin awplus config radsrv group attribute Service Type 6 To delete the attribute Service Type from the RADIUS User Group Admin use the following commands awplus configure terminal awplus config radius server local awplus config radsrv group Admin awplus config radsrv group no attribute Serv...

Page 1805: ... enabled by default Mode RADIUS Server Configuration Examples The following commands enable EAP MD5 authentication methods on the local RADIUS server awplus configure terminal awplus config radius server local awplus config radsrv authentication eapmd5 The following commands disable EAP MD5 authentication methods on Local RADIUS server awplus configure terminal awplus config radius server local aw...

Page 1806: ...o use certificate name checking if not specified the global behavior defined by client name check or no client name check will be used If name checking is enabled the Common Name portion of the subject field of the client s X 509 certificate must match the domain name or IP address specified in this command Example To add a client called mynas local with certificate name checking off use the comma...

Page 1807: ...ion of the subject field of the client s X 509 certificate must match the domain name or IP address specified in the client radsecproxy aaa command Use the no variant of this command to set the global behavior for certificate name checking to off Syntax client name check no client name check Default Certificate name checking is on by default Mode RadSecProxy Local Server Configuration Example Disa...

Page 1808: ... with the root CA certificate for any of the trustpoints that are associated with the application If no trustpoints are specified in the command the trustpoint list will be unchanged If no client trustpoint is issued without specifying any trustpoints then all trustpoints will be disassociated from the application Example You can add multiple trustpoints to the RadSecProxy local server by executin...

Page 1809: ...lears the number of successful and failed logins for each local RADIUS server user Examples To clear the NAS Network Access Server statistics stored on the device use the command awplus clear radius local server statistics nas To clear the local RADIUS server statistics stored on the device use the command awplus clear radius local server statistics server To clear the local RADIUS server user sta...

Page 1810: ...local RADIUS server users created to Flash memory nvs Copy the local RADIUS server users created to NVS memory usb Copy the local RADIUS server users created to USB storage device debug Copy the local RADIUS server users created to debug tftp Copy the local RADIUS server users created to the TFTP destination scp Copy the local RADIUS server users created to the SCP destination fserver Copy the loc...

Page 1811: ...n the specified VLAN Examples To register the local RADIUS server users from the local FDB directly to the local RADIUS server use the command awplus copy fdb radius users local radius user db To register the local RADIUS server users from the interface port1 0 1 to the local RADIUS server use the command awplus copy fdb radius users local radius user db interface port1 0 1 To copy output generate...

Page 1812: ...cal RADIUS server user database before copying the contents of specified file Syntax copy source url local radius user db add replace Default When no copy method is specified with this command the replace option is applied Mode Privileged Exec Examples To replace the current local RADIUS server user data to the contents of http datahost user csv use the following command awplus copy http datahost ...

Page 1813: ...d Values format Syntax copy local radius user db flash nvs usb tftp scp destination url Mode Privileged Exec Example Copy the current local RADIUS server user data to http datahost user csv awplus copy local radius user db http datahost user csv Related Commands copy fdb radius users to file copy local radius user db from file Parameter Description flash Copy to flash memory nvs Copy to NVS memory...

Page 1814: ... CA Certificate Authority Syntax crypto pki enroll local no crypto pki enroll local Default The system certificate is not available until this command is issued Mode Global Configuration Examples The following command obtains the system certificate from the Local CA Certificate Authority awplus configure terminal awplus config crypto pki enroll local The following command deletes the system certif...

Page 1815: ... These certificates are created by the Local Certificate Authority CA on the device Syntax crypto pki enroll local local radius all users Default By default there are no certificates for users in the local RADIUS server Mode Global Configuration Example The following command obtains the local RADIUS server certificates for the user from the Local CA Certificate Authority awplus configure terminal ...

Page 1816: ...x crypto pki enroll local user user name no crypto pki enroll local user user name Default By default there is no user certificate Mode Global Configuration Examples The following command obtains Tom s certificate from the Local CA Certificate Authority awplus configure terminal awplus config crypto pki enroll local user Tom The following command deletes Tom s certificates created by the Local CA ...

Page 1817: ...command to export the certificate associated with the Local CA to a PEM format file Syntax crypto pki export local pem url url Mode Global Configuration Example The following command exports the Local CA certificate to a PEM format file awplus configure terminal awplus config crypto pki export local pem url tftp 192 168 1 1 cacert pem Related Commands crypto pki enroll local Parameter Description ...

Page 1818: ...o pki export local pkcs12 user name destination url Mode Global Configuration Examples The following commands exports a certificate for a user named client to a PKCS12 format file awplus configure terminal awplus config crypto pki export local pkcs12 client tftp 192 168 1 1 cacert pem To export Tom s certificate to PKSC12 format file use the commands awplus configure terminal awplus config crypto ...

Page 1819: ... trustpoint local no crypto pki trustpoint local Default Local CA is not a trustpoint Mode Global Configuration Examples Use the following commands to declare the Local CA as the trustpoint awplus configure terminal awplus config crypto pki trustpoint local Use the following commands to delete all information and certificates associated with the Local CA awplus configure terminal awplus config no ...

Page 1820: ...ating diagnostic messages to the system log Use the no variant of this command to disable Public Key Infrastructure PKI debugging When PKI debugging is disabled the PKI module stops generating diagnostic messages to the system log Syntax debug crypto pki no debug crypto pki Default PKI debugging is disabled by default Mode Privileged Exec Examples To enable the PKI debugging facility use the comma...

Page 1821: ...oth domain styles are enabled the first domain style configured has the highest priority A username login string is matched against the first domain style enabled Then if the username login string is not decoded it is matched against the second domain style enabled Examples To enable NT domain style on the local RADIUS server use the commands awplus configure terminal awplus config radius server l...

Page 1822: ...d command or the egress vlan name command and specify the tagged parameter Examples To set the Egress VLANID attribute for the NormalUsers local RADIUS server user group to VLAN identifier 200 with tagged frames use the commands awplus configure terminal awplus config radius server local awplus config radsrv group NormalUsers awplus config radsrv group egress vlan id 200 tagged To remove the Egres...

Page 1823: ...2 01 REV C Command Reference for x510 Series 1823 AlliedWare Plus Operating System Version 5 4 6 1 x LOCAL RADIUS SERVER COMMANDS EGRESS VLAN ID Related Commands attribute egress vlan name switchport voice vlan ...

Page 1824: ...the egress vlan id command or the egress vlan name command and specify the tagged parameter Examples To configure the Egress VLAN Name attribute for the RADIUS server user group NormalUsers with the VLAN name vlan2 and all frames on this VLAN tagged use the commands awplus configure terminal awplus config radius server local awplus config radsrv group NormalUsers awplus config radsrv group egress ...

Page 1825: ...2 01 REV C Command Reference for x510 Series 1825 AlliedWare Plus Operating System Version 5 4 6 1 x LOCAL RADIUS SERVER COMMANDS EGRESS VLAN NAME Related Commands attribute egress vlan id switchport voice vlan ...

Page 1826: ...roup Syntax group user group name no group user group name Mode RADIUS Server Configuration Examples The following command creates the user group NormalUsers awplus configure terminal awplus config radius server local awplus config radsrv group NormalUsers The following command deletes user group NormalUsers awplus configure terminal awplus config radius server local awplus config radsrv no group ...

Page 1827: ...p address key nas keystring no nas ip address Mode RADIUS Server Configuration Examples The following commands add the NAS with an IP address of 192 168 1 2 to the list of clients that may send authentication requests to the local RADIUS server Note the shared key that this NAS will use to establish its identify is NAS_PASSWORD awplus configure terminal awplus config radius server local awplus con...

Page 1828: ...ion mode This application allows remote RadSec clients to communicate with the local RADIUS server process via a secure TLS proxy Syntax radius secure proxy local server Mode Global Configuration Mode Example To change mode from User Exec mode to the RadSecProxy local server configuration mode use the commands awplus configure terminal awplus config radius secure proxy local server awplus config r...

Page 1829: ...tion Example Local RADIUS Server commands are available from config radsrv configuration mode To change mode from User Exec mode to the Local RADIUS Server mode config radsrv use the commands awplus configure terminal awplus config radius server local awplus config radsrv Output Related Commands server enable show radius local server group show radius local server nas show radius local server stat...

Page 1830: ...ort Default The default local RADIUS server UDP authentication port number is 1812 Mode RADIUS Server Configuration Examples The following commands set the RADIUS server authentication port to 10000 awplus configure terminal awplus config radius server local awplus config radsrv server auth port 10000 The following commands reset the RADIUS server authentication port back to the default UDP port o...

Page 1831: ...he local RADIUS server stops operating Syntax server enable no server enable Default The local RADIUS server is disabled by default and must be enabled for use with this command Mode RADIUS Server Configuration Examples To enable the local RADIUS server use the following commands awplus configure terminal awplus config radius server local awplus config radsrv server enable To disable the local RAD...

Page 1832: ...are Plus Feature Overview and Configuration Guide Syntax show crypto pki certificates local ca local Mode User Exec and Privileged Exec Examples The following command displays Local CA Certificate Authority certificate information awplus show crypto pki certificates local ca The following command displays Local System certificate information awplus show crypto pki certificates local The following ...

Page 1833: ...ot Before Oct 8 07 50 55 2009 GMT Not After Oct 6 07 50 55 2019 GMT Subject O Allied Telesis CN Tom Certificate Local CA Data Version 3 0x2 Serial Number 0 0x0 Signature Algorithm sha1WithRSAEncryption Issuer O Allied Telesis CN AlliedwarePlusCA Validity Not Before Oct 8 07 55 55 2009 GMT Not After Oct 6 07 55 55 2019 GMT Subject O Allied Telesis CN Tom Table 2 Parameters in the output of the show...

Page 1834: ... RADIUS server user certificates awplus show crypto pki certificates local radius all users Output Table 3 Example output from the show crypto pki certificates local radius all users command awplus show crypto pki certificates local radius all users Certificate Data Version 3 0x2 Serial Number 2 0x2 Signature Algorithm sha1WithRSAEncryption Issuer O Allied Telesis CN AlliedwarePlusCA Validity Not ...

Page 1835: ...US SERVER COMMANDS SHOW CRYPTO PKI CERTIFICATES LOCAL RADIUS ALL USERS Related Commands crypto pki enroll local local radius all users Validity Validity period Subject Subject of the certificate Table 4 Parameters in the output of the show crypto pki certificates local radius all users command cont Parameter Description ...

Page 1836: ...ate information awplus show crypto pki certificates user Tom Output Parameter Description user name User name Table 5 Example output from the show crypto pki certificates user command to show certificate information for user Tom awplus show crypto pki certificates user Tom Certificate Data Version 3 0x2 Serial Number 2 0x2 Signature Algorithm sha1WithRSAEncryption Issuer O Allied Telesis CN Allied...

Page 1837: ...DIUS SERVER COMMANDS SHOW CRYPTO PKI CERTIFICATES USER Related Commands crypto pki enroll local user Issuer Subject of issuer creating the certificate Validity Validity period Subject Subject of the certificate Table 6 Parameters in the output of the show crypto pki certificates user command cont Parameter Description ...

Page 1838: ...iew and Configuration Guide Syntax show crypto pki trustpoints Mode User Exec and Privileged Exec Example The following command displays trustpoint information awplus show crypto pki trustpoint Output Related Commands crypto pki enroll local Table 7 Example output from the show crypto pki trustpoints command Trustpoint local Subject Name CN AlliedwarePlusCA o Allied Telesis Serial Number 0C Table ...

Page 1839: ...figuration Guide Syntax show radius local server group user group name Mode User Exec and Privileged Exec Example The following command displays Local RADIUS server user group information awplus show radius local server group Output Related Commands group Parameter Description user group name User group name string Table 9 Example output from the show radius local server group command Group Name V...

Page 1840: ...ature Overview and Configuration Guide Syntax show radius local server nas ip address Mode User Exec and Privileged Exec Example The following command displays NAS information awplus show radius local server nas Output Related Commands nas Parameter Description ip address Specify NAS IP address for show output Table 11 Example output from the show radius local server nas command NAS Address Shared...

Page 1841: ... command displays Local RADIUS server statistics awplus show radius local server statistics Output Related Commands clear radius local server statistics radius server local server enable server auth port Table 13 Example output from the show radius local server statistics command Server status Run administrative status is enable Enabled methods MAC EAP MD5 EAP TLS EAP PEAP Successes 1 Unknown NAS ...

Page 1842: ...S server user information for user Tom awplus show radius local server user Tom The following command displays all Local RADIUS server information for all users awplus show radius local server user The following command displays Local RADIUS server user information for Tom in CSV format awplus show radius local server user Tom format csv Parameter Description user name RADIUS user name If no user ...

Page 1843: ...L RADIUS SERVER COMMANDS SHOW RADIUS LOCAL SERVER USER Related Commands group user RADIUS server Table 16 Parameters in the output from the show radius local server user command Parameter Description User Name User name Password User password Group Group name assigned to the user Vlan VLAN name assigned to the user ...

Page 1844: ...figure the user name and user password parameters to use local RADIUS server for MAC Authentication See the AAA Feature Overview and Configuration Guide for a sample MAC configuration See also the command user 00 db 59 ab 70 37 password 00 db 59 ab 70 37 as shown in the command examples Parameter Description radius user name RADIUS user name This can also be a MAC address in the IEEE standard form...

Page 1845: ...server local awplus config radsrv user Tom password QwerSD group NormalUsers The following commands remove user Tom from the local RADIUS server awplus configure terminal awplus config radius server local awplus config radsrv no user Tom The following commands add the supplicant MAC address 00 d0 59 ab 70 37 to the local RADIUS server awplus configure terminal awplus config radius server local awp...

Page 1846: ...p Syntax vlan vid vlan name no vlan Default VLAN information is not set by default Mode RADIUS Server Group Configuration Examples The following commands set VLAN ID 200 to the group named NormalUsers awplus configure terminal awplus config radius server local awplus config radsrv group NormalUsers awplus config radsrv group vlan 200 The following commands remove VLAN ID 200 from the group named N...

Page 1847: ...nroll on page 1851 crypto pki enroll user on page 1852 crypto pki export pem on page 1854 crypto pki export pkcs12 on page 1855 crypto pki import pem on page 1857 crypto pki import pkcs12 on page 1859 crypto pki trustpoint on page 1860 enrollment trustpoint configuration mode on page 1861 fingerprint trustpoint configuration mode on page 1862 no crypto pki certificate on page 1864 rsakeypair trust...

Page 1848: ... bit lengths are more secure but require more computation time The specified key must not already exist Example To create a key with the label example server key and a bit length of 2048 use the commands awplus enable awplus crypto key generate rsa label example server key 2048 Related Commands crypto key zeroize rsakeypair trustpoint configuration mode show crypto key mypubkey rsa Parameter Descr...

Page 1849: ...with zeros The specified key must exist but must not be in use for any existing server certificates A key may not be deleted if it is associated with the server certificate or server certificate signing request for an existing trustpoint To remove a server certificate so that the key may be deleted use the no crypto pki enroll command to de enroll the server Example To delete an RSA key named exam...

Page 1850: ...ollment setting is terminal then this command prompts the user to paste a certificate Privacy Enhanced Mail PEM file at the CLI terminal If the certificate is a valid selfsigned CA certificate then it will be stored as the trustpoint s root CA certificate The specified trustpoint must already exist and its enrollment mode must have been defined Example To show the enrollment setting of a trustpoin...

Page 1851: ...is command results in the direct generation of the server certificate signed by the root CA for the trustpoint If the trustpoint represents an external certificate authority then this command results in the generation of a Certificate Signing Request CSR file which is displayed at the terminal in Privacy Enhanced Mail PEM format suitable for copying and pasting into a file or message The CSR must ...

Page 1852: ...DIUS server The specified trustpoint must represent a locally self signed certificate authority The private key and certificate are packaged into a PKCS 12 formatted file suitable for export using the crypto pki export pkcs12 command The private key is encrypted for security with a passphrase that is entered at the command line The passphrase is required when the PKCS 12 file is imported on the cl...

Page 1853: ...rsion 5 4 6 1 x PUBLIC KEY INFRASTRUCTURE COMMANDS CRYPTO PKI ENROLL USER To enroll all local RADIUS users with the trustpoint example use the following commands awplus enable awplus crypto pki enroll example local radius all users Related Commands crypto pki export pkcs12 crypto pki trustpoint ...

Page 1854: ...ged Exec Usage The specified trustpoint must already exist and it must already be authenticated Example To display the PEM file for the trustpoint example to the terminal use the following commands awplus enable awplus crypto pki export example pem terminal To export the PEM file example pem for the trustpoint example to the URL tftp server_a use the following commands awplus enable awplus crypto ...

Page 1855: ...e server certificate and thecorrespondingprivatekey iftheserverhasbeen enrolledtothetrustpoint The command prompts for a passphrase to encrypt the private key If a RADIUS username is specified this command exports the PKCS 12 file that was generated using the crypto pki enroll user command The key within the file was already encrypted as part of the user enrollment process In the event that there ...

Page 1856: ...TURE COMMANDS CRYPTO PKI EXPORT PKCS12 Example To export the PKCS 12 file example pk12 for the trustpoint example to the URL tftp backup use the following commands awplus enable awplus crypto pki export example pkcs12 ca tftp backup example pk12 Related Commands crypto pki enroll user crypto pki export pem crypto pki import pkcs12 ...

Page 1857: ...sure they are proper CA certificates and that the issuer chain ends in a root CA certificate already installed for the trustpoint If there is no root CA certificate for the trustpoint i e if the trustpoint is unauthenticated then intermediate CA certificates may not be imported Server certificates are validated to ensure that the issuer chain ends in a root CA certificate already installed for the...

Page 1858: ...C KEY INFRASTRUCTURE COMMANDS CRYPTO PKI IMPORT PEM To import the PEM file for the trustpoint example from the URL tftp server_a use the following commands awplus enable awplus crypto pki import example pem tftp server_a example pem Related Commands crypto pki authenticate crypto pki export pem crypto pki trustpoint ...

Page 1859: ...where N is a non negative integer This operation is only valid if the server certificate does not already exist for the trustpoint i e if the server is not enrolled to the trustpoint PKCS 12 files for RADIUS users may not be imported with this command There is no value in doing so as the files are not needed on the local system The specified trustpoint must already exist The key and certificate mu...

Page 1860: ...icate the trustpoint as a local self signed certificate authority The no variant of this command destroys the trustpoint by removing all CA and server certificates associated with the trustpoint as well as the private key associated with the root certificate if the root certificate was locally self signed This is a destructive and irreversible operation so this command should be used with caution ...

Page 1861: ... the root CA certificate Privacy Enhanced Mail PEM file at the terminal when the crypto pki authenticate command is issued It will create a Certificate Signing Request CSR file for the local server when the crypto pki enroll command is issued The server certificate received from the external CA should be imported using the crypto pki import pem command The trustpoint named local may only use the s...

Page 1862: ...tch any pre accepted value then the user will be prompted to verify the certificate contents and fingerprint visually This command is useful when certificates from an external certificate authority are being transmitted over an insecure channel If the certificate fingerprint is delivered via a separate messaging channel then pre entering the fingerprint value via cut and paste may be less errorpro...

Page 1863: ...3 50102 01 REV C Command Reference for x510 Series 1863 AlliedWare Plus Operating System Version 5 4 6 1 x PUBLIC KEY INFRASTRUCTURE COMMANDS FINGERPRINT TRUSTPOINT CONFIGURATION MODE crypto pki import pem ...

Page 1864: ...ned by the specified certificate the command will be rejected If the specified certificate is the root CA certificate and the trustpoint represents a locally selfsigned CA then the corresponding private key is also deleted from the system Deleting the root CA certificate effectively resets the trustpoint to an unauthenticated state Example To delete a certificate with the fingerprint 594EDEF9 C7C4...

Page 1865: ...request The optional numeric parameter defines the bit length for the key and is only applicable for keys that are implicitly created during enrollment This command does not affect server certificates or server certificate signing requests that have already been generated The trustpoint s server certificate is set to use whatever key pair was specified for the trustpoint at the time the crypto pki...

Page 1866: ...gerprint a hash of the key contents to help uniquely identify a key and a list of trustpoints in which the server certificate is using the key The specified keys must exist Example To show all keys use the following commands awplus enable awplus show crypto key mypubkey rsa Output Figure 45 1 Example output from show crypto key mypubkey rsa Related Commands crypto key generate rsa Parameter Descri...

Page 1867: ...s with the server certificate and then displays its issuer and continues up the issuer chain until the root CA certificate is reached For each certificate the command displays the certificate type the subject s distinguished name the entity identified by the certificate the issuer s distinguished name theentity thatsigned the certificate thevaliditydatesfor the certificate and the fingerprint of t...

Page 1868: ... CN local loc lc Issuer C NZ CN local_Signing_CA Valid From Nov 11 15 35 21 2015 GMT Valid To Aug 31 15 35 21 2018 GMT Fingerprint 5A81D34C 759CC4DA CFCA9F65 0303AD83 410B03AF Intermediate CA certificate Subject C NZ CN example_Signing_CA Issuer C NZ CN example_Root_CA Valid From Sep 3 18 45 01 2015 GMT Valid To Oct 10 18 45 01 2020 GMT Fingerprint AE2D5850 9867D258 ABBEE95E 2E0E3D81 60714920 Impo...

Page 1869: ...trustpoints using the crypto pki export pkcs12 command Syntax crypto pki enrollment user username Mode Privileged Exec Example To show the list of trustpoints to which user exampleuser1 is enrolled use the following commands awplus enable awplus config show crypto pki enrollment user exampleuser1 Output Figure 45 3 Example output from show crypto pki enrollment user Related Commands crypto pki enr...

Page 1870: ...onfigured to use the trustpoint and the trustpoint parameters that were configured from trustpoint configuration mode The specified trustpoints must already exist Example To show the details of the trustpoint example use the following commands awplus enable awplus show crypto pki trustpoint example Output Figure 45 4 Example output from show crypto pki trustpoint Related Commands crypto pki trustp...

Page 1871: ...tion Usage The subject name is specified as a variable number of fields where each field begins with a forward slash character Each field is of the form XX value where XX is the abbreviation of the node type in the tree Common values include C country ST state L locality O organization OU organizational unit and CN common name Of these fields CN is usually the most important NOTE For a server cert...

Page 1872: ...02 01 REV C Command Reference for x510 Series 1872 AlliedWare Plus Operating System Version 5 4 6 1 x PUBLIC KEY INFRASTRUCTURE COMMANDS SUBJECT NAME TRUSTPOINT CONFIGURATION Related Commands crypto pki enroll ...

Page 1873: ...verview This chapter provides an alphabetical reference for commands used to configure the device to use TACACS servers For more information about TACACS see the TACACS Feature Overview and Configuration Guide Command List show tacacs on page 1874 tacacs server host on page 1875 tacacs server key on page 1877 tacacs server timeout on page 1878 ...

Page 1874: ...mmand TACACS Global Configuration Timeout 5 sec Server Host Server IP Address Status 192 168 1 10 Alive 192 168 1 11 Unknown Table 1 Parameters in the output of the show tacacs command Output Parameter Meaning Timeout A time interval in seconds Server Host IP Address TACACS server hostname or IP address Server Status The status of the authentication port Alive The server is alive Dead The server h...

Page 1875: ...configured is regarded as the primary server and if the primary server fails then the backup servers are consulted in turn A backup server is consulted if the primary server fails not if a login authentication attempt is rejected The reasons a server would fail are it is not network reachable it is not currently TACACS capable Parameter Description host name Server host name The DNS name of the TA...

Page 1876: ...llowing commands awplus configure terminal awplus config tacacs server host tac1 company com To set the secret key to secret on the TACACS server 192 168 1 1 use the following commands awplus configure terminal awplus config tacacs server host 192 168 1 1 key secret To remove the TACACS server tac1 company com use the following commands awplus configure terminal awplus config no tacacs server host...

Page 1877: ...is client and its TACACS servers If no secret key is specified for a particular TACACS server using the tacacs server host command this global key is used Examples To set the global secret key to secret for TACACS server use the following commands awplus configure terminal awplus config tacacs server key secret To delete the global secret key for TACACS server use the following commands awplus con...

Page 1878: ...The no variant of this command resets the transmit timeout to the default 5 seconds Syntax tacacs server timeout seconds no tacacs server timeout Default The default timeout value is 5 seconds Mode Global Configuration Examples To set the timeout value to 3 seconds use the following commands awplus configure terminal awplus config tacacs server timeout 3 To reset the timeout period for TACACS serv...

Page 1879: ...witch ports e g port1 0 2 Command List arp security on page 1881 arp security violation on page 1882 clear arp security statistics on page 1884 clear ip dhcp snooping binding on page 1885 clear ip dhcp snooping statistics on page 1886 debug arp security on page 1887 debug ip dhcp snooping on page 1888 ip dhcp snooping on page 1889 ip dhcp snooping agent option on page 1890 ip dhcp snooping agent o...

Page 1880: ...903 service dhcp snooping on page 1905 show arp security on page 1907 show arp security interface on page 1908 show arp security statistics on page 1910 show debugging arp security on page 1912 show debugging ip dhcp snooping on page 1913 show ip dhcp snooping on page 1914 show ip dhcp snooping acl on page 1915 show ip dhcp snooping agent option on page 1918 show ip dhcp snooping binding on page 1...

Page 1881: ... to disable ARP security on the VLANs Syntax arp security no arp security Default Disabled Mode Interface Configuration VLANs Usage Enable ARP security to provide protection against ARP spoofing DHCP snooping mustalso be enabled on the switch service dhcp snoopingcommand and on the VLANs ip dhcp snooping command Example To enable ARP security on VLANs 2 to 4 use the commands awplus configure termi...

Page 1882: ... has ARP security enabled it drops the packet This command sets the switch to perform additional actions in response to ARP violations If a port has been shut down in response to a violation to bring it back up again after any issues have been resolved use the shutdown command Example To send SNMP notifications for ARP security violations on ports 1 0 1 to 1 0 6 use the commands awplus configure t...

Page 1883: ... for x510 Series 1883 AlliedWare Plus Operating System Version 5 4 6 1 x DHCP SNOOPING COMMANDS ARP SECURITY VIOLATION Related Commands arp security show arp security interface show arp security statistics show log snmp server enable trap ...

Page 1884: ...ax clear arp security statistics interface port list Mode Privileged Exec Example To clear statistics for ARP security on interface port1 0 1 use the command awplus clear arp security statistics interface port1 0 1 Related Commands arp security violation show arp security show arp security statistics Parameter Description port list The ports to clear statistics for If no ports are specified statis...

Page 1885: ...st Mode Privileged Exec Usage This command removes dynamic entries from the database Note that dynamic entries can also be deleted by using the novariant of theip dhcp snooping binding command Dynamic entries can individually restored by using the ip dhcp snooping binding command To remove static entries use the no variant of the ip source binding command Example To remove a dynamic lease entry fr...

Page 1886: ...cp snooping statistics interface port list Mode Privileged Exec Example To clear statistics for the DHCP snooping on interface port1 0 1 use the command awplus clear ip dhcp snooping statistics interface port1 0 1 Related Commands clear arp security statistics show ip dhcp snooping show ip dhcp snooping statistics Parameter Description port list The ports to clear statistics for If no ports are sp...

Page 1887: ...Overview Use this command to enable ARP security debugging Use the no variant of this command to disable debugging for ARP security Syntax debug arp security no debug arp security Default Disabled Mode Privileged Exec Example To enable ARP security debugging use the commands awplus debug arp security Related Commands show debugging arp security show log terminal monitor ...

Page 1888: ...et detail no debug ip dhcp snooping all acl db packet detail Default Disabled Mode Privileged Exec Example To enable access list debugging for DHCP snooping use the commands awplus debug ip dhcp snooping acl Related Commands debug arp security show debugging ip dhcp snooping show log terminal monitor Parameter Description all All DHCP snooping debug acl DHCP snooping access list debug db DHCP snoo...

Page 1889: ...t one port connected to a DHCP server configured as a trusted port by using the ip dhcp snooping trust command Any ACLs on a port that permit traffic matching DHCP snooping entries and block other traffic will block all traffic if DHCP snooping is disabled on the port If you disable DHCP snooping on particular VLANs using this command you must also remove any DHCP snooping ACLs from the ports to m...

Page 1890: ...ooping agent option no ip dhcp snooping agent option Default DHCP Relay Agent Option 82 insertion is enabled by default when DHCP snooping is enabled Mode Global Configuration Usage DHCP snooping must also be enabled on the switch service dhcp snooping command and on the VLANs ip dhcp snooping command If a subscriber ID is configured for the port ip dhcp snooping subscriber id command the switch i...

Page 1891: ...e If the switch is connected via untrusted ports to edge switches that insert DHCP Relay Agent Option 82 information into DHCP packets you may need to allow these DHCP packets through the untrusted ports by using this command When this is disabled default the switch treats incoming DHCP packets on untrusted ports that contain DHCP Relay Agent Option 82 information as DHCP snoopingviolations itdrop...

Page 1892: ... number Mode Interface Configuration for a VLAN interface Usage The Circuit ID sub option is included in the DHCP Relay Agent Option 82 field of forwarded client DHCP packets DHCP snooping Option 82 information insertion is enabled ip dhcp snooping agent option command enabled by default and DHCPsnoopingisenabled onthe switch servicedhcp snooping and onthe VLAN to which the port belongs ip dhcp sn...

Page 1893: ...e DHCP Relay Agent Option 82 field of forwarded client DHCP packets DHCP snooping Option 82 information insertion is enabled ip dhcp snooping agent option command enabled by default and DHCPsnoopingisenabled onthe switch servicedhcp snooping and onthe VLAN to which the port belongs ip dhcp snooping Examples To set the Remote ID to myid for client DHCP packets received on vlan1 use the commands awp...

Page 1894: ...ng binding ipaddr macaddr vlan vid interface port expiry expiry time no ip dhcp snooping binding ipaddr Mode Privileged Exec Usage Note that dynamic entries can also be deleted from the DHCP snooping database by using the clear ip dhcp snooping binding command To add or remove static entries from the database use the ip source binding command Example To restore an entry in the DHCP snooping databa...

Page 1895: ... is only synchronized across stack members that also have USB storage devices installed If the location of the backup file is changed by using this command a new file is created in the new location and the old version of the file remains in the old location This can be removed if necessary hidden file dhcp dsn gz Example To set the location of the DHCP snooping database to non volatile storage on ...

Page 1896: ...ted from the DHCP snooping database when matching DHCP release messages are received Mode Global Configuration Usage DHCP clients send a release message when they no longer wish to use the IP address they have been allocated by a DHCP server Use this command to enable DHCP snooping to use the information in these messages to remove entries from its database immediately Use the no variant of this c...

Page 1897: ...elete by linkdown Default Disabled by default DHCP Snooping bindings are not deleted when an interface goes down Mode Global Configuration Usage If this command is enabled in a stack and the master goes down and is replaced by a new master entries in the DHCP snooping database for ports on the master are removed unless they are part of link aggregators that are still up Examples To set the switch ...

Page 1898: ...dhcp snooping acl command In general the default 1 will work well on an edge port with a single directly connected DHCP client If the port is on an aggregation switch that is connected to an edge switch with multiple DHCP clients connected through it then use this command to increase the number of lease entries for the port If there are multiple VLANs configured on the port the limit is shared bet...

Page 1899: ...snooping Option 82 information insertion is enabled ip dhcp snooping agent option command enabled by default and DHCPsnoopingisenabled onthe switch servicedhcp snooping and onthe VLAN to which the port belongs ip dhcp snooping Examples To set the Subscriber ID for port 1 0 3 to room_534 use the commands awplus configure terminal awplus config interface port1 0 3 awplus config if ip dhcp snooping s...

Page 1900: ...cp snooping trust Default All ports are untrusted by default Mode Interface Configuration port Usage Typically ports connecting the switch to trusted elements in the network towards the core are set as trusted ports while ports connecting untrusted network elements are set as untrusted Configure ports connected to DHCP servers as trusted ports Example To set switch ports 1 0 1 and 1 0 2 to be trus...

Page 1901: ...t Enabled source MAC addresses are verified by default Mode Global Configuration Usage When MAC address verification is enabled the switch treats DHCP packets with source MAC address and client hardware address that do not match as DHCP snooping violations it drops them and applies any other violation action specified by the ip dhcp snooping violation command To bring the port back up again after ...

Page 1902: ... command IP packets dropped by DHCP snooping filters do not resultin other DHCP snooping violation actions Example To set the switch to send an SNMP notification and set the link status to link down if it detects a DHCP snooping violation on switch ports 1 0 1 to 1 0 4 use the commands awplus configure terminal awplus config snmp server enable trap dhcpsnooping awplus config interface port1 0 1 po...

Page 1903: ...xamples To add a static entry to the DHCP snooping database for a client with the IP address 192 168 1 2 MAC address 0001 0002 0003 on port1 0 6 of vlan6 use the command awplus configure terminal awplus config ip source binding 192 168 1 2 0001 0002 0003 vlan 6 interface port1 0 6 To remove the static entry for IP address 192 168 1 2 from the database use the commands awplus configure terminal awp...

Page 1904: ... for x510 Series 1904 AlliedWare Plus Operating System Version 5 4 6 1 x DHCP SNOOPING COMMANDS IP SOURCE BINDING Related Commands clear ip dhcp snooping binding ip dhcp snooping binding show ip dhcp snooping binding show ip source binding ...

Page 1905: ... command be enabled on the particular VLAN by using the ip dhcp snooping command have at least one port connected to a DHCP server configured as a trusted port by using the ip dhcp snooping trust command If you disable the DHCP snooping service by using the no variant of this command all DHCP snooping configuration including ARP security but excluding maximum bindings and ACLs is removed from the ...

Page 1906: ...intain connectivity no access group command Examples To enable DHCP snooping on the switch use the command awplus configure terminal awplus config service dhcp snooping To disable DHCP snooping on the switch use the command awplus configure terminal awplus config no service dhcp snooping Related Commands ip dhcp snooping ip dhcp snooping database ip dhcp snooping max bindings show ip dhcp snooping...

Page 1907: ...ty interface show arp security statistics Table 1 Example output from the show arp security command awplus show arp security ARP Security Information Total VLANs enabled 2 Total VLANs disabled 11 vlan1 Disabled vlan2 Disabled vlan3 Disabled vlan4 Disabled vlan5 Disabled vlan100 Disabled vlan101 Disabled vlan102 Disabled vlan103 Disabled vlan104 Disabled vlan105 Enabled vlan1000 Disabled vlan1001 E...

Page 1908: ...P security configuration for ports use the command awplus show arp security interface Parameter Description port list The ports to display ARP security information about The port list can include switch ports and static or dynamic aggregated links Table 3 Example output from the show arp security interface command awplus show arp security interface Arp Security Port Status and Configuration Port P...

Page 1909: ...rp security statistics show log snmp server enable trap Table 4 Parameters in the output from the show arp security interface command Parameter Description Action The action the switch takes when it detects an ARP security violation on the port Port The port Parentheses indicate that ports are configured for provisioning LG Log Generate a log message TR Trap Generate an SNMP notification trap LD L...

Page 1910: ...escription detail Display detailed statistics interface port list Display statistics for the specified ports Table 5 Example output from the show arp security statistics command awplus show arp security statistics DHCP Snooping ARP Security Statistics In In Interface Packets Discards port1 0 3 20 20 port1 0 4 30 30 port1 0 12 120 0 Table 6 Parameters in the output from the show arp security statis...

Page 1911: ...show log Table 7 Example output from the show arp security statistics detail command awplus show arp security statistics detail DHCP Snooping ARP Security Statistics Interface port1 0 3 In Packets 20 In Discards 20 No Lease 20 Bad Vlan 0 Bad Port 0 Source Ip Not Allocated 0 Interface port1 0 4 In Packets 30 In Discards 30 No Lease 30 Bad Vlan 0 Bad Port 0 Source Ip Not Allocated 0 Interface port1 ...

Page 1912: ...rity debugging configuration Syntax show debugging arp security Mode User and Privileged Exec Example To display the debugging settings for ARP security on the switch use the command awplus show debugging arp security Related Commands arp security violation debug arp security Table 8 Example output from the show debugging arp security command awplus show debugging arp security ARP Security debuggi...

Page 1913: ...ged Exec Example To display the DHCP snooping debugging configuration use the command awplus show debugging ip dhcp snooping Related Commands debug ip dhcp snooping show log Table 9 Example output from the show debugging ip dhcp snooping command awplus show debugging ip dhcp snooping DHCP snooping debugging status DHCP snooping debugging is off DHCP snooping all debugging is off DHCP snooping acl ...

Page 1914: ...cl show ip dhcp snooping agent option show ip dhcp snooping binding show ip dhcp snooping interface Table 10 Example output from the show ip dhcp snooping command DHCP Snooping Information DHCP Snooping service Enabled Option 82 insertion Enabled Option 82 on untrusted ports Not allowed Binding delete by client Disabled Binding delete by link down Disabled Verify MAC address Disabled SNMP DHCP Sno...

Page 1915: ... hardware ACL information use the command awplus show ip dhcp snooping acl hardware Parameter Description detail Detailed DHCP Snooping ACL information hardware DHCP Snooping hardware ACL information interface ACL Interface information interface list The interfaces to display information about Table 11 Example output from the show ip dhcp snooping acl command awplus show ip dhcp snooping acl DHCP ...

Page 1916: ...20 20 0000 aaaa bbbb port1 0 2 dhcpsn1 0 0 0 0 0000 0000 0000 port1 0 2 dhcpsn1 0 0 0 0 0000 0000 0000 port1 0 2 dhcpsn1 0 0 0 0 0000 0000 0000 port1 0 2 dhcpsn1 0 0 0 0 0000 0000 0000 port1 0 3 dhcpsn2 cmap1 30 30 30 30 aaaa bbbb dddd port1 0 3 dhcpsn2 cmap1 40 40 40 40 0000 aaaa cccc port1 0 3 dhcpsn2 cmap1 50 50 50 50 0000 aaaa dddd port1 0 3 dhcpsn2 cmap1 60 60 60 60 0000 aaaa eeee port1 0 3 d...

Page 1917: ...indings 2 port1 0 4 Template filters 7 port1 0 4 Attached hardware filters 14 port1 0 4 Current bindings 1 1 free port1 0 4 Client 1 120 120 120 120 port1 0 4 Templates cheese via class map cmap2 port1 0 4 10 permit ip dhcpsnooping 100 0 0 0 8 port1 0 4 Template dhcpsn2 via class map cmap1 port1 0 4 10 permit ip dhcpsnooping any port1 0 4 20 permit ip dhcpsnooping 10 0 0 0 8 port1 0 4 30 permit ip...

Page 1918: ...option interface interface list Mode User Exec and Privileged Exec Examples To display DHCP snooping Option 82 information for all interfaces use the command awplus show ip dhcp snooping agent option To display DHCP snooping Option 82 information for vlan1 use the command awplus show ip dhcp snooping agent option interface vlan1 To display DHCP snooping Option 82 information for port1 0 1 use the ...

Page 1919: ...cp snooping show ip dhcp snooping interface awplus show ip dhcp snooping agent option DHCP Snooping Option 82 Configuration Key C Id Circuit Id Format R Id Remote Id S Id Subscriber Id Option 82 insertion Enabled Option 82 on untrusted ports Not allowed vlan1 C Id vlanifindex R Id Access Island 01 M1 vlan2 C Id vlantriplet R Id Access Island 01 M1 vlan3 C Id vlantriplet R Id Access Island 01 M3 vl...

Page 1920: ...e 1 2 3 4 aaaa bbbb cccc 7 1 0 6 Infinite Stat 1 2 3 6 any 4077 1 0 6 Infinite Stat 1 3 4 5 any 1 sa1 Infinite Stat 111 111 100 101 0000 0000 0001 111 112 1 1 1 1 0 6 4076 Dyna 111 111 101 108 0000 0000 0108 111 112 1 1 1 1 0 6 4084 Dyna 111 111 101 109 0000 0000 0109 111 112 1 1 1 1 0 6 4085 Dyna 111 211 100 101 1 1 0 2 2147483325 Dyna 111 211 100 109 00b0 0000 0009 111 112 111 111 1 1 0 2 21 Dyn...

Page 1921: ...ing Type The source of the entry Dyna dynamically entered by snooping DHCP traffic configured by the ip dhcp snooping binding command or loaded from the database backup file Stat added statically by the ip source binding command Total number of bindings in database The total number of dynamic and static lease entries in the DHCP snooping database Table 15 Parameters in the output from the show ip ...

Page 1922: ... configuration information for If no ports are specified information for all ports is displayed Table 16 Example output from the show ip dhcp snooping interface command awplus show ip dhcp snooping interface DHCP Snooping Port Status and Configuration Port Provisioned ports marked with brackets e g portx y z Action LG Log TR Trap LD Link down Full Max Port Status Leases Leases Action Subscriber ID...

Page 1923: ...and Parameter Description Port The port interface name Status The port status untrusted default or trusted Full Leases The number of entries in the DHCP snooping database for the port Max Leases The maximum number of entries that can be stored in the database for the port Action The DHCP snooping violation actions for the port Subscriber ID The subscriber ID for the port If the subscriber ID is lo...

Page 1924: ...aces use the command awplus show ip dhcp snooping statistics Parameter Description detail Display detailed statistics interface interface list Display statistics for the specified interfaces The interface list can contain switch ports static or dynamic link aggregators channel groups or VLANs Table 18 Example output from the show ip dhcp snooping statistics command awplus show ip dhcp snooping sta...

Page 1925: ...eived Invalid 0 Option 82 Received On Untrusted Port 0 Option 82 Transmit On Untrusted Port 0 Reply Received On Untrusted Port 0 Source MAC CHADDR Mismatch 0 Static Entry Already Exists 0 Interface port1 0 5 All counters 0 Interface port1 0 6 All counters 0 Table 20 Parameters in the output from the show ip dhcp snooping statistics command Parameter Description Interface The interface name In Pack...

Page 1926: ...hile trying to insert DHCP Relay Agent Option 82 information Option 82 Received Invalid The DHCP Relay Agent Option 82 information received did not match the information inserted by DHCP Snooping Option 82 Received On Untrusted Port A packet containing DHCP Relay Agent Option 82 information was received on an untrusted port Option 82 Transmit On Untrusted Port A packet containing DHCP Relay Agent ...

Page 1927: ... Related Commands ip source binding show ip dhcp snooping binding Table 21 Example output from the show ip source binding command awplus show ip source binding IP Source Bindings Client MAC Expires IP Address Address VLAN Port sec Type 1 1 1 1 0000 1111 2222 1 port1 0 1 Infinite Static Table 22 Parameters in the output from the show ip source binding command Parameter Description Client IP Address...

Page 1928: ...1 OpenFlow commands and applicable modes Command List openflow on page 1930 openflow controller on page 1931 openflow native vlan on page 1932 openflow version on page 1933 show openflow config on page 1934 show openflow coverage on page 1936 show openflow flows on page 1938 Mode Command User Exec Privileged Exec show openflow config show openflow coverage show openflow flows show openflow rules s...

Page 1929: ...C613 50102 01 REV C Command Reference for x510 Series 1929 AlliedWare Plus Operating System Version 5 4 6 1 x OPENFLOW COMMANDS show openflow rules on page 1939 show openflow status on page 1941 ...

Page 1930: ... A data plane port number is assigned to the port automatically Use the no variant of this command to cancel the setting of a port as a data plane port After entering the no variant of this command you must restart the switch Syntax openflow no openflow Default All the ports are non data plane ports by default Mode Port Interface mode Example To specify port1 0 3 as a data plane port awplus config...

Page 1931: ...h Use the no variant of this command to delete one or more OpenFlow controllers specified to the switch Syntax openflow controller protocol controller_ip_address 1 65535 Default No OpenFlow controller is configured by default Mode Global Configuration Example To set the OpenFlow controller with the IPv4 address 10 1 1 1 and the TCP port number 6653 awplus configure terminal awplus config openflow ...

Page 1932: ...change the native VLAN for the data plane ports back to the default VLAN 1 Syntax openflow native vlan 1 4090 no openflow native vlan Default The native VLAN for the data plane ports is VLAN 1 by default Mode Global Configuration Example To specify VLAN 100 as a native VLAN for the data plane ports awplus configure terminal awplus config openflow native vlan 100 To change the native VLAN for the d...

Page 1933: ...he OpenFlow protocol back to the default version 1 3 Syntax openflow version version list no openflow version version list Default The OpenFlow version is set to 1 3 by default Mode Global Configuration Example To change the OpenFlow protocol version to 1 0 and 1 3 awplus config openflow version 1 0 1 3 To change the OpenFlow protocol version to the default 1 3 awplus config no openflow version Re...

Page 1934: ...w openflow config fdf075ee 7485 4588 9885 1f0333df89a2 Bridge br0 Controller tcp 192 168 1 2 6653 is_connected true fail_mode secure Port port1 0 4 Interface port1 0 4 type system options ifindex 5004 mtu 1500 native_vlan 4090 Port port1 0 3 Interface port1 0 3 type system options ifindex 5003 mtu 1500 native_vlan 4090 Port br0 Interface br0 type internal Port port1 0 1 Interface port1 0 1 type sy...

Page 1935: ...s of the OpenFlow controller and TCP port number fail_mode The fail mode When the fail mode is secure OpenFlow on the switch does not set up flows when the OpenFlow controller fails is_connected Whether or not the OpenFlow controller is connected Port The port information Interface The interface of the port type The type of the port options The options for the port Table 48 1 Parameters in the out...

Page 1936: ...0 0 sec 0 000 sec 0 4594 sec total 1768 vconn_open 0 4 sec 0 267 sec 0 2372 sec total 876 util_xalloc 370 2 sec 354 183 sec 416 7711 sec total 1590959 unixctl_replied 0 0 sec 0 017 sec 0 0028 sec total 10 unixctl_received 0 0 sec 0 017 sec 0 0028 sec total 10 stream_open 0 4 sec 0 267 sec 0 2372 sec total 877 pstream_open 0 0 sec 0 000 sec 0 0000 sec total 6 rconn_sent 0 0 sec 0 000 sec 0 4219 sec...

Page 1937: ...356 sec total 521 handler_duplicate_upcall 0 0 sec 0 000 sec 0 1258 sec total 483 ofproto_update_port 0 0 sec 0 000 sec 0 0000 sec total 29 ofproto_recv_openflow 0 0 sec 0 000 sec 0 4111 sec total 1573 ofproto_queue_req 0 0 sec 0 000 sec 0 0003 sec total 1 ofproto_packet_out 0 0 sec 0 000 sec 0 0006 sec total 4 ofproto_flush 0 0 sec 0 000 sec 0 0000 sec total 1 bridge_reconfigure 0 0 sec 0 000 sec...

Page 1938: ...92 used 2 436s actions 1recirc_id 0 in_port 1 eth src 00 23 45 67 89 ab 00 01 0 0 00 00 00 dst 00 de f0 12 34 56 eth_type 0x0800 ipv4 frag no packets 2 bytes 692 used 2 435s actions 4recirc_id 0 in_port 1 eth src 00 23 45 67 89 ab 00 01 0 0 00 00 00 dst 00 de f0 12 34 56 eth_type 0x0806 packets 0 bytes 0 used never actions 4recirc_id 0 in_port 4 eth src 00 23 45 67 89 ab dst 00 de f0 12 34 56 eth_...

Page 1939: ..._port 1 dl_dst 00 00 00 00 00 00 01 00 00 00 00 00 actions goto_table 2duration 14s n_packets 0 n_bytes 0 priority 298 in_port 1 actions goto_table 3duration 14s n_packets 0 n_bytes 0 priority 99 arp actions CONTROLLER 65535duration 14s n_packets 0 n_bytes 0 priority 99 udp tp_dst 67 actions CONTROLLER 65535duration 14s n_packets 0 n_bytes 0 priority 0 actions droptable_id 1 duration 14s n_packets...

Page 1940: ...r Description duration The duration of the flow entry in seconds n_packets The number of packets that match the flow entry n_bytes The number of bytes that match the flow entry priority The priority of the flow entry in_port The OpenFlow port number on which the packets are received dl_src The source address dl_dst The destination address actions A set of actions applied to a packet The actions ar...

Page 1941: ... openflow status OFPT_FEATURES_REPLY OF1 3 xid 0x2 dpid 0000eccd6dc421bd n_tables 254 n_buffers 256 capabilities FLOW_STATS TABLE_STATS PORT_STATS GROUP_STATS QUEUE_STATS OFPST_PORT_DESC reply OF1 3 xid 0x3 1 port1 0 1 addr ec cd 6d c4 21 bd config 0 state 0 current 1GB FD supported 1GB FD speed 1000 Mbps now 1000 Mbps max 2 port1 0 2 addr ec cd 6d c4 21 bd config 0 state LINK_DOWN current AUTO_NE...

Page 1942: ...UP_STATS group statistics OFPST_PORT_DESC replay OF1 3 xid 0x3 Indicates that the following information is from the OpenFlow version 1 3 Port Description Reply 1 port1 0 1 addr ec cd 6d c4 21 bd The port number and Mac address config The port status 0 the port is up or PORT_DOWN the port is down state The link status 0 the link is up or LINK_DOWN the link is down current The current feature status...

Page 1943: ...13 50102 01 REV C Command Reference for x510 Series 1943 AlliedWare Plus Operating System Version 5 4 6 1 x OPENFLOW COMMANDS SHOW OPENFLOW STATUS Related Commands show openflow flows show openflow rules ...

Page 1944: ...C613 50102 01 REV C Command Reference for x510 Series 1944 AlliedWare Plus Operating System Version 5 4 6 1 x Part 6 Network Availability ...

Page 1945: ...Also note the following stacking trigger commands that are documented in the Triggers chapter type stack disabled master command type stack master fail command type stack member command type stack link command In addition to the stacking commands shown in this chapter stacking content also exists in the following commands hostname command reboot command reload command show cpu command show cpu his...

Page 1946: ...on page 1954 show debugging stack on page 1958 show running config stack on page 1959 show provisioning stack on page 1960 show stack on page 1961 show stack detail on page 1963 show stack resiliencylink on page 1967 stack disabled master monitoring on page 1969 stack enable on page 1970 stack management subnet on page 1972 stack management vlan on page 1973 stack priority on page 1974 stack renum...

Page 1947: ... 6 1 x VIRTUAL CHASSIS STACKING VCSTACK COMMANDS CLEAR COUNTER STACK clear counter stack Overview This command clears all stack counters for all stack members Syntax clear counter stack Mode Privileged Exec Example To clear all stack counters awplus clear counter stack Related Commands show counter stack ...

Page 1948: ...ng link events topology discovery messages and all notable stacking events If link parameter is specified only the link events debugging information will be displayed Examples To enable debugging enter the following command on the stack master awplus debug stack To enable link debugging enter the following command on the stack master awplus debug stack link To enable topology discovery debugging e...

Page 1949: ...sible for the path taken by packets travelling from host A to B to traverse different stack members than packets travelling from host B to A In this case the MAC addresses may not be learnt and traffic could be flooded Even in this case a broadcast packet from each unit such as an ARP packet would be enough to cause all stack members to learn these MAC addresses However in very unusual cases the a...

Page 1950: ... Exec Usage If you are upgrading to a new software version the new version must also support rollling reboot NOTE When stacking is used with EPSR the EPSR failovertime must be set to at least 5 seconds to avoid any broadcast storms during failover Broadcast storms may occur if the switch cannot failover quickly enough before the EPSR failovertime expires For further information about EPSR failover...

Page 1951: ...eference for x510 Series 1951 AlliedWare Plus Operating System Version 5 4 6 1 x VIRTUAL CHASSIS STACKING VCSTACK COMMANDS RELOAD ROLLING reload rolling Overview This command performs the same function as the reboot rolling command ...

Page 1952: ... System Version 5 4 6 1 x VIRTUAL CHASSIS STACKING VCSTACK COMMANDS REMOTE COMMAND DELETED remote command deleted Overview This command has been deleted in Software Version 5 4 4 1 1 and later Instead please use the remote login command and then run the command you need to run remotely ...

Page 1953: ...n commands are still applied to all stack members but show commands and commands that access the file system are executed locally The specific output obtained will vary greatly depending on the show command chosen Syntax remote login stack ID Mode Privileged Exec Usage Note that some commands such as ping or telnet are not available when the remote login is used Example To log onto stack member 2 ...

Page 1954: ...mples To display the stacking counter information about the whole stack use the following command awplus show counter stack Figure 49 1 Example output from the show counter stack command Virtual Chassis Stacking counters Stack member 1 Topology Event counters Units joined 1 Units left 0 Links up 1 Links down 0 ID conflict 0 Master conflict 0 Master failover 0 Master elected 1 Master discovered 0 S...

Page 1955: ... 1 Rx Layer 2 transport 0 Topology Error counters Version unsupported 0 Product unsupported 0 XEM unsupported 0 Too many units 0 Invalid messages 0 Resiliency Link counters Health status good 1 Health status bad 0 Tx 0 Tx Error 0 Rx 3600 Rx Error 0 Stack member 2 Output repeated for other stack members details not shown Table 1 Parameters in the output of the show counter stack command Parameters ...

Page 1956: ... that this unit s physical stack link has come down Nbr re init Number of times that the neighbor is detected as having reinitialized Nbr incompatible Number of times that the neighbor is detected as incompatible Nbr 2way comms Number of times that the neighbor is in two way communication status Nbr full comms Number of times that the neighbor is in full communication status Topology message count...

Page 1957: ...EM unsupported Number of XEM unsupported errors Too many units Number of too many units errors Invalid messages Number of invalid messages Health status good The number of times that the resiliency link has successfully carried healthchecks following a failure at startup Health status bad The number of times that the resiliency link healthcheck has timed out A timeout occurs when a backup stack me...

Page 1958: ...ch debugging modes are currently enabled for stacking Syntax show debugging stack Mode User Exec and Privileged Exec Example To display the stack debugging mode status use the command awplus show debugging stack Figure 49 2 Example output from the show debugging stack command Related Commands debug stack Virtual Chassis Stacking debugging status VCS link debugging is on VCS topology debugging is o...

Page 1959: ...e stack show running config stack Mode Privileged Exec and Global Configuration Example To display the stacking running configuration information use the command awplus show running config stack Output Figure 49 3 Example output from the show running config stack command Related Commands show running config awplus show running config stack stack virtual mac stack virtual chassis id 1982 stack mana...

Page 1960: ...To show provisioning use the following command awplus show provisioning Output Figure 49 4 Example output from show provisioning Related Commands show stack switch provision stack Switch provisioning summary information ID Board class Status 1 0 x510 28 Hardware present Table 2 Parameters in the output of the show provisioning command Parameter Description ID The unit bay location of the hardware ...

Page 1961: ...isplay detailed stack information Example To display summary information about the stack use the command awplus show stack Output Figure 49 5 Example output from the show stack command Virtual Chassis Stacking summary information ID Pending ID MAC address Priority Status Role 1 0000 cd28 07e1 128 Ready Active Master 2 0015 77c2 4d44 128 Ready Backup Member 3 0015 77c9 7464 128 Syncing Backup Membe...

Page 1962: ...le Stack member s role in the stack this can be one of Active Master Disabled Master this is the temporary master when there is a communication break within the stack but communication still exists across the resiliency link In this state all switch ports within the stack are disabled by default but a different configuration can be run by a type stack disabled master trigger Backup Member a device...

Page 1963: ...on about the stack s overall status awplus show stack detail Figure 49 6 Example output from show stack detail Virtual Chassis Stacking detailed information Stack Status Operational Status Normal operation Management VLAN ID 4094 Management VLAN subnet address 192 168 255 0 Virtual Chassis ID 388 0x184 Virtual MAC address 0000 cd37 0184 Mixed mode Disabled Disabled Master Monitoring Enabled Stack ...

Page 1964: ... Member Priority 3 Host name awplus 3 S W version auto synchronizaion On Resiliency link status Successful Stack port 3 0 51 status learned neighbor 1 Stack port 3 0 52 status learned neighbor 2 Table 4 Parameters in the output from the show stack detail command Parameter Description S W version auto synchronization Whether the software auto synchronization feature is turned on or off Host name Th...

Page 1965: ... members are present Not all stack ports are up One or more stacking ports may be down or stacking discovery may not have detected the neighbor successfully Stack Status The stack s overall status Note that a warning is issued if the stack is not connected in a standard ring topology Pending ID The pending stack member ID This can be changed by the stack renumber command If there is no pending ID ...

Page 1966: ...oring feature is not used Role Stack member s role in the stack this can be one of Active Master DisabledMaster The temporary master when there is a communication break within the stack but communication still exists across the resiliency link In this state all switch ports within the stack are disabled by default but a different configuration can be run by a type stack disabled master trigger com...

Page 1967: ... show stack resiliencylink Mode User Exec and Privileged Exec Example To display information about the current status of the resiliency link across the stack members use the command awplus show stack resiliencylink Output Figure 49 7 Example output from the show stack resiliencylink command awplus config show stack resiliencylink Stack member 1 Status Configured Interface vlan4093 Interface state ...

Page 1968: ...liency link Can be one of Not configured Master or Member Configured Master only Successful Successfully receiving healthchecks from the Active Master Failed Member only Not receiving any healthchecks from the Active Master Stopped The resiliency link is configured but is inactive This may occur in a Disabled Master stack for example if the Disabled Master Monitoring feature is not used Interface ...

Page 1969: ...ng a disabled master which has the configuration as a normal stack master except that all its switchports are shutdown For more information about the disabled master state see the VCStack Feature Overview and Configuration Guide When the DMM feature is enabled the disabled master will continue to monitor the health of the original stack master over the stack resiliency link connection If the origi...

Page 1970: ...mmand will remove the selected stack member from the stack At this point the removed member will act as a stand alone master and will disable all of its ports The switch can then only be accessed via its console port Ifthe command is run on themaster then all current members of thestackwill be disabled To returnthe switch to stack membership first connect to theswitch viaits console port then run ...

Page 1971: ...iedWare Plus Operating System Version 5 4 6 1 x VIRTUAL CHASSIS STACKING VCSTACK COMMANDS STACK ENABLE Example To turn on stacking on a stackable stand alone unit use the command awplus configure terminal awplus config stack enable Related Commands reboot license ...

Page 1972: ...s command enables you to change the IP address command the subnet mask must always remain as shown The stack management IP subnet is solely used internally to the stacked devices and cannot be reached external to the stack You should only change the stack management VLAN subnet address if it causes a conflict within your network Note that several separate stacks can use the same default management...

Page 1973: ...agement VLAN is created and configured automatically so that the stack VLAN cannot be used in the stack s VLAN configuration commands This means you cannot enter commands such as awplus config vlan vlan stack management VLAN ID You should only change the management VLAN if the VLAN ID 4094 needs to be used in the stack s VLAN configuration If necessary you can use the no variant of this command to...

Page 1974: ...k master Where two stack members both have the same lowest priority value then the stack member with the lowest MAC address will be elected as master NOTE Assigning a new priority value will not immediately change the current stack master In order to force a master re election after the new priority value is assigned use reboot stack member master s ID to reboot the current stack master a new stac...

Page 1975: ...ck member 2 The existing stack ID must already be assigned to an existing stack member To avoid duplicating IDs a warning message will appear if you assign a new stack ID that is currently assigned to another stack member However you can continue to renumber the stack IDs and remove ID duplications If you do not remove the duplications then one of the devices will be forced to automatically renumb...

Page 1976: ... sequentially This would normally be done either when the stack is initially configured or following a major reconfiguration The renumber will start on the specified stack member If that stack ID is not used by any of the existing stack members the command will be rejected The starting stack member will be renumbered with the new stack ID specified or the default of member ID of 1 The stack ID of ...

Page 1977: ... Command Reference for x510 Series 1977 AlliedWare Plus Operating System Version 5 4 6 1 x VIRTUAL CHASSIS STACKING VCSTACK COMMANDS STACK RENUMBER CASCADE Related Commands show stack switch provision stack stack renumber ...

Page 1978: ...t the stack will now split into two different stubs The stub containing the existing master will continue operating as normal The members in the masterless stub will now use a type stack disabled master trigger to run a configuration to form a second temporary stack This utilizes the remaining stack members resources without conflicting directly with the master s configuration If no type stack dis...

Page 1979: ...lan 4093 awplus configure terminal awplus config stack resiliencylink vlan4093 Next use the switchport resiliencylink command to assign the resiliencylink vlan to the interface port in this case port1 0 1 awplus configure terminal awplus config interface port1 0 1 awplus config if switchport resiliencylink Related Commands show stack switch provision stack show stack resiliencylink stack disabled ...

Page 1980: ...vice attempts to join a stack but is running a software release that is different to the other stack members the software version auto synchronization feature will copy the master s software release onto the new member If the software version auto synchronization feature is not enabled then the device will be unable to join the stack Note that the software version auto synchronization feature may ...

Page 1981: ... The virtual chassis id entered will form the last 12 bits of a pre selected MAC prefix component that is 0000 cd37 0xxx If you enable the stack virtual MAC address feature by using the stack virtual mac command without using the stack virtual chassis id command to select the virtual chassis id then the stack will select a virtual chassis id from a number within the assigned range Example To set t...

Page 1982: ...mmand stack virtual chassis id CAUTION Stack operation is only supported ifstack virtual macis enabled Before enabling the virtual MAC address feature you should check that the stack s virtual chassis id is not already used by another stack in the network Otherwise the duplicate MAC addresses will cause problems for the network traffic Syntax stack virtual mac no stack virtual mac Mode Global Conf...

Page 1983: ...d be run to provision any stack member within this range and we advise this procedure In effect the syntax then becomes switch 1 4 provision x510 28 x510 52 However you could number the stack units with any numbers between 1 and 8 For example you could number your four stack members 1 2 7 and 8 In this case you could provision any of the stack members within this range We advise against numbering ...

Page 1984: ...from the resiliency link VLAN Syntax switchport resiliencylink no switchport resiliencylink Mode Interface Configuration Usage Note that a resiliency link cannot be part of a static or dynamic aggregator group Examples To set the resiliency link to be VLAN 4093 First use the stack resiliencylink command to create the resiliency link vlan vlan4093 awplus configure terminal awplus config stack resil...

Page 1985: ...crosoft Windows PC To avoid this we recommend disabling IGMP snooping on stack local VLANs by using the command no ip igmp snooping Examples To add a stack local VLAN with the VID of 4002 and assign it to stack member 2 use the following commands awplus configure terminal awplus config vlan database awplus config vlan vlan 4002 mode stack local vlan 2 awplus config vlan exit awplus config interfac...

Page 1986: ...ing System Version 5 4 6 1 x VIRTUAL CHASSIS STACKING VCSTACK COMMANDS VLAN MODE STACK LOCAL VLAN To remove VLAN 4002 use the following commands awplus configure terminal awplus config vlan database awplus config vlan no vlan 4002 Related Commands ip igmp snooping mtu vlan database ...

Page 1987: ...Reference for x510 Series 1987 AlliedWare Plus Operating System Version 5 4 6 1 x VIRTUAL CHASSIS STACKING VCSTACK COMMANDS UNDEBUG STACK undebug stack Overview This command applies the functionality of the no debug stack command ...

Page 1988: ...liedWare Plus Feature Overview and Configuration Guide Command List advertisement interval on page 1990 circuit failover on page 1992 debug vrrp on page 1994 debug vrrp events on page 1995 debug vrrp packet on page 1996 disable VRRP on page 1997 enable VRRP on page 1998 preempt mode on page 1999 priority on page 2001 router ipv6 vrrp interface on page 2003 router vrrp interface on page 2005 show d...

Page 1989: ... AlliedWare Plus Operating System Version 5 4 6 1 x VRRP COMMANDS transition mode on page 2018 undebug vrrp on page 2020 undebug vrrp events on page 2021 undebug vrrp packet on page 2022 virtual ip on page 2023 virtual ipv6 on page 2025 vrrp vmac on page 2027 ...

Page 1990: ...nt interval is 1 second Mode Router Configuration Usage Note when using VRRP with VCStacking ensure the VRRP advertisement interval is larger than the VCStacking failover time to avoid VCStacking failovers causing VRRP failovers See the VRRP Feature Overview and Configuration Guide for more information about setting the advertisement interval when configuring VRRP using seconds for VRRPv2 host com...

Page 1991: ...t interval 6 The example below shows you how to reset the advertisement interval to the default of 1 second for the VRRP IPv4 session with VR ID 5 on interface vlan2 awplus configure terminal awplus config router vrrp 5 vlan2 awplus config router no advertisement interval The example below shows you how to configure the advertisement interval to 6 seconds for the VRRPv3 IPv6 session with VR ID 5 o...

Page 1992: ...if VRRP is configured to monitor VLAN2 and VLAN3 with the commands awplus configure terminal awplus config interface vlan1 awplus config if ip address 192 168 1 1 24 awplus config if exit awplus config router vrrp 1 vlan1 awplus config router virtual ip 192 168 1 10 backup awplus config router priority 100 awplus config router circuit failover vlan2 10 awplus config router circuit failover vlan3 2...

Page 1993: ... above zero if all the interfaces go down Examples To configure circuit failover on an IPv4 VRRP instance so that if interface VLAN3 goes down then the priority of VRRP instance 1 is reduced by 30 use the commands awplus configure terminal awplus config router vrrp 1 vlan2 awplus config router circuit failover vlan3 30 To remove all configured circuit failovers for the VRRP IPv4 session with VR ID...

Page 1994: ...is function Syntax debug vrrp all no debug vrrp all Mode Privileged Exec and Global Configuration Usage See the VRRP Feature Overview and Configuration Guide for more information about VRRPv3 debugging details Examples The example below shows you how to enable all debugging for VRRP awplus configure terminal awplus config debug vrrp all The example below shows you how to disable all debugging for ...

Page 1995: ...d Exec and Global Configuration Usage The debug vrrp events command enables the display of debug information related to VRRP internal events See the VRRP Feature Overview and Configuration Guide for more information about VRRPv3 debugging details Examples The example below shows you how to enable events debugging for VRRP awplus configure terminal awplus config debug vrrp events The example below ...

Page 1996: ...nformation about VRRPv3 debugging details Examples The example belowshows youhow to enablereceived and sentpacket debugging for VRRP awplus configure terminal awplus config debug vrrp packet The example below shows you how to enable only received packet debugging for VRRP awplus configure terminal awplus config debug vrrp packet recv The example below shows you how to enable only sent packet debug...

Page 1997: ...ion or a VRRPv3 IPv6 session on the router Syntax disable Mode Router Configuration Usage See the VRRP Feature Overview and Configuration Guide for more information about VRRPv3 IPv4 and IPv6 configuration details Examples The example below shows you how to disable the VRRP session for VRRP VR ID 5 on vlan2 awplus configure terminal awplus config router vrrp 5 vlan2 awplus config router disable Th...

Page 1998: ...VRRP session using the virtual ip or virtual ipv6 and the router vrrp interface or router ipv6 vrrp interface commands before using this command See the VRRP Feature Overview and Configuration Guide for more information about VRRPv3 IPv4 and IPv6 configuration details Examples To enable the VRRP session for VRRP VR ID 5 on vlan2 use the commands awplus configure terminal awplus config router vrrp ...

Page 1999: ...kup router to relieve a lower priority backup router By default a preemptive scheme is enabled whereby a higher priority backup virtual router that becomes available take over for the backup virtual router that was elected to become the master virtual router This preemptive scheme can be disabled using the preempt mode false command If preemption is disabled the backup virtual router that is curre...

Page 2000: ...r preempt mode false The example below shows you how to configure preempt mode as true for VRRPv3 VR ID 3 on vlan1 awplus configure terminal awplus config router ipv6 vrrp 3 vlan1 awplus config router preempt mode true The example below shows you how to configure preempt mode as false for VRRPv3 VR ID 3 on vlan1 awplus configure terminal awplus config router ipv6 vrrp 3 vlan1 awplus config router ...

Page 2001: ...ace then this VRRP router functions as the master virtual router Priority also determines whether a VRRP router functions as a backup virtual router and the order of ascendancy to becoming a master virtual router if the master virtual router fails Configure the priority of each backup virtual router with a a value of 1 through 254 See the VRRP Feature Overview and Configuration Guide for more info...

Page 2002: ... as the priority for VRRPv3 VR ID 3 on vlan1 awplus configure terminal awplus config router ipv6 vrrp 3 vlan1 awplus config router priority 101 The example below shows you how to remove the configured priority for VRRPv3 VR ID 3 on vlan1 awplus configure terminal awplus config router ipv6 vrrp 3 vlan1 awplus config router no priority Related Commands circuit failover preempt mode ...

Page 2003: ...er state You can configure up to 255 IPv4 and 255 IPv6 VRRP instances However configuring a high number of instances may adversely affect the device s performance depending on the device CPU the other protocols it is running and whether you set the advertisement interval to less than 1 second See the VRRP Feature Overview and Configuration Guide for more information about VRRPv3 IPv6 configuration...

Page 2004: ...3 50102 01 REV C Command Reference for x510 Series 2004 AlliedWare Plus Operating System Version 5 4 6 1 x VRRP COMMANDS ROUTER IPV6 VRRP INTERFACE Related Commands advertisement interval circuit failover ...

Page 2005: ...rtual router when in master state You can configure up to 255 IPv4 and 255 IPv6 VRRP instances However configuring a high number of instances may adversely affect the device s performance depending on the device CPU the other protocols it is running and whether you set the advertisement interval to less than 1 second See the VRRP Feature Overview and Configuration Guide for more information about ...

Page 2006: ... REV C Command Reference for x510 Series 2006 AlliedWare Plus Operating System Version 5 4 6 1 x VRRP COMMANDS ROUTER VRRP INTERFACE Related Commands advertisement interval circuit failover disable VRRP enable VRRP ...

Page 2007: ...rwise debug output is in the log file For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide See the VRRP Feature Overview and Configuration Guide for more information about VRRPv3 debugging details Syntax show debugging vrrp Mode User Exec and Privileged Exec Example The example below shows you how to display VR...

Page 2008: ... Guide See the VRRP Feature Overview and Configuration Guide for more information about VRRPv3 IPv6 configuration details Syntax show running config router vrrp Mode Privileged Exec Global Configuration Line Configuration and Interface Configuration Example The example below shows you how to display the running configuration for VRRPv3 IPv6 awplus show running config router ipv6 vrrp Output Figure...

Page 2009: ...erview and Configuration Guide See the VRRP Feature Overview and Configuration Guide for more information about VRRPv3 IPv4 configuration details Syntax show running config router vrrp Mode Privileged Exec Global Configuration Line Configuration and Interface Configuration Example The example below shows you how to display the running configuration for VRRP IPv4 awplus show running config router v...

Page 2010: ...rp To display brief summary output about VRRP IPv4 sessions enter the command awplus show vrrp brief Output Figure 50 3 Example output from the show vrrp command Figure 50 4 Example output from the show vrrp brief command Parameter Description brief Brief summary of VRRP sessions awplus show vrrp VMAC enabled Address family IPv4 VRRP Id 1 on interface vlan2 State AdminUp Master Virtual IP address ...

Page 2011: ...C613 50102 01 REV C Command Reference for x510 Series 2011 AlliedWare Plus Operating System Version 5 4 6 1 x VRRP COMMANDS SHOW VRRP Related Commands enable VRRP disable VRRP ...

Page 2012: ... the counters below the sample output as per RFC2787 NOTE Note that the counters displayed with this commands are the same counters as described in RFC 2787 Copyright C The Internet Society 2000 All Rights Reserved except for the Monitored Circuit Up and Monitored Circuit Down counters which are additions beyond the MIB Example To display information about VRRP SNMP counters on the console enter t...

Page 2013: ...with descriptions for the show vrrp counters command Counter Description Master Transitions The total number of times that this virtual router s state has transitioned to MASTER Received Advertisements The total number of VRRP advertisements received by this virtual router Internal Errors The total number of VRRP advertisement packets received for which the advertisement interval is different than...

Page 2014: ...r of packets received with a packet length less than the length of the VRRP header Monitored Circuit Up The total number of times the monitored circuit has generated the UP event Monitored Circuit Down The total number of times the monitored circuit has generated the down event Table 2 Per VR counters with descriptions for the show vrrp counters command cont Counter Description ...

Page 2015: ... information about VRRPv3 IPv6 configuration details Syntax show vrrp ipv6 interface Mode User Exec and Privileged Exec Example To display information about all VRRPv3 IPv6 sessions enter the command awplus show vrrp ipv6 Output Figure 50 6 Example output from the show vrrp ipv6 vlan2 command Related Commands enable VRRP disable VRRP Parameter Description interface Specify the name of the interfac...

Page 2016: ...ge See the below sample output from the show vrrp command displaying information about VRRP session 1 configured on vlan2 Output shows that a Virtual IP address has been set awplus show vrrp 1 vlan2 See the below sample output from the show vrrp command displaying information about VRRP session 1 configured on vlan3 Output shows a Virtual IP address has not been set awplus show vrrp 1 vlan3 Parame...

Page 2017: ...DS SHOW VRRP SESSION Example The following command shows information about VRRP session 5 for interface vlan2 awplus show vrrp 5 vlan2 awplus show vrrp 1 vlan3 Address family IPv4 VrId 1 Interface is vlan3 State is Initialize Virtual IP address is unset Priority is 100 Advertisement interval is 1 sec Preempt mode is TRUE ...

Page 2018: ...when using transition mode VRRPv2 can only use advertisements in whole second intervals Syntax transition mode true false Default The default is false Mode Router Configuration Usage See the VRRP Feature Overview and Configuration Guide for more information VRRPv3 IPv4 configuration details VRRPv3 IPv6 configuration details further information about configuring transition mode to upgrade from VRRP...

Page 2019: ...m Version 5 4 6 1 x VRRP COMMANDS TRANSITION MODE The example below shows you how to configure IPv4 transition mode as false for VRRP VR ID 5 on vlan2 awplus configure terminal awplus config router vrrp 5 vlan2 awplus config router transition mode false Related Commands router vrrp interface ...

Page 2020: ...System Version 5 4 6 1 x VRRP COMMANDS UNDEBUG VRRP undebug vrrp Overview Use this command to disable all VRRP debugging Syntax undebug vrrp all Mode Privileged Exec Example The example below shows you how to disable all VRRP debugging awplus undebug vrrp all Related Commands debug vrrp ...

Page 2021: ...COMMANDS UNDEBUG VRRP EVENTS undebug vrrp events Overview Use this command to disable debugging options for VRRP event troubleshooting Syntax undebug vrrp events Mode Privileged Exec Example The example below shows you how to disable VRRP event debugging awplus undebug vrrp events Related Commands debug vrrp events ...

Page 2022: ...eged Exec Examples The example below shows you how to disable VRRP sent packet debugging awplus undebug vrrp packet send The example below shows you how to disable VRRP received packet debugging awplus undebug vrrp packet recv The example below shows you how to disable all VRRP packet debugging awplus undebug vrrp packet Related Commands debug vrrp packet Parameter Description send Disable the deb...

Page 2023: ... VRRP Feature Overview and Configuration Guide for more information about VRRPv3 IPv4 configuration details Examples The example below shows you how to set the virtual IP address for VRRP VR ID 5 and the router as the VRRP master awplus configure terminal awplus config router vrrp 5 vlan2 awplus config router virtual ip 192 0 2 30 master The example below shows you how to set the virtual IPv4 addr...

Page 2024: ...VR ID 5 and the router as owner of the virtual IPv4 address awplus configure terminal awplus config router vrrp 5 vlan2 awplus config router virtual ip 192 0 2 30 owner The example below shows you how to disable the virtual IPv4 address for VRRP VR ID 5 awplus configure terminal awplus config router vrrp 5 vlan2 awplus config router no virtual ip Related Commands router vrrp interface enable VRRP ...

Page 2025: ... link local addresses are used by IPv6 ND Neighbor Discovery A host s default route to a router points to the IPv6 link local address not a specific global IPv6 address for the router For the host s traffic to switch over to a backup router the IPv6 link local address of the router is used by VRRPv3 See the VRRP Feature Overview and Configuration Guide for more information about VRRPv3 IPv6 config...

Page 2026: ...1 awplus config router virtual ipv6 fe80 1 master The example below shows you how to set the virtual IPv6 address for VRRPv3 VR ID 3 and the router as the VRRPv3 backup awplus configure terminal awplus config router ipv6 vrrp 3 vlan1 awplus config router virtual ipv6 fe80 1 backup The example below shows you disable the virtual IPv6 address for VRRPv3 VR ID 3 awplus configure terminal awplus confi...

Page 2027: ...ss for any ARP responses associated with the virtual IP address or any gratuitous ARPs sent on behalf of the virtual IP address All VRRP advertisements are sent using this virtual MAC address as the source MAC address The virtual MAC address has the form 00 00 5e 00 01 VRID where VRID is the ID of the Virtual Router Syntax vrrp vmac enable disable Mode Global Configuration Examples To enable Virtu...

Page 2028: ...th AlliedWare Plus Feature Overview and Configuration Guide Command List debug epsr on page 2030 epsr on page 2031 epsr configuration on page 2033 epsr datavlan on page 2034 epsr enhancedrecovery enable on page 2035 epsr mode master controlvlan primary port on page 2036 epsr mode transit controlvlan on page 2037 epsr priority on page 2038 epsr state on page 2039 epsr trap on page 2040 show debuggi...

Page 2029: ...C613 50102 01 REV C Command Reference for x510 Series 2029 AlliedWare Plus Operating System Version 5 4 6 1 x ETHERNET PROTECTION SWITCHED RING EPSRING COMMANDS undebug epsr on page 2053 ...

Page 2030: ...on from being sent to the console msg Send the decoded received and transmitted EPSR packets to the console Using this parameter with the no debug epsr command will explicitly exclude the above packets from being sent to the console pkt Send the received and transmitted EPSR packets as raw ASCII text to the console Using this parameter with the no debug epsr command will explicitly exclude the abo...

Page 2031: ...instance called blue use the command awplus config epsr epsr blue hellotime 5 NOTE When stacking is used with EPSR the EPSR failovertime should be at least 5 seconds To delete the EPSR instance called blue use the command awplus config epsr Parameter Description epsr instance Name of the EPSR instance hellotime 1 32767 The number of seconds between the transmission of health check messages failove...

Page 2032: ...are Plus Operating System Version 5 4 6 1 x ETHERNET PROTECTION SWITCHED RING EPSRING COMMANDS EPSR Related Commands epsr mode master controlvlan primary port epsr mode transit controlvlan epsr configuration epsr datavlan epsr state epsr trap reboot rolling show epsr ...

Page 2033: ...SRING COMMANDS EPSR CONFIGURATION epsr configuration Overview Use this command to enter EPSR Configuration mode so that EPSR can be configured Syntax epsr configuration Mode Global Configuration Example To change to EPSR mode use the command awplus config epsr configuration Related Commands epsr mode master controlvlan primary port epsr show epsr ...

Page 2034: ...094 using the epsr datavlan command Examples To add vlan3 to the EPSR instance called blue use the command awplus config epsr epsr blue datavlan vlan3 To add vlan2 and vlan3 to the EPSR instance called blue use the command awplus config epsr epsr blue datavlan vlan2 vlan3 To remove vlan3 from the EPSR instance called blue use the command awplus config epsr no epsr blue datavlan vlan3 To remove vla...

Page 2035: ...re than one break partially mends For more information see the EPSR Feature Overview and Configuration Guide The no variant of this command disables the enhanced recovery mode Syntax epsr epsr instance enhancedrecovery enable no epsr epsr instance enhancedrecovery enable Default Default is that enhanced recovery mode disabled Mode EPSR Configuration Example To apply enhanced recovery on the EPSR i...

Page 2036: ...against this because in certain situations it can produce unpredictable results Mode EPSR Configuration Example To create a master EPSR instance called blue with vlan2 as the control VLAN and port1 0 1 as the primary port use the command awplus config epsr epsr blue mode master controlvlan vlan2 primaryport port1 0 1 Related Commands epsr mode transit controlvlan show epsr Parameter Description ep...

Page 2037: ...or static channels an algorithm selects the two ports or channels with the lowest number to be the ring ports However if the switch has only one channel group is defined to the control vlan EPSR will not operate on the secondary port EPSR does not support Dynamic link aggregation LACP Mode EPSR Configuration Example To create a transit EPSR instance called blue with vlan2 as the control VLAN use t...

Page 2038: ...ion Syntax epsr epsr instance priority 0 127 no epsr instance priority Default The default priority of an EPSR instance on an EPSR node is 0 The negated form of this command resets the priority of an EPSR instance on an EPSR node to the default value Mode EPSR Configuration Example To set the priority of the EPSR instance called blue to the highest priority 127 use the command awplus config epsr e...

Page 2039: ... Syntax epsr epsr instance state enabled disabled Mode EPSR Configuration Example To enable the EPSR instance called blue use the command awplus config epsr epsr blue state enabled Related Commands epsr mode master controlvlan primary port epsr mode transit controlvlan Parameter Description epsr instance The name of the EPSR instance state The operational state of the ring enabled EPSR instance is...

Page 2040: ...nstance The traps will no longer be sent when the EPSR instance changes state Syntax epsr epsr instance trap no epsr epsr instance trap Mode EPSR Configuration Example To enable traps for the EPSR instance called blue use the command awplus config epsr epsr blue trap To disable traps for the EPSR instance called blue use the command awplus config epsr no epsr blue trap Related Commands epsr mode m...

Page 2041: ...ROTECTION SWITCHED RING EPSRING COMMANDS SHOW DEBUGGING EPSR show debugging epsr Overview This command shows the debugging modes enabled for EPSR Syntax show debugging epsr Mode User Exec and Privileged Exec Example To show the enabled debugging modes use the command awplus show debugging epsr Related Commands debug epsr ...

Page 2042: ...ces use the command awplus show epsr Output non superloop topology The following examples show the output display for a non superloop topology network Table 1 Example output from the show epsr command run on a transit node EPSR Information Name test2 Mode Transit Status Enabled State Links Up Control Vlan 2 Data VLAN s 10 Interface Mode Ports Only First Port port1 0 1 First Port Status Down First ...

Page 2043: ...e Control Vlan 4 Data VLAN s 20 Interface Mode Ports Only Primary Port port1 0 3 Primary Port Status Forwarding Secondary Port port1 0 4 Secondary Port Status Forwarding Hello Time 1 s Failover Time 2 s Ring Flap Time 0 s Trap Enabled Enhanced Recovery Disabled Table 3 Example output from the show epsr command run on a Master Node EPSR Information Name test4 Mode Master Status Enabled State Comple...

Page 2044: ... Priority 12 Table 5 Parameters displayed in the output of the show epsr command Parameter on Master Node Parameter on Transit Node Description Name Name The name of the EPSR instance Mode Mode The mode in which the EPSR instance is configured either Master or Transit Status Status Indicates whether the EPSR instance is enabled or disabled State State Indicates state of the EPSR instance s state m...

Page 2045: ... physical control of it Note that on a master configured for SuperLoop Prevention non zero priority its secondary ring port can be physically forwarding but logically blocking This situation arises when it is not the highest priority node in the topology and so does not receive LINKS DOWN messages upon common segment breaks and a break on a common segment in its ring is preventing reception of its...

Page 2046: ...de master controlvlan primary port epsr mode transit controlvlan show epsr counters Enhanced Recovery Enhanced Recovery Whether the EPSR instance has enhanced recovery mode enabled SLP Priority SLP Priority The EPSR instance s priority for SuperLoop Prevention Table 5 Parameters displayed in the output of the show epsr command cont Parameter on Master Node Parameter on Transit Node Description ...

Page 2047: ...ports on the switch use the command awplus show epsr common segments Related Commands show epsr show epsr summary show epsr counters Table 6 Example output from the show epsr common segments command EPSR Common Segments Common Seg EPSR Port Phys Ctrl Ring Ring Port Instance Mode Prio Type of Port Port Status port1 0 24 test_inst_Red Transit 127 Second Yes Fwding test_inst_Blue Transit 126 Second N...

Page 2048: ...s less than 5 seconds for a stacked device The instance is a master with its secondary port on a common segment Syntax show epsr instance config check Mode User Exec and Privileged Exec Example To check the configuration of all EPSR instances and display the results use the command awplus show epsr config check Related Commands show epsr Parameter Description instance Name of the EPSR instance to ...

Page 2049: ...iew This command displays information about the specified EPSR instance Syntax show epsr epsr instance Mode User Exec and Privileged Exec Example To show the current settings of the EPSR instance called blue use the command awplus show epsr blue Related Commands epsr mode master controlvlan primary port epsr mode transit controlvlan show epsr counters Parameter Description epsr instance Name of th...

Page 2050: ...Overview This command displays counter information about the specified EPSR instance Syntax show epsr epsr instance counters Mode User Exec and Privileged Exec Example To show the counters of the EPSR instance called blue use the command awplus show epsr blue counters Related Commands epsr mode master controlvlan primary port epsr mode transit controlvlan show epsr Parameter Description epsr insta...

Page 2051: ...OW EPSR COUNTERS show epsr counters Overview This command displays counter information about all EPSR instances Syntax show epsr counters Mode User Exec and Privileged Exec Example To show the counters of all EPSR instances use the command awplus show epsr counters Related Commands epsr mode master controlvlan primary port epsr mode transit controlvlan show epsr ...

Page 2052: ...put from the show epsr summary command EPSR Summary Information Abbreviations M Master node T Transit node C is on a common segment with other instances P instance on a common segment has physical control of the shared port s data VLAN blocking LB ring port is Logically Blocking applicable to master only EPSR Ctrl Primary 1st Secondary 2nd Instance Mode Status State VLAN Prio Port Status Port Stat...

Page 2053: ...for x510 Series 2053 AlliedWare Plus Operating System Version 5 4 6 1 x ETHERNET PROTECTION SWITCHED RING EPSRING COMMANDS UNDEBUG EPSR undebug epsr Overview This command applies the functionality of the no variant of the debug epsr command ...

Page 2054: ...C613 50102 01 REV C Command Reference for x510 Series 2054 AlliedWare Plus Operating System Version 5 4 6 1 x Part 7 Network Management ...

Page 2055: ... node They cannot form cross links or virtual links AMF naming convention When AMF is enabled on a device it will automatically be assigned a host name If a host name has already been assigned by using the command hostname on page 238 this will remain If however no host name has been assigned then the name applied will be the prefix host_ followed without a space by the MAC address of the device F...

Page 2056: ...mf cleanup on page 2082 atmf controller on page 2083 atmf distribute firmware on page 2084 atmf domain vlan on page 2086 atmf enable on page 2088 atmf group membership on page 2089 atmf guest class on page 2091 atmf log verbose on page 2093 atmf management subnet on page 2094 atmf management vlan on page 2096 atmf master on page 2097 atmf mtu on page 2098 atmf network name on page 2099 atmf provis...

Page 2057: ...on page 2136 modeltype on page 2138 show atmf on page 2139 show atmf area on page 2143 show atmf area guests on page 2146 show atmf area guests detail on page 2148 show atmf area nodes on page 2150 show atmf area nodes detail on page 2152 show atmf area summary on page 2154 show atmf backup on page 2155 show atmf backup area on page 2159 show atmf backup guest on page 2161 show atmf detail on page...

Page 2058: ...5 show atmf working set on page 2197 show debugging atmf on page 2198 show debugging atmf packet on page 2199 show running config atmf on page 2200 switchport atmf agentlink on page 2201 switchport atmf arealink remote area on page 2202 switchport atmf crosslink on page 2204 switchport atmf guestlink on page 2206 switchport atmf link on page 2208 type atmf node on page 2209 undebug atmf on page 22...

Page 2059: ...mber of areas supported on a controller depends on the license installed on that controller You must give each area in an AMF network a unique name and ID number Only one local area can be configured on a device You must specify a local area on each controller remote AMF master and gateway node Example To create the AMF area named New Zealand with an ID of 1 and specify that it is the local area u...

Page 2060: ...ries 2060 AlliedWare Plus Operating System Version 5 4 6 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS ATMF AREA Related Commands atmf area password show atmf area show atmf area summary show atmf area nodes switchport atmf arealink remote area ...

Page 2061: ...cally on both of the area that locally contains the controller and the remote AMF area masters The command show running config atmf will display the encrypted version of this password The encryption keys will match between the controller and the remote AMF master If multiple controller and masters exist in an area they must all have the same area configuration Example To give the AMF area named Au...

Page 2062: ...ries 2062 AlliedWare Plus Operating System Version 5 4 6 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS ATMF AREA PASSWORD Related Commands atmf area show atmf area show atmf area summary show atmf area nodes switchport atmf arealink remote area ...

Page 2063: ... execute twice per day 11 am and 11 pm use the following command node_1 configure terminal node_1 config atmf backup 11 00 frequency 2 CAUTION File names that comprise identical text but with differing case such as Test txt and test txt will not be recognized as being different on FAT32 based backup media such as a USB storage device However these filenames will be recognized as being different on...

Page 2064: ...a Note that this command can only be run on an AMF controller Syntax atmf backup area masters delete area area name node node name Mode Privileged Exec Example To delete the backup of the remote area master named well gate in the AMF area named Wellington use the command controller 1 atmf backup area masters delete area Wellington node well gate Related Commands show atmf backup area Parameter Des...

Page 2065: ...ea masters enable Mode Global configuration Default Remote area backups are disabled by default Usage Use the following commands to configure the remote area master backups atmf backup to configure when the backups begin and how often they run atmf backup server to configure the backup server Example To enable scheduled backups of AMF remote area masters use the commands controller 1 configure ter...

Page 2066: ...leged Exec Example To back up all local master nodes in all areas controlled by controller 1 use the command controller 1 atmf backup area masters now To back up all local masters in the AMF area named Wellington use the command controller 1 atmf backup area masters now area Wellington To back up the local master well master in the Wellington area use the command controller 1 atmf backup area mast...

Page 2067: ...een the active remote file server and the backup remote file server Files are copied from the active server to the remote server Note that this command is only valid on AMF controllers Syntax atmf backup area masters synchronize Mode Privileged Exec Example To synchronize backed up files between the remote file servers for all area masters use the command controller 1 atmf backup area masters sync...

Page 2068: ... the maximum configurable speed of 1000 kBps In effect zero means unlimited Use the no variant of this command to reset to its default value of zero the maximum bandwidth in kilobytes per second kBps available when initiating an AMF backup A value of zero tells the backup process to transfer files using unlimited bandwidth Syntax atmf backup bandwidth 0 1000 no atmf backup bandwidth Default The de...

Page 2069: ...backup file from the external media of a specified AMF node Note that this command can only be run from an AMF master node Syntax atmf backup delete node name Mode Privileged Exec Example To delete the backup file from node2 use the following command Node_1 atmf backup delete node2 Related Commands show atmf backup atmf backup now atmf backup stop Parameter Description node name The AMF node name ...

Page 2070: ...y enabled Syntax atmf backup enable no atmf backup enable Default Automatic AMF backup functionality is enabled on the AMF master when it is configured and external media i e an SD card or a USB storage device or remote server is detected Mode Global Configuration Usage A warning message will appear if you run the atmf backup enable command with either insufficient or marginal memory availability ...

Page 2071: ... Syntax atmf backup guests delete node name guest port Mode User Exec Privileged Exec Example On a parent node named node1 which in this case the user has a direct console connection to usethefollowing command to remove thebackup files of the guest node that is directly connected to port1 0 3 node1 atmf backup guests delete node1 port1 0 3 Related Command atmf backup delete atmf backup area master...

Page 2072: ...ATMF master Use the no variant of this command to disable the ability of the guest nodes to be backed up Syntax atmf backup guests enable no atmf backup guests enable Default Guest node backups are enabled by default Mode Global Config Example On the ATMF master node enable all scheduled guest node backups atmf master configure terminal atmf master config atmf backup guests enable Related Commands...

Page 2073: ...s now node name guest port Default N A Mode Privileged Exec Example Use the following command to manually trigger the backup of all guests in the AMF network awplus atmf backup guests now Example To manually trigger the backup of a guest node connected to port 1 0 23 of node1 use the following command awplus atmf backup guests now node1 port1 0 23 Related Commands show atmf backup guest Parameter ...

Page 2074: ...dundancy backup media such as USB storage devices This facility ensures that each device contains the same backup image files Note that this backup synchronization process will occur as part of the regular backups scheduled by the atmf backup command Syntax atmf backup guests synchronize Default N A Mode User Exec Privileged Exec Example To synchronize backups across remote file servers and storag...

Page 2075: ...ent backups on both masters you can apply the backup now command to the master working set This is shown in Example 4 below Example 1 In this example an AMF member has not been assigned a host name The following command is run on the AMF_Master_2 node to immediately backup the device that is identified by its MAC address of 0016 76b1 7a5e AMF_Master_2 atmf backup now host_0016_76b1_7a5e NOTE When ...

Page 2076: ...nnex and store the configuration on both masters use the following process From the AMF_master_1 set the working set to comprise only of the automatic group master nodes AMF_Master_1 atmf working set group master This command returns the following display Backup the AMF member with the host name office_annex on both the master nodes as defined by the working set AMF_Master 2 atmf backup now office...

Page 2077: ...onfiguration Usage If the AMF Master or Controller supports any removable media SD card USB it uses the removable media as the redundant backup for the AMF data backup This feature is valid only if remote file servers are configured on the AMF Master or Controller Example To enable AMF backup redundancy use the commands awplus configure terminal awplus config atmf backup redundancy enable To disab...

Page 2078: ...ommands AMF_Master_1 configure terminal AMF_Master_1 config atmf backup server id 1 192 168 1 1 username backup1 Parameter Description id Remote server backup server identifier 1 2 The backup server identifier number 1 or 2 Note that there can be up to two backup servers numbered 1 and 2 respectively and you would need to run this command separately for each server hostlocation Either the name or ...

Page 2079: ... 2 with a hostname and username use the command AMF_Master_1 configure terminal AMF_Master_1 config atmf backup server id 2 www example com username backup2 To configure server 2 with a hostname and username in addition to the optional path and port parameters use the command AMF_Master_1 configure terminal AMF_Master_1 config atmf backup server id 2 www example com username backup2 path tokyo por...

Page 2080: ...his command separately on each master node or add both masters to a working set and issue this command to the working set Note that this command can only be run on a master node Syntax atmf backup stop Mode Privileged Exec Usage This command is used to halt an AMF backup that is in progress In this situation the backup process will finish on its current node and then stop Example To stop a backup ...

Page 2081: ...to its backup remote file server Note that this process happens automatically each time the network is backed up Note that this command can only be run from a master node Syntax atmf backup synchronize Mode Privileged Exec Example When connected to the master node AMF_Master_1 the following command will initiate a backup of all system related files from its active remote file server to its backup ...

Page 2082: ...lash backup file v1 license files flash configs swfeature lic v2 license files flash configs sw_v2 lic It then reboots to put the device in a clean state ready to be used as a replacement node on a provisioned port Syntax atmf cleanup Mode Privileged Exec Usage This command is an alias to the erase factory default command Example To erase data use the command Node_1 atmf cleanup This command will ...

Page 2083: ...on a controller depends on the license installed on that controller Syntax atmf controller no atmf controller Mode Global configuration Usage A valid AMF license must be available before this command can be applied Example To configure the node named controller 1 as an AMF controller use the commands controller 1 configure terminal controller 1 config atmf controller To stop the node named control...

Page 2084: ...enameisupdatedusingthe bootsystemcommand Theoldrelease will become the backup release file If a release file exists in a remote device such as TFTP or HTTP for example then the URL should specify the exact release filename without using a wild card character The command will continue to upgrade software until all nodes are upgraded At the end of the upgrade cycle the command should be used on the ...

Page 2085: ...se File Status Team1 x510 5 4 6 1 4 rel Release ready Team2 x610 5 4 6 1 4 rel Release ready Team3 x610 5 4 6 1 4 rel Release ready Continue the rolling reboot y n y Copying Release x510 5 4 6 1 4 rel to Team1 Updating Release x510 5 4 6 1 4 rel information on Team1 Copying Release x610 5 4 6 1 4 rel to Team2 Updating Release x610 5 4 6 1 4 rel information on Team2 Copying Release x610 5 4 6 1 4 r...

Page 2086: ...at form uplinks downlinks If you assign a VLAN ID to this VLAN i e changing its value from the default of 4091 then you will need to do this separately on every device within the AMF network The AMF domain subnet will then be applied to this new VID when all devices within the AMF network are next rebooted Use the no variant of this command to reset the VLAN ID to its default value of 4091 Syntax ...

Page 2087: ... MANAGEMENT FRAMEWORK AMF COMMANDS ATMF DOMAIN VLAN Examples To change the AMF domain VLAN to 4000 use the following commands node 1 configure terminal node 1 config atmf domain vlan 4000 To reset the AMF domain VLAN to its default of 4091 use the following commands node 1 configure terminal node 1 config no atmf domain vlan ...

Page 2088: ...s configured the AMF feature starts automatically when the device starts up Mode Global Configuration Usage The device does not auto negotiate AMF domain specific settings such as the Network Name You should therefore configure your device with any domain specific non default settings before enabling AMF Examples To turn off AMF use the command MyNode config terminal MyNode config no atmf enable T...

Page 2089: ...des that are configured as masters are automatically assigned to the master group Use the no variant of this command to remove the membership Syntax atmf group group list no atmf group group list Mode Global Configuration Usage You can use this command to define your own arbitrary groups of AMF members based on your own network s configuration requirements Applying a node to a non existing group w...

Page 2090: ...nd sales first add the nodes to the working set master_node atmf working set member_node_1 member_node_2 This command returns the following output confirming that the nodes member_node_1 and member_node_2 are now part of the working set Then add the members of the working set to the groups atmf net 2 configure terminal atmf net 2 config atmf group building1 sales atmf net 2 config exit atmf net 2 ...

Page 2091: ... mode discovery method model type http enable setting guest port user name and password The no variant of this command removes the guest class Note that you cannot remove a guest class that is assigned to a port Syntax atmf guest class guest class name no atmf guest class Mode Interface Example 1 To create a guest class named camera use the following commands node1 configure terminal node1 config ...

Page 2092: ...0102 01 REV C Command Reference for x510 Series 2092 AlliedWare Plus Operating System Version 5 4 6 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS ATMF GUEST CLASS show atmf links guest show atmf guest ...

Page 2093: ...Syntax atmf log verbose 1 3 no atmf log verbose Default The default log display is 3 Usage This command is intended for use in large networks where verbose output can make the console unusable for periods of time while nodes are joining and leaving Mode Global Configuration Example To set the log verbose to noise level 2 use the command node 1 configure terminal node 1 config atmf log verbose 2 Va...

Page 2094: ...Asubnet mask of 255 255 0 0 will automatically be applied Mode Global Configuration Usage Typically a network administrator would use this command to change the default subnet address to match local network requirements As previously mentioned running this command will result in the creation of a further two subnets within the class B address space assigned and the mask will extend from 16 to 17 F...

Page 2095: ... Plus Operating System Version 5 4 6 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS ATMF MANAGEMENT SUBNET To change the AMF management subnet address on node node 1 back to its default of 172 31 0 0 node 1 configure terminal node 1 config no atmf management subnet ...

Page 2096: ...D when all devices within the AMF network are next rebooted Use the no variant of this command to restore the VID to the default of 4092 Syntax atmf management vlan 2 4090 no atmf management vlan Default VLAN ID default is 4092 NOTE Although the value applied by default lies outside the user configurable range You can use the no variant of this command to reset the VLAN to its default value mode G...

Page 2097: ...er nodes may exist in a network and they must be connected by an AMF crosslink NOTE Master nodes are an essential component of an AMF network In order to run AMF an AMF License is required for each master node If the crosslink between two AMF masters fails then one of the masters will become isolated from the rest of the AMF network Use the no variant of this command to remove the device as an AMF...

Page 2098: ...Mode Global Configuration Usage The default value of 1300 will work for all AMF networks including those that involve virtual links over IPsec tunnels If there are virtual links over IPsec tunnels anywhere in the AMF network we recommend not changing this default If there are no virtual links over IPsec tunnels then this AMF MTU value may be increased for network efficiency Example To change the A...

Page 2099: ...uring an AMF master node see the command atmf master Use the no variant of this command to remove the AMF network name Syntax atmf network name name no atmf network name Mode Global Configuration Usage This is one of the essential commands when configuring AMF and must be entered on each node that is to be part of the AMF A switching node master or member may be a member of only one AMF network CA...

Page 2100: ...vision nodename no atmf provision Default No AMF provisioning Mode Interface Configuration for a switchport a static aggregator or a dynamic channel group Usage The port should be configured as an AMF link or cross link and should be down to add or remove a provisioned node Example To provision an AMF node named node1 for port1 0 1 use the command host1 config interface port1 0 1 host1 config if a...

Page 2101: ...ust delete it before using the atmf provision node clone command When using this command it is important to be aware of the following A copy of media atmf atmf_name nodes source_node flash will be made for the provisioned node and stored in the backup media The directory node_backup_dir flash config ssh is excluded from the copy All contents of root_backup_dir nodes nodename will be deleted or ove...

Page 2102: ...the new provisioned node device3 Figure 52 2 Sample output from the show atmf backup command device1 atmf provision node device3 clone device2 Copying Successful operation device1 show atmf backup Scheduled Backup Enabled Schedule 1 per day starting at 03 00 Next Backup Time 01 Oct 2016 03 00 Backup Bandwidth Unlimited Backup Media USB Total 7446 0MB Free 7297 0MB Server Config Synchronization Uns...

Page 2103: ...ing this command to set a backup configuration file the specified AMF provisioned node must exist The specified file must exist in the flash directory created for the provisioned node in the AMF remote backup media Examples To set the configuration file branch cfg on the AMF provisioned node node1 use the command MasterNodeName atmf provision node node1 configure boot config branch cfg To set the ...

Page 2104: ...ec Usage When using this command to set a backup release file the specified AMF provisioned node must exist The specified file must exist in the flash directory created for the provisioned node in the AMF remote backup media Examples To set the release file x610 5 4 6 1 4 rel on the AMF provisioned node node1 use the command MasterNodeName atmf provision node node1 configure boot system x610 5 4 6...

Page 2105: ...provision node clone must be executed before you can use other atmf provision node commands with the specified node name If a backup or provisioned node already exists for the specified node name then you must delete it before using this command A date and time is assigned to the new provisioning directory reflecting when this command was executed If there is a backup or provisioned node with the ...

Page 2106: ... AMF Feature Overview and Configuration Guide Related commands atmf provision node clone device1 show atmf backup Scheduled Backup Enabled Schedule 1 per day starting at 03 00 Next Backup Time 01 Oct 2016 03 00 Backup Bandwidth Unlimited Backup Media USB Total 7446 0MB Free 7315 2MB Server Config Synchronization Unsynchronized Last Run 1 Unconfigured 2 Unconfigured Current Action Idle Started Curr...

Page 2107: ...y want to use the atmf provision node delete command to delete a provisioned node that was created in error or that is no longer needed This command cannot be used to delete backups created by the AMF backup procedure In this case use the command atmf backup delete to delete the files NOTE This command allows provisioned entries to be deleted even if they have been referenced by the atmf provision...

Page 2108: ...f provision node create device1 show atmf backup Scheduled Backup Enabled Schedule 1 per day starting at 03 00 Next Backup Time 01 Oct 2016 03 00 Backup Bandwidth Unlimited Backup Media USB Total 7446 0MB Free 7297 0MB Server Config Synchronization Unsynchronized Last Run 1 Unconfigured 2 Unconfigured Current Action Idle Started Current Node Node Name Date Time In ATMF On Media Status device1 30 S...

Page 2109: ... copy of the certificate file is deleted from AMF backup media Use the no variant of this command to set it back to the default This command can only be run on AMF master nodes Syntax atmf provision node nodename license cert file path URL no atmf provision node nodename license cert Default No license certificate file is specified for the provisioned node Mode Privileged Exec Usage This command i...

Page 2110: ...tmf provision nodes command Related commands show atmf provision nodes device1 show atmf provision nodes ATMF Provisioned Node Information Backup Media SD Total 3827 0MB Free 3481 1MB Node Name device2 Date Time 06 Oct 2016 23 25 44 Provision Path card atmf nodes Boot configuration Current boot image x510 5 4 6 1 4 rel file exists Backup boot image x510 5 4 6 1 3 rel file exists Default boot confi...

Page 2111: ...in the command has already been set up Otherwise an error message is shown when the command is run NOTE We advise that after running this command you return to a known working directory typically flash Example To change the working directory that happens to be on device1 to the directory of provisioned node device2 use the following command device1 atmf provision node device2 locate The directory ...

Page 2112: ...to reboot the next node in the sequence This command can take a significant amount of time to complete Syntax atmf reboot rolling force url Mode Privileged Exec Usage You can load the software from a variety of locations The latest compatible release foranodewill be selected from your selected locatio based on the parameters and URL you have entered For example card 5 4 6 x 5 4 6 rel will select f...

Page 2113: ...pecify the exact release filename without using wild card characters On bootup the software release is verified Should an upgrade fail the upgrading unit will revert back to its previous software version At the completion of this command a report is run showing the release upgrade status of each node NOTE Take care when removing external media or rebooting your devices Removing an external media w...

Page 2114: ...am3 Working set join ATMF_NETWORK 3 atmf reboot rolling ATMF Rolling Reboot Nodes Timeout Node Name Minutes SW_Team1 14 SW_Team2 8 SW_Team3 8 Continue the rolling reboot y n y ATMF Rolling Reboot Rebooting SW_Team1 SW_Team1 has left the working set Reboot of SW_Team1 has completed ATMF Rolling Reboot Rebooting SW_Team2 SW_Team2 has left the working set Reboot of SW_Team2 has completed ATMF Rolling...

Page 2115: ...olling Reboot Nodes Timeout Node Name Minutes New Release File Status SW_Team1 8 x510 5 4 6 0 1 rel Release Ready SW_Team2 10 x510 5 4 6 0 1 rel Release Ready SW_Team3 8 Not Supported HW_Team1 6 Incompatible Bld1_Floor_2 2 x610 5 4 6 0 1 rel Release Ready Bld1_Floor_1 4 Incompatible Building_1 2 Incompatible Building_2 2 x908 5 4 6 0 1 rel Release Ready Continue upgrading releases y n ...

Page 2116: ...vice will poll all known AMF masters and controllers and execute an election process based on the last successful backup and its timestamp to determine which to use If no valid backup master or controller is found then this command will fail No error checking occurs when this command is run Regardless of the last backup status the recovering node will attempt to load its configuration from the spe...

Page 2117: ...rsion 5 4 6 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS ATMF RECOVER Example To recover the AMF node named Node_10 from the AMF master node named Master_2 use the following command Master_2 atmf recover Node_10 master Master_2 Related Commands atmf backup stop show atmf backup show atmf ...

Page 2118: ...ment by reloading its backup file set that is located within the AMF backup system Note that this command must be run on the edge node device that connects to the guest node Syntax atmf recover guest guest port Mode User Exec Privileged Exec Example To recover a guest on node1 port1 0 1 use the following command node1 atmf recover guest port1 0 1 Related Commands show atmf backup guest Parameter D...

Page 2119: ...unction to their normal operational mode and in doing so assists with resolving the recovery problem You can repeat this process until the recovery failure has been resolved For more information see the AMF Feature Overview and Configuration Guide Syntax atmf recover led off Default Normal operational mode Mode Privileged Exec Example To revert the LEDs on Node1 from recovery mode display to their...

Page 2120: ...emote session the device will keep the AMF remote session open until the exec timeout time expires 10 minutes by default If the exec timeout time is set to infinity exec timeout 0 0 then the device is unable to ever close the remote session To avoid this we recommend you use the exit command to close AMF remote sessions instead of closing the associated VTY sessions We also recommend you avoid set...

Page 2121: ...This allows access to the atmf working set command from any node in the AMF network Syntax atmf restricted login no atmf restricted login Mode Privileged Exec Default Master nodes operate with atmf restricted login disabled Member nodes operate with atmf restricted login enabled NOTE The default conditions of this command vary from those applied by its no variant Thisisbecausetherestricted loginac...

Page 2122: ...e Privileged Exec Usage After running this command use the atmf working set command to select the set of nodes you want to access in the remote area Example To access nodes in the area Canterbury use the command controller 1 atmf select area Canterbury This displays the following output To return to the local area for controller 1 use the command controller 1 atmf select area local Alternatively t...

Page 2123: ...r If the tunnel is configured to connect a head office and branch office over the Internet typically this would involve using some type of managed WAN service such as a site to site VPN Tunnels are only supported using IPv4 Configuration involves creating a local tunnel ID a local IP address a remote tunnel ID and a remote IP address A reciprocal configuration is also required on thecorrespondingr...

Page 2124: ...92 168 1 1 remote id 2 remote ip 192 168 2 1 Node_20 config atmf virtual link id 2 ip 192 168 2 1 remote id 1 remote ip 192 168 1 1 Example 2 To set up an area virtual link to a remote site assuming IP connectivity between the sites already one site must run the following commands SiteA configure terminal SiteA config atmf virtual link id 5 ip 192 168 100 1 remote id 10 remote ip 192 168 200 1 rem...

Page 2125: ...nything other than the local device the prompt will change to the AMF network name followed by the size of the working set shown in square brackets This command has to be run at privilege level 15 In addition to the user defined groups the following system assigned groups are automatically created Implicit Groups local The originating node current All nodes that comprise the current working set al...

Page 2126: ...ing set use the command node1 atmf working set group all NOTE This command adds the implicit group all to the working set where all comprises all nodes in the AMF This command displays an output screen similar to the one shown below Example 2 To return to the local prompt and connect to only the local node use the command ATMF_Network_Name 6 atmf working set group local node1 The following table d...

Page 2127: ...OMMANDS CLEAR ATMF LINKS STATISTICS clear atmf links statistics Overview This command resets the values of all AMF link port and global statistics to zero Syntax clear atmf links statistics Mode Privilege Exec Example To reset the AMF link statistics values use the command node_1 clear atmf links statistics Related Commands show atmf links statistics ...

Page 2128: ...rosslink arealink database neighbor error all Default All debugging facilities are disabled Mode User Exec and Global Configuration Usage If no additional parameters are specified then the command output will display all AMF debugging information including link events topology discovery messages and all notable AMF events NOTE An alias to the no variant of this command is undebug atmf on page 2212...

Page 2129: ...C613 50102 01 REV C Command Reference for x510 Series 2129 AlliedWare Plus Operating System Version 5 4 6 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS DEBUG ATMF Related Commands no debug all ...

Page 2130: ...l 1 both Tx and Rx a timeout of 60 seconds with no filters applied NOTE An alias to the no variant of this command undebug atmf can be found elsewhere in this chapter Mode User Exec and Global Configuration Usage If no additional parameters are specified then the command output will apply a default selection of parameters shown below debug atmf packet direction rx tx both level 1 2 3 timeout secon...

Page 2131: ... ifname Interface port or virtual link pkt type Sets the filter on packets with a particular AMF packet type 1 Crosslink Hello BPDU packet with crosslink links information Enter 1 to select this packet type 2 Crosslink Hello BPDU packet with downlink domain information Enter 2 to select this packet type 3 Crosslink Hello BPDU packet with uplink information Enter 3 to select this packet type 4 Down...

Page 2132: ...KET To enable send and receive 500 packets only on vlink1 for packet types 1 7 and 11 use the command node_1 debug atmf packet num pkts 500 filter interface vlink1 pkt type 1 7 11 This example applies the debug atmf packet command and combines many of its options node_1 debug atmf packet direction rx level 1 num pkts 60 filter node x610 interface port1 0 1 pkt type 4 7 10 ...

Page 2133: ...itchport atmf guestlink command to separately assign an individual switch port to each of the guest nodes The MAC addresses of each of the guests of that class can then be learned from ARP or Neighbor discovery tables If you are using the static discovery method you must ensure that you have configured the appropriate class type for each of your statically discovered guest nodes The no variant of ...

Page 2134: ...MF COMMANDS DISCOVERY Example 2 To return the discovery method for the guest class TQ4600 1 to its default of dynamic use the following commands Node1 conf t Node1 config atmf guest class TQ4600 1 Node1 config guest no discovery Node1 config guest end Related Commands atmf guest class switchport atmf guestlink show atmf links guest show atmf nodes ...

Page 2135: ... file v1 license files flash configs swfeature lic v2 license files flash configs sw_v2 lic The device is then rebooted and returns the device to its factory default condition The device can then be used for automatic node recovery Syntax erase factory default Mode Global Configuration Usage This command is an alias to the atmf cleanup command Example To erase data use the command Node_1 config er...

Page 2136: ... port PORTNO no http enable Default http enable is off If http enable is selected without a port parameter the port number will default to 80 Mode ATMF Guest Configuration Mode Example 1 To enable HTTP access on port 80 the default of a guest node use the following commands node1 conf t node1 config atmf guest class Camera node1 config atmf guest http enable node1 config atmf guest Example 2 To en...

Page 2137: ...ence for x510 Series 2137 AlliedWare Plus Operating System Version 5 4 6 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS HTTP ENABLE Related Commands atmf guest class switchport atmf guestlink show atmf links guest show atmf nodes ...

Page 2138: ...ype tq to the guest class called tq_device use the following commands node1 conf t node1 config atmf guest class tq_device node1 config atmf guest modeltype tq node1 config atmf guest end Example 2 To remove the model type tq from the guest class called tq_device and reset it to the default of other use the following commands node1 conf t node1 config atmf guest class tq_device node1 config atmf g...

Page 2139: ...Started with AlliedWare Plus Feature Overview and Configuration Guide Example 1 To show summary information on AMF node_1 use the following command node_1 show atmf summary Example 2 To show information specific to AMF nodes use the following command node_1 show atmf nodes Example 3 The show amf session command displays all CLI Command Line Interface sessions for users that are currently logged in...

Page 2140: ... node_1 show atmf tech Table 2 Output from the show atmf session command node_1 show atmf session CLI Session Neighbors Session ID 73518 Node Name node_1 PID 7982 Link type Broadcast cli MAC Address 0000 0000 0000 Options 0 Our bits 0 Link State Full Domain Controller 0 Backup Domain Controller 0 Database Description Sequence Number 00000000 First Adjacency 1 Number Events 0 DBE Retransmit Queue L...

Page 2141: ... MAC 0014 2299 137d Parent Domain Parent Domain Controller Parent Domain Controller MAC 0000 0000 0000 Number of Domain Events 0 Crosslink Ports Blocking 0 Uplink Ports Waiting on Sync 0 Crosslink Sequence Number 7 Domains Sequence Number 28 Uplink Sequence Number 2 Number of Crosslink Ports 1 Number of Domain Nodes 2 Number of Neighbors 5 Number of Non Broadcast Neighbors 3 Number of Link State E...

Page 2142: ...N The VLAN created for traffic between Nodes of different domain up down links VLAN ID In this example VLAN 4092 is configured as the Management VLAN Management Subnet Network prefix for the subnet Management IP Address The IP address allocated for this traffic Management Mask The subnet mask used to create a subnet for this traffic 255 255 128 0 Domain VLAN The VLAN assigned for traffic between N...

Page 2143: ...troller 1 show atmf area The following figure shows example output from running this command on a controller The following figure shows example output from running this command on a remote master Parameter Description detail Displays detailed information area name Displays information about master and gateway nodes in the specified area only Table 5 Example output from the show atmf area command o...

Page 2144: ...ea has not been established This could meanthat a port or vlan is down or that inconsistent VLANs have been configured using the switchport atmf arealink remote area command N A for the area of the controller or remote master on which the command is being run because the gateway node on that device is local Auth Start which may indicate that the area names match on the controller and remote master...

Page 2145: ...w atmf area summary show atmf area nodes show atmf area nodes detail Table 8 Output from the show atmf area detail command controller 1 show atmf area detail ATMF Area Detail Information Controller distance 0 Controller Id 21 Backup Available FALSE Area Id 2 Gateway Node Name controller 1 Gateway Node Id 342 Gateway Ifindex 6013 Masters Count 1 Master Node Name well master 329 Node Count 2 Area Id...

Page 2146: ... The area name for guest information node name The name of the node that connects to the guests main building Area Guest Node Information Device MAC IP IPv6 Type Address Parent Port Address 0008 5d10 7635 x230 1 0 3 192 168 5 4 AT TQ4600 eccd 6df2 da60 wireless node1 1 0 4 192 168 5 3 0800 239e f1fe x230 1 0 4 192 168 4 8 AT TQ4600 001a eb3b dc80 wireless node2 1 0 7 192 168 4 12 main building gue...

Page 2147: ...x510 Series 2147 AlliedWare Plus Operating System Version 5 4 6 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS SHOW ATMF AREA GUESTS Related Commands show atmf area show atmf area nodes show atmf backup guest show atmf area guests detail ...

Page 2148: ...etail northern node1 Output Figure 52 9 Example output from the show atmf guest detail command Parameter Description area name The name assigned to the AMF area An area is an AMF network that is under the control of an AMF Controller node name The name assigned to the network node show atmf guest detail Node Name Node1 Port Name port1 0 5 Ifindex 5005 Guest Description tq4600 Device Type AT TQ4600...

Page 2149: ...rt number on the parent node Guest Description A brief description of the guest node as manually entered into the description interface command for the guest node port on the parent node Device Type The device type as supplied by the guest node itself Backup Supported Indicates whether AMF supports backup of this guest node MAC Address The MAC address of the guest node IP Address The IP address of...

Page 2150: ...Example To show summarized information about all the nodes the controller is aware of use the command controller 1 show atmf area nodes The following figure shows partial example output from running this command Parameter Description area name Displays information about nodes in the specified area node name Displays information about the specified node Table 11 Output from the show atmf area nodes...

Page 2151: ...des detail ATMF Master Whether the node is an AMF master node for its area Y if it is and N if it is not SC The device configuration one of C Chassis SBx8100 series S Stackable VCS or N Standalone Parent The node to which the current node has an active uplink Node Depth The number of nodes in the path from this node to the master node Table 12 Parameter definitions from the show atmf area nodes co...

Page 2152: ... Example To show information about all the nodes the controller is aware of use the command controller 1 show atmf area nodes detail The following figure shows partial example output from running this command Parameter Description area name Displays detailed information about nodes in the specified area node name Displays detailed information about the specified node Table 13 Output from the show ...

Page 2153: ...from the show atmf area nodes detail command Parameter Definition Node name The name assigned to a particular node Parent node name The node to which the current node has an active uplink Domain id Board type The Allied Telesis code number for the device Distance to core The number of nodes in the path from the current node to the master node in its area Flags Internal AMF information Extra flags ...

Page 2154: ...f area summary The following figure shows example output from running this command Related Commands show atmf area show atmf area nodes show atmf area nodes detail Parameter Description area name Displays information for the specified area only Table 15 Output from the show atmf area summary command controller 1 show atmf area summary ATMF Area Summary Information Management Information Local IPv6...

Page 2155: ...ption logs Displays detailed log information server status Displays connectivity diagnostics information for each configured remote file server synchronize Display the file server synchronization status logs For each remote file server display the logs for the last synchronization Table 52 1 Output from show atmf backup Node_1 show atmf backup ScheduledBackup Enabled Schedule 1 per day starting at...

Page 2156: ...up logs Backup Redundancy Enabled Local media SD Total 3788 0MB Free 1792 8MB State Inactive Remote file server is not available Log File Location card atmf ATMF logs rsync_ node name log Node Name Log Details atmf_testbox 2016 09 30 18 16 51 9045 receiving file list 2016 09 30 18 16 51 9047 d t flash 2016 09 30 18 16 52 9047 f flash a rel Table 52 3 Output from show atmf backup synchronize Node_1...

Page 2157: ...be a combination of either Idle Starting Doing Stopping or manual scheduled Started The date and time that the currently executing task was initiated in the format DD MMM YYYY HH MM Current Node The name of the node that is currently being backed up Backup Redundancy Whether backup redundancy is enabled or disabled Local media The local media to be used for backup redundancy SD or USB or NONE and ...

Page 2158: ...ead Errors meaning that there are issues note that the backup may still be deemed successful depending on the errors Stopped meaning that the backup attempt was manually aborted Good meaning that the backup was completed successfully Log File Location All backup attempts will generate a result log file in the identified directory based on the node name In the above example this would be card amf o...

Page 2159: ...e master nodes in one or more areas Note that this command is only available on AMF controllers Syntax show atmf backup area area name node name logs Mode Privileged Exec Example To show information about backups for an area use the command controller 1 show atmf backup area Parameter Description logs Displays the logs for the last backup of each node area name Displays information about nodes in ...

Page 2160: ...Time 15 Oct 2016 04 30 Backup Bandwidth Unlimited Backup Media FILE SERVER 1 Total 128886 5MB Free 26234 2MB Server Config 1 Configured Mounted Active Host 10 37 74 1 Username root Path tftpboot backups_from_controller 1 Port 2 Configured Unmounted Host 10 37 142 1 Username root Path Port Current Action Idle Started Current Node Backup Redundancy Enabled Local media USB Total 7604 0MB Free 7544 0M...

Page 2161: ...st status use the command x930 master show atmf backup guest Output Figure 52 10 Example output from show atmf backup guest Parameter Description node name The name of parent guest node guest port The port number on the parent node x930 master sh atmf backup guest Guest Backup Enabled Scheduled Backup Disabled Schedule 1 per day starting at 03 00 Next Backup Time 20 Jan 2016 03 00 Backup Bandwidth...

Page 2162: ...2 21 46 Good USB 19 Jan 2016 22 21 46 Good Table 52 1 Parameters in the output from show atmf backup guest Parameter Description Guest Backup The status of the guest node backup process Scheduled Backup The timing configured for guest backups Schedule Displays the configured backup schedule Next Backup Time The time the next backup process will be initiated Backup Bandwidth The bandwidth limit app...

Page 2163: ...ut screen from this command is shown below Parameter Description detail Displays output in greater depth atmf 1 show atmf detail ATMF Detail Information Network Name Test_network Network Mtu 1300 Node Name controller 1 Node Address controller 1 atmf Node ID 342 Node Depth 0 Domain State BackupDomainController Recovery State None Log Verbose Setting Verbose Management VLAN VLAN ID 4000 Management S...

Page 2164: ... AMF root node Domain State The state of Node in a Domain in AMF network as Controller Backup Recovery State The AMF node recovery status Indicates whether a node recovery is in progress on this device Auto Manual or None Management VLAN The VLAN created for traffic between Nodes of different domain up down links VLAN ID In this example VLAN 4092 is configured as the Management VLAN Management Sub...

Page 2165: ... of these groups Syntax show atmf group user defined automatic Default All groups are displayed Mode Privileged Exec Example 1 To display group membership of node2 use the following command node2 show atmf group A typical output screen from this command is shown below This screen shows that node2 contains the groups master and x510 Note that although the node also contains the implicit groups thes...

Page 2166: ...ion master poe x8100 node1 node2 node3 node4 node5 node6 ATMF group information sysadmin x8100 AMF_NETWORK 6 Table 54 Sample output from the show atmf group command for a working set AMF_NETWORK 6 show atmf group node3 node4 node5 node6 ATMF group information edge_switches x510 Table 55 Parameter definitions from the show atmf group command for a working set Parameter Definition ATMF group informa...

Page 2167: ...ers based on their own criteria which can be used to select groups of nodes Syntax show atmf group members user defined automatic Mode Privileged Exec Example To display group membership of all nodes in a working set use the command ATMF_NETWORK 9 show atmf group members Parameter Description user defined User defined group membership display automatic Automatic group membership display Table 56 S...

Page 2168: ...le 57 Parameter definitions from the show atmf group members command Parameter Definition Automatic Groups Lists the Automatic Groups and their nodal composition The sample output shows AMF nodes based on the same Hardware type or belonging to the same Master group User defined Groups Shows the grouping of AMF nodes in user defined groups Total Members Shows the total number of members in each gro...

Page 2169: ...The port name on the parent node master show atmf guests Guest Information Device Device Parent Guest IP IPv6 Name Type Node Port Address master 2 1 1 AR415S master 2 1 1 192 168 2 10 master 2 1 2 AT 9924T master 2 1 2 192 168 1 10 master 2 1 4 AT TQ3200 master 2 1 4 192 168 1 12 Current ATMF guest node count 3 Table 58 Parameters shown in the output of the show atmf guest command Parameter Descri...

Page 2170: ...EST Related Commands atmf guest class switchport atmf guestlink show atmf backup guest Guest Port The port on the Parent node that directly connects to the guest node IP IPv6 Address The address discovered from the node or statically configured on the parent node s attached port Table 58 Parameters shown in the output of the show atmf guest command Parameter Description ...

Page 2171: ...that are detailed in the example in show atmf links Figure 52 12 Sample output from the show atmf links brief command Parameter Description links AMF links brief A brief summary of AMF links their configuration and status detail A detailed description of the AMF links statistics AMF statistics ifrange Limits the display output to the specified interface range Example core show atmf links ATMF Link...

Page 2172: ...nk nodes in same domain Link Status Shows the link status of the local port on the node as either Up or Down ATMF State Shows AMF state of the local port Init Link is down Hold Link transitioned to up state but waiting for hold period to ensure link is stable Incompatible Neighbor rejected the link because of inconsistency in AMF configurations OneWay Link is up and has waited the hold down period...

Page 2173: ...detail The output from this command will display all the internal data held for AMF links The following example gives details of the links that are summarized in the example in show atmf links Parameter Description detail Detailed AMF links information Table 60 Sample output from the show atmf links detail command device1 show atmf links detail Crosslink Ports Information Port sa1 Ifindex 4501 Por...

Page 2174: ...4610 Example core 4610 Transaction ID 2 2 MAC Address eccd 6dd1 64d0 0000 cd37 054b Link State Full Full Domain Nodes Tree Node Building A Links on Node 1 Link 0 Building A 4630 Example core 4630 Forwarding State Forwarding Node Building B Links on Node 1 Link 0 Building B 4610 Example core 4610 Forwarding State Forwarding Node Example core Links on Node 2 Link 0 Building A 4630 Example core 4630 ...

Page 2175: ...de Depth 0 Transaction ID 6 Flags 32 Domain Controller Domain Controller MAC 0000 0000 0000 Downlink Domain Information Domain Dept A s domain Domain Controller Dept A Domain Controller MAC eccd 6d20 c1d9 Number of Links 2 Number of Links Up 2 Number of Links on This Node 2 Links are Blocked 0 Node Transaction List Node Building B Transaction ID 8 Node Building A Transaction ID 8 Domain List Domai...

Page 2176: ...st Domain Dorm D s domain Node Building A Ifindex 0 Transaction ID 20 Flags 32 Domain Dorm D s domain Node Building B Ifindex 0 Transaction ID 20 Flags 32 Domain Dorm D s domain Node Example core Ifindex 4510 Transaction ID 20 Flags 1 Domain Dorm D s domain Node Example core Ifindex 4520 Transaction ID 20 Flags 1 Domain Example edge s domain Domain Controller Example edge Domain Controller MAC 001...

Page 2177: ...cent MAC eccd 6ddf 6cdf Adjacent Domain Controller Dorm D Adjacent Domain Controller MAC 0000 cd37 082c Port Forwarding State Forwarding Port BPDU Receive Count 95 Port Sequence Number 11 Port Adjacent Sequence Number 7 Port Last Message Response 0 Port po21 Ifindex 4621 Port Status Up Port State Full Last event LinkComplete Adjacent Node Dept A Adjacent Internal ID 29 Adjacent Ifindex 4621 Adjace...

Page 2178: ...wn Link has been shut down by user configuration Port BPDU Receive Count The number of AMF protocol PDU s received Adjacent Node Name The name of the adjacent node connected to this node Adjacent Ifindex Adjacent AMF Node connected to this Node Adjacent VR ID Virtual router id of the adjacent node in the domain Adjacent MAC MAC address of the adjacent node in the domain Port Last Message Response ...

Page 2179: ...ier for the neighbor in crosslink Flags Used in domain messages to exchange the state ATMF_DOMAIN_FLAG_DOWN 0 ATMF_DOMAIN_FLAG_UP 1 ATMF_DOMAIN_FLAG_BLOCK 2 ATMF_DOMAIN_FLAG_NOT_PRESENT 4 ATMF_DOMAIN_FLAG_NO_NODE 8 ATMF_DOMAIN_FLAG_NOT_ACTIVE_PARENT 16 ATMF_DOMAIN_FLAG_NOT_LINKS 32 ATMF_DOMAIN_FLAG_NO_CONFIG 64 Domain Controller Domain Controller in the uplink domain Domain Controller MAC MAC addr...

Page 2180: ...Virtual router id for the local port Port Status Shows status of the local port on the Node as UP DOWN Port State AMF state of the local port Adjacent Node nodename of the adjacent node Adjacent Internal ID Unique node identifier of the remote node Adjacent Ifindex Interface index for the port of adjacent AMF node Adjacent Board ID Product identifier for the adjacent node Adjacent VR ID Virtual ro...

Page 2181: ...and Reference for x510 Series 2181 AlliedWare Plus Operating System Version 5 4 6 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS SHOW ATMF LINKS DETAIL Related Commands no debug all clear atmf links statistics show atmf ...

Page 2182: ...uests that are connectable from node1 use the command node1 show atmf links guest Output Figure 52 13 Example of standard output from show atmf links guest Example 2 To display detailed information about AMF guests use the command node1 show atmf links guest detail Parameter Description detail Displays a full output for the connected guest nodes IFRANGE Select a specific range of ports to display ...

Page 2183: ...e Aastra IP Phone Interface port1 0 4 Class Name panasonic camera Model Type other Discovery Method Dynamic IP Address 192 168 1 5 State Getting ID MAC address 0800 239e f1fe Table 52 1 Parameters shown in the output of show atmf links guest Parameter Description Interface The port on the parent node that connects to the guest Class Name The name of the ATMF guest class that has been assigned to t...

Page 2184: ...es 2184 AlliedWare Plus Operating System Version 5 4 6 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS SHOW ATMF LINKS GUEST Related Commands atmf guest class discovery http enable username modeltype switchport atmf guestlink show atmf backup guest ...

Page 2185: ...evice1 show atmf links statistics Parameter Description interface Specifies that the command applies to a specific interface port or range of ports Where both the interface and port number are unspecified full statistics not just those relating to ports will be displayed port_number Enter the port number for which statistics are required A port range a static channel or LACP link can also be speci...

Page 2186: ...checksum or type Type7 0 Incarnation is not possible with the data received Type8 0 Discard crosslink hello received not correct state Type9 0 Discard crosslink domain hello received on non crosslink Type10 0 Discard crosslink domain hello not in correct state Type11 0 Crosslink uplink hello received on non crosslink port Type12 0 Discard crosslink uplink hello not in correct state Type13 0 Wrong ...

Page 2187: ...no debug all clear atmf links statistics show atmf device1 show atmf links statistics interface port1 0 5 ATMF Port Statistics Transmit Receive port1 0 5 Crosslink Hello 231 232 port1 0 5 Crosslink Hello Domain 116 116 port1 0 5 Crosslink Hello Uplink 116 115 port1 0 5 Hello Link 0 0 port1 0 5 Arealink Hello 0 0 Parameter Definition Receive Shows a count of AMF protocol packets received per messag...

Page 2188: ...IED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS SHOW ATMF MEMORY DEPRECATED show atmf memory deprecated Overview This command has been deprecated in Software Version 5 4 5 0 1 and later To see details of AMF memory usage please use the following commands instead show memory allocations atmfd show memory pools atmfd ...

Page 2189: ...ivileged Exec Example 1 To display AMF information for guest nodes only use the command node_1 show atmf nodes guest To display AMF information for all nodes in the AMF use the command node_1 show atmf nodes all Parameter Description guest Display only guest nodes in the AMF network all Display all nodes in the AMF network Table 54 Sample output from the show atmf nodes guest command node1 show at...

Page 2190: ...put from the show atmf nodes all command showing node1 show atmf nodes all Node and Guest Information Local device SC Switch Configuration C Chassis S Stackable N Standalone G Guest Node Guest Device ATMF Parent Node Name Type Master SC Domain Depth x930 master AT x930 52GTX Y S none 0 x510 master x510 28GPX Y S none 0 x908 SwitchBlade x908 N S x510 master 1 poe x610 48Ts X POE N S x908 2 aastra p...

Page 2191: ...nd is run Example To show the details of all the provisioned nodes in the backup use the command NodeName show atmf provision nodes Figure 52 17 Sample output from the show atmf provision nodes command Related commands atmf provision node create atmf provision node clone atmf provision node configure boot config atmf provision node configure boot system show atmf backup device1 show atmf provision...

Page 2192: ...how atmf tech Table 56 Sample output from the show atmf tech command node1 show atmf tech ATMF Summary Information ATMF Status Enabled Network Name ATMF_NET Node Name node1 Role Master Current ATMF Nodes 8 ATMF Technical information Network Name ATMF_NET Domain node1 s domain Node Depth 0 Domain Flags 0 Authentication Type 0 MAC Address 0014 2299 137d Board ID 287 Domain State DomainController Dom...

Page 2193: ...igned to the node within the AMF network Role The role configured on the device within the AMF either master or member Current ATMF Nodes A count of the AMF nodes in the AMF network Node Address The identity of a node in the format name atmf that enables its access it from a remote location Node ID A unique identifier assigned to an AMF node Node Depth The number of nodes in the path from this nod...

Page 2194: ...et address used for this traffic Domain IP Address the IP address allocated for this traffic Domain Mask the Netmask used to create a subnet for this traffic 255 255 128 0 prefix 17 Device Type Shows the Product Series Name ATMF Master Indicates the node s membership of the core domain membership is indicated by Y SC Shows switch configuration C Chassis such as SBx8100 series S Stackable VCS N Sta...

Page 2195: ...ed the subnets 192 0 2 33 and 192 0 2 65 using the prefix 27 Each subnet connects to a virtual link The first link has the IP address 192 168 1 1 and has a Local ID of 1 The second has the IP address 192 168 2 1 and has the Local ID of 2 Example 2 To display AMF virtual links MAC address information use the command node_1 show atmf virtual links macaddr Parameter Description show Show running syst...

Page 2196: ...r definitions from the show atmf virtual links command output Parameter Definition vlink1 The tunnel named vlink1 equivalent to an L2TP tunnel Local ID The local ID of the virtual link This matches the vlink number State The operational state of the vlink either Up or Down This state is always displayed once a vlink has been created mac addr AMF virtual links terminate on an internal soft bridge T...

Page 2197: ...nd displays the nodes that form the current AMF working set Syntax show atmf working set Mode Privileged Exec Example To show current members of the working set use the command ATMF_NETWORK 6 show atmf working set Related Commands atmf working set show atmf show atmf group Table 61 Sample output from the show atmf working set command ATMF Working Set Nodes node1 node2 node3 node4 node5 node6 Worki...

Page 2198: ...ng atmf Mode User Exec and Global Configuration Example To display the AMF debugging status use the command node_1 show debugging atmf Figure 52 18 Sample output from the show debugging atmf command Related Commands debug atmf packet node1 show debugging atmf ATMF debugging status ATMF arealink debugging is on ATMF link debugging is on ATMF crosslink debugging is on ATMF database debugging is on A...

Page 2199: ...isplay the AMF packet debugging status use the command node_1 show debug atmf packet Figure 52 19 Sample output from the show debugging atmf packet command Related Commands debug atmf debug atmf packet ATMF packet debugging is on ATMF Packet Debugging Parameters Node Name x908 Port name port1 1 1 Limit 500 packets Direction TX Info Level Level 2 Packet Type Bitmap 2 Crosslink Hello BPDU pkt with d...

Page 2200: ...splays the running system information that is specific to AMF Syntax show running config atmf Mode User Exec and Global Configuration Example To display the current configuration of AMF use the following commands node_1 show running config atmf For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Related Comman...

Page 2201: ...s are not visible to AMF networks Mode Interface mode for a switch port Note that the link between the x600 and the AMF network must be a single link not an aggregated link Usage The x600 Series switch provides the following information to the AMF node that it is connected to The MAC address The IPv4 address The IPv6 address The name type of the device Allied Telesis x600 The name of the current f...

Page 2202: ...the same area password must exist on both ends of the link Running this command will automatically place the port or static aggregator into trunk mode i e switchport mode trunk and will synchronize the area information stored on the two nodes You can configure multiple arealinks between two area nodes but only one arealink at any time will be in use All other arealinks will block information to pr...

Page 2203: ... for x510 Series 2203 AlliedWare Plus Operating System Version 5 4 6 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS SWITCHPORT ATMF AREALINK REMOTE AREA Related Commands atmf area atmf area password atmf virtual link show atmf links ...

Page 2204: ...ation for a switchport a static aggregator or a dynamic channel group Usage Crosslinks can be used anywhere within an AMF network They have the effect of separating the AMF network into separate domains Where this command is used it is also good practice to use the switchport trunk native vlan command with the parameter none selected This is to prevent a network storm on a topology of ring connect...

Page 2205: ...gure terminal Node_1 config interface sa1 Node_1 config if switchport atmf crosslink Node_1 config if switchport trunk allowed vlan add 2 Node_1 config if switchport trunk native vlan none In this example VLAN 2 is assigned to the static aggregator and the native VLAN VLAN 1 is explicitly excluded from the aggregated ports and the crosslink assigned to it NOTE The AMF management and domain VLANs a...

Page 2206: ... configure switch port 1 0 44 to be a guest link that will connect to a guest node having a guest class of camera and an IPv4 address of 192 168 3 3 use the following commands node1 configure terminal node1 config int port1 0 44 node1 config if switchport atmf guestlink class camera ip 192 168 3 3 node1 config if end Example 2 To configure switchport 1 0 41 to be a guest link that will connect to ...

Page 2207: ...stlink node1 config if end Example 4 To configure switch ports 1 0 52 to 1 0 54 to be guest links for the guest class camera use the following commands node1 configure terminal node1 config int port1 0 41 port1 0 44 node1 config if switchport atmf guestlink class camera node1 config if end Example 5 To remove the guest link functionality from switchport 1 0 41 use the following commands node1 conf...

Page 2208: ...t may exist for the selected port or aggregated link Syntax switchport atmf link no switchport atmf link Mode Interface Configuration for a switchport a static aggregator or a dynamic channel group Usage Do not use a VCStack port as an AMF link even if you have configured the port as a data port During AMF recovery these ports revert to their default state of being VCStack ports so AMF cannot use ...

Page 2209: ...e leave Example 2 The following commands will configure trigger 5 to activate if an AMF node join event occurs on any node within the working set node1 atmf working set group all This command returns the following display Note that the running the above command changes the prompt from the name of the local node to the name of the AMF Network followed in square brackets by the number of member node...

Page 2210: ...d returns the following display node1 TR Type Details Description Ac Te Tr Repeat Scr Days Date 001 Periodic 2 min Periodic Status Chk Y N Y Continuous 1 smtwtfs 005 ATMF node leave E mail on ATMF Exit Y N Y Continuous 1 smtwtfs Node2 Node3 TR Type Details Description Ac Te Tr Repeat Scr Days Date 005 ATMF node leave E mail on ATMF Exit Y N Y Continuous 1 smtwtfs Node1 trigger 1 type periodic 2 sc...

Page 2211: ...613 50102 01 REV C Command Reference for x510 Series 2211 AlliedWare Plus Operating System Version 5 4 6 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS TYPE ATMF NODE Related Commands show trigger ...

Page 2212: ...erence for x510 Series 2212 AlliedWare Plus Operating System Version 5 4 6 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS UNDEBUG ATMF undebug atmf Overview This command is an alias for the no variant of the debug atmf command ...

Page 2213: ...has the guest class of phone1 use the following commands node1 conf t node1 config amf guest class phone1 node1 config atmf guest username reception password secret node1 config atmf guest end Example 2 To remove a guest node username and password for the user guest class phone1 use the following commands node1 conf t node1 config atmf guest class phone1 node1 config atmf guest no username node1 c...

Page 2214: ...13 50102 01 REV C Command Reference for x510 Series 2214 AlliedWare Plus Operating System Version 5 4 6 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS USERNAME show atmf links guest show atmf nodes ...

Page 2215: ...arted with AlliedWare Plus Feature Overview and Configuration Guide This guide is available at the above link on alliedtelesis com Command List bootfile on page 2217 clear ip dhcp binding on page 2218 default router on page 2219 dns server on page 2220 domain name on page 2221 host DHCP on page 2222 ip address dhcp on page 2223 ip dhcp bootp ignore on page 2225 ip dhcp leasequery enable on page 22...

Page 2216: ...able on page 2247 probe packets on page 2248 probe timeout on page 2249 probe type on page 2250 range on page 2251 route on page 2252 service dhcp relay on page 2253 service dhcp server on page 2254 show counter dhcp client on page 2255 show counter dhcp relay on page 2256 show counter dhcp server on page 2259 show dhcp lease on page 2261 show ip dhcp binding on page 2263 show ip dhcp pool on page...

Page 2217: ...e of the boot file that the client should use in its bootstrap process It may need to include a path The no variant of this command removes the boot filename from a DHCP server pool Syntax bootfile filename no bootfile Mode DHCP Configuration Example To configure the boot filename for a pool P2 use the command awplus configure terminal awplus config ip dhcp pool P2 awplus dhcp config bootfile boot...

Page 2218: ...l or range are specified and one or more static DHCP bindings exist within those addresses any dynamic entries within those addresses are cleared but any static entries are not cleared Examples To clear the specific IP address binding 192 168 1 1 use the command awplus clear ip dhcp binding ip 192 168 1 1 To clear all dynamic DHCP entries use the command awplus clear ip dhcp binding all Related Co...

Page 2219: ...efault router or all default routers from the DHCP pool Syntax default router ip address no default router ip address Mode DHCP Configuration Examples To add a router with an IP address 192 168 1 2 to the DHCP pool named P2 use the following commands awplus configure terminal awplus config ip dhcp pool P2 awplus dhcp config default router 192 168 1 2 To remove a router with an IP address 192 168 1...

Page 2220: ...HCP pool Syntax dns server ip address no dns server ip address Mode DHCP Configuration Examples To add the DNS server with the assigned IP address 192 168 1 1 to the DHCP pool named P1 use the following commands awplus configure terminal awplus config ip dhcp pool P2 awplus dhcp config dns server 192 168 1 1 To remove the DNS server with the assigned IP address 192 168 1 1 from the DHCP pool named...

Page 2221: ...he no variant of this command removes the domain name from the address pool Syntax domain name domain name no domain name Mode DHCP Configuration Examples To add the domain name Nerv_Office to DHCP pool P2 use the commands awplus configure terminal awplus config ip dhcp pool P2 awplus dhcp config domain name Nerv_Office To remove the domain name Nerv_Office from DHCP pool P2 use the commands awplu...

Page 2222: ...must be configured using a network command before issuing a host command Also note that a host address must match a network to add a static host address Examples To add the host at 192 168 1 5 with the MAC address 000a 451d 6e34 to DHCP pool 1 use the commands awplus configure terminal awplus config ip dhcp pool 1 awplus dhcp config network 192 168 1 0 24 awplus dhcp config host 192 168 1 5 000a 4...

Page 2223: ...ce with the ip name server command Option 15 a domain name used to resolve host names This option replaces the domain name set with the ip domain name command Your device ignores this domain name if it has a domain list set using the ip domain list command Option 51 lease expiration time The no variant of this command stops the interface from obtaining IP configuration details from a DHCP server S...

Page 2224: ...CONFIGURATION PROTOCOL DHCP COMMANDS IP ADDRESS DHCP To stop the interface vlan10 from using DHCP to obtain its IP address use the commands awplus configure terminal awplus config interface vlan10 awplus config if no ip address dhcp Related Commands ip address IP Addressing and Protocol show ip interface show running config ...

Page 2225: ...sts by default The no variant of this command configures the DHCP server to accept BOOTP requests This is the default setting Syntax ip dhcp bootp ignore no ip dhcp bootp ignore Mode Global Configuration Examples To configure the DHCP server to ignore BOOTP requests use the commands awplus configure terminal awplus config ip dhcp bootp ignore To configure the DHCP server to respond to BOOTP reques...

Page 2226: ...ages Use the no variant of this command to disable the support of DHCPLEASEQUERY packets For more information see the DHCP Feature Overview and Configuration Guide Syntax ip dhcp leasequery enable no ip dhcp leasequery enable Default DHCP leasequery support is disabled by default Mode Global Configuration Examples To enable DHCP leasequery support use the commands awplus configure terminal awplus ...

Page 2227: ...ion 1 254 The option number of the option Options with the same number as one of the standard options overrides the standard option definition option name Option name used to identify the option You cannot use a number as the option name Valid characters are any printable character If the name contains spaces then you must enclose it in quotation marks Default no default option type The option val...

Page 2228: ... defined IP address option as option 175 with the name special address use the commands awplus configure terminal awplus config ip dhcp option 175 name special address ip To remove the specific user defined option with the option number 12 use the commands awplus configure terminal awplus config no ip dhcp option 12 To remove the specific user defined option with the option name perform router dis...

Page 2229: ...ultiple interfaces This allows the device to act as a DHCP server on multiple interfaces to distribute different information to clients on the different networks The no variant of this command deletes the specific DHCP pool Syntax ip dhcp pool pool name no ip dhcp pool pool name Mode Global Configuration Example To create the DHCP pool named P2 and enter DHCP Configuration mode use the commands aw...

Page 2230: ...Agent Option 82 introductory information see the DHCP Feature Overview and Configuration Guide NOTE The DHCP relay service mightalter the content of the DHCP Relay AgentOption 82 field if the commands ip dhcp relay agent option and ip dhcp relay information policy have been configured Syntax ip dhcp relay agent option no ip dhcp relay agent option Default DHCP Relay Agent Information Option Option...

Page 2231: ...iedWare Plus Operating System Version 5 4 6 1 x DYNAMIC HOST CONFIGURATION PROTOCOL DHCP COMMANDS IP DHCP RELAY AGENT OPTION Related Commands ip dhcp relay agent option remote id ip dhcp relay information policy ip dhcp relay max message length service dhcp relay ...

Page 2232: ...enabled on the device service dhcp relay For DHCP Relay Agent and DHCP Relay Agent Option 82 introductory information see the DHCP Feature Overview and Configuration Guide Syntax ip dhcp relay agent option checking no ip dhcp relay agent option checking Mode Interface Configuration for a VLAN interface Examples To make the DHCP Relay Agent listening on vlan10 check the DHCP Relay Agent Information...

Page 2233: ... relay agent option remote id Default The Remote ID is set to the device s MAC address by default Mode Interface Configuration for a VLAN interface Usage The Remote ID sub option is included in the DHCP Relay Agent Option 82 field of relayed client DHCP packets if DHCP Relay Agent Option 82 is enabled ip dhcp relay agent option and DHCP Relay Agent is enabled on the device service dhcp relay Examp...

Page 2234: ...ng DHCP Relay Agent Option 82 field with its own DHCP Relay Agent field This is equivalent to the functionality of the replace parameter The no variant of this command returns the policy to the default behavior i e replacing the existing DHCP Relay Agent Option 82 field For DHCP Relay Agent and DHCP Relay Agent Option 82 introductory information see the DHCP Feature Overview and Configuration Guid...

Page 2235: ... contain DHCP Relay Agent Option 82 information use the commands awplus configure terminal awplus config interface vlan15 awplus config if ip dhcp relay information policy drop To reset the DHCP relay information policy to the default policy for interface vlan15 use the commands awplus configure terminal awplus config interface vlan15 awplus config if no ip dhcp relay information policy Related Co...

Page 2236: ...he no variant of this command to reset the hop count to the default For DHCP Relay Agent and DHCP Relay Agent Option 82 introductory information see the DHCP Feature Overview and Configuration Guide Syntax ip dhcp relay maxhops 1 255 no ip dhcp relay maxhops Default The default hop count threshold is 10 hops Mode Interface Configuration for a VLAN interface Example To set the maximum number of hop...

Page 2237: ...Usage When a DHCP Relay Agent that has DHCP Relay Agent Option 82 insertion enabled receives a request packet from a DHCP client it will append the DHCP Relay Agent Option 82 component data and forward the packet to the DHCP server The DHCP client will sometimes issue packets containing pad option fields that can be overwritten with Option 82 data Where there are insufficient pad option fields to ...

Page 2238: ...ATION PROTOCOL DHCP COMMANDS IP DHCP RELAY MAX MESSAGE LENGTH To reset the maximum DHCP message length to the default of 1400 bytes for packets arriving in interface vlan7 use the commands awplus configure terminal awplus config interface vlan7 awplus config if no ip dhcp relay max message length Related Commands service dhcp relay ...

Page 2239: ...ce no ip dhcp relay server address ipv4 address ipv6 address server interface no ip dhcp relay Mode Interface Configuration for a VLAN interface Usage For a DHCP server with an IPv6 address you must specify the interface for the DHCP server See examples below for configuration differences between IPv4 and IPv6 DHCP relay servers See also the service dhcp relay command to enable the DHCP Relay Agen...

Page 2240: ...lan2 awplus config if no ip dhcp relay server address 192 0 2 200 To enable the DHCP Relay Agent on your device to relay DHCP packets on interface vlan10 to the DHCP server with the IPv6 address 2001 0db8 010d 1 on interface vlan20 use the commands awplus configure terminal awplus config service dhcp relay awplus config interface vlan10 awplus config if ip dhcp relay server address 2001 0db8 010d ...

Page 2241: ... set the lease expiry time to infinite leases never expire Use the no variant of this command to return the lease expiration time back to the default of one day Syntax lease days hours minutes seconds lease infinite no lease Default The default lease time is 1 day Mode DHCP Configuration Examples To set the lease expiration time for address pool P2 to 35 minutes use the commands awplus configure t...

Page 2242: ...wplus config ip dhcp pool Nerv_Office awplus dhcp config lease 1 5 30 To set the lease expiration time for the address pool P3 to 20 seconds use the commands awplus configure terminal awplus config ip dhcp pool P3 awplus dhcp config lease 0 0 0 20 To set the lease expiration time for the pool to never expire use the command awplus dhcp config lease infinite To return the lease expiration time to t...

Page 2243: ... the pool You must remove all ranges in the pool before issuing a no network command to remove a network from the pool Examples To configure a network for the address pool P2 where the subnet is 192 0 2 5 and the mask is 255 255 255 0 use the commands awplus configure terminal awplus config ip dhcp pool P2 awplus dhcp config network 192 0 2 5 24 or you can use dotted decimal notation instead of sl...

Page 2244: ...xt server that the client should use in its bootstrap process The no variant of this command removes the next server address from the DHCP address pool Syntax next server ip address no next server Mode DHCP Configuration Example To set the next server address for the address pool P2 use the commands awplus configure terminal awplus config ip dhcp pool P2 awplus dhcp config next server 192 0 2 2 Pa...

Page 2245: ...moves the specified user defined option from the DHCP pool or all user defined options from the DHCP pool Syntax option 1 254 option name option value no option 1 254 option value Mode DHCP Configuration Parameter Description 1 254 The option number of the option Options with the same number as one of the standard options overrides the standard option definition option name Option name associated ...

Page 2246: ...g option tcpip node type 08af To add multiple IP addresses for the ip type option 175 use the command awplus dhcp config option 175 192 0 2 6 awplus dhcp config option 175 192 0 2 12 awplus dhcp config option 175 192 0 2 33 To add the option 179 to a pool and give the option the value 123456 use the command awplus dhcp config option 179 123456 To add a user defined flag option with the name perfor...

Page 2247: ...g used by another host The no variant of this command disables probing for a DHCP pool Syntax probe enable no probe enable Default Probing is enabled by default Mode DHCP Pool Configuration Examples To enable probing for pool P2 use the commands awplus configure terminal awplus config ip dhcp pool P2 awplus dhcp config probe enable To disable probing for pool P2 use the commands awplus configure t...

Page 2248: ...ber of probe packets sent to the default of 5 Syntax probe packets 0 10 no probe packets Default The default is 5 Mode DHCP Pool Configuration Examples To set the number of probe packets to 2 for pool P2 use the commands awplus configure terminal awplus config ip dhcp pool P2 awplus dhcp config probe packets 2 To set the number of probe packets to the default 5 for pool P2 use the commands awplus ...

Page 2249: ...tting 200 milliseconds Syntax probe timeout 50 5000 no probe timeout Default The default timeout interval is 200 milliseconds Mode DHCP Pool Configuration Examples To set the probe timeout value to 500 milliseconds for pool P2 use the commands awplus configure terminal awplus config ip dhcp pool P2 awplus dhcp config probe timeout 500 To set the probe timeout value for pool P2 to the default 200 m...

Page 2250: ...will send an ICMP Echo Request ping The no variant of this command sets the probe type to the default setting ping Syntax probe type arp ping no probe type Default The default probe type is ping Mode DHCP Pool Configuration Examples To set the probe type to arp for the pool P2 use the commands awplus configure terminal awplus config ip dhcp pool P2 awplus dhcp config probe type arp To set the prob...

Page 2251: ...ll address ranges from the DHCP pool Syntax range ip address ip address no range ip address ip address no range all Mode DHCP Configuration Examples To add an address range of 192 0 2 5 to 192 0 2 16 to the pool Nerv_Office use the command awplus configure terminal awplus config ip dhcp pool Nerv_Office awplus dhcp config range 192 0 2 5 192 0 2 16 To add the individual IP address 192 0 2 2 to a p...

Page 2252: ...ode DHCP Configuration Examples To distribute static routes for route 0 0 0 0 0 whose next hop is 192 16 1 1 to clients using both opt249 and rfc3442 use the command awplus configure terminal awplus config ip dhcp pool pubic awplus dhcp config route 0 0 0 0 0 192 16 1 1 both Related Commands ip dhcp pool Parameter Description A B C D M Subnet for the route A B C D Next hop for the route both opt24...

Page 2253: ...hcp relay no service dhcp relay Mode Global Configuration Usage A maximum number of 400 DHCP Relay Agents one per interface can be configured on the device Once this limit has been reached any further attempts to configure DHCP Relay Agents will not be successful Default The DHCP relay service is enabled by default Examples To enable the DHCP relay global function use the commands awplus configure...

Page 2254: ...on your device The server then listens for DHCP requests on all IP interfaces It will not run if there are no IP interfaces configured The no variant of this command disables the DHCP server Syntax service dhcp server no service dhcp server Mode Global Configuration Example To enable the DHCP server use the commands awplus configure terminal awplus config service dhcp server Related Commands ip dh...

Page 2255: ... output from the show counter dhcp client command Related Commands ip address dhcp show counter dhcp client DHCPDISCOVER out 10 DHCPREQUEST out 34 DHCPDECLINE out 4 DHCPRELEASE out 0 DHCPOFFER in 22 DHCPACK in 18 DHCPNAK in 0 Table 1 Parameters in the output of the show counter dhcp client command Parameter Description DHCPDISCOVER out The number of DHCP Discover messages sent by the client DHCPRE...

Page 2256: ...elay Output Figure 53 2 Example output from the show counter dhcp relay command awplus show counter dhcp relay DHCP relay counters Requests In 4 Replies In 4 Relayed To Server 4 Relayed To Client 4 Out To Server Failed 0 Out To Client Failed 0 Invalid hlen 0 Bogus giaddr 0 Corrupt Agent Option 0 Missing Agent Option 0 Bad Circuit ID 0 Missing Circuit ID 0 Bad Remote ID 0 Missing Remote ID 0 Option...

Page 2257: ...nt Option The number of incoming DHCP Reply messages dropped due to a missing relay agent information option field Note that Agent Option counters only increment on errors occurring if the ip dhcp relay agent option command is configured for an interface Messages generating the errors are only dropped if the ip dhcp relay agent option checking command is configured on the interface as well as the ...

Page 2258: ...n interface Messages generating the errors are only dropped if the ip dhcp relay agent option checking command is configured on the interface as well as the ip dhcp relay agent option command Option Insert Failed The number of incoming DHCP Request messages dropped due to an error adding the DHCP Relay Agent information option 82 This counter increments when the DHCP Relay Agent is set to drop pac...

Page 2259: ...t from the show counter dhcp server command DHCP server counters DHCPDISCOVER in 20 DHCPREQUEST in 12 DHCPDECLINE in 1 DHCPRELEASE in 0 DHCPINFORM in 0 DHCPOFFER out 8 DHCPACK out 4 DHCPNAK out 0 BOOTREQUEST in 0 BOOTREPLY out 0 Table 2 Parameters in the output of the show counter dhcp server command Parameter Description DHCPDISCOVER in The number of Discover messages received by the DHCP server ...

Page 2260: ...essages sent by the DHCP server The server sends these after receiving a request that it cannot fulfil because either there are no available IP addresses in the related address pool or the request has come from a client that doesn t fit the network setting for an address pool BOOTREQUEST in The number of bootp messages received by the DHCP server from bootp clients BOOTREPLY out The number of boot...

Page 2261: ...e device For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare_Plus Feature Overview and Configuration Guide Syntax show dhcp lease interface Mode User Exec and Privileged Exec Example To show the current lease expiry times for all interfaces use the command awplus show dhcp lease To show the current lease for vlan1 use th...

Page 2262: ...0 19 Renew 13 Mar 2017 18 37 06 Rebind 13 Mar 2017 19 49 29 Server Options subnet mask 255 255 255 0 routers 19 18 2 100 12 16 2 17 dhcp lease time 3600 dhcp message type 5 domain name servers 192 168 100 50 19 88 200 33 dhcp server identifier 192 168 22 1 domain name alliedtelesis com Interface vlan2 IP Address 100 8 16 4 Expires 13 Mar 2017 20 15 39 Renew 13 Mar 2017 18 42 25 Rebind 13 Mar 2017 ...

Page 2263: ...wplus show ip dhcp binding 172 16 2 16 To display the leases from the address pool MyPool use the command awplus show ip dhcp binding MyPool Output Figure 53 5 Example output from the show ip dhcp binding command Parameter Description ip address IPv4 address of a leased IP address in dotted decimal notation This displays the lease information for the specified IP address address pool Name of an ad...

Page 2264: ...r x510 Series 2264 AlliedWare Plus Operating System Version 5 4 6 1 x DYNAMIC HOST CONFIGURATION PROTOCOL DHCP COMMANDS SHOW IP DHCP BINDING Related Commands clear ip dhcp binding ip dhcp pool lease range service dhcp server show ip dhcp pool ...

Page 2265: ...ess pool Mode User Exec and Privileged Exec Example awplus show ip dhcp pool Output Figure 53 6 Example output from the show ip dhcp pool command Parameter Description address pool Name of a specific address pool This displays the configuration of the specified address pool only Pool p1 network 192 168 1 0 24 address ranges addr 192 168 1 10 to 192 168 1 18 static host addresses addr 192 168 1 12 ...

Page 2266: ...ddresses Total 8 Leased 2 Utilization 25 0 Static host addresses Total 1 Leased 1 Table 3 Parameters in the output of the show ip dhcp pool command Parameter Description Pool Name of the pool network Subnet and mask length of the pool address ranges Individual IP addresses and address ranges configured for the pool The DHCP server can offer clients an IP address from within the specified ranges on...

Page 2267: ... is sent In the range 50 to 5000 dns servers The DNS server addresses sent to by the pool to clients default router s The default router addresses sent by the pool to clients user defined options The list of user defined options sent by the pool to clients Dynamic addresses Total The total number of IP addresses that have been configured in the pool for dynamic allocation to DHCP clients Dynamic a...

Page 2268: ...eries 2268 AlliedWare Plus Operating System Version 5 4 6 1 x DYNAMIC HOST CONFIGURATION PROTOCOL DHCP COMMANDS SHOW IP DHCP POOL Related Commands ip dhcp pool probe enable probe packets probe timeout probe type range service dhcp server subnet mask ...

Page 2269: ...nterface vlan100 use the command awplus show ip dhcp relay interface vlan100 Output Figure 53 8 Example output from the show ip dhcp relay command Related Commands ip dhcp relay agent option ip dhcp relay agent option checking ip dhcp relay information policy ip dhcp relay maxhops ip dhcp relay server address Parameter Description interface name Name of a specific interface This displays the DHCP ...

Page 2270: ...ivileged Exec Example To display the server statistics use the command awplus show ip dhcp server statistics Output Figure 53 9 Example output from the show ip dhcp server statistics command DHCP server counters DHCPDISCOVER in 20 DHCPREQUEST in 12 DHCPDECLINE in 1 DHCPRELEASE in 0 DHCPINFORM in 0 DHCPOFFER out 8 DHCPACK out 4 DHCPNAK out 0 BOOTREQUEST in 0 BOOTREPLY out 0 DHCPLEASEQUERY in 0 DHCP...

Page 2271: ... a request that it cannot fulfil because either there are no available IP addresses in the related address pool or the request has come from a client that doesn t fit the network setting for an address pool BOOTREQUEST in The number of bootp messages received by the DHCP server from bootp clients BOOTREPLY out The number of bootp messages sent by the DHCP server to bootp clients DHCPLEASEQUERY in ...

Page 2272: ...ols currently configured This show command does not include any configuration details of the address pools You can display these using the show ip dhcp pool command For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip dhcp server summary Mode User Exec and Privileged Exec Example To display the c...

Page 2273: ...hen the pool s network mask specified using the next server command is applied The no variant of this command removes a subnet mask option from a DHCP pool The pool reverts to using the pool s network mask Syntax subnet mask mask no subnet mask Mode DHCP Configuration Examples To set the subnet mask option to 255 255 255 0 for DHCP pool P2 use the commands awplus configure terminal awplus config i...

Page 2274: ... prefixes DHCPv6 Prefix Delegation provides automatic configuration of IPv6 addresses and IPv6 prefixes For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide NOTE The IPv6 addresses shown use the address space 2001 0db8 32 defined in RFC 3849 for documentation purposes These addresses should not be used for prac...

Page 2275: ...e 2296 ipv6 dhcp pool on page 2298 ipv6 dhcp server on page 2300 ipv6 local pool on page 2301 ipv6 nd prefix DHCPv6 on page 2303 link address on page 2305 option DHCPv6 on page 2307 prefix delegation pool on page 2309 show counter ipv6 dhcp client on page 2311 show counter ipv6 dhcp server on page 2313 show ipv6 dhcp on page 2315 show ipv6 dhcp binding on page 2316 show ipv6 dhcp interface on page...

Page 2276: ...available allocated by the IPv6 prefix randomly generating the suffix of the IPv6 address with the specified preferred and valid lifetime leases Leased IPv6 address are found in the Parameter Description ipv6 prefix prefix length Specify an IPv6 prefix and prefix length The prefix length indicates the length of the IPv6 prefix assigned to the pool The IPv6 address uses the format X X X X Prefix Le...

Page 2277: ... sent from deprecated addresses or prefixes are delivered as expected An IPv6 address or prefix becomes invalid and is not available to an interface when the valid lifetime timer expires Invalid addresses or prefixes should not appear as the source or destination for a packet Examples To add IPv6 address prefix 2001 0db8 1 48 for DHCPv6 server pool configuration use the following commands awplus c...

Page 2278: ...en A deprecated address or prefix should not be used as a source address or prefix but packets sent from deprecated addresses or prefixes are delivered as expected Parameter Description first ipv6 address Specify the first IPv6 address of the IPv6 address range in hexadecimal notation in the format X X X X last ipv6 address Specify the last IPv6 address of the IPv6 address range in hexadecimal not...

Page 2279: ...s To add the IPv6 address range 2001 0db8 1 1 to 2001 0db8 1fff 1 for DHCPv6 server pool configuration use the following commands awplus configure terminal awplus config ipv6 dhcp pool pool1 awplus config dhcp6 address range 2001 0db8 1 1 2001 0db8 1fff 1 To remove a configured IPv6 address range for DHCPv6 server pool configuration use the following commands awplus configure terminal awplus confi...

Page 2280: ...COUNTER IPV6 DHCP CLIENT clear counter ipv6 dhcp client Overview Use this command in Privileged Exec mode to clear DHCPv6 client counters Syntax clear counter ipv6 dhcp client Mode Privileged Exec Example To clear DHCPv6 client counters use the following command awplus clear counter ipv6 dhcp client Related Commands show counter ipv6 dhcp client ...

Page 2281: ...COUNTER IPV6 DHCP SERVER clear counter ipv6 dhcp server Overview Use this command in Privileged Exec mode to clear DHCPv6 server counters Syntax clear counter ipv6 dhcp server Mode Privileged Exec Example To clear DHCPv6 server counters use the following command awplus clear counter ipv6 dhcp server Related Commands show counter ipv6 dhcp server ...

Page 2282: ...ses are cleared but any static entries are not cleared The clear ipv6 dhcp binding command is used as a server function A binding table entry on the DHCPv6 server is automatically Created whenever a prefix is delegated to a client from the configuration pool Updated when the client renews rebinds or confirms the prefix delegation Deleted when the client releases all the prefixes in the binding all...

Page 2283: ...6 DHCPV6 COMMANDS CLEAR IPV6 DHCP BINDING Example To clear all dynamic DHCPv6 server binding entries use the command awplus clear ipv6 dhcp binding all Output Figure 54 1 Example output from the clear ipv6 dhcp binding all command Related Commands show ipv6 dhcp binding awplus clear ipv6 dhcp binding all Deleted 1 entries ...

Page 2284: ...iew Use this command in Privileged Exec mode to restart a DHCPv6 client on an interface Syntax clear ipv6 dhcp client interface Mode Privileged Exec Example To restart a DHCPv6 client on interface vlan1 use the following command awplus clear ipv6 dhcp client vlan1 Related Commands show ipv6 dhcp binding Parameter Description interface Specify the interface name to restart a DHCPv6 client on ...

Page 2285: ...o add the DNS server with the assigned IPv6 address 2001 0db8 3000 3000 32 to the DHCPv6 server pool named P2 use the following commands awplus configure terminal awplus config ipv6 dhcp pool P2 awplus dhcpv6 config dns server 2001 0db8 3000 3000 32 To remove the DNS server with the assigned IPv6 address 2001 0db8 3000 3000 32 from the DHCPv6 server pool named P2 use the following commands awplus ...

Page 2286: ...01 REV C Command Reference for x510 Series 2286 AlliedWare Plus Operating System Version 5 4 6 1 x DHCP FOR IPV6 DHCPV6 COMMANDS DNS SERVER DHCPV6 Related Commands ipv6 dhcp pool option DHCPv6 show ipv6 dhcp pool ...

Page 2287: ...g the pre defined option 15 Note that if you add a user defined option 15 using the option DHCPv6 command then you will override any settings created with this command Examples To add the domain name Engineering to DHCPv6 server pool P2 use the commands awplus configure terminal awplus config ipv6 dhcp pool P2 awplus dhcpv6 config domain name Engineering ToremovethedomainnameEngineering fromDHCPv6...

Page 2288: ... is generated by the operating system when DHCP first starts If the OS is reinstalled the DUID LLT can change and any multiple operating systems on the machine will all have different DUIDs Configuring the subscriber id auto mac option causes the relay agent to insert the requesting client s MAC address into a subscriber ID field in the relay header A suitably configured server can then use this s...

Page 2289: ...en specifying the eui64 parameter the interface identifier of the IPv6 address is derived from the MAC address of the device For more information about EUI64 see the IPv6 Feature Overview and Configuration Guide Examples To configure a PD prefix named prefix1 on interface vlan1 and then add an IPv6 address use the following commands awplus configure terminal awplus config interface vlan1 awplus co...

Page 2290: ...ign the IPv6 address 2001 0db8 a2 48 to the VLAN interface vlan2 use the following commands awplus configure terminal awplus config interface vlan2 awplus config if ipv6 address 2001 0db8 a2 48 To remove the IPv6 address 2001 0db8 a2 48 from the VLAN interface vlan2 use the following commands awplus configure terminal awplus config interface vlan2 awplus config if no ipv6 address 2001 0db8 a2 48 T...

Page 2291: ...1 db8 32 from VLAN interface vlan2 use the following commands awplus configure terminal awplus config interface vlan2 awplus config interface vlan2 awplus config if no ipv6 address 2001 0db8 64 eui64 Validation Commands show running config show ipv6 dhcp binding show ipv6 interface brief show ipv6 route Related Commands ipv6 dhcp client pd ipv6 dhcp pool ipv6 local pool ipv6 nd prefix DHCPv6 prefi...

Page 2292: ...ion 6 a list of DNS servers This list appends the DNS servers set on your device with the dns server DHCPv6 command Option 15 a domain name used to resolve host names This option replaces any domain name that you have set with the domain name DHCPv6 command Option 51 lease expiration time Syntax ipv6 address dhcp no ipv6 address dhcp Examples To set the interface vlan10 to use DHCPv6 to obtain an ...

Page 2293: ... x DHCP FOR IPV6 DHCPV6 COMMANDS IPV6 ADDRESS DHCP To stop to the PPP interface ppp0 from using DHCPv6 to obtain its IPv6 address use the commands awplus configure terminal awplus config interface ppp0 awplus config if no ipv6 address dhcp Related Commands ipv6 address Validation Commands show running config ...

Page 2294: ... the DHCPv6 client process if not already running and enables requests for prefix delegation through the interface on which the command is configured When prefix delegation is enabled and a prefix is acquired the prefix is stored in the IPv6 prefix pool with an internal name defined by the required prefix name placeholder parameter The ipv6 address command can then refer to the prefixes stored in ...

Page 2295: ...ence for x510 Series 2295 AlliedWare Plus Operating System Version 5 4 6 1 x DHCP FOR IPV6 DHCPV6 COMMANDS IPV6 DHCP CLIENT PD Related Commands clear ipv6 dhcp client ipv6 address DHCPv6 PD ipv6 nd prefix DHCPv6 show ipv6 dhcp binding ...

Page 2296: ...254 The option number of the option Options with the same number as one of the standard options overrides the standard option definition option name Option name used to identify the option You cannot use a number as the option name Valid characters are any printable character If the name contains spaces then you must enclose it in quotation marks Default no default option type The option value You...

Page 2297: ...fig ipv6 dhcp option 46 name tcpip node type hex To define a user defined IP address option as option 175 with the name special address use the following commands awplus configure terminal awplus config ipv6 dhcp option 175 name special address ip To remove the specific user defined option with the option number 12 use the following commands awplus configure terminal awplus config no ipv6 dhcp opt...

Page 2298: ...and to delete the specific DHCPv6 pool Syntax ipv6 dhcp pool DHCPv6 poolname no ipv6 dhcp pool DHCPv6 poolname Mode Global Configuration Usage All DHCPv6 prefix pool names must be unique IPv6 prefix pools have a similar function to IPv4 address pools Contrary to IPv4 a block of IPv6 addresses an IPv6 address prefix are assigned and not single IPv6 addresses IPv6 prefix pools are not allowed to ove...

Page 2299: ...ence for x510 Series 2299 AlliedWare Plus Operating System Version 5 4 6 1 x DHCP FOR IPV6 DHCPV6 COMMANDS IPV6 DHCP POOL Related Commands ipv6 local pool option DHCPv6 prefix delegation pool show ipv6 dhcp binding show ipv6 dhcp pool ...

Page 2300: ...legation and configuration through the specified interface Note that DHCPv6 client DHCPv6 server and DHCPv6 relay are mutually exclusive on an interface When one of the DHCPv6 functions is enabled on an interface then another DHCPv6 function cannot be enabled on the same interface Examples To enable the DHCPv6 server service and use the DHCPv6 pool named P2 on VLAN interface vlan2 use the followin...

Page 2301: ...ses an IPv6 address prefix areassignedandnotsingleIPv6addresses IPv6prefixpoolsarenotallowed to overlap Parameter Description DHCPv6 poolname Description used to identify this DHCPv6 server pool Valid characters are any printable character If the name contains spaces then you must enclose it in quotation marks delegated prefix name Description used to identify the delegated prefix name from the pa...

Page 2302: ...efixpool All IPv6prefixesalready allocated are also freed Examples To create alocalDHCPv6 local pool named P2 withtheIPv6 prefixand prefixlength 2001 0db8 32 with an assigned length of 64 use the following commands awplus configure terminal awplus config ipv6 local pool P2 2001 0db8 32 64 To remove a configured DHCPv6 local pool use the following commands awplus configure terminal awplus config no...

Page 2303: ...is usually set between 0 and 64 valid lifetime The the period during which the specified IPv6 address prefix is valid This can be set to a value between 5 and 315360000 seconds Note that this period should be set to a value greater than that set for the prefix preferred lifetime See the Usage notes after this parameter table for a description of valid lifetime and how it determines invalid IPv6 ad...

Page 2304: ...terface when the valid lifetime timer expires Invalid addresses or prefixes should not appear as the source or destination for a packet Examples The following example configures the device to issue RAs Router Advertisements on the VLAN interface vlan4 and advertises the DHCPv6 prefix name prefix1 and the IPv6 address prefix of 2001 0db8 32 awplus configure terminal awplus config interface vlan2 aw...

Page 2305: ...received via an intermediate relay to a configured delegation pool When an address on the incoming interface of the DHCPv6 server or a link address set in the incoming delegation request packet from the prefix delegation client matches the link address prefix configured in the delegation pool the DHCPv6 server is able to match and use the appropriate delegation pool for relayed delegation request ...

Page 2306: ... 0db8 1 48 as the link address for pool P2 use the following commands awplus configure terminal awplus config ipv6 dhcp pool P2 awplus config dhcp6 address prefix 2001 0db8 2 48 awplus config dhcp6 link address 2001 0db8 1 48 To remove the link address use the commands awplus configure terminal awplus config ipv6 dhcp pool P2 awplus config dhcp6 no link address Related Commands ipv6 dhcp pool show...

Page 2307: ...address format so if the option already exists in the pool then the new IP address is added to the list of existing IPv6 prefixes Also note options with the same number as one of the pre defined options override the standard option definition The pre defined options use the option numbers 1 3 6 15 and 51 Parameter Description 1 254 The option number of the option Options with the same number as on...

Page 2308: ...lue 08af use the following commands awplus configure terminal awplus config ipv6 dhcp pool P2 awplus config dhcp6 option tcpip node type 08af To add multiple IP addresses for the ip type option 175 use the following commands awplus config dhcp6 option 175 2001 0db8 3001 64 awplus config dhcp6 option 175 2001 0db8 3002 64 awplus config dhcp6 option 175 2001 0db8 3003 64 To add the option 179 to a p...

Page 2309: ...tain unassignedprefixes fromthe pool After the client releases the previously assigned prefixes the server returns the prefixes to the pool for reassignment Preferred IPv6 addresses or prefixes are available to interfaces for unrestricted use and are deprecated when the preferred timer expires Deprecated IPv6 addresses and prefixes are available for use and are discouraged but not forbidden A depr...

Page 2310: ...s invalid and is not available to an interface when the valid lifetime timer expires Invalid addresses or prefixes should not appear as the source or destination for a packet Example This example adds DHCPv6 Prefix Delegation pool pd_pool1 to DHCPv6 pool pool1 awplus configure terminal awplus config ipv6 local pool pd_pool1 2001 0db8 48 56 awplus config ipv6 dhcp pool pool1 awplus config dhcp6 pre...

Page 2311: ...ter information use the command awplus show counter ipv6 dhcp client Output Figure 54 2 Example output from the show counter ipv6 dhcp client command awplus show counter ipv6 dhcp client SOLICIT out 20 ADVERTISE in 12 REQUEST out 1 CONFIRM out 0 RENEW out 0 REBIND out 0 REPLY in 0 RELEASE out 0 DECLINE out 0 INFORMATION REQUEST out 0 Table 1 Parameters in the output of the show counter ipv6 dhcp c...

Page 2312: ...es sent by the DHCPv6 client REPLY in Displays the count of REPLY messages received by the DHCPv6 client RELEASE out Displays the count of RELEASE messages sent by the DHCPv6 client DECLINE out Displays the count of DECLINE messages sent by the DHCPv6 client INFORMATION REQUEST out Displays the count of INFORMATION REQUEST messages sent by the DHCPv6 client Table 1 Parameters in the output of the ...

Page 2313: ...er information use the command awplus show counter ipv6 dhcp server Output Figure 54 3 Example output from the show counter ipv6 dhcp server command awplus show counter ipv6 dhcp server SOLICIT in 20 ADVERTISE out 12 REQUEST in 1 CONFIRM in 0 RENEW in 0 REBIND in 0 REPLY out 0 RELEASE in 0 DECLINE in 0 INFORMATION REQUEST in 0 Table 2 Parameters in the output of the show counter ipv6 dhcp server c...

Page 2314: ...ceived by the DHCPv6 server REPLY out Displays the count of REPLY messages sent by the DHCPv6 server RELEASE in Displays the count of RELEASE messages received by the DHCPv6 server DECLINE in Displays the count of DECLINE messages received by the DHCPv6 server INFORMATION REQUEST in Displays the count of INFORMATION REQUEST messages received by the DHCPv6 server Table 2 Parameters in the output of...

Page 2315: ...sage The DUID is based on the link layer address for both DHCPv6 client and DHCPv6 server identifiers The device uses the MAC address from the lowest interface number for the DUID The DUID is used by a DHCPv6 client to obtain an IPv6 address from a DHCPv6 server A DHCPv6 server compares the DUID with its database of DUIDs and sends configuration data for an IPv6 address plus the preferred and vali...

Page 2316: ...c and Privileged Exec Example 1 To display the total DHCPv6 leasing address entries for all pools use the command awplus show ipv6 dhcp binding summary Output Figure 54 5 Example output from the show ipv6 dhcp binding summary command Parameter Description summary Optional Specify the summary keyword to display summarized information for DHCPv6 server leases to client nodes displaying the number of...

Page 2317: ...UID DHCPv6 unique identifier DUID see RFC 3315 Each DHCPv6 client has as DUID DHCPv6 servers use DUIDs to identify clients for the association of IAs Identity Associations with DHCPv6 clients DHCPv6 clients use DUIDs to identify a DHCPv6 server IAID Identify Association Identifier IAID see RFC 3315 IAIDs are identifiers for IAs Identity Associations where an IA is a collection of IPv6 addresses as...

Page 2318: ...6 COMMANDS SHOW IPV6 DHCP BINDING Related Commands clear ipv6 dhcp binding ipv6 dhcp pool show ipv6 dhcp pool starts at The date and time at which the valid lifetime expires expires at The date and time at which the valid lifetime expires Table 4 Parameters in the output of the showipv6 dhcp binding command Parameter Description ...

Page 2319: ... information for all interfaces DHCPv6 is configured on use the command awplus show ipv6 dhcp interface Output Figure 54 7 Example output from the show ipv6 dhcp interface command Parameter Description interface name Optional Specify the name of the interface to show DHCPv6 information about Omit this optional parameter to display DHCPv6 information for all interfaces DHCPv6 is configured on awplu...

Page 2320: ...refix 2002 0 3c0 42 preferred lifetime 604800 valid lifetime 2592000 starts at 20 Aug 2012 09 21 33 expires at 19 Sep 2012 09 21 33 Table 5 Parameters in the output of the show counter dhcp client command Parameter Description interface is in server client Prefix Delegation mode Displays whether the specified interface is in server or client mode and whether prefix delegation is applied to an inte...

Page 2321: ...lus show ipv6 dhcp pool Output Figure 54 9 Example output from the show ipv6 dhcp pool command Parameter Description DHCPv6 address pool name Name of a specific DHCPv6 address pool This displays the configuration of the specified DHCPv6 address pool only awplus show ipv6 dhcp pool DHCPv6 Pool ia na Address Prefix 1001 64 Lifetime 2592000 valid 604800 preferred DNS Server 2001 1 DNS Server 2001 2 D...

Page 2322: ...eprecated address or prefix should not be used as a source address or prefix but packets sent from deprecated addresses or prefixes are delivered as expected An IPv6 address or prefix becomes invalid and is not available to an interface when the valid lifetime timer expires Invalid addresses or prefixes should not appear as the source or destination for a packet DNS Server IPv6 address of the DNS ...

Page 2323: ... DHCPv6 Configuration Examples The following example adds an SNTP Server IPv6 address of 2001 0db8 32 to the DHCPv6 pool named P2 awplus configure terminal awplus config ipv6 dhcp pool P2 awplus config dhcp6 sntp address 2001 0db8 32 The following example removes an SNTP Server IPv6 address of 2001 0db8 32 to the DHCPv6 pool named P2 awplus configure terminal awplus config ipv6 dhcp pool P2 awplus...

Page 2324: ...put see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Command List ntp access group on page 2325 ntp authenticate on page 2326 ntp authentication key on page 2327 ntp broadcastdelay on page 2328 ntp discard on page 2329 ntp master on page 2330 ntp peer on page 2331 ntp restrict on page 2333 ntp server on page 2335 ntp source on page 2337 ntp trusted key on page ...

Page 2325: ...ce for x510 Series 2325 AlliedWare Plus Operating System Version 5 4 6 1 x NTP COMMANDS NTP ACCESS GROUP ntp access group Overview This command has been deprecated in Software Version 5 4 6 1 1 Please use the command ntp restrict instead ...

Page 2326: ... to authenticate the associations with other systems for security purposes The no variant of this command disables NTP authentication Syntax ntp authenticate no ntp authenticate Mode Global Configuration Examples To enable NTP authentication use the commands awplus configure terminal awplus config ntp authenticate To disable NTP authentication use the commands awplus configure terminal awplus conf...

Page 2327: ... an MD5 authentication key number 134343 and a key value mystring use the commands awplus configure terminal awplus config ntp authentication key 134343 md5 mystring To disable the authentication key number 134343 with the key value mystring use the commands awplus configure terminal awplus config no ntp authentication key 134343 md5 mystring Parameter Description keynumber 1 4294967295 An identif...

Page 2328: ...broadcastdelay delay no ntp broadcastdelay Default 0 microsecond offset which can only be applied with the no variant of this command Mode Global Configuration Examples To set the estimated round trip delay to 23464 microseconds for broadcast packets use these commands awplus configure terminal awplus config ntp broadcastdelay 23464 To reset the estimated round trip delay for broadcast packets to ...

Page 2329: ...e 192 168 1 0 16 subnet if they arrive more frequently than every 5 seconds and also send kiss of death messages use the commands awplus configure terminal awplus config ntp discard minimum 5 awplus config ntp restrict 192 168 1 0 16 limited kod To silently drop all NTP packets if they arrive more frequently than once every 4 seconds on average 2 to the power of 2 use the commands awplus configure...

Page 2330: ...distance from the reference clock and exist to prevent cycles in the hierarchy Stratum 1 is used to indicate time servers which are more accurate than Stratum 2 servers For more information on the Network Time Protocol go to www ntp org Examples To stop the device from being the designated NTP server use the commands awplus configure terminal awplus config no ntp master To make the device the desi...

Page 2331: ...192 0 2 23 awplus configure terminal awplus config ntp peer 192 0 2 23 awplus config ntp peer 192 0 2 23 prefer awplus config ntp peer 192 0 2 23 prefer version 4 awplus config ntp peer 192 0 2 23 prefer version 4 key 1234 awplus config ntp peer 192 0 2 23 version 4 key 1234 awplus config ntp peer 192 0 2 23 version 4 awplus config ntp peer 192 0 2 23 key 1234 To remove an NTP peer association for...

Page 2332: ...plus config ntp peer 2001 0db8 010d 1 prefer awplus config ntp peer 2001 0db8 010d 1 prefer version 4 awplus config ntp peer 2001 0db8 010d 1 prefer version 4 key 1234 awplus config ntp peer 2001 0db8 010d 1 version 4 key 1234 awplus config ntp peer 2001 0db8 010d 1 version 4 awplus config ntp peer 2001 0db8 010d 1 key 1234 To remove an NTP peer association for this peer with an IPv6 address of 20...

Page 2333: ... address Apply this restriction to the specified IPv4 or IPv6 host Enter an IPv4 address in the format A B C D Enter an IPv6 address in the format X X X X host subnet Apply this restriction to the specified IPv4 subnet or IPv6 prefix Enter an IPv4 subnet in the format A B C D M Enter an IPv6 prefix in the format X X X X X ignore Block all NTP connections including time polls from matching hosts li...

Page 2334: ...2 0 2 1 and the subnet 192 168 1 0 16 to authenticate NTP sessions with this device use the commands awplus configure terminal awplus config ntp restrict 192 0 2 1 notrust awplus config ntp restrict 192 168 1 0 16 notrust To drop NTP packets from the 192 168 1 0 16 subnet if they arrive more frequently than every 5 seconds and also send kiss of death messages use the commands awplus configure term...

Page 2335: ...us config ntp server 192 0 1 23 awplus config ntp server 192 0 1 23 prefer awplus config ntp server 192 0 1 23 prefer version 4 awplus config ntp server 192 0 1 23 prefer version 4 key 1234 awplus config ntp server 192 0 1 23 version 4 key 1234 awplus config ntp server 192 0 1 23 version 4 awplus config ntp server 192 0 1 23 key 1234 To remove an NTP peer association for this peer with an IPv4 add...

Page 2336: ...2 awplus config ntp server 2001 0db8 010e 2 prefer awplus config ntp server 2001 0db8 010e 2 prefer version 4 awplus config ntp server 2001 0db8 010e 2 prefer version 4 key 1234 awplus config ntp server 2001 0db8 010e 2 version 4 key 1234 awplus config ntp server 2001 0db8 010e 2 version 4 awplus config ntp server 2001 0db8 010e 2 key 1234 To remove an NTP peer association for this peer with an IP...

Page 2337: ...d using this command is matched to the interface When selecting a source IP address to use for NTP messages to the peer if the configured NTP client source IP address is unavailable then default behavior will apply and an alternative source IP address is automatically selected This IP address is based on the most appropriate egress interface used to reach the NTP peer The configured NTP client sou...

Page 2338: ...configure the NTP source interface with the IPv6 address 2001 0db8 010e 2 enter the commands awplus configure terminal awplus config ntp source 2001 0db8 010e 2 To remove a configured address for the NTP source interface use the following commands awplus configure terminal awplus config no ntp source Related Commands ntp peer ntp server ...

Page 2339: ...s 2339 AlliedWare Plus Operating System Version 5 4 6 1 x NTP COMMANDS NTP TRUSTED KEY ntp trusted key Overview This command has been deprecated in Software Version 5 4 6 1 1 Please use the trusted parameter of the command ntp authentication key instead ...

Page 2340: ...r x510 Series 2340 AlliedWare Plus Operating System Version 5 4 6 1 x NTP COMMANDS SHOW COUNTER NTP DEPRECATED show counter ntp deprecated Overview From version 5 4 6 1 x onwards this command has been replaced by the command show ntp counters ...

Page 2341: ...05 256 377 27 144 0 775 0 193 system peer backup candidate outlier x false ticker Table 2 Parameters in the output from the show ntp associations command Parameter Description system peer The peer that NTP uses to calculate variables like the offset and root dispersion of this AlliedWare Plus device NTP passes these variables to the clients using this AlliedWare Plus device backup Peers that are u...

Page 2342: ...r when When last polled seconds ago h hours ago or d days ago poll Time between NTP requests from the device to the server reach An indication of whether or not the NTP server is responding to requests 0 indicates there has never been a successful poll 1 indicates that the last poll was successful 3 indicates that the last two polls were successful 377 indicates that the last 8 polls were successf...

Page 2343: ...stricted 0 rate limited 0 KoD responses 0 processed for time 306 Table 55 1 Parameters in the output from show ntp counters Parameter Description uptime How long NTP has been running since it was last restarted in seconds sysstats reset How long since show ntp status information was last reset in seconds packets received Total number of NTP client and server packets received by the device current ...

Page 2344: ...atch any restrict statements in the NTP restrictions NTP drops these packets See the command ntp restrict for more information rate limited The number of packets dropped because the packet rate exceeded its limits See the command ntp discard for more information KoD responses The number of kiss of death packets NTP has sent See the command ntp restrict for more information processed for time The n...

Page 2345: ...uplicate 0 bad header 0 kod received 0 Table 55 2 Parameters in the output from show ntp counters associations Parameter Description Peer An NTP peer or server that the device is associated with sent The number of NTP packets that this device sent to the peer received The number of NTP packets that this device received from the peer auth failed The number of NTP packets received that failed authen...

Page 2346: ...er The number of packets where one or more header fields are invalid kod received The number of Kiss of Death packets received from the peer KoD packets indicate that this device is sending NTP packets more often than the peer will accept them If you receive KoD packets you should stop using this server or peer Table 55 2 Parameters in the output from show ntp counters associations Parameter Descr...

Page 2347: ...show ntp status For information about the output displayed by this command see ntp org Figure 55 3 Example output from the show ntp status command awplus show ntp status associd 0 status 061b leap_none sync_ntp 1 event leap_event system peer 10 37 211 97 123 system peer mode client leap indicator 00 stratum 4 log2 precision 19 root delay 24 234 root dispersion 113 912 reference ID 10 37 211 97 ref...

Page 2348: ...ommand output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Command List debug snmp on page 2350 show counter snmp server on page 2351 show debugging snmp on page 2355 show running config snmp on page 2356 show snmp server on page 2357 show snmp server community on page 2358 show snmp server group on page 2359 show snmp server user on page 2360 show snmp ser...

Page 2349: ...neID local reset on page 2375 snmp server group on page 2376 snmp server host on page 2378 snmp server legacy ifadminstatus on page 2380 snmp server location on page 2381 snmp server source interface on page 2382 snmp server startup trap delay on page 2383 snmp server user on page 2384 snmp server view on page 2387 undebug snmp on page 2388 ...

Page 2350: ...nmp detail To start SNMP debugging showing all SNMP debugging information use the command awplus debug snmp all Related Commands show debugging snmp terminal monitor undebug snmp Parameter Description all Enable or disable the display of all SNMP debugging information detail Enable or disable the display of detailed SNMP debugging information error string Enable or disable the display of debugging...

Page 2351: ...mple output from the show counter snmp server command SNMP SERVER counters inPkts 11 inBadVersions 0 inBadCommunityNames 0 inBadCommunityUses 0 inASNParseErrs 0 inTooBigs 0 inNoSuchNames 0 inBadValues 0 inReadOnlys 0 inGenErrs 0 inTotalReqVars 9 inTotalSetVars 0 inGetRequests 2 inGetNexts 9 inSetRequests 0 inGetResponses 0 inTraps 0 outPkts 11 outTooBigs 0 outNoSuchNames 2 outBadValues 0 outGenErr...

Page 2352: ...ved SNMP Messages inTooBigs The number of SNMP PDUs received by the SNMP agent where the value of the error status field is tooBig This is sent by an SNMP manager to indicate that an exception occurred when processing a request from the agent inNoSuchNames The number of SNMP PDUs received by the SNMP agent where the value of the error status field is noSuchName This is sent by an SNMP manager to i...

Page 2353: ...e SNMP agent has sent outTooBigs The number of SNMP PDUs that the SNMP agent has generated with the value tooBig in the error status field This is sent to the SNMP manager to indicate that an exception occurred when processing a request from the manager outNoSuchNames The number of SNMP PDUs that the SNMP agent has generated with the value noSuchName in the error status field This is sent to the S...

Page 2354: ...MP agent s window UnknownUserNames The number of received packets that the SNMP agent has dropped because they referenced an unknown user UnknownEngineIDs The number of received packets that the SNMP agent has dropped because they referenced an unknown snmpEngineID WrongDigest The number of received packets that the SNMP agent has dropped because they didn t contain the expected digest value Decry...

Page 2355: ...iew This command displays whether SNMP debugging is enabled or disabled Syntax show debugging snmp Mode User Exec and Privileged Exec Example To display the status of SNMP debugging use the command awplus show debugging snmp Output Figure 56 2 Example output from the show debugging snmp command Related Commands debug snmp Snmp SMUX debugging status Snmp debugging is on ...

Page 2356: ...leged Exec Example To display the current configuration of SNMP on your device use the command awplus show running config snmp Output Figure 56 3 Example output from the show running config snmp command Related Commands show snmp server snmp server contact AlliedTelesis snmp server location Philippines snmp server group grou1 auth read view1 write view1 notify view1 snmp server view view1 1 includ...

Page 2357: ...x show snmp server Mode Privileged Exec Example To display the status of the SNMP server use the command awplus show snmp server Output Figure 56 4 Example output from the show snmp server command Related Commands debug snmp show counter snmp server snmp server snmp server engineID local snmp server engineID local reset SNMP Server Enabled IP Protocol IPv4 SNMPv3 Engine ID configured name Not set ...

Page 2358: ...ies configured on the device SNMP communities are specific to v1 and v2c Syntax show snmp server community Mode Privileged Exec Example To display the SNMP server communities use the command awplus show snmp server community Output Figure 56 5 Example output from the show snmp server community command Related Commands show snmp server snmp server community SNMP community information Community Name...

Page 2359: ...x show snmp server group Mode Privileged Exec Example To display the SNMP groups configured on the device use the command awplus show snmp server group Output Figure 56 6 Example output from the show snmp server group command Related Commands show snmp server snmp server group SNMP group information Group name guireadgroup Security Level priv Read View guiview Write View none Notify View none Grou...

Page 2360: ...he SNMP server users and is used with SNMP version 3 only Syntax show snmp server user Mode Privileged Exec Example To display the SNMP server users configured on the device use the command awplus show snmp server user Output Figure 56 7 Example output from the show snmp server user command Related Commands show snmp server snmp server user Name Group name Auth Privacy freddy guireadgroup none non...

Page 2361: ...the SNMP server views and is used with SNMP version 3 only Syntax show snmp server view Mode Privileged Exec Example To display the SNMP server views configured on the device use the command awplus show snmp server view Output Figure 56 8 Example output from the show snmp server view command Related Commands show snmp server snmp server view SNMP view information View Name view1 OID 1 Type include...

Page 2362: ...gregation e g sa2 po2 To specify where notifications are sent use the snmp server host command To configure the device globally to send other notifications use the snmp server enable trap command Examples To enable SNMP to send link status notifications for ports 1 0 2 to 1 0 6 use following commands awplus configure terminal awplus config interface port1 0 2 1 0 6 awplus config if snmp trap link ...

Page 2363: ...and Reference for x510 Series 2363 AlliedWare Plus Operating System Version 5 4 6 1 x SNMP COMMANDS SNMP TRAP LINK STATUS Related Commands show interface snmp trap link status suppress snmp server enable trap snmp server host ...

Page 2364: ...is started when the first link status notification of a particular type linkUp or linkDown is sent for an interface If the threshold number of notifications of this type is sent before the timerreachesthesuppresstime anyfurther notificationsofthistypegeneratedfor the interface during the interval are not sent At the end of the interval the sending of link status notifications resumes until the thr...

Page 2365: ...6 1 x SNMP COMMANDS SNMP TRAP LINK STATUS SUPPRESS To disable the suppression link status notifications for port 1 0 2 use following commands awplus configure terminal awplus config interface port1 0 2 awplus config if no snmp trap link status suppress Related Commands show interface snmp trap link status ...

Page 2366: ... ipv6 no snmp server ip ipv6 Default By default the SNMP agent is enabled for both IPv4 and IPv6 If neither the ip parameter nor the ipv6 parameter is specified for this command then SNMP is enabled or disabled for both IPv4 and IPv6 Mode Global Configuration Examples To enable SNMP on the device for both IPv4 and IPv6 use the commands awplus configure terminal awplus config snmp server To enable ...

Page 2367: ... Version 5 4 6 1 x SNMP COMMANDS SNMP SERVER Related Commands show snmp server show snmp server community show snmp server user snmp server community snmp server contact snmp server enable trap snmp server engineID local snmp server group snmp server host snmp server location snmp server view ...

Page 2368: ... no snmp server community community name view view name access list Mode Global Configuration Example The following command creates an SNMP community called public with read only access to all MIB variables from any management station awplus configure terminal awplus config snmp server community public ro The following command removes an SNMP community called public awplus configure terminal awplu...

Page 2369: ...his command removes the contact information from the system Syntax snmp server contact contact info no snmp server contact Mode Global Configuration Example To set the system contact information to support alliedtelesis co nz use the command awplus configure terminal awplus config snmp server contact support alliedtelesis co nz Related Commands show system snmp server location snmp server group Pa...

Page 2370: ...nk atmfnode atmfrr auth dhcpsnooping epsr lldp loopprot mstp nsm ospf pim power inline qsp rmon thrash limit vcs vrrp Parameter Description atmf AMF traps atmflink AMF Link traps atmfnode AMF Node traps atmfrr AMF Reboot Rolling traps auth Authentication failure dhcpsnooping DHCP snooping and ARP security traps These notifications must also be set using the ip dhcp snooping violation command and o...

Page 2371: ...he device to send PoE related traps use the following commands awplus configure terminal awplus config snmp server enable trap power inline To disable PoE traps being sent out by the device use the following commands awplus configure terminal awplus config no snmp server enable power inline To enable the device to send MAC address Thrash Limiting traps use the following commands awplus configure t...

Page 2372: ...Command Reference for x510 Series 2372 AlliedWare Plus Operating System Version 5 4 6 1 x SNMP COMMANDS SNMP SERVER ENABLE TRAP Related Commands show snmp server show ip dhcp snooping snmp trap link status snmp server host ...

Page 2373: ...which is permanently set unless it is configured by the user In a stacked environment if the same engine ID was automatically generated for all members of the stack conflicts would occur if the stack was dismantled Therefore each member of the stack will generate its own engine ID and the stack master s ID is used when transmitting SNMPv3 packets Should a master failover occur a different engine I...

Page 2374: ...fter configuration Validation Commands show snmp server Related Commands snmp server engineID local reset snmp server group awplus config snmp server engineid local asdgdfh231234d awplus config exit awplus show snmp server SNMP Server Enabled IP Protocol IPv4 SNMPv3 Engine ID configured name asdgdfh231234d SNMPv3 Engine ID actual 0x80001f888029af52e149198483 awplus config no snmp server engineid l...

Page 2375: ... ID by resetting the SNMPv3 engine If the current engine ID is user defined usethe snmp server engineID local command to set SNMPv3 engineID to a system generated value Syntax snmp server engineID local reset Mode Global Configuration Example To force the SNMPv3 engine ID to be reset to a system generated value use the commands awplus configure terminal awplus config snmp server engineID local res...

Page 2376: ...mp server group groupname auth noauth priv Mode Global Configuration Examples To add SNMP group for ordinary users user the following commands awplus configure terminal awplus config snmp server group usergroup noauth read useraccess write useraccess To delete SNMP group usergroup use the following commands awplus configure terminal awplus config no snmp server group usergroup noauth Parameter Des...

Page 2377: ...EV C Command Reference for x510 Series 2377 AlliedWare Plus Operating System Version 5 4 6 1 x SNMP COMMANDS SNMP SERVER GROUP Related Commands snmp server show snmp server show snmp server group show snmp server user ...

Page 2378: ...SNMP v2c or the authentication encryption parameters and user name SNMP v3 Syntax snmp server host ipv4 address ipv6 address traps version 1 community name snmp server host ipv4 address ipv6 address informs traps version 2c community name snmp server host ipv4 address ipv6 address informs traps version 3 auth noauth priv user name no snmp server host ipv4 address ipv6 address traps version 1 commu...

Page 2379: ... traps to the IPv6 host destination 2001 db8 8a2e 7334 with the SNMPv2c community name private use the following command awplus configure terminal awplus config snmp server host version 2c private2001 db8 8a2e 7334 To remove a configured trap host of 192 0 2 5 with the SNMPv2c community name public use the following command awplus configure terminal awplus config no snmp server host version 2c pub...

Page 2380: ...ect the administrative state of the interface Syntax snmp server legacy ifadminstatus no snmp server legacy ifadminstatus Default Legacy ifAdminStatus is turned off by default so by default the SNMP ifAdminStatus reflects the administrative state of the interface Mode Global Configuration Usage Note that if you enable Legacy ifAdminStatus the ifAdminStatus will report a link s status as Down when ...

Page 2381: ...o variant of this command removes the configured location from the system Syntax snmp server location location name no snmp server location Mode Global Configuration Example To set the location to server room 523 use the following commands awplus configure terminal awplus config snmp server location server room 523 Related Commands show snmp server show system snmp server contact Parameter Descrip...

Page 2382: ...e of the traps and informs messages Mode Global Configuration Usage An SNMP trap or inform message that is sent from an SNMP server carries the notification IP address of its originating interface Use this command to assign this interface Example The following commands set VLAN20 to be the interface whose IP address is used as the originating address in SNMP informs packets awplus configure termin...

Page 2383: ... delay time no snmp server startup trap delay Default The SNMP server trap delay time is 30 seconds The no variant restores the default Mode Global Configuration Example To delay the device sending SNMP traps until 60 seconds after device startup use the following commands awplus configure terminal awplus config snmp server startup trap delay 60 To restore the sending of SNMP traps to the default ...

Page 2384: ...words must be the same for both entities Use the encrypted parameter when you want to enter already encrypted passwords in encrypted form as displayed in the running and startup configs stored on the device For example you may need to move a user from one group to another group and keep the same passwords for the user instead of removing the user to apply new passwords Parameter Description userna...

Page 2385: ... command To enter existing SNMP user authuser with existing passwords as a member of group newusergroup with authentication protocol md5 plus the encrypted authentication password 0x1c74b9c22118291b0ce0cd883f8dab6b74 privacy protocol des plus the encrypted privacy password 0x0e0133db5453ebd03822b004eeacb6608f use the following commands awplus configure terminal awplus config snmp server user authu...

Page 2386: ...C613 50102 01 REV C Command Reference for x510 Series 2386 AlliedWare Plus Operating System Version 5 4 6 1 x SNMP COMMANDS SNMP SERVER USER Related Commands show snmp server user snmp server view ...

Page 2387: ... removes the specified view on the device The view must already exist Syntax snmp server view view name mib name included excluded no snmp server view view name Mode Global Configuration Examples The following command creates a view called loc that includes the system location MIB sub tree awplus config snmp server view loc 1 3 6 1 2 1 1 6 0 included To remove the view loc use the following comman...

Page 2388: ...1 REV C Command Reference for x510 Series 2388 AlliedWare Plus Operating System Version 5 4 6 1 x SNMP COMMANDS UNDEBUG SNMP undebug snmp Overview This command applies the functionality of the no debug snmp command ...

Page 2389: ...network information gathered using LLDP is transferred to a Network Management System by SNMP For security reasons we recommend using SNMPv3 for this purpose see the SNMP Feature Overview and Configuration Guide LLDPoperates overphysicalportsonly Forexample it canbeconfiguredonswitch ports that belong to static or dynamic channel groups but not on the channel groups themselves Command List clear l...

Page 2390: ... location identifier on page 2417 location civic location id on page 2418 location coord location configuration on page 2419 location coord location identifier on page 2421 location coord location id on page 2422 location elin location on page 2423 location elin location id on page 2424 show debugging lldp on page 2425 show lldp on page 2427 show lldp interface on page 2429 show lldp local info on...

Page 2391: ...pplied LLDP statistics for all ports are cleared Syntax clear lldp statistics interface port list Mode Privileged Exec Examples To clear the LLDP statistics on ports 1 0 1 and 1 0 6 use the command awplus clear lldp statistics interface port1 0 1 port1 0 6 To clear all LLDP statistics for all ports use the command awplus clear lldp statistics Related Commands show lldp statistics show lldp statist...

Page 2392: ...r information is cleared for all ports Syntax clear lldp table interface port list Mode Privileged Exec Examples To clear the table of neighbor information received on ports 1 0 1 and 1 0 6 use the command awplus clear lldp table interface port1 0 1 port1 0 6 Tocleartheentiretableofneighborinformationreceivedthroughallports usethe command awplus clear lldp table Related Commands show lldp neighbor...

Page 2393: ...peration no debug lldp all Default By default no debug is enabled for any ports Mode Privileged Exec Examples To enable debugging of LLDP receive on ports 1 0 1 and 1 0 6 use the command awplus debug lldp rx interface port1 0 1 port1 0 6 To enable debugging of LLDP transmit with packet dump on all ports use the command awplus debug lldp tx txpkt To disable debugging of LLDP receive on ports 1 0 1 ...

Page 2394: ...0102 01 REV C Command Reference for x510 Series 2394 AlliedWare Plus Operating System Version 5 4 6 1 x LLDP COMMANDS DEBUG LLDP Related Commands show debugging lldp show running config lldp terminal monitor ...

Page 2395: ...detects a new LLDP MED capable device The no variant of this command resets the LLDPD MED fast start count to the default 3 Syntax lldp faststart count 1 10 no lldp faststart count Default The default fast start count is 3 Mode Global Configuration Examples To set the fast start count to 5 use the command awplus configure terminal awplus config lldp faststart count 5 To reset the fast start count ...

Page 2396: ... multiplier Default The default holdtime multiplier value is 4 Mode Global Configuration Usage The Time To Live defines the period for which the information advertised to the neighbor is valid If the Time To Live expires before the neighbor receives another update of the information then the neighbor discards the information from its database Examples To set the holdtime multiplier to 2 use the co...

Page 2397: ...e MAC address of the device s baseboard if no VLAN IP addresses are configured for the port Mode Interface Configuration Usage To see the management address that will be advertised use the show lldp interface command or show lldp local info command Examples To set the management address advertised by ports 1 0 1 and 1 06 to be 192 168 1 6 use the commands awplus configure terminal awplus config in...

Page 2398: ...ications relating to the specified ports Syntax lldp med notifications no lldp med notifications Default The sending of LLDP MED notifications is disabled by default Mode Interface Configuration Examples To enable the sending of LLDP MED Topology Change Detected notifications relating to ports 1 0 1 and 1 0 6 use the commands awplus configure terminal awplus config interface port1 0 1 port1 0 6 aw...

Page 2399: ...lv select capabilities network policy location power management ext inventory management no lldp med tlv select all Parameter Description capabilities LLDP MED Capabilities TLV When this is enabled the MAC PHY Configuration Status TLV from IEEE 802 3 Organizationally Specific TLVs is also automatically included in LLDP MED advertisements whether or not it has been explicitly enabled by the lldp tl...

Page 2400: ...ory TLV Set in advertisements transmitted via ports 1 0 1 and 1 0 6 use the commands awplus configure terminal awplus config interface port1 0 1 port1 0 6 awplus config if lldp med tlv select inventory management To exclude the Inventory TLV Set in advertisements transmitted via ports 1 0 1 and 1 0 6 use the commands awplus configure terminal awplus config interface port1 0 1 port1 0 6 awplus conf...

Page 2401: ... TLV SELECT Related Commands lldp tlv select location elin location id location civic location identifier location civic location configuration location coord location identifier location coord location configuration location elin location show lldp interface switchport voice dscp switchport voice vlan switchport voice vlan priority ...

Page 2402: ...ied to LLDP MED advertisements according to ANSI TIA 1057 and LLDP MED TLVs in non standard order are discarded Mode Global Configuration Usage The ANSI TIA 1057 specifies standard order for TLVs in LLDP MED advertisements and specifies that if LLDP receives LLDP advertisements with non standard LLDP MED TLV order the TLVs in non standard order should be discarded This implementation of LLDP MED f...

Page 2403: ...ant of this command sets the notification interval back to its default Syntax lldp notification interval 5 3600 no lldp notification interval Default The default notification interval is 5 seconds Mode Global Configuration Examples To set the notification interval to 20 seconds use the commands awplus configure terminal awplus config lldp notification interval 20 To set the notification interval b...

Page 2404: ...otifications Default The sending of LLDP SNMP notifications is disabled by default Mode Interface Configuration Examples To enable sending of LLDP SNMP notifications for ports 1 0 1 and 1 0 6 use the commands awplus configure terminal awplus config interface port1 0 1 port1 0 6 awplus config if lldp notifications To disable sending of LLDP SNMP notifications for ports 1 0 1 and 1 0 6 use the comma...

Page 2405: ...ult port identifier type is number The no variant of this command sets the port identifier type to the default Mode Global Configuration Examples To set the type of port identifier used to enumerate LLDP MIB local port entries to port numbers use the commands awplus configure terminal awplus config lldp port number type number To set the type of port identifier used to enumerate LLDP MIB local por...

Page 2406: ...is command sets the reinitialization delay back to its default setting Syntax lldp reinit 1 10 no lldp reinit Default The default reinitialization delay is 2 seconds Mode Global Configuration Examples To set the reinitialization delay to 3 seconds use the commands awplus configure terminal awplus config lldp reinit 3 To set the reinitialization delay back to its default use the commands awplus con...

Page 2407: ...riant of this command disables the operation of LLDP on the device The LLDP configuration remains unchanged Syntax lldp run no lldp run Default LLDP is disabled by default Mode Global Configuration Examples To enable LLDP operation use the commands awplus configure terminal awplus config lldp run To disable LLDP operation use the commands awplus configure terminal awplus config no lldp run Related...

Page 2408: ...ntax lldp timer 5 32768 no lldp timer Default The default transmit interval is 30 seconds Mode Global Configuration Examples To set the transmit interval to 90 seconds use the commands awplus configure terminal awplus config lldp timer 90 To set the transmit interval back to its default use the commands awplus configure terminal awplus config no lldp timer Related Commands lldp tx delay show lldp ...

Page 2409: ...his command disables the specified optional TLVs or all optional TLVs for transmission in LLDP advertisements via the specified ports Syntax lldp tlv select tlv lldp tlv select all no lldp tlv select tlv no lldp tlv select all Default By default no optional TLVs are included in LLDP advertisements The MAC PHY Configuration Status TLV mac phy config is included in LLDP MED advertisements whether or...

Page 2410: ...commands awplus configure terminal awplus config interface port1 0 1 port1 0 6 awplus config if lldp tlv select all To exclude the management address and system name TLVs from advertisements transmitted via ports 1 0 1 and 1 0 6 use the commands awplus configure terminal awplus config interface port1 0 1 port1 0 6 awplus config if no lldp tlv select management address system name To exclude all op...

Page 2411: ...ransmission of LLDP advertisements on ports 1 0 1 and 1 0 6 use the commands awplus configure terminal awplus config interface port1 0 1 port1 0 6 awplus config if lldp transmit To enable LLDP advertisement transmission and reception on ports 1 0 1 and 1 0 6 use the commands awplus configure terminal awplus config interface port1 0 1 port1 0 6 awplus config if lldp transmit receive TodisableLLDPad...

Page 2412: ...its default setting Syntax lldp tx delay 1 8192 no lldp tx delay Default The default transmission delay timer is 2 seconds Mode Global Configuration Examples To set the transmission delay timer to 12 seconds use the commands awplus configure terminal awplus config lldp tx delay 12 To set the transmission delay timer back to its default use the commands awplus configure terminal awplus config no ll...

Page 2413: ... to delete civic address parameters from the location Syntax country country state state no state county county no county city city no city division division no division neighborhood neighborhood no neighborhood street group street group no street group leading street direction leading street direction no leading street direction trailing street suffix trailing street suffix no trailing street suf...

Page 2414: ...l community name postal community name no postal community name post office box post office box no post office box additional code additional code no additional code seat seat no seat primary road name primary road name no primary road name road section road section no road section branch road name branch road name no branch road name sub branch road name sub branch road name no sub branch road na...

Page 2415: ...ng street direction CA Type 16 trailing street suffix Trailing street suffix CA Type 17 street suffix Street suffix CA Type 18 street suffix or type house number House number CA Type 19 house number suffix House number suffix CA Type 20 landmark Landmark or vanity address CA Type 21 additional information Additional location information CA Type 22 name Name CA Type 23 residence and office occupant...

Page 2416: ...ess location For more information about civic address format see the LLDP Feature Overview and Configuration Guide To specify the civic address location use the location civic location identifier command To delete the civic address location use the no variant of the location civic location identifier command To assign the civic address location to particular ports so that it can be advertised in T...

Page 2417: ...s civic address location identifier use the location civic location configuration command To associate this civic location identifier with particular ports use the location elin location id command Up to 400 locations can be configured on the switch for each type of location information up to a total of 1200 locations Examples To enter Civic Address Location Configuration mode for the civic addres...

Page 2418: ... port can be transmitted in Location Identification TLVs via the port Before using this command create the location using the following commands location civic location identifier command location civic location configuration command If a civic address location is deleted using the no variant of the location civic location identifier command it is automatically removed from all ports Examples To a...

Page 2419: ... as 34 bit fixed point binary numbers with a 25 bit fractional part irrespective of the number of digits entered by the user Likewise Parameter Description lat resolution Latitude resolution as a number of valid bits in the range 0 to 34 latitude Latitude value in degrees in the range 90 0 to 90 0 long resolution Longitude resolution as a number of valid bits in the range 0 to 34 longitude Longitu...

Page 2420: ...arch area To specify the coordinate identifier use the location coord location identifier command To remove coordinate information delete the coordinate location by using the no variant of that command To associate the coordinate location with particular ports so that it can be advertised in TLVs from those ports use the location elin location id command Example To configure the location for the W...

Page 2421: ...or each type of location information up to a total of 1200 locations To configure this coordinate location use the location coord location configuration command To associate this coordinate location with particular ports so that it can be advertised in TLVs from those ports use the location coord location id command Examples To enter Coordinate Location Configuration mode to configure the coordina...

Page 2422: ...can be transmitted in Location Identification TLVs via the port Before using this command configure the location using the following commands location coord location identifier command location coord location configuration command If a coordinate location is deleted using the no variant of the location coord location identifier command it is automatically removed from all ports Examples To assign ...

Page 2423: ...to a total of 1200 locations To assign this ELIN location to particular ports so that it can be advertised in TLVs from those ports use the location elin location id command Examples To create a new ELIN location with ID 1 and configure it with ELIN 1234567890 use the commands awplus configure terminal awplus config location elin location 1234567890 identifier 1 To delete existing ELIN location wi...

Page 2424: ... Configuration Usage An ELIN location associated with a port can be transmitted in Location Identification TLVs via the port Before using this command configure the location using the location elin location command If an ELIN location is deleted using the no variant of one of the location elin location command it is automatically removed from all ports Examples To assign ELIN location 1 to port 1 ...

Page 2425: ...ugging lldp interface port1 0 1 1 0 6 Output Figure 57 1 Example output from the show debugging lldp command Parameter Description port list The ports for which the LLDP debug settings are shown LLDP Debug settings Debugging for LLDP internal operation is on Port Rx RxPkt Tx TxPkt 1 0 1 Yes Yes No No 1 0 2 Yes No No No 1 0 3 No No No No 1 0 4 Yes Yes Yes No 1 0 5 Yes No Yes No 1 0 6 Yes Yes Yes Ye...

Page 2426: ...C613 50102 01 REV C Command Reference for x510 Series 2426 AlliedWare Plus Operating System Version 5 4 6 1 x LLDP COMMANDS SHOW DEBUGGING LLDP Related Commands debug lldp ...

Page 2427: ... secs Reinitialization Delay 2 secs 2 Tx Delay 2 secs 2 Port Number Type Ifindex Port Number Fast Start Count 5 3 LLDP Global Status Total Neighbor Count 47 Neighbors table last updated 0 hrs 0 mins 43 secs ago Table 3 Parameters in the output of the show lldp command Parameter Description LLDP Status Whether LLDP is enabled Default is disabled Notification Interval Minimum interval between LLDP n...

Page 2428: ...ue to a change in LLDP local information Port Number Type The type of port identifier used to enumerate LLDP MIB local port entries as set by the lldp port number type command Fast Start Count The number of times fast start advertisements are sent for LLDP MED Total Neighbor Count Number of LLDP neighbors discovered on all ports Neighbors table last updated The time since the LLDP neighbor table w...

Page 2429: ...is inactive on this port because it is a mirror analyser port Notification Abbreviations RC LLDP Remote Tables Change TC LLDP MED Topology Change TLV Abbreviations Base Pd Port Description Sn System Name Sd System Description Sc System Capabilities Ma Management Address 802 1 Pv Port VLAN ID Pp Port And Protocol VLAN ID Vn VLAN Name Pi Protocol Identity 802 3 Mp MAC PHY Config Status Po Power Via ...

Page 2430: ...nge Notification Management Addr Management address advertised to neighbors Base TLVs Enabled for Tx List of optional Base TLVs enabled for transmission Pd Port Description Sn System Name Sd System Description Sc System Capabilities Ma Management Address 802 1 TLVs Enabled for Tx List of optional 802 1 TLVs enabled for transmission Pv Port VLAN ID Pp Port And Protocol VLAN ID Vn VLAN Name Pi Proto...

Page 2431: ...ldp transmit receive command which TLVs it is configured to send lldp tlv select command lldp med tlv select command Examples To display local information transmitted via port 1 0 1 use the command awplus show lldp local info interface port1 0 1 To display local information transmitted via all ports use the command awplus show lldp local info Output Figure 57 3 Example output from show lldp local ...

Page 2432: ...Ability Disabled Power Class Unknown Link Aggregation Supported Disabled Maximum Frame Size 1522 LLDP MED Device Type Network Connectivity LLDP MED Capabilities LLDP MED Capabilities Network Policy Location Identification Extended Power PSE Inventory Network Policy not configured Location Identification Civic Address Country Code NZ City Christchurch Street Suffix Avenue House Number 27 Primary Ro...

Page 2433: ...tem description System Capabilities Supported Capabilities that the local port supports System Capabilities Enabled Enabled capabilities on the local port Management Addresses Management address associated with the local port To change this use the lldp management address command Port VLAN ID PVID VLAN identifier associated with untagged or priority tagged frames received via the local port Port P...

Page 2434: ...ze capability of the implemented MAC and PHY LLDP MED Device Type LLDP MED device type LLDP MED Capabilities Capabilities LLDP MED capabilities supported on the local port Network Policy List of network policies configured on the local port VLAN ID VLAN identifier for the port for the specified application type Tagged Flag Whether the VLAN ID is to be used as tagged or untagged Layer 2 Priority La...

Page 2435: ...s description interface hostname lldp transmit receive Power Value The total power the switch can source over a maximum length cable to a PD device on the port The value shows the power value in Watts from the PD side Inventory Management Inventory information for the device Table 57 1 Parameters in the output of show lldp local info cont Parameter Description ...

Page 2436: ...p neighbors interface port1 0 1 port1 0 6 Output Figure 57 4 Example output from the show lldp neighbors command Parameter Description port list The ports for which the neighbor information is to be shown LLDP Neighbor Information Total number of neighbors on these ports 4 System Capability Codes O Other P Repeater B Bridge W WLAN Access Point R Router T Telephone C DOCSIS Cable Device S Station O...

Page 2437: ...al Port Local port on which the neighbor information was received Neighbor Chassis ID Chassis ID that uniquely identifies the neighbor Neighbor Port Name Port ID of the neighbor Neighbor Sys Name System name of the LLDP neighbor Neighbor Capability Capabilities that are supported and enabled on the neighbor System Capability System Capabilities of the LLDP neighbor MED Device Type LLDP MED Device ...

Page 2438: ... lldp neighbors detail base dot1 dot3 med interface port list Mode User Exec and Privileged Exec Examples To display detailed neighbor information received via all ports use the command awplus show lldp neighbors detail To display detailed neighbor information received via ports 1 0 1 use the command awplus show lldp neighbors detail interface port1 0 1 Parameter Description base Information for b...

Page 2439: ...ID 1 Port Protocol VLAN Supported Yes Enabled Yes VIDs 5 VLAN Names default vlan5 Protocol IDs 9000 0026424203000000 888e01 8100 88090101 00540000e302 0800 0806 86dd MAC PHY Auto negotiation Supported Enabled Advertised Capability 1000BaseTFD 100BaseTXFD 100BaseTX 10BaseTFD 10BaseT Operational MAU Type 1000BaseTFD 30 Power Via MDI PoE not advertised Link Aggregation Supported Disabled Maximum Fram...

Page 2440: ...ported Capabilities that the neighbor supports System Capabilities Enabled Capabilities that are enabled on the neighbor Management Addresses List of neighbor s management addresses Port VLAN ID PVID VLAN identifier associated with untagged or priority tagged frames for the neighbor port Port Protocol VLAN Supported Whether Port Protocol VLAN is supported on the LLDP neighbor Port Protocol VLAN En...

Page 2441: ...ximum frame size capability LLDP MED Device Type LLDP MED Device type LLDP MED Capabilities LLDP MED capabilities supported Network Policy List of network policies Location Identification Location information Extended Power Via MDI PoE PoE capability and current status Inventory Management Inventory information Table 59 Parameters in the output of the show lldp neighbors detail command cont Parame...

Page 2442: ...23 In Errored 0 In Dropped 0 TLVs Unrecognized 0 Discarded 0 Neighbors New Entries 20 Deleted Entries 20 Dropped Entries 0 Entry Age outs 20 Table 61 Parameters in the output of the show lldp statistics command Parameter Description Frames Out Number of LLDPDU frames transmitted Frames In Number of LLDPDU frames received Frames In Errored Number of invalid LLDPDU frames received Frames In Dropped ...

Page 2443: ... neighbors has been removed from the neighbor table Neighbors Dropped Entries Number of times the information advertised by neighbors could not be entered into the neighbor table because of insufficient resources Neighbors Entry Age outs Entries Number of times the information advertised by neighbors has been removed from the neighbor table because the information TTL interval has expired Table 61...

Page 2444: ...tistics interface To display LLDP statistics information for ports 1 0 1 and 1 0 6 use the command awplus show lldp statistics interface port1 0 1 port1 0 6 Output Parameter Description port list The ports for which the statistics are to be shown Table 62 Example output from the show lldp statistics interface command awplus show lldp statistics interface port1 0 1 port1 0 6 LLDP Packet and Event C...

Page 2445: ...ognized Number of LLDP TLVs received that are not recognized but the TLV type is in the range of reserved TLV types TLVs Discarded Number of LLDP TLVs discarded for any reason Neighbors New Entries Number of times the information advertised by neighbors has been inserted into the neighbor table Neighbors Deleted Entries Number of times the information advertised by neighbors has been removed from ...

Page 2446: ...civic location interface port1 0 1 To display coordinate location information configured on the identifier 1 use the command awplus show location coord location identifier 1 Parameter Description civic location Display civic location information coord location Display coordinate location information elin location Display ELIN location information civic loc id Civic address location identifier in t...

Page 2447: ...elin location id location civic location identifier location civic location configuration location coord location identifier location coord location configuration location elin location Table 65 Example output from the show location command awplus show location coord location identifier 1 ID Element Type Element Value 1 Latitude Resolution 15 bits Latitude 38 8986481130123138427734375 degrees Long...

Page 2448: ...ence for commands used to configure SMTP For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Command List debug mail on page 2449 delete mail on page 2450 mail on page 2451 mail from on page 2452 mail smtpserver on page 2453 show counter mail on page 2454 show mail on page 2455 undebug mail on page 2456 ...

Page 2449: ...ding emails The no variant of this command turns off debugging for sending emails Syntax debug mail no debug mail Mode Privileged Exec Examples To turn on debugging for sending emails use the command awplus debug mail To turn off debugging for sending emails use the command awplus no debug mail Related Commands delete mail mail mail from mail smtpserver show mail show counter mail undebug mail ...

Page 2450: ...s To delete a unique mail item 20060912142356 1234 from the queue use the command awplus delete mail 20060912142356 1234 To delete all mail from the queue use the command awplus delete mail all Related Commands debug mail mail mail from mail smtpserver show mail Parameter Description mail id Deletes a single mail from the mail queue mail id An unique mail ID number Use the show mail command to dis...

Page 2451: ...d a mail server using the mail smtpserver command Syntax mail to to subject subject file filename Mode Privileged Exec Example To send an email to rei nerv comwith the subject dummy plug configuration and with the message body inserted from the file plug conf use the command awplus mail rei nerv com subject dummy plug configuration filename plug conf Related Commands debug mail delete mail mail fr...

Page 2452: ...mmand You must specify a sending email address with this command before you can send any email Syntax mail from from Mode Global Configuration Example To set the email address from which you are sending mail to kaji nerv com use the command awplus config mail from kaji nerv com Related Commands delete mail mail mail smtpserver show mail Parameter Description from The email address that the mail is...

Page 2453: ...ice sends email to You must specify a mail server with this command before you can send any email Syntax mail smtpserver ip address Mode Global Configuration Example To specify a mail server at 192 168 0 1 use the command awplus mail smtpserver 192 168 0 1 Related Commands debug mail delete mail mail mail from show mail show counter mail Parameter Description ip address Internet Protocol IP Addres...

Page 2454: ...t from the show counter mail command Example To show the emails in the queue use the command awplus show counter mail Related Commands debug mail delete mail mail mail from show mail Mail Client SMTP counters Mails Sent 0 Mails Sent Fails 1 Table 1 Parameters in the output of the show counter mail command Parameter Description Mails Sent The number of emails sent successfully since the last device...

Page 2455: ...ing System Version 5 4 6 1 x SMTP COMMANDS SHOW MAIL show mail Overview This command displays the emails in the queue Syntax show mail Mode Privileged Exec Example To display the emails in the queue use the command awplus show mail Related Commands delete mail mail show counter mail ...

Page 2456: ...1 REV C Command Reference for x510 Series 2456 AlliedWare Plus Operating System Version 5 4 6 1 x SMTP COMMANDS UNDEBUG MAIL undebug mail Overview This command applies the functionality of the no debug mail command ...

Page 2457: ...N Feature Overview and Configuration Guide RMON is disabled by default in AlliedWare Plus No RMON alarms or events are configured For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Command List rmon alarm on page 2458 rmon collection history on page 2460 rmon collection stats on page 2461 rmon event on page 2...

Page 2458: ... The variable SNMP MIB Object Identifier OID name to be monitored in the format etherStatsEntry field stats index For example etherStatsEntry 5 22 is the OID for the etherStatsPkts field in the etherStatsEntry table for the interface defined by the stats index 22 in the rmon collection stats command interval 1 2147483647 Polling interval in seconds delta The RMON MIB alarmSampleType the change in ...

Page 2459: ...value with the form etherStatsEntry field stats index for example etherStatsEntry 22 5 Example To configure an alarm to monitor the change per minute in the etherStatsPkt value for interface 22 defined by stats index 22 in the rmon collection stats command to trigger event 2 defined by the rmon event command when it reaches the rising threshold 400 and to trigger event 3 when it reaches the fallin...

Page 2460: ...history index buckets 1 65535 interval 1 3600 owner owner no rmon collection history history index Default The default interval is 1800 seconds and the default buckets is 50 buckets Mode Interface Configuration Example To create a history statistics control group to store 200 snapshots with an interval of 500 seconds use the commands awplus configure terminal awplus config interface port1 0 2 awpl...

Page 2461: ...collection stats collection index Default RMON statistics are not enabled by default Mode Interface Configuration Example To enable the collection of RMON statistics with a statistics index of 200 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if rmon collection stats 200 owner myrtle To to stop collecting RMON statistics use the commands awplus configur...

Page 2462: ...x log description description owner owner trap trap rmon event event index log trap description description owner owner no rmon event event index Default No event is configured by default Mode Global Configuration Example To create an event definition for a log with an index of 299 use this command awplus configure terminal awplus config rmon event 299 log description cond3 owner alfred To to remo...

Page 2463: ...alarm Overview Use this command to display the alarms and threshold configured for the RMON probe NOTE Only the alarms for switch port interfaces not for VLAN interfaces can be shown Syntax show rmon alarm Mode User Exec and Privileged Exec Example To display the alarms and threshold use this command awplus show rmon alarm Related Commands rmon alarm ...

Page 2464: ...lowing etherStats counters are not currently available for Layer 3 interfaces etherStatsBroadcastPkts etherStatsCRCAlignErrors etherStatsUndersizePkts etherStatsOversizePkts etherStatsFragments etherStatsJabbers etherStatsCollisions etherStatsPkts64Octets etherStatsPkts65to127Octets etherStatsPkts128to255Octets etherStatsPkts256to511Octets etherStatsPkts512to1023Octets etherStatsPkts1024to1518Octe...

Page 2465: ...ence for x510 Series 2465 AlliedWare Plus Operating System Version 5 4 6 1 x RMON COMMANDS SHOW RMON EVENT Example To display the events configured for the RMON probe use this command awplus show rmon event Related Commands rmon event ...

Page 2466: ...utput from the show rmon history command NOTE The following etherStats counters are not currently available for Layer 3 interfaces etherStatsBroadcastPkts etherStatsCRCAlignErrors etherStatsUndersizePkts etherStatsOversizePkts etherStatsFragments etherStatsJabbers etherStatsCollisions etherStatsPkts64Octets etherStatsPkts65to127Octets etherStatsPkts128to255Octets etherStatsPkts256to511Octets ether...

Page 2467: ...Operating System Version 5 4 6 1 x RMON COMMANDS SHOW RMON HISTORY etherStatsPkts1024to1518Octets Example To display the parameters specified on all the currently defined RMON history collections us the commands awplus show rmon history Related Commands rmon collection history ...

Page 2468: ...m the show rmon statistics command NOTE The following etherStats counters are not currently available for Layer 3 interfaces etherStatsBroadcastPkts etherStatsCRCAlignErrors etherStatsUndersizePkts etherStatsOversizePkts etherStatsFragments etherStatsJabbers etherStatsCollisions etherStatsPkts64Octets etherStatsPkts65to127Octets etherStatsPkts128to255Octets etherStatsPkts256to511Octets etherStatsP...

Page 2469: ...0102 01 REV C Command Reference for x510 Series 2469 AlliedWare Plus Operating System Version 5 4 6 1 x RMON COMMANDS SHOW RMON STATISTICS etherStatsPkts1024to1518Octets Related Commands rmon collection stats ...

Page 2470: ... hostkey on page 2474 crypto key destroy userkey on page 2475 crypto key generate hostkey on page 2476 crypto key generate userkey on page 2477 crypto key pubkey chain knownhosts on page 2478 crypto key pubkey chain userkey on page 2480 debug ssh client on page 2482 debug ssh server on page 2483 service ssh on page 2484 show banner login on page 2486 show crypto key hostkey on page 2487 show crypt...

Page 2471: ...ow ssh server deny users on page 2499 ssh on page 2500 ssh client on page 2502 ssh server on page 2504 ssh server allow users on page 2506 ssh server authentication on page 2508 ssh server deny users on page 2510 ssh server max auth tries on page 2512 ssh server resolve host on page 2513 ssh server scp on page 2514 ssh server sftp on page 2515 undebug ssh client on page 2516 undebug ssh server on ...

Page 2472: ...nd of your message to save the text and re enter the normal command line mode The banner message is preserved if the device restarts The no variant of this command deletes the login banner from the device Syntax banner login no banner login Default No banner is defined by default Mode Global Configuration Examples To set a login banner message use the commands awplus configure terminal awplus conf...

Page 2473: ...ly delete an SSH session if you are a system manager or the user who initiated the session If all is specified then all active SSH sessions are deleted Syntax clear ssh 1 65535 all Mode Privileged Exec Examples To stop the current SSH session 123 use the command awplus clear ssh 123 To stop all SSH sessions active on the device use the command awplus clear ssh all Related Commands service ssh ssh ...

Page 2474: ...SSH server is started Syntax crypto key destroy hostkey dsa rsa rsa1 Mode Global Configuration Example To destroy the RSA host key used for SSH version 2 connections use the commands awplus configure terminal awplus config crypto key destroy hostkey rsa Related Commands crypto key generate hostkey service ssh Parameters Description dsa Deletes the existing DSA public and private keys rsa Deletes t...

Page 2475: ...A user key for the SSH user remoteuser use the commands awplus configure terminal awplus config crypto key destroy userkey remoteuser rsa Related Commands crypto key generate hostkey show ssh show crypto key hostkey Parameters Description username Name of the user whose userkey you are destroying The username must begin with a letter Valid characters are all numbers letters and the underscore hyph...

Page 2476: ...on volatile memory Syntax crypto key generate hostkey dsa rsa rsa1 768 32768 Default 1024 bits is the default key length The DSA algorithm supports 1024 bits Mode Global Configuration Examples To generate an RSA host key for SSH version 2 connections that is 2048 bits in length use the commands awplus configure terminal awplus config crypto key generate hostkey rsa 2048 To generate a DSA host key ...

Page 2477: ...or SSH version 2 connections for the user bob use the commands awplus configure terminal awplus config crypto key generate userkey bob rsa 2048 To generate a DSA user key for the user lapo use the commands awplus configure terminal awplus config crypto key generate userkey lapo dsa Related Commands crypto key pubkey chain userkey show crypto key userkey Parameters Description username Name of the ...

Page 2478: ...ipv6 hostname rsa dsa rsa1 no crypto key pubkey chain knownhosts 1 65535 Default If no cryptography algorithm is specified then rsa is used as the default cryptography algorithm Mode Privilege Exec Usage This command adds a public key of the specified SSH server to the known host database on the device The key is retrieved from the server The remote SSH server is verified by using this public key ...

Page 2479: ...the remote server then SSH clients will inform the user that the public key of the server is altered or unknown Examples To add the RSA host key of the remote SSH host IPv4 address 192 0 2 11 to the known host database use the command awplus crypto key pubkey chain knownhosts 192 0 2 11 To delete the second entry in the known host database use the command awplus no crypto key pubkey chain knownhos...

Page 2480: ...as text into the terminal To add a key as text into the terminal first enter the command crypto key pubkey chain userkey username and hit Enter Enter the key as text Note that the key you enter as text must be a valid SSH RSA key not random ASCII text Use Ctrl D after entering it to save the text and re enter the normal command line mode Note you can generate a valid SSH RSA key on the device firs...

Page 2481: ...hain userkey joeType CNTL D to finish AAAAB3NzaC1yc2EAAAABIwAAAIEAr1s7SokW5aW2fcOw1TStpb9J20b WluhnUC768EoWhyPW6FZ2t5360O5M29EpKBmGqlkQaz5V0mU9IQe66 5YyD4Ux OKSDtTI 7jtjDcoGWHb2u4sFwRpXwJZcgYrXW16 6NvNbk h c pqGDijj4Svf ZZfeITzvvyZW4 I4pbN8 control D awplus config To add a public key for the user graydon from the file key pub use the commands awplus configure terminal awplus config crypto key pubk...

Page 2482: ...s the SSH client from generating diagnostic debugging message Syntax debug ssh client brief full no debug ssh client Default SSH client debugging is disabled by default Mode Privileged Exec and Global Configuration Examples To start SSH client debugging use the command awplus debug ssh client To start SSH client debugging with extended output use the command awplus debug ssh client full To disable...

Page 2483: ... debugging facility This stops the SSH server from generating diagnostic debugging messages Syntax debug ssh server brief full no debug ssh server Default SSH server debugging is disabled by default Mode Privileged Exec and Global Configuration Examples To start SSH server debugging use the command awplus debug ssh server To start SSH server debugging with extended output use the command awplus de...

Page 2484: ... ssh ip ipv6 no service ssh ip ipv6 Default The Secure Shell server is disabled by default Both IPv4 and IPv6 Secure Shell server are enabled when you issue service ssh without specifying the optional ip or ipv6 parameters Mode Global Configuration Examples To enable both the IPv4 and the IPv6 Secure Shell server use the commands awplus configure terminal awplus config service ssh To enable the IP...

Page 2485: ...for x510 Series 2485 AlliedWare Plus Operating System Version 5 4 6 1 x SECURE SHELL SSH COMMANDS SERVICE SSH Related Commands crypto key generate hostkey show running config ssh show ssh server ssh server allow users ssh server deny users ...

Page 2486: ...mmand displays the banner message configured on the device The banner message is displayed to the remote user before user authentication starts Syntax show banner login Mode User Exec Privileged Exec Global Configuration Interface Configuration Line Configuration Example To display the current login banner message use the command awplus show banner login Related Commands banner login SSH ...

Page 2487: ...stkey To display the RSA public key of the SSH server use the command awplus show crypto key hostkey rsa Output Figure 60 1 Example output from the show crypto key hostkey command Related Commands crypto key destroy hostkey crypto key generate hostkey Parameter Description dsa Displays the DSA algorithm public key rsa Displays the RSA algorithm public key for SSH version 2 connections rsa1 Display...

Page 2488: ...se the command awplus show crypto key pubkey chain knownhosts 1 Output Figure 60 2 Example output from theshow crypto key public chain knownhosts command Related Commands crypto key pubkey chain knownhosts Parameter Description 1 65535 Key identifier for a specific key Displays the public key of the entry if specified No Hostname Type Fingerprint 1 172 16 23 1 rsa c8 33 b1 fe 6f d3 8c 81 4e f7 2a ...

Page 2489: ...at are registered with the SSH server use the command awplus show crypto key pubkey chain userkey manager Output Figure 60 3 Example output from the show crypto key public chain userkey command Related Commands crypto key pubkey chain userkey Parameter Description username User name of the remote SSH user whose keys you wish to display The username must begin with a letter Valid characters are all...

Page 2490: ...a pub Output Figure 60 4 Example output from the show crypto key userkey command Related Commands crypto key generate userkey Parameter Description username User name of the local SSH user whose keys you wish to display The username must begin with a letter Valid characters are all numbers letters and the underscore hyphen and full stop symbols dsa Displays the DSA public key rsa Displays the RSA ...

Page 2491: ...192 168 1 ssh server allow users john ssh server deny user john a company com ssh server Table 5 Parameters in the output of the show running config ssh command Parameter Description ssh server SSH server is enabled ssh server v2 SSH server is enabled and only support SSHv2 ssh server port SSH server is enabled and listening on the specified TCP port no ssh server scp SCP service is disabled no ss...

Page 2492: ...RE SHELL SSH COMMANDS SHOW RUNNING CONFIG SSH Related Commands service ssh show ssh server ssh server allow users Add the user and hostname to the allow list ssh server deny users Add the user and hostname to the deny list Table 5 Parameters in the output of the show running config ssh command Parameter Description ...

Page 2493: ...sh command Secure Shell Sessions ID Type Mode Peer Host Username State Filename 414 ssh server 172 16 23 1 root open 456 ssh client 172 16 23 10 manager user auth 459 scp client 172 16 23 12 root download 550dev_ awd 463 ssh client 5ffe 33fe 5632 ffbb bc35 ddee 0101 ac51 manager user auth Table 6 Parameters in the output of the show ssh command Parameter Description ID Unique identifier for each S...

Page 2494: ...ce has accepted a new session host auth host to host authentication is in progress user auth User authentication is in progress authenticated User authentication is complete open The session is in progress download The user is downloading a file from the device upload The user is uploading a file from the device closing The user is terminating the session closed The session is closed Filename Loca...

Page 2495: ...ient Output Figure 60 7 Example output from the show ssh client command Related Commands show ssh server Secure Shell Client Configuration Port 22 Version 2 1 Connect Timeout 30 seconds Session Timeout 0 off Debug NONE Table 7 Parameters in the output of the show ssh client command Parameter Description Port SSH server TCP port where the SSH client connects to The default is port 22 Version SSH se...

Page 2496: ...e Shell Server Configuration SSH Server Enabled Port 22 Version 2 Services scp sftp User Authentication publickey password Resolve Hosts Disabled Session Timeout 0 Off Login Timeout 60 seconds Maximum Authentication Tries 6 Maximum Startups 10 Debug NONE Table 8 Parameters in the output of the show ssh server command Parameter Description SSH Server Whether the Secure Shell server is enabled or di...

Page 2497: ...seconds that the SSH server will wait to receive data from the SSH client The server disconnects if this timer limit is reached If set at 0 the idle timer remains off Maximum Startups The maximum number of concurrent connections that are waiting authentication The default is 10 Debug Whether debugging is active on the server Table 8 Parameters in the output of the show ssh server command cont Para...

Page 2498: ...er use the command awplus show ssh server allow users Output Figure 60 9 Example output from the show ssh server allow users command Related Commands ssh server allow users ssh server deny users Username Remote Hostname pattern awplus 192 168 john manager alliedtelesis com Table 9 Parameters in the output of the show ssh server allow users command Parameter Description Username User name that is a...

Page 2499: ...lobal Configuration Example To display the user entries in the deny list of the SSH server use the command awplus show ssh server deny users Output Figure 60 10 Example output from the show ssh server deny users command Related Commands ssh server allow users ssh server deny users Username Remote Hostname pattern john b company com manager 192 168 2 Table 10 Parameters in the output of the show ss...

Page 2500: ...sername is used for login to the remote SSH server when user authentication is required Otherwise the current user name is used username User name to login on the remote server port SSH server port If port is specified the SSH client connects to the remote SSH server with the specified TCP port Other wise the client port configured by ssh client command or the default TCP port 22 is used 1 65535 T...

Page 2501: ... the command awplus ssh ip user manager 192 0 2 5 To login to the remote SSH server at 192 0 2 5 that is listening TCP port 2000 use the command awplus ssh port 2000 192 0 2 5 To login to the remote SSH server with example_host using IPv6 session use the command awplus ssh ipv6 example_host To run the cmd command on the remote SSH server at 192 0 2 5 use the command awplus ssh ip 192 0 2 5 cmd Rel...

Page 2502: ...session timeout 0 3600 connect timeout 1 600 no ssh client port version session timeout connect timeout Parameter Description port The default TCP port of the remote SSH server If an SSH client specifies an explicit port of the server it overrides the default TCP port Default 22 1 65535 TCP port number version The SSH version used by the client for SSH sessions The SSH client supports both version...

Page 2503: ...ion timeout 600 To configure the connect timeout of SSH client to 10 seconds use the command awplus ssh client connect timeout 10 To restore the connect timeout to its default use the command awplus no ssh client connect timeout Related Commands show ssh client ssh connect timeout The maximum time period that an SSH session can take to become established The SSH client terminates the SSH session i...

Page 2504: ...ports both SSHv2 and SSHv1client connections Default v1v2 v2only Supports SSHv2 client connections only 1 65535 The TCP port number that the server listens to for incoming SSH sessions Default 22 session timeout There is a maximum time period that the server waits before deciding that a session is inactive and should be terminated The server considers the session inactive when it has not received ...

Page 2505: ...ections waiting authentication from SSH server to 3 use the commands awplus configure terminal awplus config ssh server max startups To set max startups parameters of SSH server to the default configuration use the commands awplus configure terminal awplus config no ssh server max startups To support the Secure Shell server with TCP port 2200 use the commands awplus configure terminal awplus confi...

Page 2506: ...existing entry Syntax ssh server allow users username pattern hostname pattern no ssh server allow users username pattern hostname pattern Mode Global Configuration Examples To allow the user john to create an SSH session from any host use the commands awplus configure terminal awplus config ssh server allow users john To allow the user john to create an SSH session from a range of IP address from...

Page 2507: ...1 x SECURE SHELL SSH COMMANDS SSH SERVER ALLOW USERS To delete the existing user entry john 192 168 1 in the allow list use the commands awplus configure terminal awplus config no ssh server allow users john 192 168 1 Related Commands show running config ssh show ssh server allow users ssh server deny users ...

Page 2508: ...rver authentication password publickey no ssh server authentication password publickey Default Both RSA public key authentication and password authentication are enabled by default Mode Global Configuration Usage For password authentication to authenticate a user password authentication for a user must be registered in the local user database or on an external RADIUS server before using the ssh se...

Page 2509: ...authentication for users connecting through SSH use the commands awplus configure terminal awplus config no ssh server authentication password To disable publickey authentication for users connecting through SSH use the commands awplus configure terminal awplus config no ssh server authentication publickey Related Commands crypto key pubkey chain userkey service ssh show ssh server ...

Page 2510: ...rver deny users username pattern hostname pattern Mode Global Configuration Examples To deny the user john to access SSH login from any host use the commands awplus configure terminal awplus config ssh server deny users john To deny the user john to access SSH login from a range of IP address from 192 168 2 1 to 192 168 2 255 use the commands awplus configure terminal awplus config ssh server deny...

Page 2511: ... 1 x SECURE SHELL SSH COMMANDS SSH SERVER DENY USERS To delete the existing user entry john 192 168 2 in the deny list use the commands awplus configure terminal awplus config no ssh server deny users john 192 168 2 Related Commands show running config ssh show ssh server deny users ssh server allow users ...

Page 2512: ...o its default value of 6 Syntax ssh server max auth tries 1 32 no ssh server max auth tries Default 6 attempts Mode Global Configuration Usage By default users must wait one second after a failed login attempt before trying again You can increase this gap by using the command aaa login fail delay Example To set the maximum number of SSH authentication attempts to 3 use the commands awplus configur...

Page 2513: ...e hosts Default This feature is disabled by default Mode Global Configuration Usage Your device has a DNS Client that is enabled automatically when you add a DNS server to your device Use the ip name server command to add a DNS server to the list of servers that the device queries For information about configuring DNS see the Internet Protocol Feature Overview and Configuration Guide Example To re...

Page 2514: ...e device accepts SCP connections The SCP service is enabled by default as soon as the SSH server is enabled The no variant of this command disables the SCP service on the SSH server Once disabled SCP requests from remote clients are rejected Syntax ssh server scp no ssh server scp Mode Global Configuration Examples To enable the SCP service use the commands awplus configure terminal awplus config ...

Page 2515: ...ns The SFTP service is enabled by default as soon as the SSH server is enabled If the SSH server is disabled SFTP service is unavailable The no variant of this command disables SFTP service on the SSH server Once disabled SFTP requests from remote clients are rejected Syntax ssh server sftp no ssh server sftp Mode Global Configuration Examples To enable the SFTP service use the commands awplus con...

Page 2516: ... Reference for x510 Series 2516 AlliedWare Plus Operating System Version 5 4 6 1 x SECURE SHELL SSH COMMANDS UNDEBUG SSH CLIENT undebug ssh client Overview This command applies the functionality of the no debug ssh client command ...

Page 2517: ... Reference for x510 Series 2517 AlliedWare Plus Operating System Version 5 4 6 1 x SECURE SHELL SSH COMMANDS UNDEBUG SSH SERVER undebug ssh server Overview This command applies the functionality of the no debug ssh server command ...

Page 2518: ...output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Command List active trigger on page 2520 day on page 2521 debug trigger on page 2523 description trigger on page 2524 repeat on page 2525 script on page 2526 show debugging trigger on page 2528 show running config trigger on page 2529 show trigger on page 2530 test on page 2535 time trigger on page 2536 tr...

Page 2519: ... x TRIGGER COMMANDS type periodic on page 2547 type ping poll on page 2548 type reboot on page 2549 type stack disabled master on page 2550 type stack link on page 2551 type stack master fail on page 2552 type stack member on page 2553 type time on page 2554 type usb on page 2555 undebug trigger on page 2556 ...

Page 2520: ...o active Mode Trigger Configuration Usage Configure a trigger first before you use this command to activate it Forinformationaboutconfiguringatrigger seethe TriggersFeatureOverviewand Configuration Guide Examples To enable trigger 172 so that it can activate when its trigger conditions are met use the commands awplus configure terminal awplus config trigger 172 awplus config trigger active To disa...

Page 2521: ... Overview and Configuration Guide Examples To permit trigger 55 to activate on the 1 October 2016 use the commands awplus configure terminal awplus config trigger 55 awplus config trigger day 1 oct 2016 Parameter Description every day Sets the trigger so that it can activate on any day 1 31 Day of the month the trigger is permitted to activate on month Sets the month that the trigger is permitted ...

Page 2522: ...erating System Version 5 4 6 1 x TRIGGER COMMANDS DAY To permit trigger 12 to activate on a Mondays Wednesdays and Fridays use the commands awplus configure terminal awplus config trigger 12 awplus config trigger day monday wednesday friday Related Commands show trigger trigger ...

Page 2523: ...d messages about how your device is processing the trigger commands and activating the triggers The no variant of this command disables trigger debugging Syntax debug trigger no debug trigger Mode Privilege Exec Examples To start trigger debugging use the command awplus debug trigger To stop trigger debugging use the command awplus no trigger Related Commands show debugging trigger show trigger te...

Page 2524: ...or this trigger Syntax description description no description Mode Trigger Configuration Examples To give trigger 240 the description daily status report use the commands awplus configure terminal awplus config trigger 240 awplus config trigger description daily status report To remove the description from trigger 36 use the commands awplus configure terminal awplus config trigger 36 awplus config...

Page 2525: ...limited number of times To reset a trigger to this default specify either yes or forever Syntax repeat forever no once yes 1 4294967294 Mode Trigger Configuration Examples To allow trigger 21 to activate only once use the commands awplus configure terminal awplus config trigger 21 awplus config trigger repeat no To allow trigger 22 to activate an unlimited number of times whenever its trigger cond...

Page 2526: ...ir position in the script list The all parameter removes all scripts from the trigger Syntax script 1 5 filename no script 1 5 filename all Mode Trigger Configuration Examples To configure trigger 71 to run the script flash cpu_trig sh in position 3 when the trigger activates use the commands awplus configure terminal awplus config trigger 71 awplus config trigger script 3 flash cpu_trig sh To con...

Page 2527: ...sh cpu_trig sh from trigger 71 s script list use the commands awplus configure terminal awplus config trigger 71 awplus config trigger no script flash cpu_trig sh To remove all the scripts from trigger 71 s script list use the commands awplus configure terminal awplus config trigger 71 awplus config trigger no script all Related Commands show trigger trigger ...

Page 2528: ...r off from the debug trigger command Syntax show debugging trigger Mode User Exec and Privileged Exec Example To display the current configuration of trigger debugging use the command awplus show debugging trigger Output Figure 61 1 Example output from the show debugging trigger command Related Commands debug trigger awplus debug trigger awplus show debugging trigger Trigger debugging status Trigg...

Page 2529: ...NG CONFIG TRIGGER show running config trigger Overview This command displays the current running configuration of the trigger utility Syntax show running config trigger Mode Privileged Exec Example To display the current configuration of the trigger utility use the command awplus show running config trigger Related Commands show trigger ...

Page 2530: ...triggers full Displays detailed information about all triggers Table 1 Example output from the show trigger command awplus show trigger TR Type Details Name Ac Te Tr Repeat Scr Days Date 001 USB in Y N Y Continuous 0 smtwtfs 002 USB out Y N Y Continuous 0 smtwtfs 003 CPU 80 any Busy CPU Y N Y 5 1 smtwtfs 005 Periodic 30 min Regular status check Y N N Continuous 1 mtwtf 007 Memory 85 up High mem us...

Page 2531: ...for the trigger To see the number of times a trigger has activated use the show trigger 1 250 command Scr Number of scripts associated with the trigger Days Date Days or date when the trigger may be activated For the days options the days are shown as a seven character string representing Sunday to Saturday A hyphen indicates days when the trigger cannot be activated awplus show trigger 3 Trigger ...

Page 2532: ...vation not activated Number of scripts 0 1 not configured 2 not configured 3 not configured 4 not configured 5 not configured Trigger 2 Description no description Type and details USB out Days smtwtfs After 00 00 00 Before 23 59 59 Active Yes Test No Trap Yes Repeat Continuous Modified Tue Oct 25 14 45 56 2016 Number of activations 0 Last activation not activated Number of scripts 0 1 not configur...

Page 2533: ...ontinuous or for a set number of times When the trigger can repeat only a set number of times then the number of times the trigger has been activated is displayed in brackets Modified The date and time of the last time that the trigger was modified Number of activations Number of times the trigger has been activated since the last restart of the device Last activation The date and time of the last...

Page 2534: ...r has been activated Time triggers activated today Number of times a time trigger has been activated today Periodic triggers activated today Number of times a periodic trigger has been activated today Interface triggers activated today Number of times an interface trigger has been activated today Resource triggers activated today Number of times a CPU or memory resource trigger has been activated ...

Page 2535: ... activates the scripts associated with the trigger will be run as normal Syntax test no test Mode Trigger Configuration Usage Configure a trigger first before you use this command to diagnose it For information about configuring a trigger see the Triggers Feature Overview and Configuration Guide Examples To put trigger 5into diagnosticmode where no scripts will berun when thetrigger activates use ...

Page 2536: ...this parameter is 23 59 59 that is the trigger may activate at any time If the value specified for before is later than the value specified for after a time period from after to before is defined duringwhich the trigger may activate This command is not applicable to time triggers type time The following figure illustrates how the before and after parameters operate Syntax time after hh mm ss befor...

Page 2537: ...rigger 63 to activate between midnight and 10 30am use the commands awplus configure terminal awplus config trigger 63 awplus config trigger time before 10 30 00 To allow trigger 64 to activate between 3 45pm and midnight use the commands awplus configure terminal awplus config trigger 64 awplus config trigger time after 15 45 00 To allow trigger 65 to activate between 10 30am and 8 15pm use the c...

Page 2538: ...ich MIB objects are supported the SNMP Feature Overview and Configuration_Guide the SNMP Commands chapter Since SNMP traps are enabled by default for all defined triggers a common usage will be for the no variant of this command to disable SNMP traps from a specified trap if the trap is only periodic Refer in particular to AT TRIGGER MIB in the Support for Allied Telesis Enterprise_MIBs_in AlliedW...

Page 2539: ...onal parameters can be specified At a minimum the trigger type information must be specified before the trigger can become active The no variant of this command removes a specified trigger and all configuration associated with it Syntax trigger 1 250 no trigger 1 250 Mode Global Configuration Examples To enter trigger configuration mode for trigger 12 use the command awplus trigger 12 To completel...

Page 2540: ...e This command manually activates a trigger without the normal trigger conditions being met The trigger is activated even if it is configured as inactive The scripts associated with the trigger will be executed even if the trigger is in the diagnostic test mode Triggers activated manually do not have their repeat counts decremented or their last triggered time updated and do not result in updates ...

Page 2541: ...config trigger 5 node1 config trigger type atmf node leave Example 2 The following commands will configure trigger 5 to activate if an AMF node join event occurs on any node within the working set node1 atmf working set group all This command returns the following display Note that the running the above command changes the prompt from the name of the local node to the name of the AMF Network follo...

Page 2542: ...er This command returns the following display Display the triggers configured on each of the nodes in the AMF Network AMF Net 3 show running config trigger This command returns the following display node1 TR Type Details Description Ac Te Tr Repeat Scr Days Date 001 Periodic 2 min Periodic Status Chk Y N Y Continuous 1 smtwtfs 005 ATMF node leave E mail on ATMF Exit Y N Y Continuous 1 smtwtfs Node...

Page 2543: ... 4 6 1 x TRIGGER COMMANDS TYPE ATMF NODE Related Commands show trigger Node1 trigger 1 type periodic 2 script 1 atmf scp trigger 5 type atmf node leave description E mail on ATMF Exit script 1 email_me scp Node2 Node3 trigger 5 type atmf node leave description E mail on ATMF Exit script 1 email_me scp ...

Page 2544: ...M Activity in the Triggers Feature Overview and Configuration Guide Examples To configure trigger 28 to be a CPU trigger that activates when CPU usage exceeds 80 use the following commands awplus configure terminal awplus config trigger 28 awplus config trigger type cpu 80 up To configure trigger 5 to be a CPU trigger that activates when CPU usage either rises above or drops below 65 use the follo...

Page 2545: ...one of these events occurs by using the any option Syntax type interface interface up down any Mode Trigger Configuration Example To configure trigger 19 to be an interface trigger that activates when port1 0 2 becomes operational use the following commands awplus configure terminal awplus config trigger 19 awplus config trigger type interface port1 0 2 up Related Commands show trigger trigger Par...

Page 2546: ...memory trigger that activates when memory usage exceeds 50 use the following commands awplus configure terminal awplus config trigger 12 awplus config trigger type memory 50 up To configure trigger 40 to be a memory trigger that activates when memory usage either rises above or drops below 65 use the following commands awplus configure terminal awplus config trigger 40 awplus config trigger type m...

Page 2547: ...configured If you attempt to add more than 10 triggers the following error message is displayed For an example trigger configuration that uses the type periodic command see See Daily Statistics in the Triggers Feature Overview and Configuration Guide Example To configure trigger 44 to activate periodically at 10 minute intervals use the following commands awplus configure terminal awplus config tr...

Page 2548: ...e or unreachable Syntax type ping poll 1 100 up down Mode Trigger Configuration Example To configure trigger 106 to activate when ping poll 12 detects that its target device is now unreachable use the following commands awplus configure terminal awplus config trigger 106 awplus config trigger type ping poll 12 down Related Commands show trigger trigger Parameter Description 1 100 The ping poll ID ...

Page 2549: ... Overview This command configures a trigger that activates when your device is rebooted Syntax type reboot Mode Trigger Configuration Example To configure trigger 32 to activate when your device reboots use the following commands awplus configure terminal awplus config trigger 32 awplus config trigger type reboot Related Commands show trigger trigger ...

Page 2550: ...orrectly on the device that is connected downstream If the stack virtual mac command command is enabled the stack uses a virtual MAC address The stack will always use this MAC address and the new elected master will still retain the originally configured virtual MAC address If the stack virtual mac command is disabled the stack will use the MAC address of the current master If the stack master fai...

Page 2551: ...ger to occur when a stacking link is either activated or deactivated Syntax type stack link up down Mode Trigger Configuration Example To configure trigger 86 to activate when the stack link down event occurs use the commands awplus configure terminal awplus config trigger 86 awplus config trigger type stack link down Related Commands show trigger trigger type stack master fail Parameter Descripti...

Page 2552: ...pre configured trigger to occur when the stack enters the fail over state Syntax type stack master fail Mode Trigger Configuration Example To configure trigger 86 to activate when stack master fail over event occurs use the commands awplus configure terminal awplus config trigger 86 awplus config trigger type stack master fail Related Commands stack disabled master monitoring trigger type stack di...

Page 2553: ...ack Syntax type stack member join leave Mode Trigger Configuration Example To configure a pre configured trigger number 86 to activate when a new device joins the stack Note that the number 86 has no particular significance you can assign any previously created numbered trigger awplus configure terminal awplus config trigger 86 awplus config trigger type stack member join Related Commands trigger ...

Page 2554: ...d limit of 10 triggers of the type time and type periodic can be configured If you attempt to add more than 10 triggers the following error message is displayed Example To configure trigger 86 to activate at 15 53 use the following commands awplus configure terminal awplus config trigger 86 awplus config trigger type time 15 53 Related Commands show trigger trigger Parameter Description hh mm The ...

Page 2555: ...storage device For example trigger configurations that use the type usb command see Capture Show Output and Save to a USB Storage Device in the Triggers Feature Overview and Configuration Guide Examples To configure trigger 1 to activate on the insertion of a USB storage device use the commands awplus configure terminal awplus config trigger 1 awplus config trigger type usb in Related Commands tri...

Page 2556: ...C Command Reference for x510 Series 2556 AlliedWare Plus Operating System Version 5 4 6 1 x TRIGGER COMMANDS UNDEBUG TRIGGER undebug trigger Overview This command applies the functionality of the no debug trigger command ...

Page 2557: ...nd output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Command List active ping polling on page 2559 clear ping poll on page 2560 critical interval on page 2561 debug ping poll on page 2562 Table 62 1 The following table lists the default values when configuring a ping poll Default Value Critical interval 1 second Description No description Fail count 5 Len...

Page 2558: ...ing on page 2563 fail count on page 2564 ip ping polling on page 2565 length ping poll data on page 2566 normal interval on page 2567 ping poll on page 2568 sample size on page 2569 show counter ping poll on page 2571 show ping poll on page 2573 source ip on page 2577 timeout ping polling on page 2579 up count on page 2580 undebug ping poll on page 2581 ...

Page 2559: ...olling is unreachable The no variant of this command disables a ping poll instance The polling instance no longer sends ICMP echo requests to the polled device This also resets all counters for this polling instance Syntax active no active Mode Ping Polling Configuration Examples To activate the ping poll instance 43 use the commands awplus configure terminal awplus config ping poll 43 awplus conf...

Page 2560: ...mmand The device status changes to reachable once the device responses have reached the up count Syntax clear ping poll 1 100 all Mode Privileged Exec Examples To reset the ping poll instance 12 use the command awplus clear ping poll 12 To reset all ping poll instances use the command awplus clear ping poll all Related Commands active ping polling ping poll show ping poll Parameter Description 1 1...

Page 2561: ...of one second Syntax critical interval 1 65536 no critical interval Default The default is 1 second Mode Ping Polling Configuration Examples To set the critical interval to 2 seconds for the ping polling instance 99 use the commands awplus configure terminal awplus config ping poll 99 awplus config ping poll critical interval 2 To reset the critical interval to the default of one second for the pi...

Page 2562: ...for the specified ping poll Syntax debug ping poll 1 100 no debug ping poll 1 100 all Mode Privileged Exec Examples To enable debugging for ping poll instance 88 use the command awplus debug ping poll 88 To disable all ping poll debugging use the command awplus no debug ping poll all To disable debugging for ping poll instance 88 use the command awplus no debug ping poll 88 Related Commands active...

Page 2563: ...lete the description set Syntax description description no description Mode Ping Polling Configuration Examples To add the text Primary Gateway to describe the ping poll instance 45 use the commands awplus configure terminal awplus config ping poll 45 awplus config ping poll description Primary Gateway To delete the description set for the ping poll instance 45 use the commands awplus configure te...

Page 2564: ...e The no variant of this command resets the fail count to the default Syntax fail count 1 100 no fail count Default The default is 5 Mode Ping Polling Configuration Examples To specify the number of pings that must fail within the sample size to determine that a device is unreachable for ping polling instance 45 use the commands awplus configure terminal awplus config ping poll 45 awplus config pi...

Page 2565: ...e 5 to poll the device with the IP address 192 168 0 1 use the commands awplus configure terminal awplus config ping poll 5 awplus config ping poll ip 192 168 0 1 To set ping poll instance 10 to poll the device with the IPv6 address 2001 db8 use the commands awplus configure terminal awplus config ping poll 10 awplus config ping poll ip 2001 db8 Related Commands ping poll source ip show ping poll ...

Page 2566: ... dropping packets of the size you are interested in The no variant of this command resets the data bytes to the default of 32 bytes Syntax length 4 1500 no length Default The default is 32 Mode Ping Polling Configuration Examples To specify that ping poll instance 12 sends ping packet with a data portion of 56 bytes use the commands awplus configure terminal awplus config ping poll 12 awplus confi...

Page 2567: ...ng Configuration Examples To specify a time period of 60 seconds between pings when the device is reachable for ping poll instance 45 use the commands awplus configure terminal awplus config ping poll 45 awplus config ping poll normal interval 60 To reset the interval to the default of 30 seconds for ping poll instance 45 use the commands awplus configure terminal awplus config ping poll 45 awplus...

Page 2568: ...nt the polling instance to poll It is not necessary to specify any further commands unless you want to change a command s default The no variant of this command deletes the specified ping poll Syntax ping poll 1 100 no ping poll 1 100 Mode Global Configuration Examples To create ping poll instance 3 and enter ping poll configuration mode use the commands awplus configure terminal awplus config pin...

Page 2569: ...hat does not always reply to pings may be declared unreachable You cannot set this command s value lower than the fail count value The polling instance uses the number of pings specified by the up count command to determine when a device is reachable The no variant of this command resets this command to the default Syntax sample size 1 100 no sample size Default The default is 5 Mode Ping Polling ...

Page 2570: ...eference for x510 Series 2570 AlliedWare Plus Operating System Version 5 4 6 1 x PING POLLING COMMANDS SAMPLE SIZE Related Commands critical interval fail count normal interval ping poll show ping poll timeout ping polling up count ...

Page 2571: ...displays the counters for the specified ping poll only If you do not specify a ping poll then this command displays counters for all ping polls Ping polling counters Ping poll 1 PingsSent 15 PingsFailedUpState 0 PingsFailedDownState 0 ErrorSendingPing 2 CurrentUpCount 13 CurrentFailCount 0 UpStateEntered 0 DownStateEntered 0 Ping poll 2 PingsSent 15 PingsFailedUpState 0 PingsFailedDownState 0 Erro...

Page 2572: ...hile the target device is in the Up state This is a cumulative counter for multiple occurrences of the Up state PingsFailedDownState Number of unanswered pings while the target device is in the Down state This is a cumulative counter for multiple occurrences of the Down state ErrorSendingPing The number of pings that were not successfully sent to the target device This error can occur when your de...

Page 2573: ...te Displays polling instances based on whether the device they are polling is currently reachable or unreachable up Displays polling instance where the device state is reachable down Displays polling instances where the device state is unreachable brief Displays a summary of the state of ping polls and the devices they are polling Ping Poll Configuration Id Enabled State Destination 1 Yes Down 192...

Page 2574: ...the polled device may be going down Critical Down The device is unreachable but the polling instance received a reply to the last ping packet so the polled device may be coming back up Destinatio n The IP address of the polled device set with the ip ping polling command Ping Poll Configuration Poll 1 Description Primary Gateway Destination IP address 192 168 0 1 Status Down Enabled Yes Source IP a...

Page 2575: ...ce is reachable Down The device is unreachable Critic a l Up The device is reachable but recently the polling instance has not received some ping replies so the polled device may be going down Critic a l Down The device is unreachable but the polling instance received a reply to the last ping packet so the polled device may be coming back up Enabled Whether the polling instance is enabled or disab...

Page 2576: ...of pings that must be unanswered within the total number of pings specified by the sample size command for the polling instance to consider the device unreachable This is set using the fail count command Up count The number of consecutive pings that the polling instance must receive a reply to before classifying the device reachable again This is set using the up count command Sample size The tota...

Page 2577: ... address no source ip Mode Ping Polling Configuration Examples To configure the ping polling instance 43 to use the source IP address 192 168 0 1 in ping packets use the commands awplus configure terminal awplus config ping poll 43 awplus config ping poll source ip 192 168 0 1 To configure the ping polling instance 43 to use the source IPv6 address 2001 db8 in ping packets use the commands awplus ...

Page 2578: ...mmand Reference for x510 Series 2578 AlliedWare Plus Operating System Version 5 4 6 1 x PING POLLING COMMANDS SOURCE IP Related Commands description ping polling ip ping polling length ping poll data ping poll show ping poll ...

Page 2579: ...timeout 1 30 no timeout Default The default is 1 second Mode Ping Polling Configuration Examples To specify the timeout as 5 seconds for ping poll instance 43 use the commands awplus configure terminal awplus config ping poll 43 awplus config ping poll timeout 5 To reset the timeout to its default of 1 second for ping poll instance 43 use the commands awplus configure terminal awplus config ping p...

Page 2580: ...e Ping Polling Configuration Examples To set the upcount to 5 consecutive pings for ping polling instance 45 use the commands awplus configure terminal awplus config ping poll 45 awplus config ping poll up count 5 To reset the upcount to the default value of 30 consecutive pings for ping polling instance 45 use the commands awplus configure terminal awplus config ping poll 45 awplus config ping po...

Page 2581: ...and Reference for x510 Series 2581 AlliedWare Plus Operating System Version 5 4 6 1 x PING POLLING COMMANDS UNDEBUG PING POLL undebug ping poll Overview This command applies the functionality of the no debug ping poll command ...

Page 2582: ... page 2583 debug sflow agent on page 2584 sflow agent address on page 2585 sflow collector address on page 2587 sflow collector max datagram size on page 2589 sflow enable on page 2590 sflow max header size on page 2591 sflow polling interval on page 2593 sflow sampling rate on page 2594 show debugging sflow on page 2595 show running config sflow on page 2597 show sflow on page 2598 show sflow int...

Page 2583: ...mpling and or polling debug is disabled Mode Privileged Exec Examples To enable sFlow debug messagelogging for polling and sampling on port1 0 1 and port1 0 7 use the commands awplus debug sflow interface port1 0 1 port1 0 7 sampling polling To enable logging and polling of sFlow debug messages for polling and sampling on all ports use the command awplus debug sflow sampling polling Related Comman...

Page 2584: ...to particular ports For example sending an sFlow datagram to the collector The no variant of this command applies the command default Syntax debug sflow agent no debug sflow agent Default The sFlow agent debug message logging that is not port specific is disabled Mode Privileged Exec Example To enable logging of sFlow agent debug messages use the following command awplus debug sflow agent Related ...

Page 2585: ...ion or deletion of VLAN interfaces each of which will have its own specific IP address Note that sFlow is rendered inactive whenever the agent address is not set The no variant of this command applies its default setting to remove a configured address Syntax sflow agent ip ip address ipv6 ipv6 address no sflow agent ip ipv6 Default The sFlow agent address is unset Mode Global Configuration Example...

Page 2586: ...C613 50102 01 REV C Command Reference for x510 Series 2586 AlliedWare Plus Operating System Version 5 4 6 1 x SFLOW COMMANDS SFLOW AGENT ADDRESS Related Commands show running config sflow show sflow ...

Page 2587: ...535 no sflow collector ip ipv6 port Default The collector address is 0 0 0 0 which renders sFlow inactive and the UDP port is 6343 Mode Global Configuration Examples To set the sFlow collector address to 1920 2 25 and UDP port to 9000 use the command awplus configure terminal awplus config sflow collector ip 192 0 2 25 port 9000 To remove the sFlow collector IPv4 address and leave the UDP port unc...

Page 2588: ...mmand awplus configure terminal awplus config sflow collector ipv6 2001 0db8 1 To remove the sFlow collector IPv6 address and leave the UDP port unchanged use the command awplus configure terminal awplus config no sflow collector ipv6 To remove the sFlow collector IPv6 address and to remove the UDP port use the command awplus configure terminal awplus config no sflow collector ipv6 port Related Co...

Page 2589: ...d resets the maximum datagram size to the default Syntax sflow collector max datagram size 200 1500 no sflow collector max datagram size Default 1400 bytes Mode Global Configuration Example To set the maximum datagram size to 1200 use the command awplus configure terminal awplus config sflow collector max datagram size 1200 Related Commands show running config sflow show sflow Parameter Descriptio...

Page 2590: ...tional status to active To activate sFlow the following conditions need to be met sFlow is enabled The sFlow agent address is set The sFlow collector address is set to a valid non zero IPv4 or IPv6 address Polling or sampling is enabled on the ports to be sampled or polled Syntax sflow enable no sflow enable Default sFlow is disabled globally on the switch Mode Global Configuration Example To enab...

Page 2591: ...ault Syntax sflow max header size 14 200 no sflow max header size Default The max header size is 128 bytes Mode Interface Configuration Usage The header size is measured from the first byte of the Ethernet frame MAC Destination Address For an environment using standard TCP IPv4 over Ethernet frames consider the following basic protocol structure Ethernet header including the 4 byte 802 1Q header c...

Page 2592: ...y this command will be included in the sFlow packet samples For example with the default of 128 applied up to 128 82 46 bytes of user data could be included in the sFlow datagram samples sent between the Agent and the Collector Note that the agent to collector datagrams contain their own UDP headers which are outside this calculation Example To set the maximum header size to 160 bytes for ports 1 ...

Page 2593: ...and The no variant of this command applies the default Syntax sflow polling interval 0 1 16777215 no sflow polling interval Default The polling interval is 0 polling disabled Mode Interface Configuration Example To set the polling interval to 60 seconds for ports 1 0 1 and 1 0 7 use the following commands awplus configure terminal awplus config interface port1 0 1 port1 0 7 awplus config if sflow ...

Page 2594: ...received i e one in every 1000 frames sent from the specified port A value of 0 disables sampling on the specified port s The no variant of this command applies the default Syntax sflow sampling rate 0 256 16777215 no sflow sampling rate Default The sampling rate is 0 sampling disabled Mode Interface Configuration Example To set the sampling rate to 500 for ports 1 0 1 and 1 0 7 use the commands a...

Page 2595: ...and awplus show debugging sflow interface port1 0 1 1 0 9 Output Figure 63 1 Sample obtained for an sFlow agent To display sFlow debug settings for all ports use the command awplus show debugging sflow Parameter Description interface The interface information port list The ports for which the sFlow debug settings are to be shown The ports to display information about The port list can be a switch ...

Page 2596: ... 50102 01 REV C Command Reference for x510 Series 2596 AlliedWare Plus Operating System Version 5 4 6 1 x SFLOW COMMANDS SHOW DEBUGGING SFLOW Related Commands show running config sflow show sflow interface ...

Page 2597: ...ow running config sflow Mode Privileged Exec and Global Configuration Example To display the sFlow running configuration information use the command awplus show running config sflow Output Figure 63 2 Example output from the show running config sflow command Related Commands show running config awplus sh run sflow sflow agent ip 192 0 2 33 sflow collector ip 192 0 2 65 sflow collector max datagram...

Page 2598: ...0 0 Collector UDP Port 6343 6343 Tx Max Datagram Size 1200 1400 sFlow Agent Status Polling sampling Tx Inactive because sFlow is disabled Agent Addr is not set Collector Addr is 0 0 0 0 Polling sampling disabled on all ports Table 2 Parameters in the output of the show sflow command Output Parameter Description sFlow Admin Status Whether sFlow agent operation is administratively enabled sFlow Agen...

Page 2599: ...running config sflow show sflow interface Tx Max Datagram Size The maximum size of the sFlow datagrams sent to the collector Polling sampling Tx Whether sFlow sampling and or polling and hence sFlow datagram transmission are active If inactive the reasons are listed Table 2 Parameters in the output of the show sflow command cont Output Parameter Description ...

Page 2600: ...System Version 5 4 6 1 x SFLOW COMMANDS SHOW SFLOW INTERFACE show sflow interface Overview This command displays sFlow agent sampling and polling configuration for specified ports Syntax show sflow interface ifrange Mode Privileged Exec Parameter Description ifrange The interface range ...

Page 2601: ...mmand Reference for x510 Series 2601 AlliedWare Plus Operating System Version 5 4 6 1 x SFLOW COMMANDS UNDEBUG SFLOW undebug sflow Overview This command applies the functionality of the no variant of the debug sflow command ...

Reviews:

No comments

Related manuals for AT-x510-28GPX

3Com 4210 Series Datasheet preview
4210 Series
Brand: 3Com Pages: 8
3Com PathBuilder S200 Series Feature Manual preview
PathBuilder S200 Series
Brand: 3Com Pages: 11
3Com 4400 Datasheet preview
4400
Brand: 3Com Pages: 8
3Com CoreBuilder 3500 Getting Started Manual preview
CoreBuilder 3500
Brand: 3Com Pages: 96
OEZ PS-LT Instructions For Use preview
PS-LT
Brand: OEZ Pages: 5
Contemporary Controls EISK5-100T/H Installation Manual preview
EISK5-100T/H
Brand: Contemporary Controls Pages: 4
Eaton Pow-R-Line SPX0361126 Maintenance Manual preview
Pow-R-Line SPX0361126
Brand: Eaton Pages: 584
VADA FLOW BOSS VFB-DSU Installation Manual preview
FLOW BOSS VFB-DSU
Brand: VADA Pages: 17
S+S Regeltechnik Premasreg 716 Series Operating Instructions, Mounting & Installation preview
Premasreg 716 Series
Brand: S+S Regeltechnik Pages: 32
Kramer XL 1204V2 Specifications preview
XL 1204V2
Brand: Kramer Pages: 2
Bühler technologies Nivotemp NT-EL Installation And Operation Instructions Manual preview
Nivotemp NT-EL
Brand: Bühler technologies Pages: 20
C4i HDC-SPB116 User Manual preview
HDC-SPB116
Brand: C4i Pages: 7
Hama AV Selector 310 Operating Instruction preview
AV Selector 310
Brand: Hama Pages: 21
Patton FiberPlex 1004E User Manual preview
FiberPlex 1004E
Brand: Patton Pages: 39
Santon D1-G/H-T Installation Manual preview
D1-G/H-T
Brand: Santon Pages: 16
KTI KCB-121 User Manual preview
KCB-121
Brand: KTI Pages: 16
Wyrestorm Essentials EXP-SW-0401-H2 Quick Start Manual preview
Essentials EXP-SW-0401-H2
Brand: Wyrestorm Pages: 2
LINK-MI LM-HD808 Operating Instructions Manual preview
LM-HD808
Brand: LINK-MI Pages: 18

Brands by name

Popular brands

Load more brands