manualshive.com logo in svg

Allied Telesis x510-28GPX, Command Reference Manual

The Allied Telesis x510-28GPX is a powerful switch that offers high performance and advanced features for network connectivity. For detailed information on configuration and commands, the Command Reference Manual is available for free download at manualshive.com. Explore the manual to maximize the capabilities of this exceptional product.

Share
Download
background image

C613-50170-01 Rev B

Command Reference for x510 Series

1954

AlliedWare Plus™ Operating System - Version 5.4.7-1.x

P

UBLIC

 K

EY

 I

NFRASTRUCTURE

 C

OMMANDS

CRYPTO

 

PKI

 

ENROLL

crypto pki enroll

Overview

Use this command to enroll the local server to the specified trustpoint.

Use the 

no

 variant of this command to de-enroll the server by removing its 

certificate

Syntax

crypto pki enroll <

trustpoint

>

no crypto pki enroll <

trustpoint

>

Mode

Privileged Exec

Usage

For the local server, “enrollment” is the process of creating of a certificate for the 
server that has been signed by a CA associated with the trustpoint. The public 
portion of the RSA key pair specified using the rsakeypair parameter for the 
trustpoint will be included in the server certificate.

If the trustpoint represents a locally self-signed certificate authority, then this 
command results in the direct generation of the server certificate, signed by the 
root CA for the trustpoint.

If the trustpoint represents an external certificate authority, then this command 
results in the generation of a Certificate Signing Request (CSR) file, which is 
displayed at the terminal in Privacy-Enhanced Mail (PEM) format, suitable for 
copying and pasting into a file or message. The CSR must be sent to the external 
CA for processing. When the CA replies with the signed certificate, that certificate 
should be imported using the crypto pki import pem command, to complete the 
enrollment process.

The specified trustpoint must already exist, and it must already be authenticated.

Example

To enroll the local server with the trustpoint “example”, use the following 
commands:

awplus> 

enable

awplus# 

crypto pki enroll example

Related 

Commands

crypto pki enroll user

crypto pki import pem

crypto pki trustpoint

enrollment (trustpoint configuration mode)

Parameter

Description

<trustpoint>

The name of the trustpoint to be enrolled

Summary of Contents for x510-28GPX

Page 1: ...es STACKABLE GIGABIT EDGE SWITCHES Command Reference for AlliedWare Plus Version 5 4 7 1 x x510 28GTX x510 28GPX x510 52GTX x510 52GPX x510 28GSX x510 28GSX 80 x510DP 28GTX x510DP 52GTX x510L 28GT x51...

Page 2: ...uction and shipping costs and a CD with the GPL code will be mailed to you GPL Code Request Allied Telesis Labs Ltd PO Box 8011 Christchurch New Zealand Allied Telesis AlliedWare Plus Allied Telesis M...

Page 3: ...Privileged Exec mode 99 end 101 exit 102 help 103 logout 104 show history 105 Chapter 2 File and Configuration Management Commands 106 Introduction 106 autoboot enable 110 boot config file 111 boot co...

Page 4: ...clear line console 162 clear line vty 163 enable password 164 enable secret 167 exec timeout 170 flowcontrol hardware asyn console 172 length asyn 174 line 175 privilege level 177 security password hi...

Page 5: ...6 GUI Commands 220 Introduction 220 atmf topology gui enable 221 gui timeout 222 log event host 224 service http 225 show http 226 Chapter 7 System Configuration and Monitoring Commands 227 Introduct...

Page 6: ...ggables and Cabling Commands 299 Introduction 299 clear test cable diagnostics tdr 300 debug fiber monitoring 301 fiber monitoring action 303 fiber monitoring baseline 304 fiber monitoring enable 306...

Page 7: ...ent log 377 default log buffered 378 default log console 379 default log email 380 default log external 381 default log host 382 default log monitor 383 default log permanent 384 log buffered 385 log...

Page 8: ...interface to configure 467 mru 469 mtu 471 show interface 473 show interface brief 476 show interface memory 477 show interface status 479 shutdown 481 Chapter 13 Port Mirroring and Remote Mirroring...

Page 9: ...eg mc flooding 532 platform vlan stacking tpid 534 polarity 535 show debugging loopprot 536 show debugging platform packet 537 show flowcontrol interface 538 show interface err disabled 539 show inter...

Page 10: ...witchport private vlan mapping 596 switchport trunk allowed vlan 597 switchport trunk native vlan 600 switchport vlan translation 601 switchport vlan translation default drop 602 switchport vlan stack...

Page 11: ...force version 670 spanning tree forward time 671 spanning tree guard root 672 spanning tree hello time 673 spanning tree link type 674 spanning tree max age 675 spanning tree max hops MSTP 676 spanni...

Page 12: ...ower inline enable 732 power inline max 733 power inline priority 735 power inline usage threshold 737 service power inline 738 show debugging power inline 739 show power inline 740 show power inline...

Page 13: ...4 show ip interface 806 show ip sockets 807 show ip traffic 810 tcpdump 812 traceroute 813 undebug ip packet interface 814 Chapter 22 Domain Name Service DNS Commands 815 Introduction 815 clear ip dns...

Page 14: ...me 860 ipv6 nd suppress ra 861 ipv6 neighbor 862 ipv6 opportunistic nd 863 ipv6 route 864 ipv6 unreachables 865 ping ipv6 866 show ipv6 forwarding 867 show ipv6 interface brief 868 show ipv6 neighbors...

Page 15: ...size RIP 927 redistribute RIP 928 restart rip graceful 929 rip restart grace period 930 route RIP 931 router rip 932 send lifetime 933 show debugging rip 935 show ip protocols rip 936 show ip rip 937...

Page 16: ...start 987 clear ip ospf process 988 compatible rfc1583 989 debug ospf events 990 debug ospf ifsm 991 debug ospf lsa 992 debug ospf nfsm 993 debug ospf nsm 994 debug ospf packet 995 debug ospf route 99...

Page 17: ...how ip ospf database opaque area 1052 show ip ospf database opaque as 1053 show ip ospf database opaque link 1054 show ip ospf database router 1055 show ip ospf database summary 1057 show ip ospf inte...

Page 18: ...nterval 1124 ipv6 ospf transmit delay 1125 ipv6 router ospf area 1126 max concurrent dd IPv6 OSPF 1128 passive interface IPv6 OSPF 1129 redistribute IPv6 OSPF 1130 restart ipv6 ospf graceful 1132 rout...

Page 19: ...group 1193 clear ip igmp interface 1194 debug igmp 1195 ip igmp 1196 ip igmp access group 1197 ip igmp flood specific query 1198 ip igmp immediate leave 1199 ip igmp last member query count 1200 ip i...

Page 20: ...251 clear ipv6 mld group 1252 clear ipv6 mld interface 1253 debug mld 1254 ipv6 mld 1255 ipv6 mld access group 1256 ipv6 mld immediate leave 1257 ipv6 mld last member query count 1258 ipv6 mld last me...

Page 21: ...ng 1316 show ipv6 mif 1317 Chapter 33 PIM SM Commands 1318 Introduction 1318 clear ip pim sparse mode bsr rp set 1320 clear ip pim sparse mode packet statistics 1321 clear ip mroute pim sparse mode 13...

Page 22: ...Chapter 34 PIM SMv6 Commands 1371 Introduction 1371 clear ipv6 mroute pim 1374 clear ipv6 mroute pim sparse mode 1375 clear ipv6 pim sparse mode bsr rp set 1376 debug ipv6 pim sparse mode 1377 debug i...

Page 23: ...ter 35 PIM DM Commands 1433 Introduction 1433 debug pim dense mode all 1435 debug pim dense mode context 1436 debug pim dense mode decode 1437 debug pim dense mode encode 1438 debug pim dense mode fsm...

Page 24: ...1517 access list extended numbered 1525 access list extended ICMP filter 1527 access list extended IP filter 1529 access list extended IP protocol filter 1532 access list extended TCP UDP filter 1536...

Page 25: ...8 match access group 1620 match cos 1622 match dscp 1623 match eth format protocol 1624 match inner cos 1627 match inner vlan 1628 match ip precedence 1629 match mac type 1630 match tcp flags 1631 mat...

Page 26: ...eauth req 1690 dot1x port control 1692 dot1x timeout tx period 1694 show debugging dot1x 1696 show dot1x 1697 show dot1x diagnostics 1700 show dot1x interface 1702 show dot1x sessionstatistics 1707 sh...

Page 27: ...b server ipaddress 1784 auth web server page language 1785 auth web server login url 1786 auth web server page logo 1787 auth web server page sub title 1788 auth web server page success message 1789 a...

Page 28: ...default group tacacs 1848 aaa authentication enable default local 1850 aaa authentication login 1851 aaa authorization commands 1853 aaa authorization config commands 1855 aaa group server 1856 aaa l...

Page 29: ...db to file 1919 crypto pki enroll local deleted 1920 crypto pki enroll local local radius all users deleted 1921 crypto pki enroll local user deleted 1922 crypto pki export local pem deleted 1923 cry...

Page 30: ...er 47 TACACS Commands 1976 Introduction 1976 authorization commands 1977 aaa authorization commands 1979 aaa authorization config commands 1981 ip tacacs source interface 1982 show tacacs 1983 tacacs...

Page 31: ...Chapter 49 OpenFlow Commands 2038 Introduction 2038 openflow 2039 openflow controller 2040 openflow datapath id 2042 openflow failmode standalone 2043 openflow inactivity 2044 openflow native vlan 20...

Page 32: ...debug stack 2106 Chapter 51 VRRP Commands 2107 Introduction 2107 advertisement interval 2109 alternate checksum mode 2111 circuit failover 2112 debug vrrp 2114 debug vrrp events 2115 debug vrrp packet...

Page 33: ...Chapter 53 G 8032 Ethernet Ring Protection Switching Commands 2175 Introduction 2175 cfm sf notify 2177 clear g8032 erp instance 2179 clear g8032 erp instance statistics 2180 data traffic 2181 debug...

Page 34: ...now 2245 atmf backup redundancy enable 2247 atmf backup server 2248 atmf backup stop 2250 atmf backup synchronize 2251 atmf cleanup 2252 atmf container 2253 atmf container login 2254 atmf controller...

Page 35: ...ost 2329 modeltype 2330 show atmf 2331 show atmf area 2335 show atmf area guests 2338 show atmf area guests detail 2340 show atmf area nodes 2342 show atmf area nodes detail 2344 show atmf area summar...

Page 36: ...router 2436 dns server 2437 domain name 2438 host DHCP 2439 ip address dhcp 2440 ip dhcp bootp ignore 2442 ip dhcp leasequery enable 2443 ip dhcp option 2444 ip dhcp pool 2446 ip dhcp client default r...

Page 37: ...v6 PD 2508 ipv6 address dhcp 2511 ipv6 dhcp client pd 2513 ipv6 dhcp option 2515 ipv6 dhcp pool 2517 ipv6 dhcp server 2519 ipv6 local pool 2520 ipv6 nd prefix DHCPv6 2522 link address 2524 option DHCP...

Page 38: ...2589 snmp server engineID local 2592 snmp server engineID local reset 2594 snmp server group 2595 snmp server host 2597 snmp server legacy ifadminstatus 2599 snmp server location 2600 snmp server sou...

Page 39: ...interface 2663 show location 2665 Chapter 60 SMTP Commands 2667 Introduction 2667 debug mail 2668 delete mail 2669 mail 2670 mail from 2671 mail smtpserver 2672 show counter mail 2673 show mail 2674 u...

Page 40: ...ation 2729 ssh server deny users 2731 ssh server max auth tries 2733 ssh server resolve host 2734 ssh server scp 2735 ssh server sftp 2736 undebug ssh client 2737 undebug ssh server 2738 Chapter 63 Tr...

Page 41: ...87 normal interval 2788 ping poll 2789 sample size 2790 show counter ping poll 2792 show ping poll 2794 source ip 2798 timeout ping polling 2800 up count 2801 undebug ping poll 2802 Chapter 65 sFlow C...

Page 42: ...tended TCP UDP filter 1599 ipv6 access list standard filter 1603 named hardware ACL ICMP entry 1489 named hardware ACL IP packet entry 1493 named hardware ACL IP protocol entry 1497 named hardware ACL...

Page 43: ...s max fail 1859 aaa login fail delay 1860 abr type 1078 accept lifetime 892 access group 1467 access list extended numbered 1525 access list numbered hardware ACL for ICMP 1469 access list numbered ha...

Page 44: ...l link IPv6 OSPF 1088 area virtual link authentication ipsec spi 1090 area virtual link encryption ipsec spi 1092 area virtual link 980 area link 2223 arp IP address MAC 773 arp log 774 arp opportunis...

Page 45: ...52 atmf container login 2254 atmf container 2253 atmf controller 2255 atmf distribute firmware 2256 atmf domain vlan 2258 atmf enable 2261 atmf group membership 2262 atmf guest class 2264 atmf log ver...

Page 46: ...gui enable 221 atmf topology gui enable 2307 atmf virtual crosslink 2308 atmf virtual link 2310 atmf working set 2312 attribute 1906 auth auth fail vlan 1718 auth critical 1720 auth dynamic vlan crea...

Page 47: ...mands 1862 authorization commands 1977 auth web accounting 1768 auth web authentication 1769 auth web enable 1770 auth web forward 1772 auth web max auth fail 1775 auth web method 1777 auth web server...

Page 48: ...r redirect url 1799 auth web server session keep 1800 auth web server ssl intercept port 1802 auth web server ssl 1801 autoboot enable 110 auto cost reference bandwidth IPv6 OSPF 1095 auto cost refere...

Page 49: ...r 2500 clear counter stack 2064 clear ethernet cfm errorlog 329 clear exception log 371 clear g8032 erp instance statistics 2180 clear g8032 erp instance 2179 clear gvrp statistics 752 clear ip dhcp b...

Page 50: ...counters 703 clear line console 162 clear line vty 163 clear lldp statistics 2610 clear lldp table 2611 clear log buffered 373 clear log external 374 clear log permanent 375 clear log 372 clear loop p...

Page 51: ...83 989 configure terminal 96 continuous reboot prevention 241 copy filename 118 copy buffered log 376 copy current software 120 copy debug 121 copy fdb radius users to file 1916 copy local radius user...

Page 52: ...rt local pem deleted 1923 crypto pki export local pkcs12 deleted 1924 crypto pki export pem 1957 crypto pki export pkcs12 1958 crypto pki import pem 1960 crypto pki import pkcs12 1962 crypto pki trust...

Page 53: ...g loopprot 512 debug mail 2668 debug mld 1254 debug mstp RSTP and STP 627 debug nsm mcast 1291 debug nsm mcast6 1292 debug ospf events 990 debug ospf ifsm 991 debug ospf lsa 992 debug ospf nfsm 993 de...

Page 54: ...debug vrrp packet 2116 debug vrrp 2114 default log buffered 378 default log console 379 default log email 380 default log external 381 default log host 382 default log monitor 383 default log permane...

Page 55: ...17 discovery 2323 distance IPv6 OSPF 1107 distance OSPF 999 distance RIP 901 distribute list IPv6 OSPF 1109 distribute list IPv6 RIPng 950 distribute list OSPF 1001 distribute list RIP 902 dns server...

Page 56: ...ode 99 enable VRRP 2118 enable db summary opt 1003 enable password 164 enable secret 167 end 101 enrollment trustpoint configuration mode 1964 epsr configuration 2153 epsr datavlan 2154 epsr enhancedr...

Page 57: ...nsitivity 308 findme trigger 248 findme 246 fingerprint trustpoint configuration mode 1965 flowcontrol switch port 517 flowcontrol hardware asyn console 172 fullupdate RIP 903 g8032 erp instance 2186...

Page 58: ...ng 2004 ip dhcp snooping database 2005 ip dhcp snooping delete by client 2006 ip dhcp snooping delete by linkdown 2007 ip dhcp snooping max bindings 2008 ip dhcp snooping subscriber id 2009 ip dhcp sn...

Page 59: ...st member query count 1200 ip igmp last member query interval 1201 ip igmp limit 1202 ip igmp maximum groups 1203 ip igmp mroute proxy 1205 ip igmp proxy service 1206 ip igmp querier timeout 1207 ip i...

Page 60: ...st allow register fragments 1326 ip multicast forward first packet 1296 ip multicast route 1297 ip multicast route limit 1299 ip multicast wrong vif suppression 1300 ip multicast routing 1301 ip name...

Page 61: ...time PIM DM 1447 ip pim hello holdtime PIM SM 1337 ip pim hello interval PIM DM 1448 ip pim hello interval PIM SM 1338 ip pim ignore rp set priority 1339 ip pim jp timer 1340 ip pim max graft retries...

Page 62: ...rip send packet 913 ip rip split horizon 918 ip route 875 ip source binding 2013 ip tacacs source interface 1982 ip tcp synack retries 796 ip tftp source interface 134 ip unreachables 797 ipv6 access...

Page 63: ...ld snooping querier 1271 ipv6 mld snooping report suppression 1272 ipv6 mld snooping 1266 ipv6 mld ssm map enable 1274 ipv6 mld ssm map static 1275 ipv6 mld static group 1276 ipv6 mld version 1278 ipv...

Page 64: ...smit interval 1124 ipv6 ospf transmit delay 1125 ipv6 pim accept register 1382 ipv6 pim anycast rp 1383 ipv6 pim bsr border 1384 ipv6 pim bsr candidate 1385 ipv6 pim cisco register checksum group list...

Page 65: ...bsm 1412 ipv6 prefix list 1605 ipv6 rip metric offset 951 ipv6 rip split horizon 953 ipv6 route 864 ipv6 route 877 ipv6 router ospf area 1126 ipv6 router rip 954 ipv6 tftp source interface 135 ipv6 t...

Page 66: ...reinit 2625 lldp run 2626 lldp timer 2627 lldp tlv select 2628 lldp transmit receive 2630 lldp tx delay 2631 local proxy arp 799 location civic location configuration 2632 location civic location ide...

Page 67: ...log host time 431 log host 422 log monitor filter 433 log monitor exclude 436 log permanent filter 440 log permanent exclude 443 log permanent size 446 log permanent 439 log trustpoint 449 login auth...

Page 68: ...dress 1172 match ip next hop 1175 match ip precedence 1629 match ipv6 address 1177 match mac type 1630 match metric 1178 match route type 1179 match tag 1180 match tcp flags 1631 match vlan 1632 max c...

Page 69: ...9 nas 1933 neighbor IPv6 RIPng 955 neighbor OSPF 1023 neighbor RIP 923 network DHCP 2462 network RIP 924 network area 1024 next server 2463 no crypto pki certificate 1967 no debug all 253 no police 16...

Page 70: ...Pv6 2526 option 2464 ospf abr type 1026 ospf restart grace period 1027 ospf restart helper 1028 ospf router id 1030 overflow database external 1032 overflow database 1031 passive interface IPv6 OSPF 1...

Page 71: ...ine usage threshold 737 preempt mode 2119 prefix delegation pool 2528 priority 2121 priority queue 1644 private vlan association 574 private vlan 573 privilege level 177 probe enable 2466 probe packet...

Page 72: ...56 remark new cos 1647 remark map 1645 remote command deleted 2070 remote login 2071 remote mirror interface 485 repeat 2746 restart ipv6 ospf graceful 1132 restart ospf graceful 1036 restart rip grac...

Page 73: ...sword minimum length 183 security password min lifetime enforce 181 security password reject expired pwd 184 security password warning 185 send lifetime 933 server radsecproxy aaa 1869 server Server G...

Page 74: ...te 2815 show aaa local user locked 1875 show aaa server group 1876 show access list IPv4 Hardware ACLs 1511 show access list IPv4 Software ACLs 1554 show arp security interface 2018 show arp security...

Page 75: ...ure mode certificates 2399 show atmf secure mode sa 2402 show atmf secure mode statistics 2405 show atmf secure mode 2395 show atmf tech 2407 show atmf virtual links 2410 show atmf working set 2412 sh...

Page 76: ...pubkey rsa 1969 show crypto key pubkey chain knownhosts 2709 show crypto key pubkey chain userkey 2710 show crypto key userkey 2711 show crypto pki certificates deleted 1938 show crypto pki certificat...

Page 77: ...e 1454 show debugging pim sparse mode 1355 show debugging platform packet 537 show debugging power inline 739 show debugging radius 1898 show debugging rip 935 show debugging sflow 2816 show debugging...

Page 78: ...show ethernet cfm maintenance points local mep 356 show ethernet cfm maintenance points remote mep 362 show ethernet cfm service 365 show exception log 451 show file systems 145 show file 144 show flo...

Page 79: ...p dhcp snooping interface 2032 show ip dhcp snooping statistics 2034 show ip dhcp snooping 2024 show ip dhcp relay 2488 show ip dns forwarding cache 832 show ip dns forwarding server 833 show ip dns f...

Page 80: ...7 show ip pim dense mode interface 1455 show ip pim dense mode mroute 1458 show ip pim dense mode neighbor detail 1460 show ip pim dense mode neighbor 1459 show ip pim dense mode nexthop 1461 show ip...

Page 81: ...ow ipv6 forwarding 867 show ipv6 interface brief 868 show ipv6 mif 1317 show ipv6 mld groups 1280 show ipv6 mld interface 1281 show ipv6 mld snooping mrouter 1282 show ipv6 mld snooping statistics 128...

Page 82: ...w ipv6 pim sparse mode nexthop 1425 show ipv6 pim sparse mode rp mapping 1427 show ipv6 pim sparse mode rp nexthop 1428 show ipv6 pim sparse mode rp hash 1426 show ipv6 prefix list 1609 show ipv6 prot...

Page 83: ...how memory pools 277 show memory shared 278 show memory 271 show mep alarm status 368 show mirror interface 488 show mirror 487 show mls qos interface policer counters 1657 show mls qos interface queu...

Page 84: ...ity 575 show power inline counters 743 show power inline interface detail 747 show power inline interface 745 show power inline 740 show privilege 190 show process 279 show provisioning stack 2078 sho...

Page 85: ...low 2819 show snmp server community 2577 show snmp server group 2578 show snmp server user 2579 show snmp server view 2580 show snmp server 2576 show spanning tree brief 641 show spanning tree mst con...

Page 86: ...ring 310 show system interrupts 287 show system mac 288 show system pci device 289 show system pci tree 290 show system pluggable detail 315 show system pluggable diagnostics 318 show system pluggable...

Page 87: ...D local 2592 snmp server group 2595 snmp server host 2597 snmp server legacy ifadminstatus 2599 snmp server location 2600 snmp server source interface 2601 snmp server startup trap delay 2602 snmp ser...

Page 88: ...instance 679 spanning tree path cost 686 spanning tree portfast STP 687 spanning tree portfast bpdu filter 689 spanning tree portfast bpdu guard 691 spanning tree priority bridge priority 693 spanning...

Page 89: ...on 1668 storm rate 1669 storm window 1670 subject name trustpoint configuration 1974 subnet mask 2492 sub ring 2210 summary address IPv6 OSPF 1160 summary address 1066 switch provision stack 2102 swit...

Page 90: ...ort vlan translation default drop 602 switchport vlan translation 601 switchport vlan stacking double tagging 603 switchport voice dscp 604 switchport voice vlan priority 608 switchport voice vlan 605...

Page 91: ...71 type atmf node 2426 type atmf node 2762 type cpu 2765 type interface 2766 type memory 2767 type periodic 2768 type ping poll 2769 type reboot 2770 type stack disabled master 2771 type stack link 27...

Page 92: ...ipv6 rip 968 undebug lacp 724 undebug loopprot 565 undebug mail 2675 undebug mstp 698 undebug ospf events 1068 undebug ospf ifsm 1069 undebug ospf lsa 1070 undebug ospf nfsm 1071 undebug ospf nsm 1072...

Page 93: ...e 611 vlan classifier group 612 vlan classifier rule ipv4 613 vlan classifier rule proto 614 vlan database 617 vlan filter 618 vlan mode remote mirror vlan 492 vlan mode stack local vlan 2104 vlan mod...

Page 94: ...C613 50170 01 Rev B Command Reference for x510 Series 94 AlliedWare Plus Operating System Version 5 4 7 1 x Part 1 Setup and Troubleshooting...

Page 95: ...ence for the commands used to navigate between different modes This chapter also provides a reference for the help and show commands used to help navigate within the CLI Command List configure termina...

Page 96: ...ATION COMMANDS CONFIGURE TERMINAL configure terminal Overview This command enters the Global Configuration command mode Syntax configure terminal Mode Privileged Exec Example To enter the Global Confi...

Page 97: ...GED EXEC MODE disable Privileged Exec mode Overview This command exits the Privileged Exec mode returning the prompt to the User Exec mode To end a session use the exit command Syntax disable Mode Pri...

Page 98: ...ON COMMANDS DO do Overview This command lets you to run User Exec and Privileged Exec mode commands when you are in any configuration mode Syntax do command Mode Any configuration mode Example awplus...

Page 99: ...r privilege levels with the enable Privileged Exec mode command If the privilege level specified is higher than the users configured privilege level specified by the username command then the user is...

Page 100: ...N COMMANDS ENABLE PRIVILEGED EXEC MODE Privilege Exec mode Use the enable password command or the enable secret commands to set the password to enable access to Privileged Exec mode awplus enable 7 aw...

Page 101: ...ther advanced command mode Syntax end Mode All advanced command modes including Global Configuration and Interface Configuration modes Example The following example shows the use of the end command to...

Page 102: ...used in User Exec mode the exit command terminates the session Syntax exit Mode All command modes including Global Configuration and Interface Configuration modes Example The following example shows...

Page 103: ...display a description on how to use the system help use the command awplus help Output Figure 1 1 Example output from the help command When you need help at the command line press If nothing matches...

Page 104: ...Operating System Version 5 4 7 1 x CLI NAVIGATION COMMANDS LOGOUT logout Overview This command exits the User Exec or Privileged Exec modes and ends the session Syntax logout Mode User Exec and Privil...

Page 105: ...lists all command line entries including commands that returned an error For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Config...

Page 106: ...his syntax Example Copying in local Flash memory flash directory filename To specify a file in the configs directory in Flash flash configs example cfg Copyingtoorfrom a USB storage device usb directo...

Page 107: ...Use hyphens or underscores instead Syntax for directory listings A leading slash indicates the root of the current filesystem location In commands where you need to specify the local filesystem s Fla...

Page 108: ...er use the remote login command Command List autoboot enable on page 110 boot config file on page 111 boot config file backup on page 113 boot system on page 114 boot system backup on page 116 cd on p...

Page 109: ...ATION MANAGEMENT COMMANDS show boot on page 142 show file on page 144 show file systems on page 145 show running config on page 147 show running config interface on page 151 show startup config on pag...

Page 110: ...n file from the external media An example of a valid autoboot txt file is shown in the following figure Figure 2 1 Example autoboot txt file Use the no variant of this command to disable the Autoboot...

Page 111: ...llback order see the File Management Feature Overview and Configuration Guide Examples To run the configuration file branch cfg stored on the device s Flash filesystem the next time the device boots u...

Page 112: ...AGEMENT COMMANDS BOOT CONFIG FILE To stop running the configuration file branch cfg stored on the switch s USB storage device filesystem when the device boots up use the commands awplus configure term...

Page 113: ...nagement Feature Overview and Configuration Guide Examples To set the configuration file backup cfg as the backup to the main configuration file use the commands awplus configure terminal awplus confi...

Page 114: ...ts a release file on a USB storage device if a USB storage device is inserted in all stack members and all stack members have a bootloader version that supports booting from it If a stack member has a...

Page 115: ...1 1 rel Answering y at the prompt will cause the system to delete the specified file awplus config y Related Commands boot config file boot config file backup boot system backup show boot Insufficien...

Page 116: ...Configuration Examples To specify the file x510 5 4 7 0 1 rel as the backup to the main release file use the commands awplus configure terminal awplus config boot system backup flash x510 5 4 7 0 1 r...

Page 117: ...ION MANAGEMENT COMMANDS CD cd Overview This command changes the current working directory Syntax cd directory name Mode Privileged Exec Example To change to the directory called images use the command...

Page 118: ...and awplus copy sftp 10 0 1 2 new cfg bob key To use SCP with the username beth to copy the file old cfg into the directory config_files on a remote server that is listening on TCP port 2000 use the c...

Page 119: ...onfig cfg configtest cfg To copy the file test txt from the top level of Flash on stack member 2 to the current directory in the stack master use the command awplus copy awplus 2 flash test txt test t...

Page 120: ...ystem Syntax copy current software destination name Mode Privileged Exec Example To copy the current software as installed in the working directory with the file name my release rel use the command aw...

Page 121: ...Mode Privileged Exec Example To copy debug output to a USB storage device with a filename my debug use the following command awplus copy debug usb my debug Output Figure 2 2 CLI prompt after entering...

Page 122: ...py the running config as current cfg to the remote server listening on TCP port 2000 use the command awplus copy running config scp user server 2000 config_files current cfg Related Commands copy star...

Page 123: ...as the file oldconfig cfg in the current directory use the command awplus copy startup config oldconfig cfg Related Commands copy running config Parameter Description source name The filename and path...

Page 124: ...inicom ZMODEM works over a serial connection and does not need any interfaces configured to do a file transfer Syntax copy source name zmodem copy zmodem Mode Privileged Exec Example To copy the local...

Page 125: ...ys and values that are expected in this file are correct After the file is created the create autoboot command will copy the current release and configuration files across to the external media The ex...

Page 126: ...rrent directory use the command awplus delete force one cfg To delete the directory old_configs which is not empty use the command awplus delete recursive old_configs To delete the directory new_confi...

Page 127: ...ied debug output file Syntax delete debug source name Mode Privileged Exec Example To delete debug output use the following command awplus delete debug Output Figure 2 3 CLI prompt after entering the...

Page 128: ...ename For example to specify a file in the configs directory on member 2 of a stack enter awplus 2 flash configs example cfg Examples To list the files in the current working directory use the command...

Page 129: ...wplus dir sort name To list the files by size smallest to largest use the command awplus dir sort reverse size To sort the files by modification time oldest to newest use the command awplus dir sort r...

Page 130: ...itor make sure your terminal terminal emulation program or Telnet client is 100 compatible with a VT100 terminal The editor uses VT100 control sequences to display text on the terminal For more inform...

Page 131: ...e your terminal terminal emulation program or Telnet client is 100 compatible with a VT100 terminal The editor uses VT100 control sequences to display text on the terminal Syntax edit filename Mode Pr...

Page 132: ...vice is then rebooted and returned to its factory default condition The device can then be used for AMF automatic node recovery Syntax erase factory default Mode Privileged Exec Usage This command is...

Page 133: ...when it boots up At the next restart the device loads the default configuration file default cfg If default cfg no longer exists then the device loads with the factory default configuration This prov...

Page 134: ...is helpful in network configurations where TFTP traffic needs to traverse point to point links or subnets within your network and you do not want to propagate those point to point links through your...

Page 135: ...configurations where TFTP traffic needs to traverse point to point links or subnets within your network and you do not want to propagate those point to point links through your routing tables In those...

Page 136: ...ir name Mode Privileged Exec Usage You cannot name a directory or subdirectory flash nvs usb card tftp scp sftp or http These keywords are reserved for tab completion when using various file commands...

Page 137: ...cfg to startup cfg use the command awplus move temp cfg startup cfg To move the file temp cfg from the root of the Flash filesystem to the directory myconfigs use the command awplus move temp cfg myc...

Page 138: ...tination name debug nvs flash usb Mode Privileged Exec Example To movedebug output onto a USB storagedevicewith a filename my debug use the following command awplus move debug usb my debug Output Figu...

Page 139: ...s Operating System Version 5 4 7 1 x FILE AND CONFIGURATION MANAGEMENT COMMANDS PWD pwd Overview This command prints the current working directory Syntax pwd Mode Privileged Exec Example To print the...

Page 140: ...ve the directory images from the top level of the Flash filesystem use the command awplus rmdir flash images To create a directory called level1 containing a subdirectory called level2 and then force...

Page 141: ...igure 2 6 Example output from the show autoboot command Figure 2 7 Example output from the show autoboot command when an external media source is not present Related Commands autoboot enable create au...

Page 142: ...boot image flash x510 5 4 7 0 1 rel Default boot config flash default cfg Current boot config usb my cfg file exists Backup boot config flash backup cfg file not found Autoboot status enabled Table 2...

Page 143: ...ated Commands autoboot enable boot config file backup boot system backup show autoboot Backup boot config The configuration file to use during the next boot cycle if the main configuration file cannot...

Page 144: ...displays the contents of a specified file Syntax show file filename Mode Privileged Exec Example To display the contents of the file oldconfig cfg which is in the current directory use the command awp...

Page 145: ...M flash rw flash static local Y system rw system virtual local 10 0M 9 8M debug rw debug static local Y 499 0K 431 0K nvs rw nvs static local Y tftp rw tftp network scp rw scp network sftp ro sftp net...

Page 146: ...ow file Prefixes The prefixes used when entering commands to access the filesystems one of flash system nvs usb tftp scp sftp http S V D The memory type static virtual dynamic Lcl Ntwk Whether the mem...

Page 147: ...on full Display the running config for all features This is the default setting so it is the same as entering show running config feature Display only the configuration for a single feature The featur...

Page 148: ...route IPv6 static route configuration isakmp Internet Security Association Key Management Protocol ISAKMP configuration key chain Authentication key management configuration l2tp profile L2TP tunnel...

Page 149: ...g switch Switch configuration web control Web Control configuration Parameter Description awplus show running config service password encryption hostname MyNode no banner motd username manager privile...

Page 150: ...g config show running config interface switch 1 provision x510 28 vlan database vlan 2 15 state enable interface port1 0 1 1 0 6 switchport switchport mode access interface port1 0 25 1 0 26 switchpor...

Page 151: ...in a list The specified interfaces must exist dot1x Displays running configuration for 802 1X port authentication for the specified interfaces lacp Displays running configuration for LACP Link Aggrega...

Page 152: ...vlan1 To display the current running configuration of a device for VLANs 1 and 3 5 use the command awplus show running config interface vlan1 vlan3 vlan5 To display the current OSPF configuration of y...

Page 153: ...eature Overview and Configuration Guide Syntax show startup config Mode Privileged Exec Example To display the contents of the current start up configuration file use the command awplus show startup c...

Page 154: ...ll rights reserved c 2001 2003 Cambridge Broadband Ltd All rights reserved c 2003 Sun Microsystems Inc All rights reserved c 2003 2006 Sparta Inc All rights reserved c 2004 Cisco Inc and Information N...

Page 155: ...2002 2004 MontaVista Software Inc All rights reserved Copyright c 2005 2010 Red Hat Inc File Utility Library Copyright c Ian F Darwin 1986 1987 1989 1992 1994 1995 Software written by Ian F Darwin an...

Page 156: ...ant if files may be automatically written to the storage device such as external log files or AMF backup files Syntax unmount usb unmount usb member stack ID Mode Privileged Exec Example To unmount a...

Page 157: ...copies the running config into the file that is set as the current startup config file This command is a synonym of the write memory and copy running config startup config commands Syntax write file...

Page 158: ...nd copies the running config into the file that is set as the current startup config file This command is a synonym of the write file and copy running config startup config commands Syntax write memor...

Page 159: ...MANDS WRITE TERMINAL write terminal Overview This command displays the current configuration of the device This command is a synonym of the show running config command Syntax write terminal Mode Privi...

Page 160: ...on page 170 flowcontrol hardware asyn console on page 172 length asyn on page 174 line on page 175 privilege level on page 177 security password history on page 178 security password forced change on...

Page 161: ...service terminal length deleted on page 189 show privilege on page 190 show security password configuration on page 191 show security password user on page 192 show telnet on page 193 show users on p...

Page 162: ...minal session exists on the line then the terminal session is terminated If console line settings have changed then the new settings are applied Syntax clear line console 0 Mode Privileged Exec Exampl...

Page 163: ...INE VTY clear line vty Overview This command resets a VTY line If a session exists on the line then it is closed Syntax clear line vty 0 32 Mode Privileged Exec Example To reset the first VTY line use...

Page 164: ...5 by default Previously the default was level 1 Mode Global Configuration Usage This command enables the Network Administrator to set a password for entering the Privileged Exec mode when using the en...

Page 165: ...and First use the enable password command to specify the string that you want to use as a password mypasswd Then use the service password encryption command to encrypt the specified string mypasswd Th...

Page 166: ...onfiguration file will show only the encrypted string and not the text string awplus configure terminal awplus config enable password 8 fU7zHzuutY2SA awplus config end This results in the following sh...

Page 167: ...is level 15 by default Mode Global Configuration Usage This command enables the Network Administrator to set a password for entering the Privileged Exec mode when using the enable Privileged Exec mod...

Page 168: ...st use the enable password command to specify the string that you want to use as a password mypasswd Then use the service password encryption command to encrypt the specified string mypasswd The advan...

Page 169: ...ration file will show only the encrypted string and not the text string awplus configure terminal awplus config enable secret 8 fU7zHzuutY2SA awplus config end This results in the following show outpu...

Page 170: ...re it times out An exec timeout 0 0 setting will cause the telnet session to wait indefinitely The command exec timeout 0 0 is useful while configuring a device but reduces device security If no input...

Page 171: ...C613 50170 01 Rev B Command Reference for x510 Series 171 AlliedWare Plus Operating System Version 5 4 7 1 x USER ACCESS COMMANDS EXEC TIMEOUT Related Commands line service telnet...

Page 172: ...message is sent to the sending device to suspend the transmission until the data in the buffers has been processed Hardware flow control can be configured on terminal console lines e g asyn0 For Rever...

Page 173: ...control on terminal console line asyn0 use the commands awplus configure terminal awplus config line console 0 awplus config line flowcontrol hardware To disable hardware flow control on terminal cons...

Page 174: ...r than the length of the line the output will be paused and the More prompt allows you to move to the next screen full of data A length of 0 will turn off pausing and data will be displayed to the con...

Page 175: ...To change the console asyn port speed use this line command to enter Line Configuration mode before using the speed asyn command Set the console speed Baud rate to match the transmission rate of the d...

Page 176: ...o enter Line Configuration mode to configure the console asyn 0 port terminal line use the commands awplus configure terminal awplus config line console 0 awplus config line Related Commands accountin...

Page 177: ...ec and all User Exec commands However intermediate CLI security will not show configuration commands in Privileged Exec Examples To set the console connection to have the maximum privilege level use t...

Page 178: ...ommand awplus configure terminal awplus config security password history 3 To allow the reuse of recent passwords use the command awplus configure terminal awplus config no security password history R...

Page 179: ...xpired pwd feature must be disabled with the security password reject expired pwd command The no variant of the command disables this feature Syntax security password forced change no security passwor...

Page 180: ...fetime is 0 which will disable the lifetime functionality Mode Global Configuration Example To configure the password lifetime to 10 days use the command awplus configure terminal awplus config securi...

Page 181: ...from re using old passwords For example if you do not allow people to re use any of their last 5 passwords a person can bypass that restriction by changing their password 5 times in quick succession...

Page 182: ...ld align with the lifetime selected i e the fewer categories specified the shorter the lifetime specified Syntax security password minimum categories 1 4 Default The default number of categories that...

Page 183: ...mum password length is 1 Mode Global Configuration Example To configure the required minimum password length as 8 use the command awplus configure terminal awplus config security password minimum leng...

Page 184: ...config file Note that when the reject expired pwd functionality is disabled and a user logs on with an expired password if the forced change feature is enabled with security password forced change com...

Page 185: ...y Mode Global Configuration Example To configure a warning period of three days use the command awplus configure terminal awplus config security password warning 3 Related Commands security password f...

Page 186: ...re displays the possible options The no service advanced vty command disables the advanced vty help feature Syntax service advanced vty no service advanced vty Default The advanced vty help feature is...

Page 187: ...ain text Use the no service password encryption command to stop the device from displaying newly entered passwords in encrypted form This does not change the display of existing passwords NOTE Do not...

Page 188: ...ng telnet sessions will still be active Syntax service telnet ip ipv6 no service telnet ip ipv6 Default The IPv4 and IPv6 telnet servers are enabled by default The configured telnet port is TCP port 2...

Page 189: ...e for x510 Series 189 AlliedWare Plus Operating System Version 5 4 7 1 x USER ACCESS COMMANDS SERVICE TERMINAL LENGTH DELETED service terminal length deleted Overview This command has been deleted in...

Page 190: ...15 gives full user access to all Privileged Exec commands Syntax show privilege Mode User Exec and Privileged Exec Usage A user can have an intermediate CLI security level set with this command for pr...

Page 191: ...put Figure 3 2 Example output from the show security password configuration command Related Commands security password forced change security password history security password lifetime security passw...

Page 192: ...w security password user Output Figure 3 3 Example output from the show security password user command Related Commands security password forced change security password history security password life...

Page 193: ...shows the Telnet server settings Syntax show telnet Mode User Exec and Privileged Exec Example To show the Telnet server settings use the command awplus show telnet Output Figure 3 4 Example output fr...

Page 194: ...command Line User Host s Idle Location Priv Idletime Timeout con 0 manager idle 00 00 00 ttyS0 15 10 N A vty 0 bob idle 00 00 03 172 16 11 3 1 0 5 Table 1 Parameters in the output of the show users c...

Page 195: ...t example use the command awplus telnet host example To connect to the telnet server host example on TCP port 100 use the command awplus telnet host example 100 Parameter Description hostname The host...

Page 196: ...enabled then it will be restarted on the new port Changing the port number does not affect the port used by existing sessions Syntax telnet server 1 65535 default Mode Global Configuration Example To...

Page 197: ...pecified by this command The default length will apply unless you have changed the length for some or all lines by using the length asyn command Syntax terminal length length terminal no length length...

Page 198: ...d on the user s terminal Syntax terminal resize Mode User Exec and Privileged Exec Usage When the user s terminal size is changed then a remote session via SSH or TELNET adjusts the terminal size auto...

Page 199: ...ege levels if an enable password has been configured for the level the user tries to access and the user enters that password A user at privilege level 1 can access the majority of show commands A use...

Page 200: ...To create the user bob with a privilege level of 15 for all show commands including show running configuration and show startup configuration and to access configuration commands in Privileged Exec c...

Page 201: ...ion 5 4 6 1 x and later new installations of Allied Telesis Management Framework AMF require a Subscription License instead of a Feature License For information about Subscription Licensing commands s...

Page 202: ...specific to you when you initially add a license Once a license is added any change to the license label first requires removal of the license before adding a license again with a new license label Th...

Page 203: ...network traffic Only install licenses in scheduled maintenance periods for devices in a live environment Examples To activate the license called IPv6 that has the key 12345678ABCDE123456789ABCDE use t...

Page 204: ...on about all enabled licenses use the command awplus show license To display full information about the licenses with index number 1 use the command awplus show license index 1 Output Figure 4 2 Examp...

Page 205: ...ion Name of the region for the Base License features Index Index identifying entry The index is assigned automatically by the software It is not configured License name Name of the license key bundle...

Page 206: ...display a brief summary of information about all feature licenses use the command awplus show license feature brief Output Figure 4 3 Example output from show license brief Parameter Description featu...

Page 207: ...ief Parameter Description Board region Name of the region for the Base License features Index Index identifying entry The index is assigned automatically by the software It is not configured License n...

Page 208: ...on stack member 2 use the command awplus show license brief member 2 To display a briefsummary aboutall enabledlicenses on all stack members use the command awplus show license brief member all To di...

Page 209: ...ief member Parameter Description Board region Name of the region for the Base License features Index Index identifying entry The index is assigned automatically by the software It is not configured Li...

Page 210: ...show license member all command to display full list output of all licenses per stack member Examples To display full information about all enabled licenses on all stack members use the command awplus...

Page 211: ...P Index 2 License name PIM Trial Customer name PIM Trial Quantity of licenses 10 Type of license 30 day trial License issue date 12 Jul 2014 License expiry date 12 Jul 2014 Features included PIM PIM 1...

Page 212: ...subscription for each AMF master or controller node in your AMF network To see the AMF subscriptions for your device see the AlliedWare Plus Datasheet For Software Version 5 4 6 2 x and later Subscri...

Page 213: ...tion license for a stack member and later have to permanently replace that stack member you can transfer the license to another stack member To do this 1 Check which stack member the license entitleme...

Page 214: ...pdate online instead Syntax license update filename Mode Privileged Exec Usage You can download subscription licenses from the Allied Telesis Download Center in order to copy them onto the device Exam...

Page 215: ...ximately 5 seconds If the console does not respond for 10 or more seconds after typing the command a network routing or firewall configuration error is probably preventing the connection from establis...

Page 216: ...nd Reference for x510 Series 216 AlliedWare Plus Operating System Version 5 4 7 1 x SUBSCRIPTION LICENSING COMMANDS LICENSE UPDATE ONLINE Related Commands show license external Command changes Version...

Page 217: ...CRF When you load the license onto the stack the software checks that the CRF is valid for one of the stack members the source stack member The software then applies the license entitlement to all me...

Page 218: ...piry date 19 Apr 2017 23 59 Maximum AMF nodes 20 Start date 20 Apr 2017 00 00 Expiry date 20 Apr 2018 23 59 Maximum AMF nodes 50 awplus show license external Features with installed entitlements AMF M...

Page 219: ...613 50170 01 Rev B Command Reference for x510 Series 219 AlliedWare Plus Operating System Version 5 4 7 1 x SUBSCRIPTION LICENSING COMMANDS SHOW LICENSE EXTERNAL Related Commands license update online...

Page 220: ...ew This chapter provides an alphabetical reference of commands used to configure the GUI For more information see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Comm...

Page 221: ...by default on Controllers Mode Global Configuration mode Usage To use Vista Manager EX you must also enable the HTTP service on all AMF nodes including all AMF masters and controllers The HTTP servic...

Page 222: ...ce and then enter the seconds If the GUI timeout is disabled a GUI session will remain active until you terminate it No idle time will be configured The same timeout period will apply to all GUI sessi...

Page 223: ...C613 50170 01 Rev B Command Reference for x510 Series 223 AlliedWare Plus Operating System Version 5 4 7 1 x GUI COMMANDS GUI TIMEOUT Related Commands show running config...

Page 224: ...og sends the messages out as they come NOTE There is a difference between log event and log host messages Log event messages are sent out as they come by syslog Log host messages are set to wait for a...

Page 225: ...Vista Manager EX and theAlliedWarePlus GUI Java applet Use the no variant of this command to disable the HTTP feature Syntax service http no service http Default Enabled Mode Global Configuration Exa...

Page 226: ...ew This command shows the HTTP server settings Syntax show http Mode User Exec and Privileged Exec Example To show the HTTP server settings use the command awplus show http Output Figure 6 2 Example o...

Page 227: ...ogin system on page 231 banner motd on page 233 clock set on page 235 clock summer time date on page 236 clock summer time recurring on page 238 clock timezone on page 240 continuous reboot prevention...

Page 228: ...3 show memory history on page 275 show memory pools on page 277 show memory shared on page 278 show process on page 279 show reboot history on page 282 show router id on page 284 show system on page 2...

Page 229: ...Ware Plus version and build date is displayed at console login such as Mode Global Configuration Examples To configure a User Exec mode banner after login in this example to tell people to use the ena...

Page 230: ...x SYSTEM CONFIGURATION AND MONITORING COMMANDS BANNER EXEC To remove the User Exec mode banner after login enter the following commands Related Commands banner login system banner motd awplus configur...

Page 231: ...e login banner Syntax banner login no banner login Default By default no login banner is displayed at console login Mode Global Configuration Examples To configure a login banner of Authorised users o...

Page 232: ...170 01 Rev B Command Reference for x510 Series 232 AlliedWare Plus Operating System Version 5 4 7 1 x SYSTEM CONFIGURATION AND MONITORING COMMANDS BANNER LOGIN SYSTEM Related Commands banner exec bann...

Page 233: ...x banner motd motd text no banner motd Default By default the device displays the AlliedWare Plus OS version and build date when you login Mode Global Configuration Examples To configure a MotD banner...

Page 234: ...ION AND MONITORING COMMANDS BANNER MOTD Related Commands banner exec banner login system awplus enable awplus configure terminal Enter configuration commands one per line End with CNTL Z awplus config...

Page 235: ...fset to the local time NOTE If Network Time Protocol NTP is enabled then you cannot change the time or date using this command NTP maintains the clock automatically using an external time source If yo...

Page 236: ...ndard time and NZDT UTC 13 00 assummertime with thesummertimesetto begin on the 25th of September 2016 and end on the 2nd of April 2017 awplus config clock summer time NZDT date 25 sep 2 00 2016 2 apr...

Page 237: ...B Command Reference for x510 Series 237 AlliedWare Plus Operating System Version 5 4 7 1 x SYSTEM CONFIGURATION AND MONITORING COMMANDS CLOCK SUMMER TIME DATE Related Commands clock summer time recurr...

Page 238: ...very year from now on start week Week of the month when summertime starts in the range 1 5 The value 5 indicates the last week that has the specified day in it for the specified month For example to s...

Page 239: ...ition for New Zealand using NZST UTC 12 00 as the standard time and NZDT UTC 13 00 as summertime with summertime set to start on the last Sunday in September and end on the 1st Sunday in April use the...

Page 240: ...t to the local time Examples To set the timezone to New Zealand Standard Time with an offset from UTC of 12 hours use the command awplus config clock timezone NZST plus 12 To set the timezone to India...

Page 241: ...ontinuous reboot prevention period threshold action Default Continuous reboot prevention is disabled by default The default period value is 600 the default threshold value is 1 and the default action...

Page 242: ...o stopreboot use the commands awplus configure terminal awplus config continuous reboot prevention period 500 action stopreboot To return the period and action to the defaults and keep the continuous...

Page 243: ...ED feature is enabled a change in port status will not affect the display of the associated LED When the eco friendly LED feature is disabled and power is returned to port LEDs the LEDs will correctly...

Page 244: ...endly lpi no ecofriendly lpi Default The eco friendly LPI feature is disabled by default Mode Interface Configuration for a switch port or Interface Configuration for a range of switch ports Usage For...

Page 245: ...and Reference for x510 Series 245 AlliedWare Plus Operating System Version 5 4 7 1 x SYSTEM CONFIGURATION AND MONITORING COMMANDS ECOFRIENDLY LPI Related Commands duplex ecofriendly led show ecofriend...

Page 246: ...stored automatically after either the default time or a specified timehas elapsed or a no findme command is used You can specify which interface or interfaces are flashed with the optional interface p...

Page 247: ...twice Each alternate flash will be amber if that device has amber LEDs This pattern will repeat until timeout default or set or no findme commands are used To deactivate the Find Me feature use the fo...

Page 248: ...ig Usage Note that findme trigger is not available if you have set the switch to take the following actions in response to an event For loop detection the actions log only and none For MAC address thr...

Page 249: ...ith a numeric suffix For example awplus 1 awplus 2 and so on The hostname command can then be used to change the stack name and the stack master s host name For example for the hostname Lab the stack...

Page 250: ...awplus configure terminal awplus config hostname HQ Sales This changes the prompt to HQ Sales config To revert to the default hostname awplus use the command HQ Sales config no hostname This changes t...

Page 251: ...following commands awplus config terminal awplus config max fib routes 2000 75 Parameter Description max fib routes This is the maximum number of routes that can be stored in the device s Forwarding...

Page 252: ...d to set the maximum number of static routes to the default of 1000 static routes Syntax max static routes 1 1000 no max static routes Default The default number of static routes is the maximum number...

Page 253: ...gging use the command awplus no debug all ipv6 To disable all NSM debugging use the command awplus no debug all nsm To disable all OSPF debugging use the command awplus no debug all ospf To disable al...

Page 254: ...e Mode debugging use the command awplus no debug all pim sparse mode To disable all RIP debugging use the command awplus no debug all rip To disable all VRRP debugging use the command awplus no debug...

Page 255: ...he whole stack you can either use this reboot command to reboot all stack members immediately or to minimize downtime reboot the stack members in a rolling sequence by using the reboot rolling command...

Page 256: ...Command Reference for x510 Series 256 AlliedWare Plus Operating System Version 5 4 7 1 x SYSTEM CONFIGURATION AND MONITORING COMMANDS RELOAD reload Overview This command performs the same function as...

Page 257: ...ct 2016 01 56 06 0000 Timezone NZST Timezone Offset 12 00 Summer time zone NZDT Summer time starts Last Sunday in September at 02 00 00 Summer time ends First Sunday in April at 02 00 00 Summer time o...

Page 258: ...eference for x510 Series 258 AlliedWare Plus Operating System Version 5 4 7 1 x SYSTEM CONFIGURATION AND MONITORING COMMANDS SHOW CLOCK Related Commands clock set clock summer time date clock summer t...

Page 259: ...us reboot prevention configuration Syntax show continuous reboot prevention Mode User Exec and Privileged Exec Examples To show the current continuous reboot prevention configuration use the command a...

Page 260: ...and Privileged Exec Examples To show the CPU utilization of current processes sorting them by the number of threads the processes are using use the command awplus show cpu sort thrds To show CPU util...

Page 261: ...corerotate 1 0 0 20 sleep 0 0 853 syslog ng 1 0 0 20 sleep 0 356 859 klogd 1 0 0 20 sleep 0 1 910 inetd 1 0 0 20 sleep 0 3 920 portmap 1 0 0 20 sleep 0 0 931 crond 1 0 0 20 sleep 0 1 1090 openhpid 11...

Page 262: ...allocations show memory history show memory pools show process state Process state one of run sleep zombie and dead sleep Percentage of time that the process is in the sleep state runtime The time tha...

Page 263: ...utput displays three graphs of the percentage CPU utilization per second for the last minute then per minute for the last hour then per 30 minutes for the last 30 hours If this command is entered on t...

Page 264: ...istory command Per second CPU load history 100 90 80 70 60 50 40 30 20 10 Oldest Newest CPU load per second last 60 seconds average CPU load Per minute CPU load history 100 90 80 70 60 50 40 30 20 10...

Page 265: ...Reference for x510 Series 265 AlliedWare Plus Operating System Version 5 4 7 1 x SYSTEM CONFIGURATION AND MONITORING COMMANDS SHOW CPU HISTORY Related Commands show memory show memory allocations sho...

Page 266: ...ed Exec Usage This command displays all debugging information similar to the way the show tech support command displays all show output for use by Allied Telesis authorized service personnel only Exam...

Page 267: ...d awplus show ecofriendly Front panel port LEDs normal Energy efficient ethernet Port Name Configured Status port1 0 1 Port 1 lpi lpi port1 0 2 lpi lpi port1 0 3 lpi lpi port1 0 4 off off port1 0 5 lp...

Page 268: ...riding the configuration set with the ecofriendly led command Power to the port LEDs is disabled Port Displays the port number as assigned by the switch Name Displays the port name if a name is config...

Page 269: ...interface port list memory Mode User Exec and Privileged Exec Example To display the shared memory used by all interfaces use the command awplus show interface memory To display the shared memory use...

Page 270: ...f show interface status show interface switchport awplus show interface memory Vlan blocking state shared memory usage Interface shmid Bytes Used nattch Status port1 0 1 393228 512 1 port1 0 2 458766...

Page 271: ...processes use the command awplus show memory Output Figure 7 9 Example output from show memory Parameter Description stack ID Stack member number from 1 to 8 sort Changes the sorting order for the li...

Page 272: ...he show memory command Parameter Description Stack member Stack member number RAM total Total amount of RAM memory free free Available memory size buffers Memory allocated kernel buffers pid Identifie...

Page 273: ...the memory allocations used by all processes on your device use the command awplus show memory allocations Output Figure 7 10 Example output from the show memory allocations command Parameter Descript...

Page 274: ...x510 Series 274 AlliedWare Plus Operating System Version 5 4 7 1 x SYSTEM CONFIGURATION AND MONITORING COMMANDS SHOW MEMORY ALLOCATIONS Related Commands show memory show memory history show memory po...

Page 275: ...tack ID Mode User Exec and Privileged Exec Usage This command s output displays three graphs of the percentage memory utilization per second for the last minute then per minute for the last hour then...

Page 276: ...OW MEMORY HISTORY Output Figure 7 11 Example output from the show memory history command Related Commands show memory allocations show memory pools show memory shared show tech support STACK member 1...

Page 277: ...he memory pools used by processes use the command awplus show memory pools Output Figure 7 12 Example output from the show memory pools command Related Commands show memory allocations show memory his...

Page 278: ...are Plus Feature Overview and Configuration Guide Syntax show memory shared Mode User Exec and Privileged Exec Example To display information about the shared memory allocation used on the device use...

Page 279: ...nd Privileged Exec Usage This command displays a snapshot of currently running processes If you want to see CPU or memory utilization history instead use the commands show cpu history or show memory h...

Page 280: ...ng 1 0 0 16 sleep 88 kernel threads pid name cpu pri state sleep 71 aio 0 0 20 sleep 0 3 events 0 0 10 sleep 98 Table 5 Parameters in the output from the show process command Parameter Description St...

Page 281: ...NFIGURATION AND MONITORING COMMANDS SHOW PROCESS Related Commands show cpu show cpu history pri Process priority state Process state one of run sleep stop zombie or dead sleep Percentage of time the p...

Page 282: ...quest 2016 10 10 01 35 31 Expected User Request 2016 10 10 01 16 25 Unexpected Rebooting due to critical process network nsm failure 2016 10 10 01 11 04 Unexpected Rebooting due to critical process ne...

Page 283: ...oot prevention show tech support Continuous reboot prevention A continuous reboot prevention event has occurred The action taken is configured with the continuous reboot prevention command The next ti...

Page 284: ...UTER ID show router id Overview Use this command to show the Router ID of the current system Syntax show router id Mode User Exec and Privileged Exec Example To display the Router ID of the current sy...

Page 285: ...ide Syntax show system Mode User Exec and Privileged Exec Example To display configuration information use the command awplus show system Output Figure 7 17 Example output from show system Related Com...

Page 286: ...Overview and Configuration Guide Syntax show system environment Mode User Exec and Privileged Exec Example To display the system s environmental status use the command awplus show system environment...

Page 287: ...Example To display information about the number of interrupts for each IRQ in your device use the command awplus show system interrupts Output Figure 7 19 Example output from the show system interrupt...

Page 288: ...o display the physical MAC address enter the following command awplus show system mac Output Figure 7 20 Example output from the show system mac command Output Figure 7 21 Example output showing how t...

Page 289: ...se the command awplus show system pci device Output Figure 7 22 Example output from the show system pci device command Related Commands show system environment show system pci tree awplus show system...

Page 290: ...ommand to display the PCI tree on your device Syntax show system pci tree Mode User Exec and Privileged Exec Example To display information about the PCI tree on your device use the command awplus sho...

Page 291: ...ion for the device For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show system serialnumber Mode Use...

Page 292: ...cpsn epsr firewall igmp ip ipv6 mld openflow ospf ospf6 pim rip ripng stack stp system tacacs update outfile filename Parameter Description all Display full information atmf Display ATMF specific info...

Page 293: ...already exists a newfilenameis generated withthe current timestamp If the output filename does not end with gz then gz is appended to the filename Since output files may be too large for Flash on the...

Page 294: ...iguration Usage This command is used to change the console asyn port speed Set the console speed to matchthetransmissionrateofthe device connectedto theconsole asyn port on your device Example To set...

Page 295: ...d Reference for x510 Series 295 AlliedWare Plus Operating System Version 5 4 7 1 x SYSTEM CONFIGURATION AND MONITORING COMMANDS SPEED ASYN Related Commands clear line console line show running config...

Page 296: ...4 7 1 x SYSTEM CONFIGURATION AND MONITORING COMMANDS SYSTEM TERRITORY DEPRECATED system territory deprecated Overview This command has been deprecated in Software Version 5 4 4 0 1 and later It now h...

Page 297: ...minal or use the timeout option to stop displaying debugging output on the terminal after a set time Syntax terminal monitor 1 60 terminal no monitor Default Disabled Mode User Exec and Privileged Exe...

Page 298: ...Reference for x510 Series 298 AlliedWare Plus Operating System Version 5 4 7 1 x SYSTEM CONFIGURATION AND MONITORING COMMANDS UNDEBUG ALL undebug all Overview This command applies the functionality o...

Page 299: ...s in optical power received over fiber cables For more information see the Pluggables and Cabling Feature Overview and Configuration Guide Command List clear test cable diagnostics tdr on page 300 deb...

Page 300: ...cable diagnostics tdr Overview Use this command to clear the results of the last cable test that was run Syntax clear test cable diagnostics tdr Mode Privileged Exec Examples To clear the results of a...

Page 301: ...c Privileged Exec Usage While debugging is enabled by this command for a port all the optical power readings for the port are sent to the console Example To enable debugging messages for active fiber...

Page 302: ...522 Fiber monitor port2 0 1 Channel 1 Reading 1748 Baseline 1708 Threshold 1356 01 42 52 awplus Pluggable 522 Fiber monitor port2 0 1 Channel 1 Reading 1717 Baseline 1709 Threshold 1357 01 42 54 awplu...

Page 303: ...nly generates a log message Example To set the device to send an SNMP notification when ports 1 0 1 or 1 0 2 receive reduced power use the commands awplus config interface port1 0 1 1 0 2 awplus confi...

Page 304: ...aused by temperature fluctuations etc could lead to unnecessary alarms There are two ways to configure the baseline The first is to choose a number of readings to average This is the default and recom...

Page 305: ...Command Reference for x510 Series 305 AlliedWare Plus Operating System Version 5 4 7 1 x PLUGGABLES AND CABLING COMMANDS FIBER MONITORING BASELINE Related Commands fiber monitoring interval fiber mon...

Page 306: ...e or to remove all the configuration and state for the ports respectively Syntax fiber monitoring enable no fiber monitoring enable no fiber monitoring Default Active fiber monitoring is disabled by d...

Page 307: ...polling interval to the default 5 seconds Syntax fiber monitoring interval 2 60 no fiber monitoring interval Default The interval is set to 5 seconds by default Mode Interface configuration mode for...

Page 308: ...ined levels in decibels or to a fixed absolute delta in units of 0 0001mW The alarm thresholds can be seen in the show system fiber monitoring output The maximum absolute sensitivity configurable is 0...

Page 309: ...ence for x510 Series 309 AlliedWare Plus Operating System Version 5 4 7 1 x PLUGGABLES AND CABLING COMMANDS FIBER MONITORING SENSITIVITY Related Commands fiber monitoring action fiber monitoring basel...

Page 310: ...onitoring awplus show sys fiber monitoring Fiber Monitoring Status Reading units 0 0001mW Stack member 1 Interface port1 0 1 Status enabled Supported Supported pluggable Debugging disabled Interval 2...

Page 311: ...sensitivity threshold for optical power changes on this port Baseline type How the baseline optical power level is calculated either the average of the specified number of previous readings or a spec...

Page 312: ...1 Rev B Command Reference for x510 Series 312 AlliedWare Plus Operating System Version 5 4 7 1 x PLUGGABLES AND CABLING COMMANDS SHOW SYSTEM FIBER MONITORING fiber monitoring interval fiber monitoring...

Page 313: ...luggable Example To display brief information about pluggable transceivers installed in port1 0 25 through port1 0 26 use the command awplus show system pluggable port1 0 25 1 0 26 Output Figure 8 3 E...

Page 314: ...nsceiver Serial Number Specifies the serial number for the installed pluggable transceiver Datecode Specifies the manufacturing datecode for the installed pluggable transceiver Checking the manufactur...

Page 315: ...detail command displays the following information SFP Laser Wavelength Specifies the laser wavelength of the installed pluggable transceiver Single mode Fiber Specifies the link length supported by t...

Page 316: ...plus show system pluggable detail Output Figure 8 4 Example output from show system pluggable detail for a specific port on a device awplus show system pluggable port1 0 25 detail System Pluggable Inf...

Page 317: ...AlliedWare Plus Feature Overview and Configuration Guide SFP Laser Wavelength Specifies the laser wavelength of the installed pluggable transceiver Single Mode Fiber Specifies the link length supporte...

Page 318: ...n optical SFP and SFP transceivers support Digital Diagnostics Monitoring DDM functions Diagnostic monitoring features allow you to monitor real time parameters of the pluggable transceiver such as op...

Page 319: ...Low 12 589 0 040 Rx LOS Rx Down Port1 0 26 Status Alarms Warnings Reading Alarm Max Min Warning Max Min Temp Degrees C 29 387 100 00 40 00 85 000 10 00 Vcc Volts 3 378 3 630 2 970 3 465 3 135 Tx Bias...

Page 320: ...ometer on a fixed copper cable port The displayed status of the cable can be either OK Open Short within pair Short across pair Error Syntax show test cable diagnostics tdr Mode Privileged Exec Exampl...

Page 321: ...displayed status of the cable can be either OK Short within pair or Open The Open or Short status is accompanied with the distance from the source port to the incorrect termination Syntax test cable...

Page 322: ...al on page 324 cc multicast on page 326 cc unicast on page 327 clear MEP Attribute on page 328 clear ethernet cfm errorlog on page 329 clear mep counter on page 330 ethernet cfm domain name on page 33...

Page 323: ...01 Rev B Command Reference for x510 Series 323 AlliedWare Plus Operating System Version 5 4 7 1 x CONNECTIVITY FAULT MANAGEMENT COMMANDS show ethernet cfm service on page 365 show mep alarm status on...

Page 324: ...s that MEP declares a connectivity fault This is known as a defect Upon detecting a defect the detecting MEP will also set the Remote Defect Indicator RDI bit for its outgoing CCM messages to its peer...

Page 325: ...1 Rev B Command Reference for x510 Series 325 AlliedWare Plus Operating System Version 5 4 7 1 x CONNECTIVITY FAULT MANAGEMENT COMMANDS CC INTERVAL service ma name Command changes Version 5 4 7 1 1 co...

Page 326: ...faults across a link using Link Level MEPs or across a segment of a VLAN using VLAN aware MEPs both of which are used within an MD MA CCMs are sent using multicast or unicast but not both In order to...

Page 327: ...a segment of a VLAN using VLAN aware MEPs both of which are used within an MD MA CCMs are sent using multicast or unicast but not both In order to enable a Local MEP to send theLocal MEP s active adm...

Page 328: ...ernet cfm domain name ethernet cfm mep mep FNG attributes service ma name Command changes Version 5 4 7 1 1 command added Parameter Description ccm ltm priority Set the queuing and p bit priority for...

Page 329: ...net cfm errorlog domain domain name Mode Privileged Exec Usage When a new error is detected for an MA that is associated with an MD and the error is due to an error from a received or missing CCM from...

Page 330: ...th the MEP ID 12 use the command awplus clear mep counter domain MD INST1 service MA INST1 1 mep 12 Related Commands show ethernet cfm maintenance points local mep Command changes Version 5 4 7 1 1 co...

Page 331: ...main name Parameter Description domain name The name that identifies this Maintenance Domain instance If creating this instance specify the remaining parameters If re entering configuration mode for t...

Page 332: ...D INST2 with a character string based name of MD 12L3 and a level of 3 use the command awplus config ethernet cfm domain name MD INST2 md type character string md type name MD 12L3 level 3 To enter Et...

Page 333: ...ULT MANAGEMENT COMMANDS ETHERNET CFM DOMAIN NAME cfm sf notify clear MEP Attribute ethernet cfm mep mep FNG attributes mep crosscheck service ma name show ethernet cfm domain show ethernet cfm errorlo...

Page 334: ...ion ports On a bridge port there are two types An Up Maintenance Entity is considered an inward MP It communicates across the inside of the bridge to the other side and this allows it to reach the out...

Page 335: ...in name of MD INST2 and an MA name of MA INST2 1 use the commands awplus config interface port1 0 2 awplus config if ethernet cfm mep down mpid 12 domain name MD INST2 ma name MA INST2 1 To re enter a...

Page 336: ...be generated Use this command to configure the following attributes of a Local MEP Fault Notification Generation Lowest Alarm Priority Defect the lowest defect priority that can cause an alarm to be r...

Page 337: ...r the defect has been abated for 6 seconds use the commands awplus config interface port1 0 2 awplus config if ethernet cfm mep down mpid 12 domain name MD INST2 ma name MA INST2 1 awplus config if et...

Page 338: ...ity Check Messages CCM by sending and receiving CCMs with Remote MEP peers Any defects detected locally can also be conveyed to Remote MEP peers by sending a Remote Defect Indicator RDI to the peers w...

Page 339: ...3 50170 01 Rev B Command Reference for x510 Series 339 AlliedWare Plus Operating System Version 5 4 7 1 x CONNECTIVITY FAULT MANAGEMENT COMMANDS MEP ACTIVE Command changes Version 5 4 7 1 1 command ad...

Page 340: ...f a VLAN or a local link using Continuity Check Messages CCM by sending and receiving CCMs with Remote MEP peers CCMs are high priority messages by default but the priority is configurable although we...

Page 341: ...s across the inside of the bridge to the other side and this allows it to reach the outside world It lives on a bridge port for a given VLAN but it does not use this port to send or receive to get to...

Page 342: ...n MEP is allowed to be link local VLAN unaware and its scope is that of the entire link Example To create a remote MEP instance named MA INST2 1 with an MEP ID of 21 use the command awplus config ethe...

Page 343: ...haracter Unique MEGID UMC code for the name Any remaining characters are padding out with NULLs by the system to fill out the 13 bytes This can only be used with Maintenance Domain whose name md type...

Page 344: ...essages carry the MA name within the MAID field Within an MD instance context this command is used to configure the MA name which can be chosen from a variety of format types Example To create a Maint...

Page 345: ...0170 01 Rev B Command Reference for x510 Series 345 AlliedWare Plus Operating System Version 5 4 7 1 x CONNECTIVITY FAULT MANAGEMENT COMMANDS SERVICE MA NAME Command changes Version 5 4 7 1 1 command...

Page 346: ...hy of MDs then MAs within each MD then local MEPs within that MA and finally remote MEPs within that MA Output Figure 9 1 Example output from show ethernet cfm details awplus show ethernet cfm details...

Page 347: ...urrent Defects Current Highest Defect Alarm Alarm Minimum Defect 2 someMACstatusDefect Alarm Trip Time AUTO 2 5 seconds Alarm Reset Time AUTO 10 seconds Configured Remote MEPs 102 Missing Remote MEPs...

Page 348: ...e Local Maintenance End Point Domain Name MD INST1 MA Service Name MA INST1 2 MA Primary VLAN 300 MEP ID 1 Direction Down Interface port1 0 1 MEP Active State True CC State Enabled CC Type Multicast P...

Page 349: ...meMACstatusDefect Alarm Trip Time AUTO 2 5 seconds Alarm Reset Time AUTO 10 seconds Configured Remote MEPs 101 1001 Missing Remote MEPs 101 1001 Error CCM Reason N A Last Error CCM N A Cross connect D...

Page 350: ...ersion 5 4 7 1 x CONNECTIVITY FAULT MANAGEMENT COMMANDS SHOW ETHERNET CFM DETAILS Related Commands show ethernet cfm domain show ethernet cfm maintenance points local mep show ethernet cfm maintenance...

Page 351: ...o show all domain configurations in summary format use the command awplus show ethernet cfm domain To show all domains in detail use the command awplus show ethernet cfm domain details To show a speci...

Page 352: ...e Domain Name Format character string Maintenance Domain Name Value MD 12L3 Level 3 Associated CFM Services Link Level MA INST2 1 MIP Creation None awplus show ethernet cfm domain MD INST1 details Mai...

Page 353: ...erence for x510 Series 353 AlliedWare Plus Operating System Version 5 4 7 1 x CONNECTIVITY FAULT MANAGEMENT COMMANDS SHOW ETHERNET CFM DOMAIN service ma name show ethernet cfm details Command changes...

Page 354: ...s logged to the CFM Errors Event List Example To show the list of errors for an MD named MD INST2 use the command awplus show ethernet cfm errorlog domain MD INST2 Output Figure 9 5 Example output fro...

Page 355: ...emote MEP has the same MEP ID as the local MEP that received the CCM For unicast remote MEPs this error can also indicate that even though the CCM received from the remote MEP has an MEP ID that match...

Page 356: ...ethernet cfm maintenance points local mep domain domain name service ma name mep mep id details counters Mode User Exec Privileged Exec Examples To showthe configurationand status of all theLocal MEP...

Page 357: ...nts local mep interface port1 0 2 Service Name MEPID Dir Interface State Defect MA INST1 1 12 D port1 0 2 En 3 Table 9 4 Parameters in the output from show ethernet cfm maintenance points local mep in...

Page 358: ...rent Highest Defect Alarm 4 someRMEPCCMdefect Alarm Minimum Defect 2 someMACstatusDefect Alarm Trip Time AUTO 2 5 seconds Alarm Reset Time AUTO 10 seconds Configured Remote MEPs 21 Missing Remote MEPs...

Page 359: ...ng It shows the defect s as both a defect priority and name Current Highest Defect Alarm The highest defect priority that has been encountered while the local MEP has been in an alarm state Alarm Mini...

Page 360: ...or this MA MAC address mismatch for a configured unicast RMEP via crosscheck the MAC address did not match the provisioned value in the associated MA N A indicates there is no error CCM defect being d...

Page 361: ...ommand Reference for x510 Series 361 AlliedWare Plus Operating System Version 5 4 7 1 x CONNECTIVITY FAULT MANAGEMENT COMMANDS SHOW ETHERNET CFM MAINTENANCE POINTS LOCAL MEP Command changes Version 5...

Page 362: ...intenance points remote mep domain MD INST1 service MA INST1 1 To show a specific remote MEP by its ID in detail use the command awplus show ethernet cfm maintenance points remote mep domain MD INST1...

Page 363: ...000c 2526 95bf details awplus show ethernet cfm maintenance points remote mep domain MD INST1 service MA INST1 1 CFM Domain Name MD INST1 CFM Service Name MA INST1 1 RX RX Port Intf MEPID CCM RDI Sta...

Page 364: ...ine Yes RMEP_OK CCMs are being received without any error Wait RMEP_START Still preparing to receive remote MEP CCMs without a timeout occurring Failed RMEP_FAILED While waiting to receive CCMs from a...

Page 365: ...To show a specified MA in detailed form use the command awplus show ethernet cfm service MA INST2 1 domain MD INST2 details Output Figure 9 11 Example output from show ethernet cfm service Parameter D...

Page 366: ...CFM Service Name MA INST2 1 CFM Domain Name MD INST2 CFM Domain Level 3 Primary VLAN Maintenance Assoc Name Format string Maintenance Assoc Name Value MA 12V100 CCM Transmission Interval 1 second Loca...

Page 367: ...igured for this MA It can be one of the following 3 CCI of 100 milliseconds 4 CCI of 1 second default 5 CCI of 10 seconds 6 CCI of 1 minute 7 CCI of 10 minutes Local MEPs A list of the Local MEPs conf...

Page 368: ...s and if these defects persist for a long enough period of time typically 2 5 seconds then an alarm is declared Example To show the alarms on local MEPs use the command awplus show mep alarm status Ou...

Page 369: ...nd List clear exception log on page 371 clear log on page 372 clear log buffered on page 373 clear log external on page 374 clear log permanent on page 375 copy buffered log on page 376 copy permanent...

Page 370: ...n page 419 log facility on page 420 log host on page 422 log host filter on page 424 log host exclude on page 427 log host source on page 430 log host time on page 431 log monitor filter on page 433 l...

Page 371: ...G clear exception log Overview This command resets the contents of the exception log but does not remove the associated core files NOTE When this command is used within a stacked environment it will r...

Page 372: ...ents of the buffered and permanent logs NOTE When this command is used within a stacked environment it will remove the contents of the buffered and permanent logs in all stack members Syntax clear log...

Page 373: ...d log NOTE When this command is used within a stacked environment it will remove the contents of the buffered logs in all stack members Syntax clear log buffered Mode Privileged Exec Example To delete...

Page 374: ...his command deletes all those files not just the most recent one When this command is used within a stacked environment it will delete the external logs on all stack members Syntax clear log external...

Page 375: ...TE When this command is used within a stacked environment it will remove the contents of the permanent logs in all stack members Syntax clear log permanent Mode Privileged Exec Example To delete the c...

Page 376: ...ax copy buffered log destination name Mode Privileged Exec Example To copy the buffered log file onto a USB storage device and name the file buffered log log use the command awplus copy buffered log u...

Page 377: ...permanent log destination name Mode Privileged Exec Example To copy the permanent log file onto a USB storage device and name the file permanent log log use the command awplus copy permanent log usb...

Page 378: ...the buffered log is 50 kB and it accepts messages with the severity level of warnings and above Syntax default log buffered Default The buffered log is enabled by default Mode Global Configuration Exa...

Page 379: ...ages sent to the terminal when a log console command is issued By default all messages are sent to the console when a log console command is issued Syntax default log console Mode Global Configuration...

Page 380: ...ll be sent This command also restores the remote syslog server time offset value to local no offset Syntax default log email email address Mode Global Configuration Example To restore the default sett...

Page 381: ...messages with a severity level of notices and above Note that this command does not clear the configured filename for the external log Syntax default log external Mode Global Configuration Example To...

Page 382: ...es will be sent This command also restores the remote syslog server time offset value to local no offset Syntax default log host ip addr Mode Global Configuration Example To restore the default settin...

Page 383: ...sent to the terminal when a terminal monitor command is used Syntax default log monitor Default All messages are sent to the terminal when a terminal monitor command is used Mode Global Configuration...

Page 384: ...anent log is 50 kB and it accepts messages with the severity level of warnings and above Syntax default log permanent Default The permanent log is enabled by default Mode Global Configuration Example...

Page 385: ...d to make way for new ones Syntax log buffered no log buffered Default The buffered log is configured by default Mode Global Configuration Examples To configured the device to store log messages in RA...

Page 386: ...to send to the buffered log The level can be specified as one of the following numbers or level names where 0 is the highest severity and 7 is the lowest severity 0 emergencies System is unusable 1 a...

Page 387: ...MISH epsr Ethernet Protection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protection poe Power inline Power over Ethernet dhcpsn DHCP snooping DHCPSN facility Filter messages to the buffe...

Page 388: ...llowing commands awplus configure terminal awplus config log buffered msgtext Bridging initialization To remove a filter that sends all messages generated by EPSR that have a severity of notices or hi...

Page 389: ...the specified severity level level The severity level to exclude The level can be specified as one of the following numbers or level names where 0 is the highest severity and 7 is the lowest severity...

Page 390: ...ection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protection poe Power inline Power over Ethernet dhcpsn DHCP snooping DHCPSN facility Exclude messages from a syslog facility facility Sp...

Page 391: ...UDE Example To remove messages that contain the string example of irrelevant message use the following commands awplus configure terminal awplus config log buffered exclude msgtext example of irreleva...

Page 392: ...en filled old messages will be deleted to make room for new messages Syntax log buffered size 50 250 Mode Global Configuration Example To allow the buffered log to use up to 100 kB of RAM use the foll...

Page 393: ...the no variant of this command to configure the device not to send log messages to consoles Syntax log console no log console Mode Global Configuration Examples To configure the device to send log mes...

Page 394: ...highest severity and 7 is the lowest severity 0 emergencies System is unusable 1 alerts Action must be taken immediately 2 critical Critical conditions 3 errors Error conditions 4 warnings Warning co...

Page 395: ...epsr Ethernet Protection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protection poe Power inline Power over Ethernet dhcpsn DHCP snooping DHCPSN facility Filter messages by syslog facilit...

Page 396: ...config log console msgtext Bridging initialization To remove a filter that sends all messages generated by EPSR that have a severity of notices or higher to consoles use the following commands awplus...

Page 397: ...arameter Description level Exclude messages of the specified severity level level The severity level to exclude The level can be specified as one of the following numbers or level names where 0 is the...

Page 398: ...Ethernet Protection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protection poe Power inline Power over Ethernet dhcpsn DHCP snooping DHCPSN facility Exclude messages from a syslog facili...

Page 399: ...ONSOLE EXCLUDE Mode Global configuration Example To remove messages that contain the string example of irrelevant message use the following commands awplus configure terminal awplus config log console...

Page 400: ...s Default By default no filters are defined for email log targets Filters must be defined before messages will be sent Mode Global Configuration Example To have log messages emailed to the email addre...

Page 401: ...o send logging messages to level Filter messages by severity level level The minimum severity of message to send The level can be specified as one of the following numbers or level names where 0 is th...

Page 402: ...ngs EPSR rmon Remote Monitoring loopprot Loop Protection poe Power inline Power over Ethernet dhcpsn DHCP snooping DHCPSN facility Filter messages by syslog facility facility Specify one of the follow...

Page 403: ...address admin alliedtelesis com use the following commands awplus configure terminal awplus config log email admin alliedtelesis com level informational To stop the device emailing log messages emaile...

Page 404: ...string Parameter Description level Exclude messages of the specified severity level level The severity level to exclude The level can be specified as one of the following numbers or level names where...

Page 405: ...Ethernet Protection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protection poe Power inline Power over Ethernet dhcpsn DHCP snooping DHCPSN facility Exclude messages from a syslog facilit...

Page 406: ...IL EXCLUDE Mode Global configuration Example To remove messages that contain the string example of irrelevant message use the following commands awplus configure terminal awplus config log email exclu...

Page 407: ...Use the offset option if the email recipient is in a different time zone to this device Specify the time offset of the email recipient in hours Messages will display the time they were generated on t...

Page 408: ...information converted to the time zone of the email recipient which is 3 hours ahead of the device s local time zone use the following commands awplus configure terminal awplus config log email admin...

Page 409: ...ile systems have a lower risk of file corruption occurring if the switch or firewall loses power You should also unmount the storage device before removing it from the switch or firewall to avoid corr...

Page 410: ...0170 01 Rev B Command Reference for x510 Series 410 AlliedWare Plus Operating System Version 5 4 7 1 x LOGGING COMMANDS LOG EXTERNAL show log external unmount Command changes Version 5 4 7 1 1 command...

Page 411: ...scription level Filter messages to the external log by severity level level The minimum severity of message to send to the external log The level can be specified as one of the following numbers or le...

Page 412: ...Shell IMISH epsr Ethernet Protection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protection poe Power inline Power over Ethernet dhcpsn DHCP snooping DHCPSN facility Filter messages to th...

Page 413: ...ext Bridging initialization to the external log use the following commands awplus configure terminal awplus config log external msgtext Bridging initialization To remove a filter that sends all messag...

Page 414: ...the specified severity level level The severity level to exclude The level can be specified as one of the following numbers or level names where 0 is the highest severity and 7 is the lowest severity...

Page 415: ...ection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protection poe Power inline Power over Ethernet dhcpsn DHCP snooping DHCPSN facility Exclude messages from a syslog facility facility Sp...

Page 416: ...the string example of irrelevant message use the following commands awplus configure terminal awplus config log external exclude msgtext example of irrelevant message Related Commands clear log exter...

Page 417: ...etting rotate to 2 makes the device rotate through 3 files Note that if you set rotate to 0 and the external log file becomes full then the device deletes the full log file and creates a new empty fil...

Page 418: ...g System Version 5 4 7 1 x LOGGING COMMANDS LOG EXTERNAL ROTATE Related Commands clear log external default log external log external log external filter log external exclude log external size show lo...

Page 419: ...rnal rotate 1 each file will have a maximum size of 25 kBytes by default Use the no variant of this command to return to the default size Syntax log external size 50 4194304 no log external size Defau...

Page 420: ...Configuration Usage Specifying different facilities for log messages generated on different devices can allow messages from multiple devices sent to a common server to be distinguished from each othe...

Page 421: ...ity local6 Related Commands show log config ftp FTP daemon local 0 7 The facility labels above have specific meanings while the local facility labels are intended to be put to local use In AlliedWare...

Page 422: ...ate for any of the trustpoints that are associated with the application The remote server may also request that a certificate is transmitted from the local device In this situation the first trustpoin...

Page 423: ...0170 01 Rev B Command Reference for x510 Series 423 AlliedWare Plus Operating System Version 5 4 7 1 x LOGGING COMMANDS LOG HOST log host exclude log host source log host time log trustpoint show log...

Page 424: ...og server level Filter messages by severity level level The minimum severity of message to send The level can be specified as one of the following numbers or level names where 0 is the highest severit...

Page 425: ...ng loopprot Loop Protection poe Power inline Power over Ethernet dhcpsn DHCP snooping DHCPSN facility Filter messages by syslog facility facility Specify one of the following syslog facilities to incl...

Page 426: ...1 use the following commands awplus configure terminal awplus config log host 10 32 16 21 level informational To remove a filter that sends all messages generated by EPSR that have a severity of notic...

Page 427: ...eter Description level Exclude messages of the specified severity level level The severity level to exclude The level can be specified as one of the following numbers or level names where 0 is the hig...

Page 428: ...Ethernet Protection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protection poe Power inline Power over Ethernet dhcpsn DHCP snooping DHCPSN facility Exclude messages from a syslog facilit...

Page 429: ...LUDE Mode Global configuration Example To remove messages that contain the string example of irrelevant message use the following commands awplus configure terminal awplus config log host exclude msgt...

Page 430: ...o variant of this command to stop specifying a source interface or address Syntax log host source interface name ipv4 addr ipv6 addr no log host source Default None no source is configured Mode Global...

Page 431: ...remote syslog server in hours Messages will display the time they were generated on this device but converted to the time zone of the remote syslog server Examples To send messages to the remote syslo...

Page 432: ...me zone use the following commands awplus configure terminal awplus config log host 10 32 16 12 time local offset plus 3 To send messages to the remote syslog server with the IP address 10 32 16 02 wi...

Page 433: ...evel names where 0 is the highest severity and 7 is the lowest severity 0 emergencies System is unusable 1 alerts Action must be taken immediately 2 critical Critical conditions 3 errors Error conditi...

Page 434: ...ings EPSR rmon Remote Monitoring loopprot Loop Protection poe Power inline Power over Ethernet dhcpsn DHCP snooping DHCPSN facility Filter messages by syslog facility facility Specify one of the follo...

Page 435: ...awplus configure terminal awplus config log monitor level info program auth To remove a filter that sends all messages generated by EPSR that have a severity of notices or higher to the terminal use t...

Page 436: ...Parameter Description level Exclude messages of the specified severity level level The severity level to exclude The level can be specified as one of the following numbers or level names where 0 is t...

Page 437: ...Ethernet Protection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protection poe Power inline Power over Ethernet dhcpsn DHCP snooping DHCPSN facility Exclude messages from a syslog facili...

Page 438: ...ITOR EXCLUDE Mode Global configuration Example To remove messages that contain the string example of irrelevant message use the following commands awplus configure terminal awplus config log monitor e...

Page 439: ...ay for new messages The no variant of this command configures the device not to send any messages to the permanent log Log messages will not be retained over a restart Syntax log permanent no log perm...

Page 440: ...rity of message to send The level can be specified as one of the following numbers or level names where 0 is the highest severity and 7 is the lowest severity 0 emergencies System is unusable 1 alerts...

Page 441: ...l IMISH epsr Ethernet Protection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protection poe Power inline Power over Ethernet dhcpsn DHCP snooping DHCPSN facility Filter messages by syslog...

Page 442: ...use the following commands awplus configure terminal awplus config log permanent level notices program epsr To create a filter to send all messages containing the text Bridging initialization to the...

Page 443: ...sages of the specified severity level level The severity level to exclude The level can be specified as one of the following numbers or level names where 0 is the highest severity and 7 is the lowest...

Page 444: ...ection Switched Rings EPSR rmon Remote Monitoring loopprot Loop Protection poe Power inline Power over Ethernet dhcpsn DHCP snooping DHCPSN facility Exclude messages from a syslog facility facility Sp...

Page 445: ...ple To remove messages that contain the string example of irrelevant message use the following commands awplus configure terminal awplus config log permanent exclude msgtext example of irrelevant mess...

Page 446: ...ld messages will be deleted to make room for new messages Syntax log permanent size 50 250 Mode Global Configuration Example To allow the permanent log to use up to 100 kB of NVS use the following com...

Page 447: ...is log rate limiting feature constrains the rate that log messages are generated by the device Notethatif withinthe giventimeinterval thenumberoflogmessages exceeds the limit then any excess log messa...

Page 448: ...liedWare Plus Operating System Version 5 4 7 1 x LOGGING COMMANDS LOG RATE LIMIT NSM To return the device the default setting to generate up to 200 log messages per second use the following commands a...

Page 449: ...e certificate received from the remote server must have an issuer chain that terminates with the root CA certificate for any of the trustpoints that are associated with the application If no trustpoin...

Page 450: ...eived P4 32 Total Received P5 312 Total Received P6 1602 Total Received P7 372 Table 11 Parameters in output of the show counter log command Parameter Description Total Received Total number of messag...

Page 451: ...g Mode User Exec and Privileged Exec Example To display the exception log use the command awplus show exception log Output Figure 10 2 Example output from the show exception log command on a device aw...

Page 452: ...ion Usage If the optional tail parameter is specified only the latest 10 messages in the buffered log are displayed A numerical value can be specified after the tail parameter to select how many of th...

Page 453: ...ern notice awplus kernel Linux version 2 6 32 12 at1 mak er awpmaker03 dl gcc version 4 3 3 Gentoo 4 3 3 r3 p1 2 pie 10 1 5 1 Wed Dec 8 11 53 40 NZDT 2010 2011 Aug 29 07 55 22 kern warning awplus kern...

Page 454: ...Example To display the logging configuration use the command awplus show log config Output Figure 10 4 Example output from show log config Facility default PKI trustpoints example_trustpoint Buffered...

Page 455: ...nnot be set at the same time If console logging is enabled then the terminal logging is turned off Related Commands show counter log show log show log permanent Host 10 32 16 21 Time offset 2 00 Offse...

Page 456: ...latest 10 messages in the permanent log are displayed A numerical value can be specified after the tail parameter to change how many of the latest messages should be displayed Example To display the...

Page 457: ...fault log permanent Parameter Description stack ID Stack member number from 1 to 8 tail Display only the latest log entries 10 250 Specify the number of log entries to display awplus show log permanen...

Page 458: ...B Command Reference for x510 Series 458 AlliedWare Plus Operating System Version 5 4 7 1 x LOGGING COMMANDS SHOW LOG PERMANENT log permanent log permanent filter log permanent exclude log permanent si...

Page 459: ...G LOG show running config log Overview This command displays the current running configuration of the Log utility Syntax show running config log Mode Privileged Exec and Global Configuration Example T...

Page 460: ...may be automatically written to the storage device such as external log files or AMF backup files Syntax unmount usb unmount usb member stack ID Mode Privileged Exec Example To unmount a USB storage d...

Page 461: ...ce for x510 Series 461 AlliedWare Plus Operating System Version 5 4 7 1 x Scripting Commands Introduction Overview This chapter provides commands used for command scripts Command List activate on page...

Page 462: ...filename extension of either sh or scp only for the AlliedWare Plus CLI to activate the script file The sh filename extension indicates the file is an ASH script and the scp filename extension indicat...

Page 463: ...o the terminal followed by a blank line Syntax echo line Mode User Exec and Privileged Exec Usage This command may be useful in CLI scripts to make the script print user visible comments Example To ec...

Page 464: ...the command line Usage Use this command to pause script execution in an scp AlliedWare Plus script or an sh ASH script file executed by the activate command The script must contain an enable command...

Page 465: ...chapter provides an alphabetical reference of commands used to configure and display interfaces Command List description interface on page 466 interface to configure on page 467 mru on page 469 mtu on...

Page 466: ...ption Mode Interface Configuration Example The following example uses this command to describe the device that a switch port is connected to awplus configure terminal awplus config interface port1 0 2...

Page 467: ...ility and simplify management information gathering and filtering One example of this increased reliability is for OSPF to advertise a local loopback interface as an interface route into the network i...

Page 468: ...1 x INTERFACE COMMANDS INTERFACE TO CONFIGURE The following example shows how to enter Interface mode to configure the local loopback interface awplus configure terminal awplus config interface lo awp...

Page 469: ...additional components Source and Destination addresses EtherType field Priority and VLAN tag fields FCS These additional components increase the frame size internally to 1522 bytes Syntax mru mru siz...

Page 470: ...AlliedWare Plus Operating System Version 5 4 7 1 x INTERFACE COMMANDS MRU To restore the MRU size of 1500 bytes on port1 0 2 use the commands awplus configure terminal awplus config interface port1 0...

Page 471: ...device will send an ICMP destination unreachable 3 packet type and a fragmentation needed and DF set 4 code back to the source For IPv6 packets bigger than the MTU size of the transmitting VLAN interf...

Page 472: ...C613 50170 01 Rev B Command Reference for x510 Series 472 AlliedWare Plus Operating System Version 5 4 7 1 x INTERFACE COMMANDS MTU Related Commands show interface...

Page 473: ...ze for VLAN interfaces and MRU Maximum Received Unit size for switch ports Example To display configuration and status information for all interfaces use the command awplus show interface Parameter De...

Page 474: ...dware is Ethernet address is 0000 cd24 daeb index 5001 metric 1 mru 1500 UP BROADCAST RUNNING MULTICAST current duplex full current speed 1000 configured duplex auto configured speed auto configured p...

Page 475: ...ST RUNNING MULTICAST SNMP link status traps Disabled Bandwidth 1g input packets 295606 bytes 56993106 dropped 5 multicast packets 156 output packets 299172 bytes 67379392 multicast packets 0 broadcast...

Page 476: ...e User Exec and Privileged Exec Output Figure 12 4 Example output from show interface brief Related Commands show interface show interface memory awplus show int brief Interface Status Protocol port1...

Page 477: ...rt list memory Mode User Exec and Privileged Exec Example To display the shared memory used by all interfaces use the command awplus show interface memory To display the shared memory used by port1 0...

Page 478: ...face status show interface switchport awplus show interface memory Vlan blocking state shared memory usage Interface shmid Bytes Used nattch Status port1 0 1 393228 512 1 port1 0 2 458766 512 1 port1...

Page 479: ...eparated by a hyphen e g port1 0 1 1 0 6 or sa1 2 or po1 2 a comma separated list of ports and port ranges e g port1 0 1 port1 0 4 1 0 6 Do not mix switch ports static channel groups and dynamic LACP...

Page 480: ...te promiscuous it displays the primary VLAN ID if it has one and promiscuous if it does not have a VLAN ID When the VLAN mode is private host it displays the primary and secondary VLAN IDs When the po...

Page 481: ...egator and its component ports as admin down While the aggregator is down the device accepts shutdown and no shutdown commands on component ports but these have no effect on port status Ports will not...

Page 482: ...ence of commands used to configure Port Mirroring and Remote Mirroring also known as RSPAN For more information see the Mirroring Feature Overview and Configuration Guide Command List mirror interface...

Page 483: ...source switch ports to mirror A port list can be a port e g port1 0 2 a continuous range of ports separated by a hyphen e g port1 0 1 1 0 2 a comma separated list of ports and port ranges e g port1 0...

Page 484: ...to mirror a subset of traffic from the mirrored port by using the copy to mirror parameter in hardware ACL commands Example To mirror traffic received and transmitted on port1 0 4 and port1 0 5 to de...

Page 485: ...remote mirror interface port list direction receive transmit no remote mirror interface none Default No ports are set to be remote mirrored by default Mode Interface Configuration Usage To prevent un...

Page 486: ...e source device for remote mirroring remote mirror interface command All mirrored ports on a single device must use the same remote mirror VLAN and priority Access control lists can be used to mirror...

Page 487: ...put Figure 13 1 Example output from the show mirror command Mirror Test Port Name port1 0 1 Mirror option Enabled Mirror direction both Monitored Port Name port1 0 2 Mirror Test Port Name port1 0 3 Mi...

Page 488: ...e port Mode User Exec Privileged Exec and Interface Configuration Example To display port mirroring configuration for the port1 0 4 use the following commands awplus configure terminal awplus config i...

Page 489: ...User priority 0 Monitored ports port1 0 1 direction both Remote mirror egress ports Remote mirror VLANs VLAN 259 Table 13 1 Parameters in the output from show remote mirror Parameter Description Remot...

Page 490: ...or vlan Remote mirror egress ports On the destination device this displays the remote mirror egress ports the remote mirror VLANs they are associated with Remote mirror VLANs On source destination and...

Page 491: ...ored traffic we recommend configuring remote monitoring on the receiving device before configuring it on the source device This command would typically be used for the port that transmits the remote m...

Page 492: ...nfiguring the source device The remote mirror VLAN operates in a special mode all traffic on the remote mirror VLAN is flooded and no learning or CPU processing is done for packets in the VLAN BPDU pa...

Page 493: ...170 01 Rev B Command Reference for x510 Series 493 AlliedWare Plus Operating System Version 5 4 7 1 x PORT MIRRORING AND REMOTE MIRRORING COMMANDS VLAN MODE REMOTE MIRROR VLAN switchport remote mirror...

Page 494: ...lus Operating System Version 5 4 7 1 x Interface Testing Commands Introduction Overview This chapter provides an alphabetical reference of commands used for testing interfaces Command List clear test...

Page 495: ...x clear test interface port list all Mode Privileged Exec Examples To clear the counters for port1 0 1 use the command awplus clear test interface port1 0 1 To clear the counters for all interfaces us...

Page 496: ...er entering this command enter Interface Configuration mode for the desired interfaces and enter the command test interface Do not test interfaces on a device that is part of a live network disconnect...

Page 497: ...ed 100 NOTE Do not run test interface on live networks because this will degrade network performance Syntax test interface port list all time 1 60 cont no test interface port list all Mode Privileged...

Page 498: ...enter the following commands awplus config service test awplus config no spanning tree rstp enable bridge forward awplus config interface vlan1 awplus config if shutdown awplus config if end awplus t...

Page 499: ...C613 50170 01 Rev B Command Reference for x510 Series 499 AlliedWare Plus Operating System Version 5 4 7 1 x Part 2 Interfaces and Layer 2...

Page 500: ...on page 504 clear mac address table dynamic on page 505 clear mac address table static on page 507 clear port counter on page 508 clear port security intrusion on page 509 debug loopprot on page 512 d...

Page 501: ...sabled on page 539 show interface switchport on page 540 show loop protection on page 541 show mac address table on page 543 show mac address table thrash limit on page 545 show platform on page 546 s...

Page 502: ...lex mode The flow control applied by the flowcontrol switch port command operates only on full duplex links whereas back pressure operates only on half duplex links If a port has insufficient capacity...

Page 503: ...on 5 4 7 1 x SWITCHING COMMANDS BACKPRESSURE Todisablebackpressureflowcontroloninterfaceport1 0 2enterthefollowing commands awplus configure terminal awplus config interface port1 0 2 awplus config if...

Page 504: ...Loop Protection counters Syntax clear loop protection interface port list counters Mode Privileged Exec Examples To clear the counter information for all interfaces awplus clear loop protection count...

Page 505: ...ac address table static command Note that an MSTP instance cannot be specified with the command clear mac address table static Examples This example shows how to clear all dynamically learned filterin...

Page 506: ...ADDRESS TABLE DYNAMIC This example shows how to clear all dynamically learned filtering database entries whenlearnedthroughdeviceoperationforagivenMSTP instance1 on switchport interface port1 0 2 awp...

Page 507: ...all filtering database entries for a specific interface configured through the CLI awplus clear mac address table static interface port1 0 3 This example shows how to clear filtering database entries...

Page 508: ...T COUNTER clear port counter Overview Use this command to clear the packet counters of the port Syntax clear port counter port Mode Privileged Exec Example To clear the packet counter for port1 0 1 us...

Page 509: ...intrusion interface port Mode Privileged Exec Examples To see the port security status on port1 0 1 use the following command awplus show port security interface port1 0 1 To see the intrusion list o...

Page 510: ...ng command awplus show port security intrusion interface port1 0 1 Table 15 2 Example output from show port security intrusion awplus show port security intrusion interface port1 0 1 Port Security Int...

Page 511: ...ating System Version 5 4 7 1 x SWITCHING COMMANDS CLEAR PORT SECURITY INTRUSION Related Commands show port security interface show port security intrusion switchport port security switchport port secu...

Page 512: ...pprot info msg pkt state nsm all Mode Privileged Exec and Global Configuration Example To enable debug for all state transitions use the command awplus debug loopprot state Related Commands show debug...

Page 513: ...ce packets sent and received by the CPU If a timeout is not specified then a default 5 minute timeout will be applied If a timeout of 0 is specified packet debug will be generated until the no variant...

Page 514: ...5 minutes enter awplus debug platform packet sflow To enable send packet debug with no timeout enter awplus debug platform packet send timeout 0 To enable VLAN packet debug for VLAN 2 with a timeout...

Page 515: ...LACP channel group must have the same port speed and be in full duplex mode Once switch ports have been aggregated into a channel group you can set the duplex mode of all the switch ports in the chann...

Page 516: ...C613 50170 01 Rev B Command Reference for x510 Series 516 AlliedWare Plus Operating System Version 5 4 7 1 x SWITCHING COMMANDS DUPLEX Related Commands backpressure polarity speed show interface...

Page 517: ...nd cannot receive any more traffic it notifies the other port to stop sending until the condition clears When the local device detects congestion at its end it notifies the remote device by sending a...

Page 518: ...terface port1 0 2 awplus config if flowcontrol receive on awplus configure terminal awplus config interface port1 0 2 awplus config if flowcontrol send on awplus configure terminal awplus config inter...

Page 519: ...l shut down Use the no variant of this command to disable flapping detection at this rate Syntax linkflap action shutdown no linkflap action Default Linkflap action is disabled by default Mode Global...

Page 520: ...erview and Configuration Guide for relevant conceptual configuration and overview information prior to applying this command Example To enable the loop detect mechanism on the switch and generate loop...

Page 521: ...d overview information prior to applying this command Example To disable the interface port1 0 4 and bring the link down when a network loop is detected use the commands awplus configure terminal awpl...

Page 522: ...variant of this command to reset the loop protection action delay time for an interface to default Syntax loop protection action delay time 0 86400 no loop protection action Default Action delay time...

Page 523: ...otection section in the Switching Feature Overview and Configuration Guide for relevant conceptual configuration and overview information prior to applying this command Example To configure a loop pro...

Page 524: ...ess table acquire Overview Use this command to enable MAC address learning on the device Use the no variant of this command to disable learning Syntax mac address table acquire no mac address table ac...

Page 525: ...ault of 300 seconds 5 minutes Syntax mac address table ageing time ageing timer none no mac address table ageing time Default The default ageing time is 300 seconds Mode Global Configuration Examples...

Page 526: ...address table logging no mac address table logging Default MAC address table logging is disabled by default Mode User Exec Privileged Exec Usage When MAC address table logging is enabled the switch p...

Page 527: ...ed traffic within a single VLAN Do not apply the mac address table static command to Layer 3 switched traffic passing from one VLAN to another VLAN Frames will not be discarded across VLANs because pa...

Page 528: ...disable thrash limiting Syntax mac address table thrash limit rate no mac address table thrash limit Default No thrash limiting Mode Global Configuration Usage Use this command to limit thrashing on t...

Page 529: ...tax platform hwfilter size ipv4 limited ipv6 ipv4 full ipv6 Default The default mode is ipv4 limited ipv6 Mode Global Configuration Example To configure hardware ACLs to filter IPv4 and IPv6 traffic u...

Page 530: ...of inputs you must turn off the inputs you do not want Useful combinations of inputs include all four inputs MAC address IP address and Layer 4 port number MAC address and Ethertype MAC address only I...

Page 531: ...ove Ethertype by entering awplus configure terminal awplus config no platform load balancing ethertype To use MAC addresses and Ethertype remove the IP inputs by entering awplus configure terminal awp...

Page 532: ...mc flooding no platform stop unreg mc flooding Default This feature is disabled by default Mode Global Configuration Usage This command stops the periodic flooding of unknown or unregistered multicas...

Page 533: ...To enable this feature and stop multicast packet flooding use the following commands awplus configure terminal awplus config platform stop unreg mc flooding To disable this feature and allow multicast...

Page 534: ...d 1522 bytes you must increase the MRU size to activate VLAN stacking Go into interface mode for the appropriate ports and use the mru command Syntax platform vlan stacking tpid tpid no platform vlan...

Page 535: ...y applies to copper 10BASE T 100BASE T and 1000BASE T switch ports it does not apply to fiber ports See the MDI MDIX Connection Modes section in the Switching Feature Overview and Configuration Guide...

Page 536: ...DS SHOW DEBUGGING LOOPPROT show debugging loopprot Overview This command shows Loop Protection debugging information Syntax show debugging loopprot Mode User Exec and Privileged Exec Example To displa...

Page 537: ...how debugging platform packet Overview This command shows platform to CPU level packet debugging information Syntax show debugging platform packet Mode User Exec and Privileged Exec Example To display...

Page 538: ...lowcontrol interface port Mode User Exec and Privileged Exec Example To display the flow control for the port1 0 5 use the command awplus show flowcontrol interface port1 0 5 Output Figure 15 1 Exampl...

Page 539: ...cols responsible for the shutdown Syntax show interface interface range err disabled Mode User Exec and Privileged Exec Example To show which protocols have shut down ports use the commands awplus sho...

Page 540: ...vileged Exec Example To display VLAN information about each switch port enter the command awplus show interface switchport Output Figure 15 3 Example output from the show interface switchport command...

Page 541: ...uration status use the command awplus show loop protection Figure 15 4 Example output from the show loop protection command To display the counter information use the command awplus show loop protecti...

Page 542: ...iedWare Plus Operating System Version 5 4 7 1 x SWITCHING COMMANDS SHOW LOOP PROTECTION awplus show loop protection counters Switch Loop Detection Counter Interface Tx Rx Rx Invalid Last LDF Rx port1...

Page 543: ...mple output captured when packets were switched and mac addresses were learned Note the new mac addresses learned for port1 0 4 and port1 0 6 added as dynamic entries Note the first column of the outp...

Page 544: ...table static mac address table static mac address table vcs sync mode awplus config mac address table static 0000 1111 2222 for int port1 0 3 vlan 2 awplus config end awplus awplus show mac address ta...

Page 545: ...d to display the current thrash limit set for all interfaces on the device Syntax show mac address table thrash limit Mode User Exec and Privileged Exec Example To display the current use the followin...

Page 546: ...c32l stop unreg mc flooding off Vlan stacking TPID 0x8100 Hardware Filter Size ipv4 limited ipv6 Table 16 Parameters in the output of the show platform command Parameter Description MAC vlan hashing a...

Page 547: ...e TPID set in the Ethernet type field when a frame has a double VLAN tag set with the platform vlan stacking tpid command Hardware Filter Size Whether hardware ACLs can filter on IPv6 addresses ipv4 f...

Page 548: ...represents of the total available Syntax show platform classifier statistics utilization brief Mode Privileged Exec Example To display the platform classifier utilization statistics use the following...

Page 549: ...les To display port registers for port1 0 1 and port1 0 2 use the following command awplus show platform port port1 0 1 port1 0 2 To display platform counters for port1 0 1 and port1 0 2 use the follo...

Page 550: ...for lport 0x08002003 Phy Driver 54680 Gigabit PHY Driver enabled 1 loopback 0 link 1 speed 1000 max speed 1000 duplex 1 linkscan 2 autonegotiate 1 master 2 tx pause 0 rx pause 0 untagged vlan 4000 vl...

Page 551: ...et packets received and transmitted General Counters Receive Counters for traffic received Octets Number of octets received Pkts Number of packets received FCSErrors Number of FCS Frame Check Sequence...

Page 552: ...al Frame counter FrmWExcesDefer Transmit Multiple Deferral Frame counter SingleCollsnFrm Transmit Single Collision Frame counter MultCollsnFrm Transmit Multiple Collision Frame counter LateCollisions...

Page 553: ...Figure 15 10 Example output from the show port security interface command Related Commands clear port security intrusion show port security intrusion switchport port security switchport port security...

Page 554: ...security intrusion interface port1 0 1 Output Figure 15 11 Example output from the show port security intrusion command for port 1 0 1 Related Commands clear port security intrusion show port security...

Page 555: ...r Exec and Privileged Exec Example To display storm control information for port1 0 2 use the following command awplus show storm control port1 0 2 Output Figure 15 12 Example output from the show sto...

Page 556: ...or 100Base FX ports which do not support auto negotiation so default to 100Mbps Usage Switch ports in a static or dynamic LACP channel group must have the same port speed and be in full duplex mode On...

Page 557: ...ed enter the following commands awplus configure terminal awplus config interface port1 0 49 awplus config if speed auto To set the port to auto negotiate its speed at 1000Mbps only enter the followin...

Page 558: ...de Interface Configuration Usage Flooding techniques are used to block the forwarding of unnecessary flooded traffic A packet storm occurs when a large number of broadcast packets are received on a po...

Page 559: ...tax switchport port security no switchport port security Mode Interface Configuration Examples To enable the port security feature on port1 0 4 use the following commands awplus configure terminal awp...

Page 560: ...Examples To set port1 0 4 so that the MAC addresses that have been learned by port security age out use the following commands awplus configure terminal awplus config interface port1 0 4 awplus config...

Page 561: ...t will be ignored and the specified intrusion action for the port will be carried out Syntax switchport port security maximum 0 256 no switchport port security maximum Mode Interface Configuration Exa...

Page 562: ...olation action to default The default violation action is protect Syntax switchport port security violation shutdown restrict protect no switchport port security violation Mode Interface Configuration...

Page 563: ...ng this command Examples To set the action to learn disable for port1 0 4 use the following commands awplus configure terminal awplus config interface port1 0 4 awplus config if thrash limiting action...

Page 564: ...set the thrash limiting action to its default use the following command awplus config if no thrash limiting action To set the thrash limiting timeout to its default use the following command awplus co...

Page 565: ...ommand Reference for x510 Series 565 AlliedWare Plus Operating System Version 5 4 7 1 x SWITCHING COMMANDS UNDEBUG LOOPPROT undebug loopprot Overview This command applies the functionality of the no d...

Page 566: ...rence for x510 Series 566 AlliedWare Plus Operating System Version 5 4 7 1 x SWITCHING COMMANDS UNDEBUG PLATFORM PACKET undebug platform packet Overview This command applies the functionality of the n...

Page 567: ...573 private vlan association on page 574 show port vlan forwarding priority on page 575 show interface switchport vlan translation on page 576 show vlan on page 577 show vlan access map on page 578 s...

Page 568: ...97 switchport trunk native vlan on page 600 switchport vlan translation on page 601 switchport vlan translation default drop on page 602 switchport vlan stacking double tagging on page 603 switchport...

Page 569: ...d interchangeably Syntax clear vlan statistics name instance_name Mode Privileged Exec Examples To reset all packet counters for the packet counter instance vlan2 data awplus clear vlan statistics nam...

Page 570: ...onfiguration_Guide Syntax port vlan forwarding priority epsr loop protection none no port vlan forwarding priority Default By default the highest priority protocol is EPSR Mode Global Configuration Us...

Page 571: ...data VLAN configured to VLAN interface vlan30 Initially the EPSR ring is complete with port1 0 2 blocking data VLANs vlan20 and vlan30 and some broadcast traffic flowing through If the user removes vl...

Page 572: ...re terminal awplus config port vlan forwarding priority loop protection To set EPSR Loop Protection and MAC Thrashing protection protocols to have equal priority for port forwarding and blocking which...

Page 573: ...ed primary Mode VLAN Configuration Examples awplus configure terminal awplus config vlan database awplus config vlan vlan 2 name vlan2 state enable awplus config vlan vlan 3 name vlan3 state enable aw...

Page 574: ...vlan id remove secondary vlan id no private vlan primary vlan id association Mode VLAN Configuration Examples The following commands associate primary VLAN 2 with secondary VLAN 3 awplus configure ter...

Page 575: ...tection is set as the highest priority for determining whether a port forwards a VLAN as set by the port vlan forwarding priority command For more information about EPSR see the EPSR Feature Overview...

Page 576: ...1 Related Commands switchport vlan translation switchport vlan translation default drop Parameter Description interface int The interface to display information about An interface can be a switch por...

Page 577: ...d awplus show vlan 2 Output Figure 16 3 Example output from the show vlan command Related Commands vlan Parameter Description 1 4094 Display information about the VLAN specified by the VLAN ID all Dis...

Page 578: ...LANs Syntax show vlan access map name Mode User Exec Privileged Exec Example To display the ACLs in all access maps use the command awplus show vlan access map Output Figure 16 4 Example output from s...

Page 579: ...r a specific group Syntax show vlan classifier group 1 16 Mode User Exec and Privileged Exec Usage If a group ID is not specified all configured VLAN classifier groups are shown If a group ID is speci...

Page 580: ...t Mode User Exec and Privileged Exec Usage All configured VLAN classifier groups are shown for a single interface Example TodisplayVLANclassifiergroupinformationforswitchportinterface port1 0 2 enter...

Page 581: ...all interfaces configured for all VLAN groups enter the command awplus show vlan classifier interface group To display information about all interfaces configured for VLAN group 1 enter the command aw...

Page 582: ...ged Exec Usage If a rule ID is not specified all configured VLAN classifier rules are shown If a rule ID is specified a specific configured VLAN classifier rule is shown Example To display information...

Page 583: ...de User Exec Privileged Exec Example To display information about the filter that uses the access map named deny_all use the command awplus show vlan filter deny_all Output Figure 16 9 Example output...

Page 584: ...ion and associations Syntax show vlan private vlan Mode User Exec and Privileged Exec Example To display the private VLAN configuration and associations enter the command awplus show vlan private vlan...

Page 585: ...nces Syntax show vlan statistics name instance_name Mode User Exec and Privileged Exec Examples To display all packet counters for the packet counter instance vlan2 data awplus show vlan statistics na...

Page 586: ...itchports using the negated form of this command Mode Interface Configuration Usage Any untagged frame received on this port will be associated with the specified VLAN Examples To change the port base...

Page 587: ...orm Protection or EPSR Ethernet Protection Switching Ring Note that if the VID is not given all disabled VLANs are re enabled Syntax switchport enable vlan 1 4094 Mode Interface Configuration Example...

Page 588: ...ccess ingress filter enable disable Default By default ports are in access mode with ingress filtering on Usage Use access mode to send untagged frames only Mode Interface Configuration Example awplus...

Page 589: ...ce port1 0 2 awplus config if switchport mode private vlan host awplus config interface port1 0 3 awplus config if switchport mode private vlan promiscuous awplus config interface port1 0 4 awplus con...

Page 590: ...private vlan trunk promiscuous Default By default a port in trunk mode is disabled as a promiscuous port Mode Interface Configuration Usage A port must be put in trunk mode with switchport mode trunk...

Page 591: ...config vlan exit awplus config interface port1 0 2 awplus config if switchport mode trunk awplus config if switchport trunk allowed vlan add 2 4 awplus config if switchport mode private vlan trunk pr...

Page 592: ...fault a port in trunk mode is disabled as a secondary port When a port in trunk mode is enabled to be a secondary port for isolated VLANs by default it will have a native VLAN of none no native VLAN s...

Page 593: ...us config vlan private vlan 2 isolated awplus config vlan exit awplus config interface port1 0 3 awplus config if switchport mode trunk awplus config if switchport trunk allowed vlan add 2 awplus conf...

Page 594: ...the default VLAN vlan1 and have ingress filtering on Mode Interface Configuration Usage Aportin trunkmodecan be a tagged member ofmultipleVLANs and anuntagged member of one native VLAN To configure wh...

Page 595: ...ommand to remove the association Syntax switchport private vlan host association primary vlan id add secondary vlan id no switchport private vlan host association Mode Interface Configuration Examples...

Page 596: ...switchport private vlan mapping Mode Interface Configuration Usage This command can be applied to a switch port or a static channel group but not a dynamic LACP channel group LACP channel groups dynam...

Page 597: ...and receive through the port add Add a VLAN to the list of VLANs that are allowed to transmit and receive through the port Only use this parameter if a list of VLANs is already configured on a port r...

Page 598: ...configuration is currently switchport trunk allowed vlan all then you should remove VLAN3 5 by entering the except parameter instead of using the remove parameter This means using the following comma...

Page 599: ...wplus config interface port1 0 2 awplus config if switchport trunk allowed vlan add 2 The following shows adding a range of VLANs to the port s member set awplus configure terminal awplus config inter...

Page 600: ...ollowing commands show configuration of VLAN 2 as the native VLAN for port1 0 2 awplus configure terminal awplus config interface port1 0 2 awplus config if switchport trunk native vlan 2 The followin...

Page 601: ...translation vlan wire vid vlan vid no switchport vlan translation all vlan wire vid Default None by default no translation entries exist Mode Interface Configuration for a switch port or a static cha...

Page 602: ...lation default drop Default Do not drop packets Mode Interface Configuration for a switch port or a static channel group or a dynamic LACP channel group The interface must be in a mode that supports t...

Page 603: ...Interface Configuration Usage Use VLAN stacking to separate traffic from different customers to that they can be managed over a provider network Note that you must also set an MRU of 1504 or higher o...

Page 604: ...advertised Mode Interface Configuration Usage LLDP MED advertisements including Network Policy TLVs are transmitted via a port if LLDP is enabled lldp run command Voice VLAN is configured for the por...

Page 605: ...network policy is advertised for voice devices Mode Interface Configuration Usage LLDP MED advertisements including Network Policy TLVs are transmitted via a port if LLDP is enabled lldp run command V...

Page 606: ...ged for VLAN 10 use the commands awplus configure terminal awplus config interface port1 0 5 awplus config if switchport voice vlan 10 To tell IP phones connected to ports 1 0 2 1 0 6 to send priority...

Page 607: ...AlliedWare Plus Operating System Version 5 4 7 1 x VLAN COMMANDS SWITCHPORT VOICE VLAN Related Commands egress vlan id egress vlan name lldp med tlv select spanning tree edgeport RSTP and MSTP switch...

Page 608: ...Usage LLDP MED advertisements including Network Policy TLVs are transmitted via a port if LLDP is enabled lldp run command Voice VLAN is configured for the port switchport voice vlan command The porti...

Page 609: ...mtu Default By default VLANs are enabled when they are created Mode VLAN Configuration Examples To enable vlan 45 use the commands awplus configure terminal awplus config vlan database awplus config...

Page 610: ...AN ACLs and ACL processing order Use the no variant of this command to delete a VLAN access map Syntax vlan access map name no vlan access map name Default By default no VLAN access maps exist Mode Gl...

Page 611: ...r Usage See the protocol based VLAN configuration example in the VLAN Feature Overview and Configuration Guide for configuration details Example To associate VLAN classifier group 3 with switch port1...

Page 612: ...VLAN classifier rules Syntax vlan classifier group 1 16 add delete rule vlan class rule id no vlan classifier group 1 16 Mode Global Configuration Example awplus configure terminal awplus config vlan...

Page 613: ...classifier only matches IPv4 packets It does not match ARP packets To ensure ARP traffic is classified into the correct subnet VLAN you can use a hardwarebasedpolicymapthatsendsARPpacketstotheCPU whic...

Page 614: ...decimal values The no variant of this command removes a previously set rule Syntax vlan classifier rule 1 256 proto protocol encap ethv2 nosnapllc snapllc vlan 1 4094 no vlan classifier rule 1 256 Par...

Page 615: ...rotocol g8bpqx25 2303 G8BPQ AX 25 protocol ieeeaddrtrans 2561 Xerox IEEE802 3 PUP Address ieeepup 2560 Xerox IEEE802 3 PUP protocol ip 2048 IP protocol ipv6 34525 IPv6 protocol ipx 33079 IPX protocol...

Page 616: ...proto 2056 encap ethv2 vlan 2 awplus config vlan classifier rule 4 proto 2054 encap ethv2 vlan 2 Validation Output awplus show vlan classifier rule Related Commands show vlan classifier rule vlan clas...

Page 617: ...er the VLAN Configuration mode Syntax vlan database Mode Global Configuration Usage Use this command to enter the VLAN configuration mode You can then add or delete a VLAN or modify its values Example...

Page 618: ...fault no VLAN filters exist Mode Global Configuration Example To apply ACL 3001 to VLAN 48 where the ACL drops IP traffic from any source to any destination use the commands awplus configure terminal...

Page 619: ...nected to a Microsoft Windows PC To avoid this we recommend disabling IGMP snooping on stack local VLANs by using the command no ip igmp snooping Examples To add a stack local VLAN with the VID of 400...

Page 620: ...e Plus Operating System Version 5 4 7 1 x VLAN COMMANDS VLAN MODE STACK LOCAL VLAN To remove VLAN 4002 use the following commands awplus configure terminal awplus config vlan database awplus config vl...

Page 621: ...support 128 packet counter instances These resources are also shared with other features such as QoS and ACLs Where the remaining resources are insufficient to support the VLAN Statistics feature the...

Page 622: ...move the remaining ports 1 0 2 to 1 0 4 from the packet counter instance named vlan2 data Note that because there are no ports associated with the vlan2 data this instance will be removed awplus confi...

Page 623: ...nd MSTP on page 626 debug mstp RSTP and STP on page 627 instance priority MSTP on page 631 instance vlan MSTP on page 633 region MSTP on page 635 revision MSTP on page 636 show debugging mstp on page...

Page 624: ...page 671 spanning tree guard root on page 672 spanning tree hello time on page 673 spanning tree link type on page 674 spanning tree max age on page 675 spanning tree max hops MSTP on page 676 spanni...

Page 625: ...ge Use this command with the instance parameter in MSTP mode Specifying this command with the interface parameter only not the instance parameter will work in STP and RSTP mode Examples awplus clear s...

Page 626: ...w Use this command to clear the detected protocols for a specific port or all ports Use this command in RSTP or MSTP mode only Syntax clear spanning tree detected protocols interface port Mode Privile...

Page 627: ...1 Use the debug mstp topology change interface command to generate debugging messageswhen the device receives an indicationof a topology change in a BPDU from another device The debugging can be activ...

Page 628: ...is command uses the keyword mstp it displays debugging output for RSTP and STP protocols as well as the MSTP protocol Due to the likely volume of output these debug messages are best viewed using the...

Page 629: ...ST int pathcost 0 17 23 42 awplus MSTP 1417 CIST bridge id 0000 0000cd1000fe 17 23 42 awplus MSTP 1417 CIST hops remaining 20 17 23 42 awplus MSTP 1417 MSTI flags Agree Forward Learn role Desig 17 23...

Page 630: ...bugging mstp terminal monitor undebug mstp awplus terminal monitor awplus debug mstp packet rx decode interface port1 0 4 awplus 17 30 17 awplus MSTP 1417 port1 0 4 xSTP BPDU rx start 17 30 17 awplus...

Page 631: ...instance MSTP selects the device with the lowest MAC address to be the root bridge Give the device a higher priority for becoming the root bridge for a particular instance by assigning it a lower prio...

Page 632: ...0 Series 632 AlliedWare Plus Operating System Version 5 4 7 1 x SPANNING TREE COMMANDS INSTANCE PRIORITY MSTP Related Commands region MSTP revision MSTP show spanning tree mst config spanning tree mst...

Page 633: ...MST Configuration Usage The VLANs must be created before being associated with an MST instance MSTI If the VLAN range is not specified the MSTI will not be created This command removes the specified V...

Page 634: ...Reference for x510 Series 634 AlliedWare Plus Operating System Version 5 4 7 1 x SPANNING TREE COMMANDS INSTANCE VLAN MSTP Related Commands region MSTP revision MSTP show spanning tree mst config span...

Page 635: ...to the default Syntax region region name no region Default By default the region name is My Name Mode MST Configuration Usage The region name the revision number and the digest of the VLAN to MSTI co...

Page 636: ...revision number Default The default of revision number is 0 Mode MST Configuration Usage The region name the revision number and the digest of the VLAN to MSTI configuration table must be the same on...

Page 637: ...on on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging mstp Mode User Exec and Privileged Exec mode Examp...

Page 638: ...ter has been included for RSTP and MSTP You can see the topology change counter for RSTP by using the show spanning tree command You can see the topology change counter for MSTP by using the show span...

Page 639: ...imer 0 topo change timer 0 port1 0 1 forward transitions 0 port1 0 1 Version Rapid Spanning Tree Protocol Received None Send STP port1 0 1 No portfast configured Current portfast off port1 0 1 portfas...

Page 640: ...1 0 3 Designated Path Cost 0 port1 0 3 Configured Path Cost 200000 Add type Explicit ref count 1 port1 0 3 Designated Port Id 839f Priority 128 port1 0 3 Root 80000000cd20f093 port1 0 3 Designated Bri...

Page 641: ...he topology change counter for MSTP by using the show spanning tree mst instance command Example To display a summary of spanning tree status information use the command awplus show spanning tree brie...

Page 642: ...e Configuration Example To display bridge level information about the CIST and VLAN to MSTI mappings enter the command awplus show spanning tree mst Output Figure 17 5 Example output from show spannin...

Page 643: ...age The region name the revision number and the digest of the VLAN to MSTI configuration table must be the same on all devices that are intended to be in the same MST region Example To display MSTP co...

Page 644: ...f2d 1 CIST Reg Root Id 80000000cd24ff2d 1 CIST Bridge Id 80000000cd24ff2d 1 portfast bpdu filter disabled 1 portfast bpdu guard disabled 1 portfast errdisable timeout disabled 1 portfast errdisable ti...

Page 645: ...gional Root 80000000cd24ff2d port1 0 3 Designated Bridge 80000000cd24ff2d port1 0 3 Message Age 0 Max Age 20 port1 0 3 CIST Hello Time 2 Forward Delay 15 port1 0 3 CIST Forward Timer 0 Msg Age Timer 0...

Page 646: ...rt e g port1 0 4 a static channel group e g sa2 or a dynamic LACP channel group e g po2 1 Bridge up Spanning Tree Enabled 1 CIST Root Path Cost 0 CIST Root Port 0 CIST Bridge Priority 32768 1 Forward...

Page 647: ...point Current shared Instance 2 Vlans 2 1 MSTI Root Path Cost 0 MSTI Root Port 0 MSTI Bridge Priority 32768 1 MSTI Root Id 80020000cd24ff2d 1 MSTI Bridge Id 80020000cd24ff2d port1 0 2 Port 5002 Id 83...

Page 648: ...xec Privileged Exec and Interface Configuration Example To display detailed information for instance 2 and all switch ports associated with that instance use the command awplus show spanning tree mst...

Page 649: ...e mst instance 2 interface port1 0 2 Output Figure 17 10 Example output from show spanning tree mst instance Parameter Description instance id Specify an MSTP instance in the range 1 15 port The port...

Page 650: ...instance and all interfaces associated with them for port1 0 4 use the command awplus show spanning tree mst interface port1 0 4 Output Figure 17 11 Example output from show spanning tree mst interfac...

Page 651: ...rt e g port1 0 4 a static channel group e g sa2 or a dynamic LACP channel group e g po2 1 Bridge up Spanning Tree Enabled 1 CIST Root Path Cost 0 CIST Root Port 0 CIST Bridge Priority 32768 1 Forward...

Page 652: ...point Current shared Instance 2 Vlans 2 1 MSTI Root Path Cost 0 MSTI Root Port 0 MSTI Bridge Priority 32768 1 MSTI Root Id 80020000cd24ff2d 1 MSTI Bridge Id 80020000cd24ff2d port1 0 2 Port 5002 Id 83...

Page 653: ...isplay BPDU statistics for all spanning tree instances and all switch ports associated with all spanning tree instances use the command awplus show spanning tree statistics Output Figure 17 13 Example...

Page 654: ...lo timer INACTIVE Hello Time Value 0 Forward Delay Timer INACTIVE Forward Delay Timer Value 0 Message Age Timer INACTIVE Message Age Timer Value 0 Topology Change Timer INACTIVE Topology Change Timer...

Page 655: ...panning tree statistics instance instance id Mode Privileged Exec Example To display BPDU statistics information for MST instance 2 and all switch ports associated with that MST instance use the comma...

Page 656: ...rmation on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show spanning tree statistics instance instance id interface...

Page 657: ...for Instance 1 INST_PORT port1 0 2 Information Statistics Config Bpdu s xmitted port inst 0 0 Config Bpdu s received port inst 0 0 TCN Bpdu s xmitted port inst 0 0 TCN Bpdu s received port inst 0 0 M...

Page 658: ...bout each MST instance for port1 0 2 use the command awplus show spanning tree statistics interface port1 0 2 Output Figure 17 16 Example output from show spanning tree statistics interface Parameter...

Page 659: ...0 Message Age Timer INACTIVE Message Age Timer Value 0 Topology Change Timer INACTIVE Topology Change Timer Value 0 Hold Timer INACTIVE Hold Timer Value 0 Other Port Specific Info Max Age Transitions...

Page 660: ...them including the VLAN range index value for the device Syntax show spanning tree vlan range index Mode Privileged Exec Example To display information about MST instances and the VLANs associated wit...

Page 661: ...an edge port If it does not receive any BPDUs in the first three seconds after linkup enabling or entering RSTP or MSTP mode it sets itself to be an edgeport and enters the forwarding state Use this c...

Page 662: ...oprietary STP protocols with unsupported BPDUs by forwarding BDPU Bridge Protocol Data Unit frames unchanged through the switch You must disable RSTP with the no spanning tree rstp enable command befo...

Page 663: ...untagged frames in Global Configuration mode with STP disabled which forwards any ingress STP BPDU frames to all ports that are untagged members of the ingress port s native VLAN enter the commands aw...

Page 664: ...the switched LAN running the AlliedWare Plus Operating System must have Cisco interoperability enabled When the AlliedWare Plus Operating System is interoperating with Cisco the only criteria used to...

Page 665: ...tput of some show commands Use the no variant of this command to set a port to its default state not an edge port Syntax spanning tree edgeport no spanning tree edgeport Default Not an edge port Mode...

Page 666: ...the spanning tree mode is set to RSTP To change the mode see spanning tree mode command Examples To enable STP in Global Configuration mode enter the below commands awplus configure terminal awplus co...

Page 667: ...Operating System Version 5 4 7 1 x SPANNING TREE COMMANDS SPANNING TREE ENABLE To disable RSTP in Global Configuration mode enter the below commands awplus configure terminal awplus config no spannin...

Page 668: ...tree errdisable timeout enable no spanning tree errdisable timeout enable Default By default the errdisable timeout is disabled Mode Global Configuration Usage The BPDU guard feature shuts down the po...

Page 669: ...y the BPDU guard feature Use this command for RSTP or MSTP Syntax spanning tree errdisable timeout interval 10 1000000 no spanning tree errdisable timeout interval Default By default the port is re en...

Page 670: ...ode Interface Configuration mode for a switch port interface only Examples Set the value to enforce the spanning tree protocol STP awplus configure terminal awplus config interface port1 0 2 awplus co...

Page 671: ...ng to learning and from learning to forwarding This value is used only when the device is acting as the root bridge Devices not acting asthe RootBridgeuse adynamic valuefor the forwarddelayset by ther...

Page 672: ...se this command for RSTP STP or MSTP Use the no variant of this command to disable the root guard feature for the port Syntax spanning tree guard root no spanning tree guard root Mode Interface Config...

Page 673: ...restore the default of the hello time Syntax spanning tree hello time hello time no spanning tree hello time Default Default is 2 seconds Mode Global Configuration and Interface Configuration for swi...

Page 674: ...ariant of this command to return the port to the default link type Syntax spanning tree link type point to point shared no spanning tree link type Default The default link type is point to point Mode...

Page 675: ...fault of spanning tree max age is 20 seconds Mode Global Configuration Usage Max age is the maximum time in seconds for which a message is considered valid Configure this value sufficiently high so th...

Page 676: ...ax spanning tree max hops hop count no spanning tree max hops hop count Default The default max hops in a MST region is 20 Mode Global Configuration Usage Specifying the max hops for a BPDU prevents t...

Page 677: ...anning tree protocol mode on the device is RSTP Mode Global Configuration Usage With no configuration the device will have spanning tree enabled and the spanning tree mode will be set to RSTP Use this...

Page 678: ...figuration Overview Use this command to enter the MST Configuration mode to configure the Multiple Spanning Tree Protocol Syntax spanning tree mst configuration Mode Global Configuration Examples Thef...

Page 679: ...tion mode for a switch port or channel group Usage You can disable automatic configuration of member ports of a VLAN to an associated MSTI by using a no spanning tree mst instance command to remove th...

Page 680: ...om the IEEE 802 1q 2003 standard Mode Interface Configuration mode for a switch port interface only Usage Before you can use this command to set a path cost in a VLAN configuration you must explicitly...

Page 681: ...turn the path cost to its default value on instance 3 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if no spanning tree mst instance 3 path cost Related Co...

Page 682: ...STI The port with the lowest value has the highest priority so it will be chosen as root port over a port that is equivalent in all other aspects but with a higher priority value Examples To set the p...

Page 683: ...ce instance id restricted role Default The restricted role for an MSTI instance on a switch port is disabled by default Mode Interface Configuration mode for a switch port interface only Usage The roo...

Page 684: ...rating System Version 5 4 7 1 x SPANNING TREE COMMANDS SPANNING TREE MST INSTANCE RESTRICTED ROLE Related Commands instance vlan MSTP spanning tree priority port priority spanning tree mst instance sp...

Page 685: ...instance id restricted tcn no spanning tree mst instance instance id restricted tcn Default Disabled By default switch ports propagate TCNs Mode Interface Configuration mode for a switch port interfa...

Page 686: ...o the port s path cost for the CIST Syntax spanning tree path cost pathcost no spanning tree path cost Default The default path cost values and the range of recommended path cost values depend on the...

Page 687: ...x spanning tree portfast no spanning tree portfast Default Not an edge port Mode Interface Configuration mode for a switch port interface only Usage Portfast makes a port move from a blocking state to...

Page 688: ...1 x SPANNING TREE COMMANDS SPANNING TREE PORTFAST STP Example awplus configure terminal awplus config interface port1 0 2 awplus config if spanning tree portfast Related Commands spanning tree edgepo...

Page 689: ...er Default BPDU Filter is not enabled on any ports by default Mode Global Configuration and Interface Configuration Usage This command filters the BPDUs and passes only data to continue to act as an e...

Page 690: ...FAST BPDU FILTER To enable STP BPDU filtering in Interface Configuration mode enter the commands awplus configure terminal awplus config interface port1 0 2 awplus config if spanning tree portfast bpd...

Page 691: ...by default Mode Global Configuration or Interface Configuration Usage This command blocks the port s to all devices and data when enabled BPDU Guard is a port security feature that changes how a port...

Page 692: ...ntly running values of bpdu guard Example To enable STP BPDU guard in Global Configuration mode enter the below commands awplus configure terminal awplus config spanning tree portfast bpdu guard To en...

Page 693: ...MSTP mode is configured this will apply to the CIST Use the no variant of this command to reset it to the default Syntax spanning tree priority priority no spanning tree priority Default The default...

Page 694: ...to the default Syntax spanning tree priority priority no spanning tree priority Default The default priority is 128 Mode Interface Configuration mode for a switch port interface only Usage To force a...

Page 695: ...or a switch port interface only to restrict the port from becoming a root port Use the no variant of this command to disable the restricted role functionality Syntax spanning tree restricted role no s...

Page 696: ...dge Protocol Data Units from being sent on a port If this command is enabled after a topology change a bridge is prevented from sending a TCN to its designated bridge Use the no variant of this comman...

Page 697: ...verview Use this command to set the maximum number of BPDU transmissions that are held back Use the no variant of this command to restore the default transmit hold count value Syntax spanning tree tra...

Page 698: ...and Reference for x510 Series 698 AlliedWare Plus Operating System Version 5 4 7 1 x SPANNING TREE COMMANDS UNDEBUG MSTP undebug mstp Overview This command applies the functionality of the no debug ms...

Page 699: ...ws across the links as evenly as possible Link aggregation hashes one or more of the source and destination MAC address IP address and UDP TCP ports to select a link on which to send a packet So packe...

Page 700: ...rm load balancing on page 710 show debugging lacp on page 712 show diagnostic channel group on page 713 show etherchannel on page 715 show etherchannel detail on page 716 show etherchannel summary on...

Page 701: ...same port speed and be in full duplex mode Once the LACP channel group has been created it is treated as a device port and can be referred to in most other commands that apply to device ports To refer...

Page 702: ...ace port1 0 6 awplus config if channel group 2 mode active To remove device port1 0 6 from any created LACP channel groups use the command below awplus configure terminal awplus config interface port1...

Page 703: ...REGATION COMMANDS CLEAR LACP COUNTERS clear lacp counters Overview Use this command to clear all counters of all present LACP aggregators channel groups or a given LACP aggregator Syntax clear lacp 1...

Page 704: ...lacp all Related Commands show debugging lacp undebug lacp Parameter Description all Turn on all debugging for LACP cli Specifies debugging for CLI messages Echoes commands to the console event Speci...

Page 705: ...Global Configuration Usage Do not mix LACP configurations manual and dynamic When LACP global passive mode is turned on by using the lacp global passive mode enable command we do not recommend using...

Page 706: ...ggregation based on their priority with the higher priority numerically lower ports selected first Use the no variant of this command to reset the priority of port to the default Syntax lacp port prio...

Page 707: ...ing the system responsible for resolving conflicts in the choice of aggregation groups Use the no variant of this command to reset the system priority of the local system to the default Syntax lacp sy...

Page 708: ...tion if no updates are seen for 3 seconds i e 3 consecutive updates are lost The device indicates its preference by means of the Timeout field in the Actor section of its LACPDUs If the Timeout field...

Page 709: ...liedWare Plus Operating System Version 5 4 7 1 x LINK AGGREGATION COMMANDS LACP TIMEOUT The following commands set the LACP short timeout for 1 second on port1 0 2 awplus configure terminal awplus con...

Page 710: ...set of inputs you must turn off the inputs you do not want Useful combinations of inputs include all four inputs MAC address IP address and Layer 4 port number MAC address and Ethertype MAC address on...

Page 711: ...remove Ethertype by entering awplus configure terminal awplus config no platform load balancing ethertype To use MAC addresses and Ethertype remove the IP inputs by entering awplus configure terminal...

Page 712: ...mmand output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging lacp Mode User Exec and Privileged Exec Example awplus show debugging lacp Outp...

Page 713: ...nnel group Mode User Exec and Privileged Exec Example awplus show diagnostic channel group Output Figure 18 2 Example output from the show diagnostic channel group command awplus show diagnostic chann...

Page 714: ...7 1 x LINK AGGREGATION COMMANDS SHOW DIAGNOSTIC CHANNEL GROUP Related Commands show tech support Channel Group Info based on HW Note Pos position in hardware table Only entries from first device are d...

Page 715: ...ation Guide which is available on our website at alliedtelesis com Syntax show etherchannel 1 32 Mode User Exec and Privileged Exec Example awplus show etherchannel Output Figure 18 3 Example output f...

Page 716: ...Exec and Privileged Exec Example awplus show etherchannel detail Output Example output from show etherchannel detail awplus show etherchannel detail Aggregator po1 IfIndex 4601 Mac address 00 00 cd 37...

Page 717: ...the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide which is available on our website at alliedtelesis com Syntax show etherchannel summary Mode User Exec and Privileged...

Page 718: ...CP system ID and priority For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide which is available on our website...

Page 719: ...mation on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide which is available on our website at alliedtelesis com Syntax show l...

Page 720: ...etherchannel Parameter Description port Name of the device port to display LACP information about awplus show port etherchannel port1 0 2 LACP link info port1 0 2 7007 Link port1 0 2 IfIndex 7007 Aggr...

Page 721: ...iting command is set to vlan disable the output will also show the VLANs on which thrashing is detected For information on filtering and saving command output see the Getting Started with AlliedWare P...

Page 722: ...to be removed the static channel group is deleted All the ports in a channel group must have the same VLAN configuration they must belong to the same VLANs and have the same tagging status and can onl...

Page 723: ...the commands awplus configure terminal awplus config interface sa2 awplus config if To make it possible to use QoS Storm Protection on static channel group 2 on port1 0 6 with an ACL named test acl us...

Page 724: ...Command Reference for x510 Series 724 AlliedWare Plus Operating System Version 5 4 7 1 x LINK AGGREGATION COMMANDS UNDEBUG LACP undebug lacp Overview This command applies the functionality of the no...

Page 725: ...he PoE Feature Overview and Configuration_Guide the Support for Allied Telesis Enterprise_MIBs_in AlliedWare Plus for information about which PoE MIB objects are supported theSNMPFeatureOverviewand Co...

Page 726: ...e Plus Operating System Version 5 4 7 1 x POWER OVER ETHERNET COMMANDS show debugging power inline on page 739 show power inline on page 740 show power inline counters on page 743 show power inline in...

Page 727: ...21 Syntax clear power inline counters interface port list Mode Privileged Exec Usage The PoE counters are displayed with the show power inline counters command Examples To clear the PoE counters for p...

Page 728: ...PoE event and info debug messages on the console use the following commands awplus terminal monitor awplus debug power inline event info To enable PoE debugging and start the display of all PoE debug...

Page 729: ...0 01 Rev B Command Reference for x510 Series 729 AlliedWare Plus Operating System Version 5 4 7 1 x POWER OVER ETHERNET COMMANDS DEBUG POWER INLINE Related Commands show debugging power inline termina...

Page 730: ...f pre IEEE 802 3af Power Ethernet standard legacy Powered Devices PDs Syntax power inline allow legacy no power inline allow legacy Default Detection of legacy PDs is enabled on all ports Mode Global...

Page 731: ...orts with the preceding interface to configure command If you specify a range or list of ports they must all be PoE capable ports In a VCStack of switches this command is supported on all PoE capable...

Page 732: ...abled Syntax power inline enable no power inline enable Default PoE is enabled by default on all ports Mode Interface Configuration for one or more ports Usage No PoE log messages are generated for po...

Page 733: ...variant of this command sets the maximum power supplied to a PoE port to the default which is set to the maximum power limit for the class of the connected Powered Device PD Syntax power inline max 4...

Page 734: ...at the PD Examples To set the maximum power supplied to ports in the range port1 0 1 to port1 0 4 to 6450mW per port use the following commands awplus configure terminal awplus config interface port1...

Page 735: ...cify a range or list of ports they must all be PoE capable ports PoE ports with higher priorities are given power before PoE ports with lower priorities If the priorities for two PoE ports are the sam...

Page 736: ...awplus configure terminal awplus config interface port1 0 1 port1 0 4 awplus config if power inline priority high To reset the priority level to the default of low on port1 0 1 to port1 0 4 use the f...

Page 737: ...r usage threshold is 80 of the nominal power rating Mode Global Configuration Usage Use the snmp server enable trap command to configure SNMP notification An SNMP notification is sent when the usage t...

Page 738: ...is enabled by default Mode Global Configuration Usage In a stack issuing this command enables PoE globally for all PoE ports In a stack configuration only stack members containing PoE hardware will h...

Page 739: ...ing power inline Mode User Exec and Privileged Exec Example To display PoE debug settings use the following command awplus show debugging power inline Output Figure 19 1 Example output from the show d...

Page 740: ...70W Power Allocated 246W Actual Power Consumption 151W Operational Status On Power Usage Threshold 80 296W PoE Interface Interface Admin Pri Oper Power Device Class Max mW port1 0 1 Enabled Low Powere...

Page 741: ...r inline priority command Low is the lowest priority this is the default High is the second highest priority Crit critical is the highest priority If the switch cannot supply all ports it will supply...

Page 742: ...ription is shown for PDs not configured with the power inline description command Class The class of the connected PD if power is being supplied to the PD Max mW The power in milliwatts mW allocated f...

Page 743: ...Configuration Guide Syntax show power inline counters port list Mode User Exec and Privileged Exec Examples To display all PoE event counters for all PoE ports use the command awplus show power inlin...

Page 744: ...ignal has been lost The PoE MPS signal is lost when a PD is disconnected from the PSE Also increments pethPsePortMPSAbsentCounter in the PoE MIB Overload The number of instances when a PD exceeds its...

Page 745: ...E port specific information for the port range1 0 1 to 1 0 4 use the following command awplus show power inline interface port1 0 1 port1 0 4 Output Figure 19 4 Example output from show power inline i...

Page 746: ...are not connected to a PD Disabled displays if the PoE port is administratively disabled Syncing displays if PoE is still initializing the port when you issue the command Fault displays if there is a...

Page 747: ...w and is limited by the maximum power per Powered Device PD class or a user configured power limit Examples To display detailed PoE port specific information for the port range 1 0 1 to 1 0 3 use the...

Page 748: ...the PSE Denied displays when supplying power would make the PSE go over the power budget Disabled displays when the PoE port is administratively disabled Off displays when PoE has been disabled for t...

Page 749: ...B Command Reference for x510 Series 749 AlliedWare Plus Operating System Version 5 4 7 1 x POWER OVER ETHERNET COMMANDS SHOW POWER INLINE INTERFACE DETAIL Related Commands show power inline show power...

Page 750: ...re Plus GVRP implementation GVRP and MSTP are mutually exclusive STP and RSTP are supported by GVRP VCStack is not supported by the current AlliedWare Plus GVRP implementation This chapter provides an...

Page 751: ...C613 50170 01 Rev B Command Reference for x510 Series 751 AlliedWare Plus Operating System Version 5 4 7 1 x GVRP COMMANDS show gvrp timer on page 765...

Page 752: ...Privileged Exec Usage Use this command together with the show gvrp statistics command to troubleshoot GVRP Examples To clear all GVRP statistics for all switchport on the switch enter the command awp...

Page 753: ...interface port1 0 1 port1 0 2 awplus config if gvrp To disable GVRP on interfaces port1 0 1 port1 0 2 enter the commands awplus configure terminal awplus config interface port1 0 1 port1 0 2 awplus co...

Page 754: ...er the commands awplus terminal monitor awplus configure terminal awplus config debug gvrp cli To stop sending debug output for GVRP packets and GVRP commands to the console and to stop the display of...

Page 755: ...rface command You must enable GVRP on both ends of a link for GVRP to propagate VLANs between links NOTE MSTP is not supported by the current AlliedWare Plus GVRP implementation GVRP and MSTP are mutu...

Page 756: ...interface in Interface Configuration mode Both of these tasks must occur to create VLANs NOTE There is limit of 400 VLANs supported by the AlliedWare Plus GVRP implementation VLANsmaybenumbered1 4094...

Page 757: ...nd before issuing a gvrp interface command You must enable GVRP on both ends of a link for GVRP to propagate VLANs between links NOTE MSTP is not supported by the current AlliedWare Plus GVRP implemen...

Page 758: ...show gvrp configuration command Configuring a trunk port in fixed registration mode allows manual creation of VLANs Configuring a trunk port in forbidden registration mode prevents VLAN creation on th...

Page 759: ...abled switches See also the section Setting the GVRP Timers in the GVRP Feature Overview and Configuration Guide Use the show gvrp timer command to confirm GVRP timers set with this command Examples T...

Page 760: ...m Version 5 4 7 1 x GVRP COMMANDS GVRP TIMER To reset the GVRP join timer to its default of 20 hundredths of a second for interface port1 0 1 enter the commands awplus configure terminal awplus config...

Page 761: ...ure Overview and Configuration Guide Syntax show debugging gvrp Mode User Exec and Privileged Exec Example Enter the following commands to display GVRP debugging output on the console awplus configure...

Page 762: ...n Guide Syntax show gvrp configuration Mode User Exec and Privileged Exec Example To show GVRP configuration for the switch enter the command awplus show gvrp configuration Output The following is an...

Page 763: ...ommand output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show gvrp machine Mode User Exec and Privileged Exec Example To show the GVRP state machine f...

Page 764: ...gether with the clear gvrp statistics command to troubleshoot GVRP Examples To show the GVRP statistics for all switchport interfaces enter the command awplus show gvrp statistics To show the GVRP sta...

Page 765: ...ion Guide Syntax show gvrp timer interface Mode User Exec and Privileged Exec Examples To show the GVRP timers for all switchport interfaces enter the command awplus show gvrp timer To show the GVRP t...

Page 766: ...C613 50170 01 Rev B Command Reference for x510 Series 766 AlliedWare Plus Operating System Version 5 4 7 1 x Part 3 Layer 3 Switching...

Page 767: ...e IP Feature Overview and Configuration Guide Command List arp aging timeout on page 769 arp mac disparity on page 770 arp IP address MAC on page 773 arp log on page 774 arp opportunistic nd on page 7...

Page 768: ...synack retries on page 796 ip unreachables on page 797 local proxy arp on page 799 optimistic nd on page 800 ping on page 801 show arp on page 802 show debugging ip packet on page 804 show ip interfac...

Page 769: ...es not fill with entries for hosts that are no longer active Static ARP entries are not aged or automatically deleted By default the time limit for dynamic ARP entries is 300 seconds on all interfaces...

Page 770: ...he disparate ARP has a multicast MAC address in the ARP reply the switch drops the ARP reply and does not learn any associated addresses If the disparate ARP has a unicast MAC address in the ARP reply...

Page 771: ...a disparate ARP response an ARP entry is created for the IP MAC in the content of the ARP packet The difference with the arp mac disparity multicast igmp command is that the egress port is set to the...

Page 772: ...IP ADDRESSING AND PROTOCOL COMMANDS ARP MAC DISPARITY To disable support for MS NLB in unicast mode on interface vlan2 use the following commands awplus configure terminal awplus config interface vlan...

Page 773: ...dress port number alias no arp ip addr Mode Global Configuration Examples To add the IP address 10 10 10 9 with the MAC address 0010 2533 4655 into the ARP cache and have your device respond to ARP re...

Page 774: ...e the option to change how the MAC address is displayed in the ARP log message The output can either use the notation HHHH HHHH HHHH or HH HH HH HH HH HH Enter arp log to use HHHH HHHH HHHH notation E...

Page 775: ...plus configure terminal awplus config arp log awplus config exit awplus show log include ARP_LOG 2016 Oct 6 06 21 01 user notice awplus HSL 1007 ARP_LOG port1 0 1 vlan1 add 0013 4078 3b98 192 168 2 4...

Page 776: ...log include ARP_LOG Parameter Description ARP_LOG Indicates that ARP log entry information follows port number Indicates device port number for the ARP log entry vid Indicates the VLAN ID for the ARP...

Page 777: ...uration Usage When opportunistic neighbor discovery is enabled the device will reply to any received unsolicited ARP packets but not gratuitous ARP packets The source MAC address for the unsolicited A...

Page 778: ...nses that contain a broadcast destination MAC Use the no variant of this command to turn off processing of ARP replies that arrive with a broadcast destination MAC Syntax arp reply bc dmac no arp repl...

Page 779: ...p address Mode Privileged Exec Usage To display the entries in the ARP cache use the show arp command To remove static ARP entries use the no variant of the arp IP address MAC command Example To clear...

Page 780: ...face to show debugging for either all interfaces or a single interface all Specify all Layer 3 interfaces on the device ip address Specify an IPv4 address If this keyword is specified then only packet...

Page 781: ...se the command awplus debug ip packet interface all To turn on TCP packet debugging on vlan1 and IP address 192 168 2 4 use the command awplus debug ip packet interface vlan1 address 192 168 2 4 tcp T...

Page 782: ...onfigure a primary address on the interface before configuring a secondary address NOTE Use show running config interface not show ip interface brief when you need to view a secondary address configur...

Page 783: ...OL COMMANDS IP ADDRESS IP ADDRESSING AND PROTOCOL To add the IP address 10 10 11 50 24 to the local loopback interface lo use the following commands awplus configure terminal awplus config interface l...

Page 784: ...on address is a broadcast address for some IP subnet but originates from a node that is not itself part of that destination subnet When a directed broadcast packet reaches a device that is directly co...

Page 785: ...mand Reference for x510 Series 785 AlliedWare Plus Operating System Version 5 4 7 1 x IP ADDRESSING AND PROTOCOL COMMANDS IP DIRECTED BROADCAST Related Commands ip forward protocol udp ip helper addre...

Page 786: ...not enabled by default Mode Global Configuration Usage Combined with the ip helper address command in interface mode the ip forward protocol udp command in Global Configuration mode allows control of...

Page 787: ...1 x IP ADDRESSING AND PROTOCOL COMMANDS IP FORWARD PROTOCOL UDP To delete a UDP port from the UDP ports that the device forwards use the following commands awplus configure terminal awplus config no i...

Page 788: ...efault The default Gratuitous ARP time limit for all switchports is 8 seconds Mode Global Configuration Usage Every switchport will send a sequence of 3 Gratuitous ARP packets to each VLAN that the sw...

Page 789: ...g System Version 5 4 7 1 x IP ADDRESSING AND PROTOCOL COMMANDS IP GRATUITOUS ARP LINK To restrict the sending of Gratuitous ARP packets to one every 20 seconds use the commands awplus configure termin...

Page 790: ...destination address es The destination address can be a unicast address or a subnet broadcast address The UDP destination port is configured separately with the ip forward protocol udp command If mul...

Page 791: ...LPER ADDRESS The following example removes IPv4 address 192 168 1 100 as an IP Helper destination address to which to forward UDP broadcasts received on vlan2 awplus configure terminal awplus config i...

Page 792: ...y arp Default Limited local proxy ARP is disabled by default Mode Interface Configuration Usage This command allows you to stop MAC address resolution for specified hosts Limited local proxy ARP works...

Page 793: ...does not generate or forward any ICMP Redirect messages on that interface This command does not enable proxy ARP on the interface see the ip proxy arp command for more information on enabling proxy A...

Page 794: ...ute that the ARP request arrived from It ignores all other ARP requests See the ip local proxy arp command about enabling your device to respond to other ARP messages The no variant of this command di...

Page 795: ...e Usage ICMP redirect messages are used to notify hosts that a better route is available to a destination ICMP redirects are used when a packet is routed into the device on the same interface that the...

Page 796: ...ng of 5 retries Syntax ip tcp synack retries 0 255 no ip tcp synack retries Default 5 retries Mode Global Configuration Usage The following table shows the approximate correlation between the number o...

Page 797: ...e these messages to obtain information regarding the topology of a network Disabling destination unreachable messages using the no ip unreachables command secures your network against this type of pro...

Page 798: ...destination unreachable messages use the commands awplus configure terminal awplus config no ip unreachables To enable destination unreachable messages use the commands awplus configure terminal awpl...

Page 799: ...ariant of this command to stop specifying a subnet for use with limited local proxy ARP Syntax local proxy arp ip add mask no local proxy arp ip add mask Default No subnets are specified for use with...

Page 800: ...stale neighbors are deleted from the hardware L3 switching table The optimistic neighbor discovery feature enables the device to sustain L3 traffic switching to a neighbor without interruption Without...

Page 801: ...t in the IP header interval 0 128 Specify the time interval in seconds between sending ping packets The default is 1 You can use decimal places to specify fractions of a second For example to ping eve...

Page 802: ...er Exec and Privileged Exec Usage Running this command with no additional parameters will display all entries in the ARP routing and forwarding table Example To display all ARP entries in the ARP cach...

Page 803: ...ow arp command Parameter Meaning IP Address IP address of the network device this entry maps to MAC Address Hardware address of the network device Interface Interface over which the network device is...

Page 804: ...ay theIP interface debugging statuswhen theterminal monitoroff use the command awplus terminal no monitor awplus show debug ip packet Output Figure 21 4 Example output from the show debugging ip packe...

Page 805: ...ev B Command Reference for x510 Series 805 AlliedWare Plus Operating System Version 5 4 7 1 x IP ADDRESSING AND PROTOCOL COMMANDS SHOW DEBUGGING IP PACKET Related Commands debug ip packet interface te...

Page 806: ...mation for the assigned IP address for interface port1 0 2 use the command awplus show ip interface port1 0 2 brief To show the IP addresses assigned to vlan2 and vlan3 use the command awplus show ip...

Page 807: ...d to verify that the socket being used is opening correctly If there is a local and remote endpoint a connection is established with the ports indicated Note that this command does not display sockets...

Page 808: ...are tcp IP Protocol 6 udp IP Protocol 17 raw Indicates that socket is for a non port orientated protocol i e a protocol other than TCP or UDP where all packets of a specified IP protocol type are acce...

Page 809: ...ny source port will be accepted This is indicated by For active TCP sessions the IP address will display the remote address and port the session was established with For raw sockets the entry in this...

Page 810: ...de Privileged Exec Example To display IP traffic statistics use the command awplus show ip traffic Output Figure 21 8 Example output from the show ip traffic command IP 261998 packets received 261998...

Page 811: ...811 AlliedWare Plus Operating System Version 5 4 7 1 x IP ADDRESSING AND PROTOCOL COMMANDS SHOW IP TRAFFIC 155 delayed acks sent 21187 headers predicted 736 pure ACKs 80497 pure ACKs predicted UDP 13...

Page 812: ...mp Syntax tcpdump line Mode Privileged Exec Example To start a tcpdump running to capture IP packets enter the command awplus tcpdump ip Output Figure 21 9 Example output from the tcpdump command Rela...

Page 813: ...MANDS TRACEROUTE traceroute Overview Use this command to trace the route to the specified IPv4 host Syntax traceroute ip addr hostname Mode User Exec and Privileged Exec Example awplus traceroute 10 1...

Page 814: ...Series 814 AlliedWare Plus Operating System Version 5 4 7 1 x IP ADDRESSING AND PROTOCOL COMMANDS UNDEBUG IP PACKET INTERFACE undebug ip packet interface Overview This command applies the functionali...

Page 815: ...Plus Switches Feature Overview and Configuration Guide Command List clear ip dns forwarding cache on page 817 debug ip dns forwarding on page 818 ip dns forwarding on page 819 ip dns forwarding cache...

Page 816: ...r x510 Series 816 AlliedWare Plus Operating System Version 5 4 7 1 x DOMAIN NAME SERVICE DNS COMMANDS show ip dns forwarding server on page 833 show ip domain list on page 834 show ip domain name on p...

Page 817: ...DNS COMMANDS CLEAR IP DNS FORWARDING CACHE clear ip dns forwarding cache Overview Use this command to clear the DNS Relay name resolver cache Syntax clear ip dns forwarding cache Mode Privileged Exec...

Page 818: ...g Use the no variant of this command to disable DNS Relay debugging Syntax debug ip dns forwarding no debug ip dns forwarding Default DNS Relay debugging is disabled by default Mode Privileged Exec Ex...

Page 819: ...at IP domain lookup is enabled IP domain lookup is enabled by default but if it has been disabled you can re enable it by using the command ip domain lookup See the ip dns forwarding dead time command...

Page 820: ...time out period of the cache entry will only be used when the time out period of the DNS reply from the DNS server is bigger than the time out period configured on the device Syntax ip dns forwarding...

Page 821: ...fault time to stop sending DNS requests to an unresponsive server is 3600 seconds Mode Global Configuration Usage See the ip dns forwarding retry command used with this command Examples To set the DNS...

Page 822: ...es is 2 DNS requests to an unresponsive server Mode Global Configuration Usage See the ip dns forwarding dead time command used with this command Examples To set the DNS forwarding retry count to 50 a...

Page 823: ...no ip dns forwarding source interface Default The default is that no interface is set and the device selects the appropriate source IP address automatically Mode Global Configuration Examples To set v...

Page 824: ...the default of 3 seconds Syntax ip dns forwarding timeout 0 3600 no ip dns forwarding timeout Default The default timeout value is 3 seconds Mode Global Configuration Examples To set the timeout value...

Page 825: ...deletes a domain from the list Syntax ip domain list domain name no ip domain list domain name Mode Global Configuration Usage If there are no domains in the DNS list then your device uses the domain...

Page 826: ...empt to resolve domain names You must use IP addresses to specify hosts in commands Syntax ip domain lookup no ip domain lookup Mode Global Configuration Usage The client is enabled by default However...

Page 827: ...f there are no domains in the DNS list created using the ip domain list command then your device uses the domain specified with this command If any domain exists in the DNS list then the device does n...

Page 828: ...r to forward requests to Name servers can be learned through the following means Manual configuration using the ip name server command Learned from DHCP server with Option 6 This command is used to st...

Page 829: ...command For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging ip dns forwarding Mode User E...

Page 830: ...d output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show hosts Mode User Exec and Privileged Exec Example To display the default domain use the comman...

Page 831: ...lay the DNS Relay status Syntax show ip dns forwarding Mode User Exec and Privileged Exec Examples To display the DNS Relay status use the command awplus show ip dns forwarding Output Figure 22 3 Exam...

Page 832: ...rding cache Mode User Exec and Privileged Exec Example To display the DNS Relay name resolver cache use the command awplus show ip dns forwarding cache Output Figure 22 4 Example output from the show...

Page 833: ...g server Mode User Exec and Privileged Exec Examples To display the status of DNS Relay name servers use the command awplus show ip dns forwarding server Output Figure 22 5 Example output from the sho...

Page 834: ...when sending a DNS inquiry to a DNS server For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip...

Page 835: ...complete hostnames when sending a DNS inquiry to a DNS server For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Gui...

Page 836: ...he ip name server command For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip name server Mode U...

Page 837: ...pv6 address autoconfig on page 842 ipv6 enable on page 844 ipv6 eui64 linklocal on page 846 ipv6 forwarding on page 847 ipv6 multicast forward slow path packet on page 848 ipv6 nd accept ra pinfo on p...

Page 838: ...COMMANDS ipv6 opportunistic nd on page 863 ipv6 route on page 864 ipv6 unreachables on page 865 ping ipv6 on page 866 show ipv6 forwarding on page 867 show ipv6 interface brief on page 868 show ipv6...

Page 839: ...lliedWare Plus Operating System Version 5 4 7 1 x IPV6 COMMANDS CLEAR IPV6 NEIGHBORS clear ipv6 neighbors Overview Use this command to clear all dynamic IPv6 neighbor entries Syntax clear ipv6 neighbo...

Page 840: ...prefix length Mode Interface Configuration for a VLAN interface Usage Note that link local addresses are retained in the system until they are negated by using the no variant of the command that estab...

Page 841: ...ddress 2001 0db8 a2 64 from the VLAN interface vlan2 use the following commands awplus configure terminal awplus config interface vlan2 awplus config if no ipv6 address 2001 0db8 a2 64 Related Command...

Page 842: ...ration parameters for IPv6 hosts The SLAAC process derives the interface identifier of the IPv6 address from the MAC address of the interface When applying SLAAC to an interface note that the MAC addr...

Page 843: ...V6 COMMANDS IPV6 ADDRESS AUTOCONFIG To disable SLAAC on the VLAN interface vlan2 use the following commands awplus configure terminal awplus config interface vlan2 awplus config if no ipv6 address aut...

Page 844: ...on Routing does not forward packets with link local addresses IPv6 requires that a link local address is assigned to each interface that has the IPv6 protocol enabled and when addresses are assigned t...

Page 845: ...dWare Plus Operating System Version 5 4 7 1 x IPV6 COMMANDS IPV6 ENABLE Related Commands ipv6 address ipv6 address autoconfig ipv6 address dhcp ipv6 address DHCPv6 PD ipv6 dhcp client pd ipv6 nd prefi...

Page 846: ...cal address on an IPv6 enabled interface Syntax ipv6 eui64 linklocal no ipv6 eui64 linklocal Default The command ipv6 eui64 linklocal is enabled by default on any IPv6 enabled interface Mode Interface...

Page 847: ...ulticast routing command before using PIM SMv6 commands Syntax ipv6 forwarding no ipv6 forwarding Mode Global Configuration Default IPv6 unicast forwarding is disabled by default Usage Enable IPv6 uni...

Page 848: ...e smallest MTU among the outgoing interfaces for the multicast group It will also ensure that a received packet that is larger than the MTU value will result in the generation of an ICMP Too Big messa...

Page 849: ...ed on an interface SLAAC is also enabled SLAAC addressing along with the EUI 64 process uses the prefix information included in a received RA to generate an automatic link local address on the IPv6 in...

Page 850: ...s to use a stateless autoconfiguration mechanism to establish their IPv6 addresses The default is flag unset Use the no variant of this command to reset this command to its default of flag unset Synta...

Page 851: ...r a VLAN interface is unset by default Mode Interface Configuration for a VLAN interface Examples To set the minimum RA interval for the VLAN interface vlan2 use the following commands awplus configur...

Page 852: ...the ipv6 nd other config flag will also be set Use no variant of this command to reset the value to the default Syntax ipv6 nd other config flag no ipv6 nd other config flag Default Unset Mode Interf...

Page 853: ...advertised by the router advertisement message The IPv6 address prefix uses the format X X prefix length The prefix length is usually set between 0 and 64 The default is X X 64 valid lifetime The the...

Page 854: ...awplus config interface vlan4 awplus config if ipv6 nd prefix 2001 0db8 64 864000 432000 Thefollowing exampleconfiguresthedevice toissuerouteradvertisementsonthe VLAN interface vlan4 and advertises th...

Page 855: ...Configuration for a VLAN interface Usage Advertisement flags will not be transmitted unless you have applied the ipv6 nd suppress ra command as shown in the example below Example To set the advertise...

Page 856: ...ies the lifetime of the current router to be announced in IPv6 Router Advertisements Advertisement flags will not be transmitted unless you have applied the ipv6 nd suppress ra command This instructio...

Page 857: ...d blocks RAs from untrusted hosts Blocking RAs stops untrusted hosts from flooding malicious RAs and stops any misconfigured hosts from disrupting traffic on the local network Enabling RA Guard on a p...

Page 858: ...Ware Plus Operating System Version 5 4 7 1 x IPV6 COMMANDS IPV6 ND RAGUARD Output Exampleoutputfromusing showrunning configinterfaceport1 0 2toverify RA Guard Related Commands show running config inte...

Page 859: ...nsmitted unless you have applied the ipv6 nd suppress ra command This instruction is included in the example shown below Example To set the reachable time in router advertisements on the VLAN interfac...

Page 860: ...d Mode Interface Configuration for a VLAN interface Examples To set the retransmission time of Neighbor Solicitation on the VLAN interface vlan2 to be 800000 milliseconds enter the following commands...

Page 861: ...iguration Use no parameter with this command to enable Router Advertisement transmission Syntax ipv6 nd suppress ra no ipv6 nd suppress ra Default Router Advertisement RA transmission is suppressed by...

Page 862: ...a specific IPv6 neighbor entry To clear all dynamic address entries use the clear ipv6 neighbors command Example To create a static neighbor entry for IPv6 address 2001 0db8 a2 on vlan 4 MAC address...

Page 863: ...figuration Usage When opportunistic neighbor discovery is enabled the device will reply to any received unsolicited ICMPv6 ND packets The source MAC address for the unsolicited ICMPv6 ND packet is add...

Page 864: ...teway ip gateway name distvalue Mode Global Configuration Usage Administrative distance can be modified so static routes do not take priority over other routes Example awplus configure terminal awplus...

Page 865: ...es to obtain information regarding the topology of a network Disabling destination unreachable messages using the no ipv6 unreachables command secures your network against this type of probing NOTE Di...

Page 866: ...The number of data bytes to send excluding the 8 byte ICMP header The default is 56 64 ICMP data bytes interface interface list The interface or range of configured IP interfaces to use as the source...

Page 867: ...IPV6 COMMANDS SHOW IPV6 FORWARDING show ipv6 forwarding Overview Use this command to display IPv6 forwarding status Syntax show ipv6 forwarding Mode User Exec and Privileged Exec Example awplus show i...

Page 868: ...rted with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ipv6 interface brief Mode User Exec and Privileged Exec Examples awplus show ipv6 interface brief Output Figure 23 2 Exam...

Page 869: ...V6 COMMANDS SHOW IPV6 NEIGHBORS show ipv6 neighbors Overview Use this command to display all IPv6 neighbors For information on filtering and saving command output see the Getting Started with AlliedWa...

Page 870: ...ers turned on use the following command awplus show ipv6 route Parameter Description connected Displays only the routes learned from connected interfaces database Displays only the IPv6 routing inform...

Page 871: ...Pv6 Routing Table Codes C connected S static R RIP O OSPF B BGP S 0 1 0 via 2001 a 0 0 c0a8 a6 vlan10 C 2001 db8 a 0 0 0 0 64 via vlan10 C 2001 db8 14 0 0 0 0 64 via vlan20 C 2001 db8 0 0 0 0 64 via v...

Page 872: ...see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ipv6 route summary Mode User Exec and Privileged Exec Example To display IP route summary use the foll...

Page 873: ...oute to the specified IPv6 host Syntax traceroute ipv6 ipv6 addr hostname Mode User Exec and Privileged Exec Example To run a traceroute for the IPv6 address 2001 0db8 a2 use the following command awp...

Page 874: ...e common across the routing IP protocols For more information see the Route Selection Feature Overview and Configuration Guide Command List ip route on page 875 ipv6 route on page 877 max fib routes o...

Page 875: ...tes Specify a Null interface to add a null or blackhole route to the switch A null or blackhole route is a routing table entry that does not forward packets so any packets sent to it are dropped Param...

Page 876: ...available through the device at 10 10 0 2 with the default administrative distance use the commands awplus configure terminal awplus config no ip route 192 168 3 0 255 255 255 0 10 10 0 2 To specify a...

Page 877: ...gateway ip gateway name distvalue Mode Global Configuration Usage Administrative distance can be modified so static routes do not take priority over other routes Example awplus configure terminal awpl...

Page 878: ...mands awplus config terminal awplus config max fib routes 2000 75 Parameter Description max fib routes This is the maximum number of routes that can be stored in the device s Forwarding Information da...

Page 879: ...aximum number of static routes to the default of 1000 static routes Syntax max static routes 1 1000 no max static routes Default The default number of static routes is the maximum number of static rou...

Page 880: ...of this command sets the maximum paths to the default of 4 Syntax maximum paths 1 8 no maximum paths Default By default the maximum number of paths is 4 Mode Global Configuration Examples To set the m...

Page 881: ...he OSPF routes in the FIB use the command awplus show ip route ospf Output Eachentry inthe outputfromthiscommandhasa codepreceding it indicating the source of the routing entry For example O indicates...

Page 882: ...reachable via next hop 10 10 31 16 The outgoing local interface for this route is vlan2 This route was added 20 minutes and 54 seconds ago OSPF External Route The OSPF external route entry consists o...

Page 883: ...613 50170 01 Rev B Command Reference for x510 Series 883 AlliedWare Plus Operating System Version 5 4 7 1 x ROUTING COMMANDS SHOW IP ROUTE Related Commands ip route maximum paths show ip route databas...

Page 884: ...nly the routes learned from connected interfaces ospf Displays only the routes learned from OSPF rip Displays only the routes learned from RIP static Displays only the static routes you have configure...

Page 885: ...C613 50170 01 Rev B Command Reference for x510 Series 885 AlliedWare Plus Operating System Version 5 4 7 1 x ROUTING COMMANDS SHOW IP ROUTE DATABASE Related Commands maximum paths show ip route...

Page 886: ...t modifiertoken to save the output to a file use the output redirection token Syntax show ip route summary Mode User Exec and Privileged Exec Example To display a summary of the current RIB entries us...

Page 887: ...eters turned on use the following command awplus show ipv6 route Parameter Description connected Displays only the routes learned from connected interfaces database Displays only the IPv6 routing info...

Page 888: ...IPv6 Routing Table Codes C connected S static R RIP O OSPF B BGP S 0 1 0 via 2001 a 0 0 c0a8 a6 vlan10 C 2001 db8 a 0 0 0 0 64 via vlan10 C 2001 db8 14 0 0 0 0 64 via vlan20 C 2001 db8 0 0 0 0 64 via...

Page 889: ...see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ipv6 route summary Mode User Exec and Privileged Exec Example To display IP route summary use the fol...

Page 890: ...ehavior on page 894 cisco metric behavior RIP on page 896 clear ip rip route on page 897 debug rip on page 898 default information originate RIP on page 899 default metric RIP on page 900 distance RIP...

Page 891: ...offset list RIP on page 925 passive interface RIP on page 926 recv buffer size RIP on page 927 redistribute RIP on page 928 restart rip graceful on page 929 rip restart grace period on page 930 route...

Page 892: ...configure terminal awplus config key chain mychain awplus config keychain key 1 awplus config keychain key accept lifetime 03 03 01 Sep 3 2016 04 04 02 Oct 6 2016 Parameter Description start date Spe...

Page 893: ...System Version 5 4 7 1 x RIP COMMANDS ACCEPT LIFETIME or awplus configure terminal awplus config key chain mychain awplus config keychain key 1 awplus config keychain key accept lifetime 03 03 01 3 S...

Page 894: ...RIP being advertised does not match the subnetting used on the outgoing RIPv1 interface it will be filtered The alliedware behavior command returns your router s RIPv1 behavior to the AlliedWare forma...

Page 895: ...vice to AlliedWare Plus like behavior when sending and receiving RIPv1 update messages enter the commands awplus configure terminal awplus config router rip awplus config router no alliedware behavior...

Page 896: ...ehavior enable disable no cisco metric behavior Default By default the Cisco metric behavior is disabled Mode Router Configuration Examples To enable the routing metric update to behave as per the Cis...

Page 897: ...ting table use the following command awplus clear ip rip route 10 0 0 0 8 Parameter Description ip dest network prefix length Removes entries which exactly match this destination address from RIP rout...

Page 898: ...Mode Privileged Exec and Global Configuration Example The following example displays information about the RIP packets that are received and sent out from the device awplus debug rip packet Related Co...

Page 899: ...re being redistributed the RIP protocol will advertise this default route irrespective of whether the default information originate command has been configured or not However if the router has not red...

Page 900: ...1 Mode RIP Router Configuration Usage This command is used with the redistribute RIP command to make the routing protocol use the specified metric value for all redistributed routes regardless of the...

Page 901: ...p addr prefix length access list Mode RIP Router Configuration Examples To set the administrative distance to 8 for the RIP routes within the 10 0 0 0 8 network that match the access list mylist use t...

Page 902: ...ng access list or prefix list If you do not specify the name of the interface the filter will be applied to all interfaces Examples In this example the following commands are used to apply an access l...

Page 903: ...update is configured the device advertises the full RIP route table in outgoing triggered updates including routes that have not changed This enables faster convergence times or allows inter operation...

Page 904: ...d for single key authentication Use the ip rip authentication key chain command for multiple keys authentication See the RIP Feature Overview and Configuration Guide for illustrated RIP configuration...

Page 905: ...config keychain key key string toyota awplus config keychain key accept lifetime 10 00 00 Oct 08 2016 duration 43200 awplus config keychain key send lifetime 10 00 00 Oct 08 2016 duration 43200 awplu...

Page 906: ...ation string command for single key authentication Use the ip rip authentication key chain command for multiple keys authentication See the RIP Feature Overview and Configuration Guide for illustrated...

Page 907: ...n for the given interface text or MD5 using the following commands awplus config if ip rip authentication mode md5 text Example 1 In the following example of a configuration for multiple keys authenti...

Page 908: ...3 The following example specifies mykey as the authentication string with MD5 authentication for the VLAN interface vlan2 awplus configure terminal awplus config interface vlan2 awplus config if ip r...

Page 909: ...configuring RIP see the RIP Feature Overview and Configuration Guide Use the following steps to configure a route to enable RIPv2 authentication using a single key or password 1 Define the authentica...

Page 910: ...following example the VLAN interface vlan2 is configured to have an authentication string as guest Any received RIP packet in that interface should have the same string as password awplus configure t...

Page 911: ...variant of this command to disable this feature Syntax ip rip receive packet no ip rip receive packet Default Receive packet is enabled Mode Interface Configuration for a VLAN interface Usage This co...

Page 912: ...mmand applies to a specific VLAN interface and overrides any the version specified by the version RIP command RIP can be run in version 1 or version 2 mode Version 2 has more features than version 1 i...

Page 913: ...variant of this command to disable this feature Syntax ip rip send packet no ip rip send packet Default Send packet is enabled Mode Interface Configuration for a VLAN interface Usage This command can...

Page 914: ...ore features than version 1 in particular RIP version 2 supports authentication and classless routing Once the RIP version is set RIP packets of that version will be received and sent on all the RIP e...

Page 915: ...to send RIP version 1 packets only awplus configure terminal awplus config interface vlan4 awplus config if ip rip send version 1 In the following example the VLAN interface vlan4 is configured to se...

Page 916: ...e version RIP command RIP can be run in version 1 compatible mode Version 2 has more features than version 1 in particular RIP version 2 supports authentication and classless routing Once the RIP vers...

Page 917: ...13 50170 01 Rev B Command Reference for x510 Series 917 AlliedWare Plus Operating System Version 5 4 7 1 x RIP COMMANDS IP RIP SEND VERSION 1 COMPATIBLE Related Commands ip rip send version version RI...

Page 918: ...uding routes in updates sent to the same gateway from which they were learned Without the poisoned parameter using this command causes routes learned from a neighbor to be omitted from updates sent to...

Page 919: ...o key keyid Mode Keychain Configuration Usage This command allows you to enter the keychain key mode where a password can be set for the key Example The following example configures a key number 1 and...

Page 920: ...ys Syntax key chain key chain name no key chain key chain name Mode Global Configuration Usage This command allows you to enter the keychain mode from which you can specify keys on this key chain Exam...

Page 921: ...mples In the following example the password for key1 in the key chain named mychain is set to password prime awplus configure terminal awplus config key chain mychain awplus config keychain key 1 awpl...

Page 922: ...imiting of the number of RIP routes stored in the routing table Syntax maximum prefix maxprefix threshold no maximum prefix Mode Router Configuration Example To configure the maximum number of RIP rou...

Page 923: ...and to exchange nonbroadcast routing information It can be used multiple times for additional neighbors The passive interface RIP command disables sending routing updates on an interface Use the neigh...

Page 924: ...d network or VLANs will be automatically advertised in RIP updates RIP updates will be sent and received within the specified network or VLAN Example Use the following commands to activate RIP routing...

Page 925: ...etworks match the access list the offset is applied to the metrics No change occurs if the offset value is zero Examples In this example the router examines the RIP updates being sent out from interfa...

Page 926: ...e Use the no variant of this command to disable this function Syntax passive interface interface no passive interface interface Default Disabled Mode RIP Router Configuration Example Use the following...

Page 927: ...fer size to the system default 196608 bits Syntax recv buffer size 8192 2147483647 no recv buffer size 8192 2147483647 Default 196608 bits is the system default when reset using the no variant of this...

Page 928: ...de RIP Router Configuration Example To apply the metric value 15 to static routes being redistributed into RIP use the commands awplus configure terminal awplus config router rip awplus config router...

Page 929: ...IP has performed a graceful shutdown Routes that have been installed into the route table by RIP are preserved until the specified grace period expires When a restart rip graceful command is issued th...

Page 930: ...e default RIP grace period is 60 seconds Usage Use this command to enable the Graceful Restart feature on the RIP process Entering this command configures a grace period for RIP When a master failover...

Page 931: ...gth Default No static RIP route is added by default Mode RIP Router Configuration Usage Use this command to add a static RIP route After adding the RIP route the route can be checked in the RIP routin...

Page 932: ...ss Use the no variant of this command to disable the RIP routing process Syntax router rip no router rip Mode Global Configuration Example This command is used to begin the RIP routing process awplus...

Page 933: ...onfig keychain key send lifetime 03 03 01 Jan 3 2016 04 04 02 Dec 6 2016 Parameter Description start date Specifies the start time and date in the format hh mm ss day month year or hh mm ss month day...

Page 934: ...C613 50170 01 Rev B Command Reference for x510 Series 934 AlliedWare Plus Operating System Version 5 4 7 1 x RIP COMMANDS SEND LIFETIME Related Commands key key string key chain accept lifetime...

Page 935: ...gging status for these debugging options nsmdebugging RIP eventdebugging RIP packet debugging and RIP nsm debugging For information on filtering and saving command output see the Getting Started with...

Page 936: ...s show ip protocols rip Output Figure 25 1 Example output from the show ip protocols rip command Routing Protocol is rip Sending updates every 30 seconds with 50 next due in 12 seconds Timeout after 1...

Page 937: ...Feature Overview and Configuration Guide Syntax show ip rip Mode User Exec and Privileged Exec Example awplus show ip rip Output Figure 25 2 Example output from the show ip rip command Related Command...

Page 938: ...ut the RIP database For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip rip database full Mode U...

Page 939: ...e Overview Use this command to display information about the RIP interfaces You can specify an interface name to display information about a specific interface Syntax show ip rip interface interface M...

Page 940: ...specified by the garbage parameter expires the metric 16 route is finally removed from the routing table Until the garbage time expires the route is included in all updates sent by the router All the...

Page 941: ...ts nsm packet Mode Privileged Exec Example To disable the options set for debugging RIP information events use the following command awplus undebug rip packet Related Commands debug rip Parameter Desc...

Page 942: ...on will be received and sent on all the RIP enabled interfaces Setting the version command has no impact on receiving updates only on sending them The ip rip send version command overrides the value s...

Page 943: ...es the encoding of the next hop for a set of routes For more information see the RIPng Feature Overview and Configuration Guide Command List aggregate address IPv6 RIPng on page 945 clear ipv6 rip rou...

Page 944: ...sion 5 4 7 1 x RIPNG FOR IPV6 COMMANDS router ipv6 rip on page 961 show debugging ipv6 rip on page 962 show ipv6 protocols rip on page 963 show ipv6 rip on page 964 show ipv6 rip database on page 965...

Page 945: ...ange covered by the aggregate route are retained in the RIPng database but are marked as suppressed routes The aggregate route will be advertised in RIPng updates and the component route will no longe...

Page 946: ...us clear ipv6 rip route 2001 db8 32 Parameter Description ipv6 addr prefix length Specify the IPv6 Address in format X X X X Prefix Length The prefix length is a decimal integer between 1 and 128 Remo...

Page 947: ...v detail send detail Default RIPng debugging is disabled by default Mode Privileged Exec and Global Configuration Example awplus debug ipv6 rip events awplus debug ipv6 rip packet send detail awplus d...

Page 948: ...nformation originate IPv6 RIPng Overview Use this command to generate a default route into RIPng Use the no variant of this command to disable this feature Syntax default information originate no defa...

Page 949: ...d metric value for all redistributed RIPng routes regardless of the original protocol that the route has been redistributed from Note this metric is not applied to routes that are brought into RIPng b...

Page 950: ...Configuration Usage Filter out incoming or outgoing route updates using the access list or the prefix list If you do not specify the name of the interface the filter is applied to all the interfaces E...

Page 951: ...route in the routing table Note this command only increments the metric for incoming routes on a specified interface Increasing the metric value for a VLAN interface increases the metric value of rou...

Page 952: ...ands awplus configure terminal awplus config router ipv6 rip awplus config router exit awplus config interface vlan2 awplus config if ipv6 rip metric offset 1 To reset the metric offset on the VLAN in...

Page 953: ...horizon command omits routes learned from one neighbor in updates sent to that neighbor Using the poisoned parameter with this command includes such routes in updates but sets their metrics to infinit...

Page 954: ...t RIPng routing is disabled by default Mode Interface Configuration for a VLAN interface only Usage This command can only be configured on VLAN interfaces Examples To enable RIPng routing on the VLAN...

Page 955: ...dditional neighbors The passive interface IPv6 RIPng command disables sending routing updates on an interface Use the neighbor command in conjunction with the passive interface IPv6 RIPng command to s...

Page 956: ...metric When the networks match the access list the offset is applied to the metrics No change occurs if the offset value is zero Example In this example the router examines the RIPng updates being se...

Page 957: ...this command to disable this function Syntax passive interface interface no passive interface interface Default Disabled Mode Router Configuration Examples To enable suppression of routing updates us...

Page 958: ...set it back to the system default of 196608 bits Syntax recv buffer size 8192 2147483647 no recv buffer size 8192 2147483647 Default The RIPng UDP receive buffer size is 196608 bits by default and is...

Page 959: ...Png metric value is set to 1 Mode Router Configuration Example To redistribute information from other routing protocols into RIPng use the following commands awplus configure terminal awplus config ro...

Page 960: ...fix length Mode Router Configuration Usage Use this command to add a static RIPng route After adding the RIPng route the route can be checked in the RIPng routing table Example To configure static RIP...

Page 961: ...e this global command to enter Router Configuration mode to enable a RIPng routing process Use the no variant of this command to disable the RIPng routing process Syntax router ipv6 rip no router ipv6...

Page 962: ...options of nsm debugging RIPng eventdebugging RIPng packetdebugging and RIPng nsm debugging For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature...

Page 963: ...tax show ipv6 protocols rip Mode User Exec and Privileged Exec Example To display RIPng process parameters and statistics use the following command awplus show ipv6 protocols rip Output awplus show ip...

Page 964: ...ration Guide Syntax show ipv6 rip Mode User Exec and Privileged Exec Example To display RIPng routes use the following command awplus show ipv6 rip Output Related Commands show ipv6 rip database Codes...

Page 965: ...Mode User Exec and Privileged Exec Example To display information about the RIPng database use the following command awplus show ipv6 rip database Output Related Commands show ipv6 rip Parameter Desc...

Page 966: ...ide Syntax show ipv6 rip interface interface Mode User Exec and Privileged Exec Example To display RIPng interface information use the following command awplus show ipv6 rip interface Output Parameter...

Page 967: ...mer is 120 seconds The no variant of this command restores the default RIPng routing timers Mode Router Configuration Example To adjust the RIPng routing network timers use the following commands awpl...

Page 968: ...bugging options use the following command awplus undebug ipv6 rip events awplus undebug ipv6 rip all awplus undebug ipv6 rip packet send awplus undebug ipv6 rip packet recv detail Related Commands deb...

Page 969: ...ost on page 972 area authentication on page 973 area filter list on page 974 area nssa on page 975 area range on page 977 area stub on page 979 area virtual link on page 980 auto cost reference bandwi...

Page 970: ...all on page 1010 ip ospf hello interval on page 1011 ip ospf message digest key on page 1012 ip ospf mtu on page 1014 ip ospf mtu ignore on page 1015 ip ospf network on page 1016 ip ospf priority on...

Page 971: ...1050 show ip ospf database opaque area on page 1052 show ip ospf database opaque as on page 1053 show ip ospf database opaque link on page 1054 show ip ospf database router on page 1055 show ip ospf d...

Page 972: ...SSA or stub area Refer to the RFC 3101 for information on NSSA Example To set the default cost to 10 in area 1 for the OSPF instance 100 use the commands awplus configure terminal awplus config router...

Page 973: ...the correct password may join the routing domain Give all routers that are to communicate with each other through OSPF the same authentication password Use the ip ospf authentication key command to sp...

Page 974: ...gure filters to advertise summary routes use the following commands awplus configure terminal awplus config access list 1 deny 172 22 0 0 awplus config router ospf 100 awplus config router area 1 filt...

Page 975: ...an NSSA not both The no variant of this command removes this designation Syntax area area id nssa default information originate metric no redistribution no summary translator role role no area area id...

Page 976: ...g router area 0 0 0 51 nssa awplus config router area 3 nssa translator role candidate no redistribution default information originate metric 34 metric type 2 Related Commands area default cost role T...

Page 977: ...s function and restores default behavior Syntax area area id range ip addr prefix length advertise not advertise no area area id range ip addr prefix length Default The area range is not configured by...

Page 978: ...rsion 5 4 7 1 x OSPF COMMANDS AREA RANGE Ensure OSPF IPv4 routes exist in the area range for advertisement before using this command Example awplus configure terminal awplus config router ospf 100 awp...

Page 979: ...the area default cost command The no variant of this command removes this definition Syntax area area id stub no summary no area area id stub no summary Mode Router Configuration Example awplus confi...

Page 980: ...retransmit interval 1 3600 transmit delay 1 3600 no area area id virtual link ip addr authentication dead interval hello interval retransmit interval transmit delay Parameter Description area id The...

Page 981: ...ansmissions The transmit delay is the time taken to transmit a link state update packet on the interface Before transmission the link state advertisements in the update packet are incremented by this...

Page 982: ...0 01 Rev B Command Reference for x510 Series 982 AlliedWare Plus Operating System Version 5 4 7 1 x OSPF COMMANDS AREA VIRTUAL LINK Related Commands area authentication show ip ospf show ip ospf virtu...

Page 983: ...ference bandwidth value to differentiate the costs on those links Cost is calculated by dividing the reference bandwidth Mbps by the layer 3 interface Switched Virtual Interface SVI Loopback or Ethern...

Page 984: ...ger 1 Interface cost is 1 The auto cost reference bandwidth value should be consistent across all OSPF routers in the OSPF process Note that using the ip ospf cost command on a layer 3 interface will...

Page 985: ...t VLAN Syntax bandwidth bandwidth setting no bandwidth Mode Interface Configuration for a VLAN interface Example To set the bandwidth on VLAN2 to be 1 Mbps use the following commands awplus configure...

Page 986: ...lesopaque LSAs Opaque LSAs are Type9 10and11LSAs that deliver information used by external applications Use the no variant of this command to disable opaque LSAs Syntax capability opaque no capability...

Page 987: ...ult this is enabled Use the no variant of this command to disable OSPF Graceful Restart and restart signaling features Syntax capability restart graceful signaling no capability restart Default Gracef...

Page 988: ...rocess Overview This command clears and restarts the OSPF routing process Specify the Process ID to clear one particular OSPF process When no Process ID is specified this command clears all running OS...

Page 989: ...metric of the component paths available RFC 2328 specifies a method for calculating metrics based on maximum cost It is possible that some ABRs in an area might conform to RFC 1583 and others support...

Page 990: ...command disable OSPF debugging Use this command without parameters to disable all the options Syntax debug ospf events abr asbr lsa nssa os router vlink no debug ospf events abr asbr lsa nssa os rout...

Page 991: ...and undebug variant of this command disable OSPF IFSM debugging Use this command without parameters to disable all the options Syntax debug ospf ifsm status events timers no debug ospf ifsm status ev...

Page 992: ...refresh Mode Privileged Exec and Global Configuration Examples awplus undebug ospf lsa refresh Output Figure 27 1 Example output from the debug ospf lsa command Related Commands terminal monitor unde...

Page 993: ...undebug variantof this commanddisableOSPF NFSMdebugging Use this command without parameters to disable all the options Syntax debug ospf nfsm events status timers no debug ospf nfsm events status time...

Page 994: ...undebug variant of this command disable OSPF NSM debugging Use this command without parameters to disable both options Syntax debug ospf nsm interface redistribute no debug ospf nsm interface redistr...

Page 995: ...est ls update recv send Mode Privileged Exec and Global Configuration Examples awplus debug ospf packet detail awplus debug ospf packet dd send detail awplus no debug ospf packet ls request recv detai...

Page 996: ...route debugging Use this command without parameters to disable all options Syntax debug ospf route ase ia install spf no debug ospf route ase ia install spf Mode Privileged Exec and Global Configurati...

Page 997: ...either Type 1 or 2 The default is Type 2 The no variant of this command disables this feature Syntax default information originate always metric metric metric type 1 2 route map route map no default...

Page 998: ...facilitates redistributing routes even with incompatible metrics If the metrics do not convert the default metric provides an alternative and enables the redistribution to continue The effect of this...

Page 999: ...ospf 1 255 Default The default OSPF administrative distance is 110 The default Administrative Distance for each type of route intra inter or external is 110 Mode Router Configuration Usage The admini...

Page 1000: ...for intra area routes 40 for external routes use the commands awplus config router ospf 100 awplus config router distance ospf inter area 20 intra area 10 external 40 To set the administrative distanc...

Page 1001: ...are being transferred For information about ACLs and route maps see the ACL Feature Overview and Configuration Guide and the Routemaps Feature Overview and Configuration Guide The no variant of this...

Page 1002: ...distribution is configured and an out distribute list is also configured then routes that match deny entries in the distribute list will not be redistributed into OSPF Examples The following example s...

Page 1003: ...s enabled the database exchange process is optimized by removing the LSA from the database summary list for the neighbor if the LSA instance in the database summary list is the same as or less recent...

Page 1004: ...st ip address area area id cost 0 65535 no host ip address area area id cost 0 65535 Default By default no host entry is configured Mode Router Configuration Example awplus configure terminal awplus c...

Page 1005: ...uthentication Mode Interface Configuration for a VLAN interface Usage Use the ip ospf authentication command to specify a Simple Text password Use the ip ospf message digest key command to specify MD5...

Page 1006: ...twork with the same password exchange OSPF routing data The key can be used only when authentication is enabled for an area Use the area authentication command to enable authentication Simple password...

Page 1007: ...the cost value calculated automatically with the auto cost reference bandwidth feature The interface cost indicates the overhead required to send packets across a certain VLAN interface This cost is...

Page 1008: ...terface Mode Interface Configuration for a VLAN interface Usage OSPF floods new LSAs over all interfaces in an area except the interface on which the LSA arrives This redundancy ensures robust floodin...

Page 1009: ...e no variant of this command returns the interval to the default of 40 seconds If you have configured this command specifying the IP address of the interface and want to remove the configuration speci...

Page 1010: ...ssing on a VLAN interface It overrides the network area command and disables the processing of packets on the specific interface Use the no variant of this command to restore OSPF packet processing on...

Page 1011: ...traffic The no variant of this command returns the interval to the default of 10 seconds Syntax ip ospf ip address hello interval 1 65535 no ip ospf ip address hello interval Default The default inte...

Page 1012: ...duplicate one copy of the packet will be transmitted for each of the current keys This is helpful for administrators who want to change the OSPF password without disrupting communication The system b...

Page 1013: ...config if ip ospf authentication message digest awplus config if ip ospf message digest key 1 md5 yourpass The following example shows configuring OSPF authentication on the VLAN interface vlan2 for t...

Page 1014: ...of this command to return the MTU size to the default Syntax ip ospf mtu 576 65535 no ip ospf mtu Default By default OSPF uses interface MTU derived from the VLAN interface Mode Interface Configurati...

Page 1015: ...e no ip ospf ip address mtu ignore Mode Interface Configuration for a VLAN interface Usage By default during the DD exchange process OSPF checks the MTU size described in the DD packets received from...

Page 1016: ...t OSPF network type for a VLAN interface Mode Interface Configuration for a VLAN interface Usage This command forces the interface network type to the specified type Depending on the network type OSPF...

Page 1017: ...OSPF Designated Router DR for a network If two routers attempt to become the DR the router with the higher router priority becomes the DR If the router priority is the same for two routers the router...

Page 1018: ...eighbor Use the no variant of this command to return to the default Syntax ip ospf ip address resync timeout 1 65535 no ip ospf ip address resync timeout Mode Interface Configuration for a VLAN interf...

Page 1019: ...uration for a VLAN interface Usage After sending an LSA to a neighbor the router keeps the LSA until it receives an acknowledgment In case the router does not receive an acknowledgment during the set...

Page 1020: ...terface Configuration for a VLAN interface Usage The transmit delay value adds a specified time to the age field of an update If the delay is not added the time in which the LSA transmits over the lin...

Page 1021: ...rent dd 1 65535 no max concurrent dd Mode Router Configuration Usage This command is useful when a router s performance is affected from simultaneously bringing up several OSPF adjacencies This comman...

Page 1022: ...the maximum number of OSPF areas is 4294967294 Mode Router Configuration Usage Use this command in router OSPF mode to specify the maximum number of OSPF areas Examples The following example sets the...

Page 1023: ...s the reduced rate at which routers continue to send hello packets when a neighboring router has become inactive Setthe poll interval to be much larger than hello interval Examples This example shows...

Page 1024: ...ork bits and consecutive 1 s as host bits Examples The following commands show the use of the network area command with OSPF multiple instance support disabled awplus configure terminal awplus config...

Page 1025: ...AlliedWare Plus Operating System Version 5 4 7 1 x OSPF COMMANDS NETWORK AREA The following commands disable OSPF routing with Area ID 3 on all interfaces awplus configure terminal awplus config route...

Page 1026: ...BR Type By this definition a router is considered an ABR if it has more than one area actively attached and one of them is the backbone area IBM ABR Type By this definition a router is considered an A...

Page 1027: ...running config The restart grace period is not displayed in the running config if it has been reset to the default using the no variant of this command When a master failover happens on a VCStack the...

Page 1028: ...the OSPF restart helper while the no ospf restart helper max grace period command resets the max grace period rather than the helper policy itself Example awplus configure terminal awplus config ospf...

Page 1029: ...50170 01 Rev B Command Reference for x510 Series 1029 AlliedWare Plus Operating System Version 5 4 7 1 x OSPF COMMANDS OSPF RESTART HELPER Related Commands ospf restart grace period restart ospf grac...

Page 1030: ...dress no ospf router id Mode Router Configuration Usage Configure each router with a unique router id In an OSPF router process that has active neighbors a new router id takes effect at the next reloa...

Page 1031: ...ard with this command if a shutdown is required if the number of LSAs exceeds the specified number Use soft with this command if a shutdown is not required but a warning message is required if the num...

Page 1032: ...SAs a router can receive once it is in the wait state It takes the number of seconds specified as the recover time to recover from this state Example The following example shows setting the maximum nu...

Page 1033: ...address no passive interface interface ip address Mode Router Configuration Usage Configure an interface to be passive if you wish its connected route to be treated as an OSPF route rather than an AS...

Page 1034: ...m other routing protocols into the OSPF domain to generate AS external LSAs If a route map is configured by this command then that route map is used to control which routes are redistributed and can s...

Page 1035: ...lus config route map rmap2 permit 3 awplus config route map match interface vlan1 awplus config route map set metric type 1 awplus config route map exit awplus config router ospf 100 awplus config rou...

Page 1036: ...utes installed by OSPF are preserved until the grace period expires When a restart ospf graceful command is issued the OSPF configuration is reloaded from the last saved configuration Ensure you first...

Page 1037: ...ommand then all OSPF routing processes are terminated and all OSPF configuration is removed Syntax router ospf process id no router ospf process id Default No routing process is defined by default Mod...

Page 1038: ...outer id ip address no router id Mode Router Configuration Usage Configure each router with a unique router id In an OSPF router process that has active neighbors a new router id is used at the next r...

Page 1039: ...are currently enabled For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging ospf Mode User...

Page 1040: ...ow ip ospf 100 Parameter Description process id 0 65535 The ID of the router process for which information will be displayed If this parameter is included only the information for the specified routin...

Page 1041: ...SPF algorithm executed 0 times Number of LSA 0 Checksum 0x000000 Table 1 Example output from the show ip ospf command cont Table 2 Example output from the show ip ospf process id command Routing Proce...

Page 1042: ...icence Route Limit The maximum number of OSPF routes which may be used for forwarding Allocate d The current total number of OSPF routes allocated in the OSPF module Visible The current number of OSPF...

Page 1043: ...mand output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip ospf border routers show ip ospf process id border routers Mode User Exec and Privilege...

Page 1044: ...and awplus show ip ospf 721 border routers Output Figure 27 4 Example output from the show ip ospf database command Parameter Description process id 0 65535 The ID of the router process for which info...

Page 1045: ...output from the show ip ospf database self originate command OSPF Router process 100 with ID 10 10 11 50 Router Link States Area 0 0 0 1 NSSA Link ID ADV Router Age Seq CkSum Link count 10 10 11 50 10...

Page 1046: ...ted with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip ospf database asbr summary ip addr self originate advrouter Mode User Exec and Privileged Exec Examples awplus show ip...

Page 1047: ...how ip ospf database external 1 2 3 4 adv router 2 3 4 5 Output Figure 27 6 Example output from the show ip ospf database external self originate command Parameter Description adv router Displays all...

Page 1048: ...tabase external adv router command awplus show ip ospf database external adv router 1 1 1 1 AS External Link States LS age 273 Options 0x2 E LS Type AS external LSA Link State ID 172 16 0 0 External N...

Page 1049: ...originate awplus show ip ospf database network 1 2 3 4 adv router 2 3 4 5 Output Figure 27 8 Example output from the show ip ospf database network command Parameter Description adv router id The rout...

Page 1050: ...database nssa external self originate awplus show ip ospf database nssa external 1 2 3 4 adv router 2 3 4 5 Output Figure 27 9 Example output from the show ip ospf database nssa external adv router c...

Page 1051: ...Link States Area 0 0 0 0 NSSA external Link States Area 0 0 0 1 NSSA LS age 78 Options 0x0 LS Type AS NSSA LSA Link State ID 0 0 0 0 External Network Number For NSSA Advertising Router 10 10 11 50 LS...

Page 1052: ...and Privileged Exec Examples awplus show ip ospf database opaque area 1 2 3 4 self originate awplus show ip ospf database opaque area self originate awplus show ip ospf database opaque area 1 2 3 4 ad...

Page 1053: ...xec and Privileged Exec Examples awplus show ip ospf database opaque as 1 2 3 4 self originate awplus show ip ospf database opaque as self originate awplus show ip ospf database opaque as 1 2 3 4 adv...

Page 1054: ...us show ip ospf database opaque link 1 2 3 4 self originate awplus show ip ospf database opaque link self originate awplus show ip ospf database opaque link 1 2 3 4 adv router 2 3 4 5 Output Figure 27...

Page 1055: ...nate awplus show ip ospf database router 1 2 3 4 adv router 2 3 4 5 Output Figure 27 13 Example output from the show ip ospf database router command Parameter Description adv router Displays all the L...

Page 1056: ...Link States Area 0 0 0 1 LS age 877 Options 0x2 E Flags 0x3 ABR ASBR LS Type router LSA Link State ID 10 10 11 50 Advertising Router 10 10 11 50 LS Seq Number 80000003 Checksum 0xee93 Length 36 Number...

Page 1057: ...ary 1 2 3 4 self originate awplus show ip ospf database summary self originate awplus show ip ospf database summary 1 2 3 4 adv router 2 3 4 5 Output Figure 27 14 Example output from the show ip ospf...

Page 1058: ...twork Number Advertising Router 10 10 11 50 LS Seq Number 80000001 Checksum 0x36ac Length 28 Network Mask 24 TOS 0 Metric 10 Summary Link States Area 0 0 0 1 LS age 1061 Options 0x2 E LS Type summary...

Page 1059: ...10 11 50 Summary Link States Area 0 0 0 0 LS age 989 Options 0x2 E LS Type summary LSA Link State ID 10 10 11 0 summary Network Number Advertising Router 10 10 11 50 LS Seq Number 80000001 Checksum 0...

Page 1060: ...17 Example output from the show ip ospf interface command Parameter Description interface name The VLAN name for example vlan3 vlan2 is up line protocol is up Internet Address 1 1 1 1 24 Area 0 0 0 0...

Page 1061: ...0 10 10 50 detail all Output Note that before a device enters OSPF Graceful Restart it first informs its OSPF neighbors In the show output the symbol beside the Dead Time parameter indicates that the...

Page 1062: ...n 00 00 38 Neighbor is up for 00 53 07 Database Summary List 0 Link State Request List 0 Link State Retransmission List 0 Crypt Sequence Number is 0 Thread Inactivity Timer on Thread Database Descript...

Page 1063: ...p ospf route Output Figure 27 21 Example output from the show ip ospf route command for a specific process Parameter Description ospf id 0 65535 The ID of the router process for which information will...

Page 1064: ...xec Examples To display virtual link information use the command awplus show ip ospf virtual links Output Figure 27 22 Example output from the show ip ospf virtual links command Virtual Link VLINK0 to...

Page 1065: ...Mode User Exec and Privileged Exec Examples To display OSPF process parameters and statistics use the command awplus show ip protocols ospf Output Figure 27 23 Example output from the show ip protocol...

Page 1066: ...ach route individually in an external LSA Use the summary address command to advertise one summary route for all redistributed routes covered by a specified network address and mask This helps decreas...

Page 1067: ...the calculation of the Shortest Path First SPF Examples To set the minimum delay time to 5 milliseconds and maximum delay time to 10 milliseconds use the commands awplus configure terminal awplus con...

Page 1068: ...and Reference for x510 Series 1068 AlliedWare Plus Operating System Version 5 4 7 1 x OSPF COMMANDS UNDEBUG OSPF EVENTS undebug ospf events Overview This command applies the functionality of the no de...

Page 1069: ...ommand Reference for x510 Series 1069 AlliedWare Plus Operating System Version 5 4 7 1 x OSPF COMMANDS UNDEBUG OSPF IFSM undebug ospf ifsm Overview This command applies the functionality of the no deb...

Page 1070: ...Command Reference for x510 Series 1070 AlliedWare Plus Operating System Version 5 4 7 1 x OSPF COMMANDS UNDEBUG OSPF LSA undebug ospf lsa Overview This command applies the functionality of the no deb...

Page 1071: ...ommand Reference for x510 Series 1071 AlliedWare Plus Operating System Version 5 4 7 1 x OSPF COMMANDS UNDEBUG OSPF NFSM undebug ospf nfsm Overview This command applies the functionality of the no deb...

Page 1072: ...Command Reference for x510 Series 1072 AlliedWare Plus Operating System Version 5 4 7 1 x OSPF COMMANDS UNDEBUG OSPF NSM undebug ospf nsm Overview This command applies the functionality of the no deb...

Page 1073: ...and Reference for x510 Series 1073 AlliedWare Plus Operating System Version 5 4 7 1 x OSPF COMMANDS UNDEBUG OSPF PACKET undebug ospf packet Overview This command applies the functionality of the no de...

Page 1074: ...mmand Reference for x510 Series 1074 AlliedWare Plus Operating System Version 5 4 7 1 x OSPF COMMANDS UNDEBUG OSPF ROUTE undebug ospf route Overview This command applies the functionality of the no de...

Page 1075: ...on page 1081 area encryption ipsec spi esp on page 1082 area range IPv6 OSPF on page 1085 area stub IPv6 OSPF on page 1087 area virtual link IPv6 OSPF on page 1088 area virtual link authentication ip...

Page 1076: ...age 1125 ipv6 router ospf area on page 1126 max concurrent dd IPv6 OSPF on page 1128 passive interface IPv6 OSPF on page 1129 redistribute IPv6 OSPF on page 1130 restart ipv6 ospf graceful on page 113...

Page 1077: ...inks on page 1159 summary address IPv6 OSPF on page 1160 timers spf IPv6 OSPF deprecated on page 1162 timers spf exp IPv6 OSPF on page 1163 undebug ipv6 ospf events on page 1164 undebug ipv6 ospf ifsm...

Page 1078: ...ter is considered an ABR if it has more than one area actively attached and one of them is the backbone area IBM ABR Type By this definition a router is considered an ABR if it has more than one area...

Page 1079: ...link interfaces Use the sha1 keyword to choose SHA 1 authentication instead of entering the md5 keyword to use MD5 authentication The SHA 1 algorithm is more secure than the MD5 algorithm SHA 1 uses...

Page 1080: ...partofarea authentication not being authenticated So neighbors time out Example To enable MD5 authentication with a 32 hexadecimal character key for OPSPF area 1 use the commands awplus configure term...

Page 1081: ...area border router that is attached to the stub area Example To set the default cost to 10 in area 1 for the OSPF process P2 use the commands awplus configure terminal awplus config router ipv6 ospf...

Page 1082: ...decimal format Use one of the following formats ip addr OSPF area ID expressed in IPv4 address format A B C D 0 4294967295 OSPF area ID expressed as a decimal number within the range shown For exampl...

Page 1083: ...authentication See the OSPFv3 Feature Overview and Configuration Guide for more information and examples NOTE You can configure an encryption security policy SPI on an OSPFv3 area with this command o...

Page 1084: ...e ESP encryption with a 32 hexadecimal character AES CBC key and a 40 hexadecimal character SHA 1 authentication key for OPSPF area 1 use the commands awplus configure terminal awplus config router ip...

Page 1085: ...estores default behavior Syntax area area id range ipv6address prefix length advertise not advertise no area area id range ipv6address prefix length Default The area range is not configured by default...

Page 1086: ...ating System Version 5 4 7 1 x OSPFV3 FOR IPV6 COMMANDS AREA RANGE IPV6 OSPF Ensure OSPFv3 IPv6 routes exist in the area range for advertisement before using this command Example awplus configure term...

Page 1087: ...all routers attached to the stub area configure the area by using the area stub command For an area border router ABR attached to the stub area also use the area default cost command Example awplus c...

Page 1088: ...rval retransmit interval transmit delay Parameter Description area id The area ID of the transit area that the virtual link passes through This can be entered in either dotted decimal format or normal...

Page 1089: ...erdetectingtopologicalchanges faster but also an increase in the routing traffic The retransmit interval is the expected round trip delay between any two routersin anetwork Setthevaluetobegreaterthant...

Page 1090: ...ter Description area id The OSPF area that you are specifying the summary route default cost for This can be entered in either dotted decimal format or normal decimal format Use one of the following f...

Page 1091: ...OSPFv3 Feature Overview and Configuration Guide for more information and examples Example To enable MD5 authentication with a 32 hexadecimal character key for virtual links in OPSPF area 1 use the com...

Page 1092: ...ormat or normal decimal format Use one of the following formats ip addr OSPF area ID expressed in IPv4 address format A B C D 0 4294967295 OSPF area ID expressed as a decimal number within the range s...

Page 1093: ...nfiguration If an interface configuration is removed then an area configuration is applied to an interface instead Use the sha1 keyword to choose SHA 1 authentication instead of entering the md5 keywo...

Page 1094: ...outer ipv6 ospf awplus config router area 1 virtual link 10 0 0 1 encryption ipsec spi 1000 esp aes cbc 1234567890ABCDEF1234567890ABCDEF sha1 1234567890ABCDEF1234567890ABCDEF12345678 To enable ESP enc...

Page 1095: ...fy a larger reference bandwidth value to differentiate the costs on those links Cost is calculated by dividing the reference bandwidth Mbps by the layer 3 interface Switched Virtual Interface SVI Loop...

Page 1096: ...st integer 1 Interface cost is 1 The auto cost reference bandwidth value should be consistent across all OSPF routers in the OSPF process Note that using the ipv6 ospf cost command on a layer 3 interf...

Page 1097: ...in that VLAN Syntax bandwidth bandwidth setting no bandwidth Mode Interface Configuration for a VLAN interface Example To set the bandwidth on VLAN2 to be 1 Mbps use the following commands awplus conf...

Page 1098: ...f process Overview This command clears and restarts the IPv6 OSPF routing process Specify the Process ID to clear one particular OSPF process When no Process ID is specified this command clears all ru...

Page 1099: ...g variants of this command disable OSPF debugging Using this command with no parameters entered will disable debugging for all parameter options Syntax debug ipv6 ospf events abr asbr os router vlink...

Page 1100: ...nts of this command disable IPv6 OSPF IFSM debugging Use these commands without parameters to disable all the options Syntax debug ipv6 ospf ifsm events status timers no debug ipv6 ospf ifsm events st...

Page 1101: ...iants of this command disable IPv6 OSPF LSA debugging Use this command without parameters to disable all the options Syntax debug ipv6 ospf lsa flooding generate install maxage refresh no debug ipv6 o...

Page 1102: ...ariants of this command disable IPv6 OSPF NFSM debugging Use this command without parameters to disable all the options Syntax debug ipv6 ospf nfsm events status timers no debug ipv6 ospf nfsm events...

Page 1103: ...v6 ospf packet dd detail hello ls ack ls request ls update recv send Mode Privileged Exec and Global Configuration Examples To enable debugging for hello packets use the following command awplus debug...

Page 1104: ...ut parameters to disable all options Syntax debug ipv6 ospf route ase ia install spf no debug ipv6 ospf route ase ia install spf Mode Privileged Exec and Global Configuration Examples To enable IPv6 r...

Page 1105: ...uld be either Type 1 or 2 The default is Type 2 The no variant of this command disables this feature Syntax default information originate always metric metric metric type 1 2 route map route map no de...

Page 1106: ...age A default metric facilitates redistributing routes even with incompatible metrics If the metrics do not convert the default metric provides an alternative and enables theredistributionto continue...

Page 1107: ...area 1 254 no distance ospfv3 1 254 Default The default OSPFv3 administrative distance is 110 The default Administrative Distance for each type of route intra inter or external is 110 Mode Router Conf...

Page 1108: ...ea routes 10 for intra area routes 40 for external routes use the commands awplus config router ipv6 ospf 100 awplus config router distance ospfv3 inter area 20 intra area 10 external 40 To set the ad...

Page 1109: ...d applies filtering to the transfer of routing information between OSPFv3 and the IPv6 route table You can apply filtering in either direction from OSPFv3 to the IPv6 route table using an in distribut...

Page 1110: ...deny entries in the distribute list will not be redistributed into OSPFv3 Example Thebelowcommandsredistributeincomingroute updatesfromnetworksdefined with the standard named access list called myacl...

Page 1111: ...ord to choose SHA 1 authentication instead of entering the md5 keyword to use MD5 authentication The SHA 1 algorithm is more secure than the MD5 algorithm SHA 1 uses a 40 hexadecimal character key ins...

Page 1112: ...v3 area ThisisduetoOSPFv3hellomessagesingressingVLANinterfaces whicharepartofarea authentication not being authenticated So neighbors time out Example To enable MD5 authentication with a 32 hexadecima...

Page 1113: ...packets out the interface Using this command overrides the cost value calculated automatically with the auto cost reference bandwidth IPv6 OSPF feature The link state metric cost is stated in the Rout...

Page 1114: ...s hello packets It must be a multiple of the hello interval and be the same for all routers on a specific network The no variant of this command returns the interval to the default of 40 seconds Synta...

Page 1115: ...line Overview Use this command to change the result of the show ipv6 route command to display each route entry on a single line Syntax ipv6 ospf display route single line no ipv6 ospf display route si...

Page 1116: ...value on all interfaces that connect to the same link SPI values are used by link interfaces Use a different SPI value for a different link interface when using OSPFv3 with link interfaces Parameter...

Page 1117: ...gure an encryption security policy SPI on a VLAN interface with this command or an OSPFv3 area with the area encryption ipsec spi esp command When you configure encryption for an area the security pol...

Page 1118: ...ecimal character key and SHA 1 authentication with a 40 hexadecimal character key for interface VLAN 2 use the commands awplus configure terminal awplus config interface vlan2 awplus config if ipv6 os...

Page 1119: ...ical changes but results in more routing traffic The no variant of this command returns the interval to the default of 10 seconds Syntax ipv6 ospf hello interval 1 65535 no ipv6 ospf hello interval De...

Page 1120: ...e neighbor s primary IPv6 address on the interface where that neighbor connects to the NBMA network The poll interval is the reduced rate at which routers continue to send hello packets when a neighbo...

Page 1121: ...NEIGHBOR Examples This example shows a neighbor configured with a priority value poll interval time and cost awplus configure terminal awplus config interface eth1 awplus config if ipv6 ospf neighbor...

Page 1122: ...broadcast OSPF network type for a VLAN interface Mode Interface Configuration for a VLAN interface Usage This command forces the interface network type to the specified type Depending on the network t...

Page 1123: ...e OSPF Designated Router DR for a link If two routers attempt to become the DR the router with the higher router priority becomes the DR If the router priority is the same for two routers the router w...

Page 1124: ...de Interface Configuration for a VLAN interface Usage After sending an LSA to a neighbor the router keeps the LSA until it receives an acknowledgment In case the router does not receive an acknowledgm...

Page 1125: ...1 second Mode Interface Configuration for a VLAN interface Usage The transmit delay value adds a specified time to the age field of an update If the delay is not added the time in which the LSA trans...

Page 1126: ...ure Overview and Configuration Guide for more information and examples Examples The following commands enable IPv6 OSPF on VLAN interface vlan2 OSPF area 1 tag PT2 and instance 2 awplus configure term...

Page 1127: ...Plus Operating System Version 5 4 7 1 x OSPFV3 FOR IPV6 COMMANDS IPV6 ROUTER OSPF AREA The following commands disable IPv6 OSPF on VLAN interface vlan2 and OSPF area 1 awplus configure terminal awplu...

Page 1128: ...m number of LSAs Syntax max concurrent dd max neighbors no max concurrent dd Mode Router Configuration Usage This command is useful where bringing up several adjacencies on a router is affecting perfo...

Page 1129: ...guration Usage Configure an interface to be passive if you wish its connected route to be treated as an OSPF route rather than an AS external route but do not wish to actually exchange any OSPF packet...

Page 1130: ...l which routes are redistributed and can set metric and tag values on particular routes The metric metric type and tag values specified on this command are applied to any redistributed routes that are...

Page 1131: ...SPFV3 FOR IPV6 COMMANDS REDISTRIBUTE IPV6 OSPF Example The following example shows the redistribution of RIP routes into the IPv6 OSPF routing table with a metric of 10 and a metric type of 1 awplus c...

Page 1132: ...F grace period is 120 seconds Mode Privileged Exec Usage After this command is executed the OSPFv3 process immediately shuts down It notifies the system that OSPF has performed a graceful shutdown Rou...

Page 1133: ...and LSAs issued from each process will appear as if coming from a separate physical router To a large extent the requirement for multiple processes has been replaced by the ability within IPv6 OSPF of...

Page 1134: ...ter id router id no router id Mode Router Configuration Usage Configure each router with a unique router id In an IPv6 OSPF router process that has active neighbors a new router id takes effect at the...

Page 1135: ...command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging ipv6 ospf Mode User Exec and Privileged Exec Example awplus show debugging ip...

Page 1136: ...es For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ipv6 ospf show ipv6 ospf process id Mode Use...

Page 1137: ...nternal 0 Route Licence Breach Current 0 Watermark 0 Process uptime is 6 minutes Current grace period is 120 secs default SPF schedule delay min 0 500 secs SPF schedule delay max 50 0 secs Minimum LSA...

Page 1138: ...uter adv router id Mode User Exec and Privileged Exec Example To display the database summary for IPv6 OSPF information on process P10 use the command awplus show ipv6 ospf P10 database Output Figure...

Page 1139: ...0 1 2 979 0x800000d8 0xad2b 1 0 0 0 0 0 0 1 3 1005 0x800000cf 0xefed 1 Network LSA Area 0 0 0 0 Link State ID ADV Router Age Seq CkSum 0 0 0 202 0 0 1 2 1764 0x800000c2 0x94c3 0 0 0 203 0 0 1 3 1010 0...

Page 1140: ...information about the external LSAs use the following command awplus show ipv6 ospf database external adv router 10 10 10 1 Output Figure 28 4 Example output from the show ipv6 ospf database external...

Page 1141: ...nformation about the grace LSAs use the following command awplus show ipv6 ospf database grace adv router 10 10 10 1 Output Figure 28 5 Example output from the show ipv6 ospf database grace command Pa...

Page 1142: ...lay information about the inter prefix LSAs use the following command awplus show ipv6 ospf database external adv router 10 10 10 1 Output Figure 28 6 Example output from the show ipv6 ospf database i...

Page 1143: ...y information about the inter router LSAs use the following command awplus show ipv6 ospf database inter router adv router 10 10 10 1 Output Figure 28 7 Example output from the show ipv6 ospf database...

Page 1144: ...y information about the intra prefix LSAs use the following command awplus show ipv6 ospf database intra prefix adv router 10 10 10 1 Output Figure 28 8 Example output from the show ipv6 ospf database...

Page 1145: ...formation about the link LSAs use the following command awplus show ipv6 ospf database link adv router 10 10 10 1 Output Figure 28 9 Example output from the show ipv6 ospf database link command Parame...

Page 1146: ...Exec and Privileged Exec Examples To display information about the OSPFv3 network LSAs use the following command awplus show ipv6 ospf database network Output Figure 28 10 Example output from the sho...

Page 1147: ...ystem Version 5 4 7 1 x OSPFV3 FOR IPV6 COMMANDS SHOW IPV6 OSPF DATABASE NETWORK LS age 1144 LS Type Network LSA Link State ID 0 0 0 203 Advertising Router 0 0 1 3 LS Seq Number 0x800000C4 Checksum 0x...

Page 1148: ...v router id Mode User Exec and Privileged Exec Examples To display information about the OSPFv3 router LSAs use the following command awplus show ipv6 ospf database router Output Figure 28 11 Example...

Page 1149: ...LS Type Router LSA Link State ID 0 0 0 0 Advertising Router 0 0 1 2 LS Seq Number 0x800000D5 Checksum 0xB328 Length 40 Flags 0x00 Options 0x000013 R E V6 Link connected to a Transit Network Metric 1 I...

Page 1150: ...0 0 1 1 LS Seq Number 0x80000009 Checksum 0xD696 Length 52 Metric Type 2 Larger than any link state path Metric 20 Prefix 2011 2222 64 Prefix Options 0 Forwarding Address 2003 1111 1 LS age 1384 LS Ty...

Page 1151: ...0 0 1 1 LS Seq Number 0x8000000C Checksum 0xD295 Length 52 Metric Type 2 Larger than any link state path Metric 20 Prefix 2012 2222 64 Prefix Options 0 Forwarding Address 2003 1111 1 LS age 1087 LS Ty...

Page 1152: ...FV3 FOR IPV6 COMMANDS SHOW IPV6 OSPF DATABASE ROUTER LS age 1087 LS Type AS External LSA Link State ID 0 0 0 18 Advertising Router 0 0 1 1 LS Seq Number 0x8000000C Checksum 0xD889 Length 52 Metric Typ...

Page 1153: ...rom the show ipv6 ospf interface command showing OSPFv3 Authentication configuration information highlighted in bold Parameter Description interface name An alphanumeric string that is the interface n...

Page 1154: ...ospf interface vlan3 vlan3 is up line protocol is up Interface ID 203 IPv6 Prefixes fe80 200 cdff fe24 daae 64 Link Local Address 2003 1111 2 64 OSPFv3 Process P1 Area 0 0 0 0 Instance ID 0 Router ID...

Page 1155: ...nfiguration Guide Syntax show ipv6 ospf process id neighbor neighbor id show ipv6 ospf process id neighbor detail show ipv6 ospf process id neighbor interface detail Mode User Exec and Privileged Exec...

Page 1156: ...om show ipv6 ospf neighbor detail awplus show ipv6 ospf neighbor detail Neighbor 0 0 1 2 interface address fe80 215 77ff fec9 7472 In the area 0 0 0 0 via interface vlan2 Neighbor priority is 1 State...

Page 1157: ...y the OSPF routing table for specified processes For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax sho...

Page 1158: ...1 E2 OSPF external type 2 Destination Metric Next hop O 2002 1111 64 2 via fe80 200 cdff fe24 daae vlan3 Area 0 0 0 0 C 2003 1111 64 1 directly connected vlan3 Area 0 0 0 0 O 2004 1111 64 3 via fe80 2...

Page 1159: ...Overview and Configuration Guide for more information and examples Examples To display virtual link information use the command awplus show ipv6 ospf virtual links Output Figure 28 17 Example output f...

Page 1160: ...3 requires the router to advertise each route individually in an external LSA Use this command to advertise one summary route for all redistributed routes covered by a specified prefix to decrease the...

Page 1161: ...that match the IPv6 prefix 2001 0db8 32 and assigns a tag value of 3 awplus configure terminal awplus config router ipv6 ospf awplus config router summary address 2001 0db8 32 tag 3 The following exa...

Page 1162: ...n 5 4 7 1 x OSPFV3 FOR IPV6 COMMANDS TIMERS SPF IPV6 OSPF DEPRECATED timers spf IPv6 OSPF deprecated Overview This command has been deprecated because SPF timers have been replaced by exponential SPF...

Page 1163: ...s and triggers a new SPF run before the last SPF holdtimer has finished The time between runs may increase up to the max holdtime value This increase in holdtime prevents too many SPF runs from occurr...

Page 1164: ...for x510 Series 1164 AlliedWare Plus Operating System Version 5 4 7 1 x OSPFV3 FOR IPV6 COMMANDS UNDEBUG IPV6 OSPF EVENTS undebug ipv6 ospf events Overview This command applies the functionality of t...

Page 1165: ...nce for x510 Series 1165 AlliedWare Plus Operating System Version 5 4 7 1 x OSPFV3 FOR IPV6 COMMANDS UNDEBUG IPV6 OSPF IFSM undebug ipv6 ospf ifsm Overview This command applies the functionality of th...

Page 1166: ...rence for x510 Series 1166 AlliedWare Plus Operating System Version 5 4 7 1 x OSPFV3 FOR IPV6 COMMANDS UNDEBUG IPV6 OSPF LSA undebug ipv6 ospf lsa Overview This command applies the functionality of th...

Page 1167: ...nce for x510 Series 1167 AlliedWare Plus Operating System Version 5 4 7 1 x OSPFV3 FOR IPV6 COMMANDS UNDEBUG IPV6 OSPF NFSM undebug ipv6 ospf nfsm Overview This command applies the functionality of th...

Page 1168: ...for x510 Series 1168 AlliedWare Plus Operating System Version 5 4 7 1 x OSPFV3 FOR IPV6 COMMANDS UNDEBUG IPV6 OSPF PACKET undebug ipv6 ospf packet Overview This command applies the functionality of t...

Page 1169: ...ce for x510 Series 1169 AlliedWare Plus Operating System Version 5 4 7 1 x OSPFV3 FOR IPV6 COMMANDS UNDEBUG IPV6 OSPF ROUTE undebug ipv6 ospf route Overview This command applies the functionality of t...

Page 1170: ...is used to create a route map and or route map entry and to put you into route map mode match commands used to determine which routes the route map applies to set commands used to modify matching rou...

Page 1171: ...the route map entry Use the no variant of this command without a specified interface to remove all interfaces Syntax match interface interface no match interface interface Mode Route map Configuratio...

Page 1172: ...ecify the prefix or prefixes to match by either specifying the name of an access list To create the access list enter Global Configuration mode and use the access list command specifying the name of a...

Page 1173: ...ations This command is valid for OSPF routes RIP routes Examples To add entry 3 to the route map called myroute which will process routes that match the ACL called List1 use the commands awplus config...

Page 1174: ...x510 Series 1174 AlliedWare Plus Operating System Version 5 4 7 1 x ROUTE MAP COMMANDS MATCH IP ADDRESS Related Commands access list extended numbered access list standard numbered ip prefix list rou...

Page 1175: ...ote that access lists prefix lists and route map entries all specify an action of deny or permit The action in the access list or prefix list determines whether the route map checks update messages an...

Page 1176: ...erminal awplus config route map rmap1 permit 3 awplus config route map match ip next hop mylist To add entry 3 to the route map called mymap which will process routes whose next hop matches the prefix...

Page 1177: ...accepted nor forwarded irrespective of permit or deny specifications The match ipv6 address prefix list command specifies the entries of prefix lists to be matched If there is a match for the specifi...

Page 1178: ...etric match clause entering this command replaces that match clause with the new clause Use the no variant of this command to remove the metric match clause from the route map entry Syntax match metri...

Page 1179: ...e type match clause from the route map entry Syntax match route type external type 1 type 2 no match route type external type 1 type 2 Mode Route map Configuration Usage Use the match route type exter...

Page 1180: ...lause If the route map entry already has a tag match clause entering this command replaces that match clause with the new clause Use the no variant of this command to remove the tag match clause from...

Page 1181: ...mit seq Mode Global Configuration Usage Route maps allow you to control and modify routing information by filtering routes and setting route attributes You can apply route maps when the device redistr...

Page 1182: ...ntry 2 of the route map called route1 and then add a match and set clause to it use the commands awplus configure terminal awplus config route map route1 permit 2 awplus config route map match interfa...

Page 1183: ...e set clause Syntax set ip next hop ip address no set ip next hop ip address Mode Route map Configuration Usage Use this command to set the next hop IP address to the routes This command is valid for...

Page 1184: ...The default metric value for routes redistributed into OSPF and OSPFv3 is 20 Mode Route map Configuration Usage This command is valid for OSPF routes RIP routes Note that defining the OSPF metric in a...

Page 1185: ...7 1 x ROUTE MAP COMMANDS SET METRIC To use entry 3 of the route map called rmap1 to increase the metric of matching routes by 2 use the commands awplus configure terminal awplus config route map rmap...

Page 1186: ...2 no set metric type type 1 type 2 Mode Route map Configuration Usage This command is valid for OSPF routes only Example To use entry 3 of the route map called rmap1 to redistribute matching routes in...

Page 1187: ...is command to remove the set clause Syntax set tag tag value no set tag tag value Mode Route map Configuration Usage This command is valid only when redistributing routes into OSPF Example To use entr...

Page 1188: ...ec and Privileged Exec Example To display information about the route map named example map use the command awplus show route map example map Output Figure 29 1 Example output from the show route map...

Page 1189: ...C613 50170 01 Rev B Command Reference for x510 Series 1189 AlliedWare Plus Operating System Version 5 4 7 1 x Part 4 Multicast Applications...

Page 1190: ...ng This chapter describes the commands to configure IGMP Querier behaviour and selection IGMP Snooping and IGMP Proxy Command List clear ip igmp on page 1192 clear ip igmp group on page 1193 clear ip...

Page 1191: ...oping source timeout on page 1223 ip igmp snooping tcn query solicit on page 1224 ip igmp source address check on page 1226 ip igmp ssm on page 1227 ip igmp ssm map enable on page 1228 ip igmp ssm map...

Page 1192: ...IGMP SNOOPING COMMANDS CLEAR IP IGMP clear ip igmp Overview Use this command to clear all IGMP group membership records on all VLAN interfaces Syntax clear ip igmp Mode Privileged Exec Example awplus...

Page 1193: ...an interface can be specified Specifying this will mean that only entries with the group learned on the interface will be deleted Examples To delete all group records use the command awplus clear ip...

Page 1194: ...ular interface Syntax clear ip igmp interface interface Mode Privileged Exec Usage This command applies to interfaces configured for IGMP IGMP Snooping or IGMP Proxy Example To delete records for vlan...

Page 1195: ...omponent of IGMP Syntax debug igmp all decode encode events fsm tib no debug igmp all decode encode events fsm tib Modes Privileged Exec and Global Configuration Example awplus configure terminal awpl...

Page 1196: ...of this command to return all IGMP related configuration to the default on this interface Syntax ip igmp no ip igmp Default Disabled Mode Interface Configuration for a VLAN interface Usage An IP addr...

Page 1197: ...yntax ip igmp access group access list number access list name no ip igmp access group Default By default there are no access lists configured on any interface Mode Interface Configuration for a VLAN...

Page 1198: ...L2 switched network running IGMP it is considered more robust to flood all specific queries In most cases the benefit of flooding specific queries to all VLAN member ports outweighs the disadvantages...

Page 1199: ...no ip igmp immediate leave Default Disabled by default Mode Interface Configuration for a VLAN interface Usage This command applies to VLAN interfaces configured for IGMP IGMP Snooping or IGMP Proxy E...

Page 1200: ...unt 2 7 no ip igmp last member query count Default The default last member query count value is 2 Mode Interface Configuration for a VLAN interface Usage This command applies to VLAN interfaces config...

Page 1201: ...ry interval Default 1000 milliseconds Mode Interface Configuration for a VLAN interface Usage This command applies to VLAN interfaces configured for IGMP IGMP Snooping or IGMP Proxy Example To change...

Page 1202: ...ult limit which is reset by the no variant of this command is 512 Mode Global Configuration and Interface Configuration for a VLAN interface Usage This command applies to VLAN interfaces configured fo...

Page 1203: ...IGMP snooping fast leave on the relevant VLANs To enable fast leave use the command awplus config if ip igmp snooping fast leave Thedevicekeepscountofthe numberofgroups learned byeachport This counter...

Page 1204: ...nts to 10 groups on port 1 0 1 which is in vlan1 use the commands awplus configure terminal awplus config interface port1 0 1 awplus config if ip igmp maximum groups 10 awplus config if exit awplus co...

Page 1205: ...for IGMP Proxy You must also enable the IGMP proxy service on the upstream interface using the ip igmp proxy service command You can associate one or more downstream mroute proxy interfaces on the dev...

Page 1206: ...s on this device using the command ip igmp mroute proxy IGMP Proxy does not work with other multicast routing protocols such as PIM SM or PIM DM From version 5 4 7 1 1 onwards IGMP mroute proxy interf...

Page 1207: ...t The default timeout interval is 255 seconds Mode Interface Configuration for a VLAN interface Usage This command applies to VLAN interfaces configured for IGMP The timeout value should not be less t...

Page 1208: ...DoS Denial of Service attack if a stream of Query Solicitation QS packets are sent to the IGMP Querier eliciting a rapid stream of IGMP Queries This command applies to interfaces on which the device i...

Page 1209: ...NDS IP IGMP QUERY HOLDTIME To reset the IGMP query holdtime to the default 500 ms for vlan10 use the following commands awplus configure terminal awplus config interface vlan10 awplus config if no ip...

Page 1210: ...d for IGMP Note that the IGMP query interval is automatically set to a greater value than the IGMP query max response time For example if you set the IGMP query max response time to 2 seconds using th...

Page 1211: ...reset the period between sending IGMP host query messages to the default 125 seconds for vlan10 use the following commands awplus configure terminal awplus config interface vlan10 awplus config if no...

Page 1212: ...ple if you set the IGMP query interval to 3 seconds using the ip igmp query interval command and the current IGMP query interval is less than 3 seconds then the IGMP query maximum response time will b...

Page 1213: ...Reference for x510 Series 1213 AlliedWare Plus Operating System Version 5 4 7 1 x IGMP AND IGMP SNOOPING COMMANDS IP IGMP QUERY MAX RESPONSE TIME Related Commands ip igmp query interval show ip igmp i...

Page 1214: ...options are ignored Use the no variant of this command to disable strict RA option validation Syntax ip igmp ra option no ip igmp ra option Default The default state of RA validation is unset Mode Int...

Page 1215: ...e Syntax ip igmp robustness variable 1 7 no ip igmp robustness variable Default The default robustness variable value is 2 Mode Interface Configuration for a VLAN interface Usage This command applies...

Page 1216: ...isabled globally Syntax ip igmp snooping no ip igmp snooping Default By default IGMP Snooping is enabled both globally and on all VLANs Mode Global Configuration and Interface Configuration for a VLAN...

Page 1217: ...p message is received without sending out a group specific query Use the no variant of this command to disable fast leave processing Syntax ip igmp snooping fast leave no ip igmp snooping fast leave D...

Page 1218: ...to remove the static configuration of the port as a multicast router port Syntax ip igmp snooping mrouter interface port no ip igmp snooping mrouter interface port Mode Interface Configuration for a V...

Page 1219: ...IP address because it only masquerades as a proxy IGMP querier for faster network convergence It does not start or automatically cease the IGMP Querier operation if it detects query message s from a m...

Page 1220: ...e already downstream ports for this group on this interface Use the no variant of this command to disable report suppression Syntax ip igmp snooping report suppression no ip igmp snooping report suppr...

Page 1221: ...guration Parameter Description all All reserved multicast addresses 224 0 0 x Packets from all possible addresses in range 224 0 0 x are treated as coming from routers default Default set of reserved...

Page 1222: ...ERMODE Examples To set ip igmp snooping routermode for all default reserved addresses enter awplus config ip igmp snooping routermode default To remove the multicast address 224 0 0 5 from the custom...

Page 1223: ...like normal entries Interface IGMP Snooping source timeout is disabled by default and unregistered multicast will be timed out like normal entries Mode Interface Global Configuration Usage The timeout...

Page 1224: ...enabled by default and cannot be disabled using the Global Configuration mode command However Query Solicitation can be disabled for specified interfaces using the no variant of this command from the...

Page 1225: ...t To disable Query Solicitation on a device use the commands awplus configure terminal awplus config no ip igmp snooping tcn query solicit To enable Query Solicitation for vlan2 use the commands awplu...

Page 1226: ...guration for a VLAN interface Usage This is a security feature and should be enabled unless IGMP Reports from outside the local subnet are expected for example if Multicast VLAN Registration is active...

Page 1227: ...st parameter options Use the no variant of this command to change the SSM range in IGMP back to the default Syntax ip igmp ssm range access list number access list name no ip igmp ssm Default By defau...

Page 1228: ...ble Source Specific Multicast SSM mapping on the device Use the no variant of this command to disable SSM mapping Syntax ip igmp ssm map enable no ip igmp ssm map enable Mode Global Configuration Usag...

Page 1229: ...plies to VLAN interfaces configured for IGMP You can use Standard numbered and Standard named ACLs plus Expanded Numbered ACLs Examples This example shows how to configure an SSM static mapping for gr...

Page 1230: ...COMMANDS IP IGMP SSM MAP STATIC This example shows how to configure an SSM static mapping for group address 224 1 1 1 using a standard named ACL shown as sales awplus configure terminal awplus config...

Page 1231: ...c group ip address source ip source addr ssm map interface port no ip igmp static group ip address source ip source addr ssm map interface port Mode Interface Configuration for a VLAN interface Usage...

Page 1232: ...7 1 x IGMP AND IGMP SNOOPING COMMANDS IP IGMP STATIC GROUP Example The following example show how to statically add group and source records for IGMP on vlan3 awplus configure terminal awplus config i...

Page 1233: ...ariant of this command to return an interface s configured IGMP startup query count to the default Syntax ip igmp startup query count startup query count no ip igmp startup query count Default The def...

Page 1234: ...val startup query interval no ip igmp startup query interval Default The default IGMP startup query interval is one quarter of the IGMP query interval value NOTE The IGMP startup query interval must b...

Page 1235: ...switch ports or aggregators Usage Because all ports are trusted by default use this command in its no variant to stop IGMP processing packets on ports you do not trust For example you can use this co...

Page 1236: ...face Use the no variant of this command to return to the default version Syntax ip igmp version 1 3 no ip igmp version Default The default IGMP version is 3 Mode Interface Configuration for a VLAN int...

Page 1237: ...he Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging igmp Mode User Exec and Privileged Exec Example To display the IGMP debugging options set enter t...

Page 1238: ...B C D interface Interface name for which to display local information IGMP Connected Group Membership Group Address Interface Uptime Expires Last Reporter 224 0 1 1 port1 0 1 00 00 09 00 04 17 10 10...

Page 1239: ...ersion 5 4 7 1 x IGMP AND IGMP SNOOPING COMMANDS SHOW IP IGMP GROUPS Expires Time in hours minutes and seconds until the entry expires Last Reporter Last host to report being a member of the multicast...

Page 1240: ...erface If you specify a switch port number the output displays the number of groups the port belongs to and the port s group membership limit if a limit has been set with the command ip igmp maximum g...

Page 1241: ...me is 500 milliseconds IGMP querier timeout is 255 seconds IGMP max query response time is 10 seconds Last member query response interval is 1000 milliseconds Group Membership interval is 260 seconds...

Page 1242: ...ip igmp proxy groups vlan multicast group detail Mode User Exec and Privileged Exec Example To display the state of IGMP Proxy services for all interfaces enter the command awplus show ip igmp proxy...

Page 1243: ...ode User Exec and Privileged Exec Example To show all multicast router interfaces use the command awplus show ip igmp snooping mrouter To show the multicast router interfaces in vlan1 use the command...

Page 1244: ...d saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip igmp snooping routermode Mode User Exec and Privileged Exec Example To show...

Page 1245: ...the configured IGMP snooping source timeouts for all VLANs use the command awplus show ip igmp snooping source timeout Output Figure 30 6 Example output from show ip igmp snooping source timeout Relat...

Page 1246: ...vlan1 vlan2 Output Figure 30 7 Example output from the show ip igmp snooping statistics command for VLANs Parameter Description ip address Optionally specify the address of the multicast group entere...

Page 1247: ...4 7 1 x IGMP AND IGMP SNOOPING COMMANDS SHOW IP IGMP SNOOPING STATISTICS Figure 30 8 Example output from the show ip igmp snooping statistics command for a switch port awplus show ip igmp interface po...

Page 1248: ...mmand Reference for x510 Series 1248 AlliedWare Plus Operating System Version 5 4 7 1 x IGMP AND IGMP SNOOPING COMMANDS UNDEBUG IGMP undebug igmp Overview This command applies the functionality of the...

Page 1249: ...ticast routing The IPv6 Multicast addresses shown can be derived from IPv6 unicast prefixes as per RFC 3306 The IPv6 unicast prefix reserved for documentation is 2001 0db8 32 as per RFC 3849 Using the...

Page 1250: ...ut on page 1262 ipv6 mld query interval on page 1263 ipv6 mld query max response time on page 1264 ipv6 mld robustness variable on page 1265 ipv6 mld snooping on page 1266 ipv6 mld snooping fast leave...

Page 1251: ...MLD clear ipv6 mld Overview Use this command to clear all MLD local memberships on all interfaces Syntax clear ipv6 mld Mode Privileged Exec Usage This command applies to interfaces configured for ML...

Page 1252: ...ress Mode Privileged Exec Usage This command applies to interfaces configured for MLD Layer 3 multicast protocols and learned by MLD Snooping Example awplus clear ipv6 mld group Related Commands clear...

Page 1253: ...lear MLD interface entries Syntax clear ipv6 mld interface interface Mode Privileged Exec Usage This command applies to interfaces configured for MLD Layer 3 multicast protocols and learned by MLD Sno...

Page 1254: ...ents fsm tib Mode Privileged Exec and Global Configuration Usage This command applies to interfaces configured for MLD Layer 3 multicast protocols and learned by MLD Snooping Examples awplus configure...

Page 1255: ...no ipv6 mld Default MLD is disabled by default Mode Interface Configuration for a specified VLAN interface or a range of VLAN interfaces Usage MLD requires memory for storing data structures as well a...

Page 1256: ...ff1e 0db8 0001 64 awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast routing awplus config ipv6 access list standard group1 permit ff1e 0db8 0001 64 awplus config int...

Page 1257: ...nable the immediate leave feature on an interface for a specific range of multicast groups In this example the router assumes that the group access list consists of groups that have only one node memb...

Page 1258: ...ault on an interface Syntax ipv6 mld last member query count value no ipv6 mld last member query count Default The default last member query count value is 2 Mode Interface Configuration for a specifi...

Page 1259: ...no ipv6 mld last member query interval Default 1000 milliseconds Mode Interface Configuration for a specified VLAN interface or a range of VLAN interfaces Example The following example changes the MLD...

Page 1260: ...n be learned with the ipv6 mld limit command The default limit of group membership entries that can be learned is 512 entries Mode Global Configuration and Interface Configuration for a specified VLAN...

Page 1261: ...warding awplus config ipv6 multicast routing awplus config interface vlan2 awplus config if ipv6 enable awplus config if ipv6 mld limit 100 The following example configures an MLD limit of 100 group m...

Page 1262: ...ecified VLAN interface or a range of VLAN interfaces Usage This command applies to interfaces configured for MLD Layer 3 multicast protocols Example The following example configures the router to wait...

Page 1263: ...rface Configuration for a specified VLAN interface or a range of VLAN interfaces Usage This command applies to interfaces configured for MLD Layer 3 multicast protocols Example The following example c...

Page 1264: ...max response time Default 10 seconds Mode Interface Configuration for a specified VLAN interface or a range of VLAN interfaces Usage This command applies to interfaces configured for MLD Layer 3 mult...

Page 1265: ...ipv6 mld robustness variable value no ipv6 mld robustness variable Default The default robustness variable value is 2 Mode Interface Configuration for a specified VLAN interface or a range of VLAN in...

Page 1266: ...VLANs Mode Global Configuration and Interface Configuration for a specified VLAN interface or a range of VLAN interfaces Usage For MLD Snooping to operate on particular VLAN interfaces it must be enab...

Page 1267: ...n2 vlan4 enter the following commands awplus configure terminal awplus config interface vlan2 vlan4 awplus config no ipv6 mld snooping To configure MLD Snooping globally for the device enter the follo...

Page 1268: ...able fast leave processing Syntax ipv6 mld snooping fast leave no ipv6 mld snooping fast leave Default MLD Snooping fast leave processing is disabled Mode Interface Configuration for a specified VLAN...

Page 1269: ...er interface Note that if static IPv6 multicast routing is being used with EPSR and the destination VLAN is an EPSR data VLAN then multicast router mrouter ports must be statically configured This min...

Page 1270: ...multicast router for VLAN interface vlan2 awplus configure terminal awplus config interface vlan2 awplus config if ipv6 mld snooping mrouter interface port1 0 5 This example shows how to specify the...

Page 1271: ...e Configuration for a specified VLAN interface Usage This command can only be configured on a single VLAN interface not on multiple VLANs The MLD Snooping querier uses the 0 0 0 0 Source IP address be...

Page 1272: ...ng maybe configured to suppress reports from hosts When a querier sends a query only the first report for particular set of group s from a host will be forwarded to the querier by the MLD Snooping dev...

Page 1273: ...n 5 4 7 1 x MLD AND MLD SNOOPING COMMANDS IPV6 MLD SNOOPING REPORT SUPPRESSION This example shows how to disable report suppression for MLD reports on VLAN interfaces vlan2 vlan4 awplus configure term...

Page 1274: ...is command to disable the SSM mapping feature on the device Syntax ipv6 mld ssm map enable no ipv6 mld ssm map enable Mode Global Configuration Usage This command enables the SSM mapping feature for g...

Page 1275: ...list name X X X X no ipv6 mld ssm map static access list name X X X X Mode Global Configuration Usage Use this command to configure SSM mappings after enabling SSM mapping with the ipv6 mld ssm map e...

Page 1276: ...nal awplus config interface vlan2 awplus config if ipv6 mld static group ff1e 10 To add a static group and source record use the following commands awplus configure terminal awplus config interface vl...

Page 1277: ...specific port on vlan2 use the following commands awplus configure terminal awplus config interface vlan2 awplus config if ipv6 mld static group ff1e 10 interface port1 0 4 To add an SSM mapping reco...

Page 1278: ...iguration for a VLAN interface Usage This command applies to interfaces configured for MLD Layer 3 multicast protocols and MLD Snooping Note this command is intended for use where there is another que...

Page 1279: ...bug mld command For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging mld Mode Privileged E...

Page 1280: ...output for show ipv6 mld groups The following command displays local membership information for all interfaces awplus show ipv6 mld groups detail Output Figure 31 3 Example output for show ipv6 mld gr...

Page 1281: ...interfaces enabled for MLD awplus show ipv6 mld interface Output Parameter Description interface Interface name awplus show ipv6 mld interface Interface vlan1 Index 301 MLD Enabled Active Querier Vers...

Page 1282: ...Exec and Privileged Exec Examples The following command displays the multicast router interfaces in vlan2 awplus show ipv6 mld snooping mrouter vlan2 Output The following command displays the multica...

Page 1283: ...nooping statistics interface interface Mode User Exec and Privileged Exec Example The following command displays MLDv2 statistical information for vlan1 awplus show ipv6 mld snooping statistics interf...

Page 1284: ...he ipv6 multicast routing command Static IPv6 multicast routes take priority over dynamic IPv6 multicast routes Use the clear ipv6 mroute command to clear static IPv6 multicast routes and ensure dynam...

Page 1285: ...9 ipv6 multicast forward slow path packet on page 1290 debug nsm mcast on page 1291 debug nsm mcast6 on page 1292 ip mroute on page 1293 ip multicast allow register fragments on page 1295 ip multicast...

Page 1286: ...n its IPv4 multicast route table and removes the entries from the multicast forwarder The MRIB sends a clear message to the multicast protocols Each multicast protocol has its own clear multicast rout...

Page 1287: ...tries from the IP multicast routing table Syntax clear ip mroute statistics ipv4 group addr ipv4 source addr Mode Privileged Exec Example awplus clear ip mroute statistics 225 1 1 2 192 168 4 4 awplus...

Page 1288: ...levant IPv6 multicast route entries in its IPv6 multicast route table and removes the entries from the multicast forwarder The MRIB sends a clear message to the multicast protocols Each multicast prot...

Page 1289: ...e the clear ipv6 mroute command to clear static IPv6 multicast routes and ensure dynamic IPv6 multicast routes cantake over from previous static IPv6 multicast routes Syntax clear ipv6 mroute statisti...

Page 1290: ...the smallest MTU among the outgoing interfaces for the multicast group It will also ensure that a received packet that is larger than the MTU value will result in the generation of an ICMP Too Big me...

Page 1291: ...ister stats vif Mode Privileged Exec and Global Configuration Examples To enable debugging of all multicast route events use the commands awplus configure terminal awplus config debug nsm mcast all To...

Page 1292: ...ister stats vif no debug nsm mcast6 all fib msg mrt register stats vif Mode Privileged Exec and Global Configuration Examples To enable debugging of all multicast route events use the commands awplus...

Page 1293: ...hat source This command enables the user to statically configure the device with multicast routes back to given sources When performing the RPF check on a stream from a given IPv4 source the multicast...

Page 1294: ...aversed in order to arrive at the current router Examples The following example creates a static multicast IPv4 route back to the sources in the 10 10 3 0 24 subnet The multicast route is via the host...

Page 1295: ...necessary By default when IP multicast packets are fragmented the switch attempts to reassemble them before registering the packets This is necessary for tasks such as network address translation or a...

Page 1296: ...that create the multicast route possibly causing degradation in the quality of the multicast stream such as the pixelation of video and audio data NOTE If you use this command ensure that the ip igmp...

Page 1297: ...is configured PIM will not be able to update this multicast route in any way If a dynamic multicast route exists you cannot create a static multicast route with same source IPv4 address group IPv4 add...

Page 1298: ...ress 2 2 2 2 and group IPv4 address 224 9 10 11 specifying the upstream VLAN interface as vlan10 use the following commands awplus configure terminal awplus config ip multicast route 2 2 2 2 224 9 10...

Page 1299: ...onfiguration Usage This command limits the number of multicast IPv4 routes mroutes that can be added to a router and generates an error message when the limit is exceeded If the threshold parameter is...

Page 1300: ...ng vif suppression no ip multicast wrong vif suppression Default By default this feature is disabled Mode Global Configuration Usage Use this command if there is excessive CPU load and multicast traff...

Page 1301: ...t routing no ip multicast routing Default By default IPv4 multicast routing is off Mode Global Configuration Usage When the no variant of this command is used the Multicast Routing Information Base MR...

Page 1302: ...ia different paths to those used for unicast In this case the interface via which a multicast stream from a given source enters a router may not be the same as the interface that connects to the best...

Page 1303: ...current router will forward multicast instead it refers to the route the multicast will have traversed in order to arrive at the current router Examples The following example creates a static multica...

Page 1304: ...am vlan id downstream vlan id Default By default no static routes exist Mode Global Configuration Usage Only one multicast route entry per IPv6 address and multicast group can be specified Therefore i...

Page 1305: ...or restoration When configuring the EPSR data VLAN statically configure mrouter ports so that the multicast router can be reached in either direction around the EPSR ring For example if port1 0 1 and...

Page 1306: ...pecifying the upstream VLAN interface as vlan10 and the downstream VLAN range as vlan20 25 use the following commands awplus configure terminal awplus config ipv6 multicast route 2001 1 ff08 1 vlan10...

Page 1307: ...Configuration Usage This command limits the number of multicast IPv6 routes mroutes that can be added to a router and generates an error message when the limit is exceeded If the threshold parameter...

Page 1308: ...icast routing Default By default IPv6 multicast routing is off Mode Global Configuration Usage When the no variant of this command is used the Multicast Routing Information Base MRIB cleans up Multica...

Page 1309: ...ut ports in the same VLANs as the receiving port will still receive the multicast packets CAUTION We do not recommend disabling multicast routing in a live network Some non multicast protocols use mul...

Page 1310: ...up and source IPv4 address Figure 32 2 Example output from the show ip mroute command Parameter Description ipv4 group addr Group IPv4 address in dotted decimal notation in the format A B C D ipv4 sou...

Page 1311: ...3 uptime 00 03 24 stat expires 00 01 28 Owner PIM SM Flags TF Incoming interface vlan2 Outgoing interface list vlan3 1 awplus show ip mroute count IP Multicast Statistics Total 1 routes using 132 byte...

Page 1312: ...utput Figure 32 6 Example output from the show ip mvif command Figure 32 7 Example output from the show ip mvif command with the interface parameter vlan2 specified Parameter Description interface The...

Page 1313: ...PF show ip rpf Overview Use this command to display Reverse Path Forwarding RPF information for the specified IPv4 source address Syntax show ip rpf source addr Mode User Exec and Privileged Exec Exam...

Page 1314: ...mple output of this command displaying the IPv6 multicast routing table for a single static IPv6 Multicast route Figure 32 8 Example output from the show ipv6 mroute command Parameter Description ipv6...

Page 1315: ...tistics Total 1 routes using 152 bytes memory Route limit Route threshold 1024 1024 Total NOCACHE WRONGmif WHOLEPKT recv from fwd 6 0 0 Total NOCACHE WRONGmif WHOLEPKT sent to clients 6 0 0 Immediate...

Page 1316: ...tatus of multicast forwarding slow path packet setting Syntax show ipv6 multicast forwarding Mode User Exec Example To show the status of the multicast forwarding slow path packet setting use the foll...

Page 1317: ...ow ipv6 mif awplus show ipv6 mif vlan2 Output Figure 32 12 Example output from the show ipv6 mif command Figure 32 13 Example output from the show ipv6 mif command with the interface parameter vlan2 s...

Page 1318: ...ge 1322 debug pim sparse mode on page 1323 debug pim sparse mode timer on page 1324 ip multicast allow register fragments on page 1326 ip pim accept register list on page 1327 ip pim anycast rp on pag...

Page 1319: ...1351 ip pim spt threshold on page 1352 ip pim spt threshold group list on page 1353 ip pim ssm on page 1354 show debugging pim sparse mode on page 1355 show ip pim sparse mode bsr router on page 1356...

Page 1320: ...multicast clients note that one router will be automatically or statically designated as the RP and all routers must explicitly join through the RP A Designated Router DR sends periodic Join Prune me...

Page 1321: ...llowing command clears the current packet receive counts for PIM sparse mode awplus configure terminal awplus config clear ip pim sparse mode statistics Output Figure 33 1 Example output from clear ip...

Page 1322: ...up address and optionally a specified multicast source address Syntax clear ip mroute Group IP address pim sparse mode clear ip mroute Group IP address Source IP address pim sparse mode Mode Privilege...

Page 1323: ...ation Example awplus configure terminal awplus config debug pim sparse mode all Related Commands show debugging pim sparse mode Parameter Description all Activates deactivates all PIM SM debugging eve...

Page 1324: ...er rst Parameter Description assert Enable or disable debugging for the Assert timers at Enable or disable debugging for the Assert Timer bsr Enable or disable debugging for the specified Bootstrap Ro...

Page 1325: ...the command awplus config debug pim sparse mode timer hello ht To enable debugging for the PIM SM Joinprune expiry timer use the command awplus debug pim sparse mode timer joinprune et To disable deb...

Page 1326: ...cessary By default when IP multicast packets are fragmented the switch attempts to reassemble them before registering the packets This is necessary for tasks such as network address translation or a f...

Page 1327: ...r the packets sent by the specified sources By default the RP accepts register packets from all multicast sources Use the no variant of this command to revert to default Syntax ip pim accept register...

Page 1328: ...dress identifies a set of receiver endpoints from which only one receiver endpoint is chosen Use this command to specify the Anycast RP configuration in the Anycast RP set Use the no variant of this c...

Page 1329: ...ages will be sent or received through the interface Configure an interface bordering another PIM domain with this command to avoid BSR messages from being exchanged between the two PIM domains BSR mes...

Page 1330: ...lt priority parameter value is 64 Examples To set the BSR candidate to the VLAN interface vlan2 with the optional mask length and BSR priority parameters enter the commands shown below awplus configur...

Page 1331: ...e Register checksum over the whole packet This command is used to inter operate with older Cisco IOS versions Use the no variant of this command to disable this option Syntax ip pim cisco register che...

Page 1332: ...on multicast groups specified by the access list This command is used to inter operate with older Cisco IOS versions Use the no variant of this command to revert to default settings Syntax ip pim cisc...

Page 1333: ...the default IPv4 multicast group range 224 4 are sent with a prefix of 1 Use the no variant of this command to revert to the default settings Syntax ip pim crp cisco prefix no ip pim crp cisco prefix...

Page 1334: ...lt Mode Interface Configuration for a VLAN interface Examples To set the Designated Router priority value to 11234 for the VLAN interface vlan2 apply the commands as shown below awplus configure termi...

Page 1335: ...the PIM module on a particular interface This command is used to inter operate with older Cisco IOS versions Use the no variant of this command to revert to default settings Syntax ip pim exclude gen...

Page 1336: ...nected Syntax ip pim ext srcs directly connected no ip pim ext srcs directly connected Default The no variant of this command is the default behavior Mode Interface Configuration for a VLAN interface...

Page 1337: ...o holdtime value is 3 5 the current hello interval The default hello holdtime is restored using the negated form of this command Mode Interface Configuration for a VLAN interface Usage Each time the h...

Page 1338: ...alue is 30 seconds The default is restored using the negated form of this command Mode Interface Configuration for a VLAN interface Usage When the hello interval is configured and the hello holdtime i...

Page 1339: ...his command to ignore the RP SET priority value and use only the hashing mechanism for RP selection This command is used to inter operate with older Cisco IOS versions Use the no variant of this comma...

Page 1340: ...e PIM SM join prune timer to its default value of 60 seconds which corresponds to a join prune packet holdtime of 210 seconds Syntax ip pim jp timer 1 65535 no ip pim jp timer 1 65535 Default The defa...

Page 1341: ...e neighbor or terminate adjacency with the existing neighbors if denied by the filtering access list Use the no variant of this command to disable this function Syntax ip pim neighbor filter number ac...

Page 1342: ...igure the rate of register packets sent by this DR in units of packets per second Use the no variant of this command to remove the limit Syntax ip pim register rate limit 1 65535 no ip pim register ra...

Page 1343: ...chability check for PIM Register processing at the DR The default setting is no checking for RP reachability Use the no variant of this command to disable this processing Syntax ip pim register rp rea...

Page 1344: ...d the source host Syntax ip pim register source source_address interface no ip pim register source Usage The configured address must be a reachable address to be used by the RP to send corresponding R...

Page 1345: ...default of 60 seconds Configuring this value modifies register suppression time at the DR Configuring this value at the RP modifies the RP keepalive period value if the ip pim rp register kat command...

Page 1346: ...ple group ranges using Access Lists However configuring multiple static RPs using ip pim rp address command with the same RP address is not allowed The static RP can either be configured for the whole...

Page 1347: ...ed by removing the static RP from all the existing group ranges and recalculating the RPs for existing TIB states if required Group mode and RP address mappings learned through BSR take precedence ove...

Page 1348: ...toptional priority interval or grouplist parameters will configure the candidate RP with a priority value of 0 Examples To specify a priority of 3 use the following commands awplus configure terminal...

Page 1349: ...nt of this command to return the PIM SM KAT timer to its default value of 210 seconds Syntax ip pim rp register kat 1 65535 no ip pim rp register kat Mode Global Configuration Default The default PIM...

Page 1350: ...PIM SM on the VLAN interface Use the no variant of this command to disable PIM SM on the VLAN interface Syntax ip pim sparse mode no ip pim sparse mode Mode Interface Configuration for a VLAN interfa...

Page 1351: ...im sparse mode passive no ip pim sparse mode passive Mode Interface Configuration for a VLAN interface Usage Passive mode essentially stops PIM transactions on the interface allowing only IGMP mechani...

Page 1352: ...h to SPT NOTE The switching to SPT happens either at the receiving of the first data packet or not at all it is not rate based Syntax ip pim spt threshold no ip pim spt threshold Mode Global Configura...

Page 1353: ...iving of the first data packet or not at all it is not rate based Use the no variant of this command to turn off switching to the SPT Syntax ip pim spt threshold group list acl no ip pim spt threshold...

Page 1354: ...on Usage When an SSM range of IP multicast addresses is defined by the ip pim ssm command the no G or S G rpt state will be initiated for groups in the SSM range The messages corresponding to these st...

Page 1355: ...Feature Overview and Configuration Guide Syntax show debugging pim sparse mode Mode User Exec and Privileged Exec Example To display PIM SM debugging settings use the command awplus show debugging pim...

Page 1356: ...command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip pim sparse mode bsr router Mode User Exec and Privileged Exec Output Figure 33 3 Out...

Page 1357: ...erface Total configured interfaces 16 Maximum allowed 31 Total active interfaces 12 Address Interface VIFindex Ver Nbr DR DR Mode Count Prior 192 168 1 53 vlan2 0 v2 S 2 2 192 168 1 53 192 168 10 53 v...

Page 1358: ...W IP PIM SPARSE MODE INTERFACE Related Commands ip pim sparse mode show ip pim sparse mode rp mapping show ip pim sparse mode neighbor DR Priority Designated Router priority DR The IP address of the D...

Page 1359: ...g Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip pim sparse mode interface detail Mode User Exec and Privileged Exec Output Figure 33 5 Example output from the sh...

Page 1360: ...er Exec and Privileged Exec Example To show detailed PIM SM information for all PIM SM configured VLAN interfaces use the command awplus show ip pim sparse mode local members Output Figure 33 6 Exampl...

Page 1361: ...Exec Usage Note that when a feature license is enabled the output for the show ip pim sparse mode mroute command will only show 32 interfaces because of the terminal display width limit Use the show...

Page 1362: ...m sparse mode mroute Related Commands show ip pim sparse mode mroute detail awplus show ip pim sparse mode mroute IP Multicast Routing Table RP Entries 0 G Entries 1 S G Entries 0 S G rpt Entries 0 FC...

Page 1363: ...address detail show ip pim sparse mode mroute group address source address detail show ip pim sparse mode mroute source address group address detail Usage Based on the group and source address the out...

Page 1364: ...command IP Multicast Routing Table RP Entries 0 G Entries 4 S G Entries 0 S G rpt Entries 0 FCR Entries 0 224 0 1 24 Uptime 00 06 42 RP 0 0 0 0 RPF nbr None RPF idx None Upstream State JOINED SPT Swi...

Page 1365: ...le output from the show ip pim sparse mode neighbor command Figure 33 11 Example output from the show ip pim sparse mode neighbor interface detail command Parameter Description interface Interface nam...

Page 1366: ...p Nexthop Nexthop Nexthop Metric Pref Refcnt Num Addr Ifindex Name ____________________________________________________________________________ 10 10 0 9 RS 1 0 0 0 0 4 0 0 1 Table 2 Parameters in out...

Page 1367: ...ollowing command displays the current packet receive counts for PIM sparse mode awplus configure terminal awplus config show ip pim sparse mode statistics Output Figure 33 13 Example output from show...

Page 1368: ...aving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip pim sparse mode rp hash group addr Mode User Exec and Privileged Exec Example...

Page 1369: ...on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip pim sparse mode rp mapping Mode Privileged Exec Example awpl...

Page 1370: ...em Version 5 4 7 1 x PIM SM COMMANDS UNDEBUG ALL PIM SPARSE MODE undebug all pim sparse mode Overview Use this command to disable all PIM SM debugging Syntax undebug all pim sparse mode Mode Privilege...

Page 1371: ...6 Multicast addresses showncanbederivedfromIPv6unicastprefixes as per RFC 3306 The IPv6 unicast prefix reserved for documentation is 2001 0db8 32 as per RFC 3849 Using the base 32 prefix the IPv6 mult...

Page 1372: ...lo interval on page 1393 ipv6 pim ignore rp set priority on page 1394 ipv6 pim jp timer on page 1395 ipv6 pim neighbor filter on page 1396 ipv6 pim register rate limit on page 1397 ipv6 pim register r...

Page 1373: ...e mroute on page 1420 show ipv6 pim sparse mode mroute detail on page 1422 show ipv6 pim sparse mode neighbor on page 1424 show ipv6 pim sparse mode nexthop on page 1425 show ipv6 pim sparse mode rp h...

Page 1374: ...erdynamicIPv6multicastroutes Use the clear ipv6 mroute command to clear static IPv6 multicast routes and ensure dynamic IPv6 multicast routes cantake over from previous static IPv6 multicast routes Sy...

Page 1375: ...icIPv6multicastroutes Use the clear ipv6 mroute command to clear static IPv6 multicast routes and ensure dynamic IPv6 multicast routes cantake over from previous static IPv6 multicast routes Syntax cl...

Page 1376: ...ke over from previous static IPv6 multicast routes Syntax clear ipv6 pim sparse mode bsr rp set Mode Privileged Exec Usage For multicast clients note that one router will be automatically or staticall...

Page 1377: ...us configure terminal awplus config terminal monitor awplus config debug ipv6 pim sparse mode all awplus configure terminal awplus config terminal monitor awplus config debug ipv6 pim sparse mode even...

Page 1378: ...ode packet awplus show debugging ipv6 pim sparse mode PIM SMv6 debugging status PIM event debugging is on PIM MFC debugging is off PIM state debugging is on PIM packet debugging is on PIM Hello HT tim...

Page 1379: ...nfigure terminal awplus config terminal monitor awplus config debug ipv6 pim sparse mode packet in awplus configure terminal awplus config terminal monitor awplus config debug ipv6 pim sparse mode pac...

Page 1380: ...pim ipv6 sparse mode timer register rst Parameter Description assert Enable or disable debugging for the Assert timers at Enable or disable debugging for the Assert Timer bsr Enable or disable debuggi...

Page 1381: ...command awplus config debug ipv6 pim sparse mode timer hello ht To enable debugging for the PIM SMv6 Joinprune expiry timer use the command awplus debug ipv6 pim sparse mode timer joinprune et To dis...

Page 1382: ...e RP accepts register packets from all multicast sources Use the no variant of this command to revert to default Syntax ipv6 pim accept register list access list no ipv6 pim accept register Mode Globa...

Page 1383: ...nts from which only one receiver endpoint is chosen Use this command to specify the Anycast RP configuration in the Anycast RP set Use the no variant of this command to remove the Anycast RP configura...

Page 1384: ...igure an interface bordering another PIM SMv6 domain with this command to avoid BSR messages from being exchanged between the two PIM SMv6 domains BSR messages should not be exchanged between differen...

Page 1385: ...set the BSR candidate to the VLAN interface vlan2 with the optional mask length and BSR priority parameters enter the commands shown below awplus configure terminal awplus config ipv6 forwarding awplu...

Page 1386: ...operate with older Cisco IOS versions Use the no variant of this command to disable this option Syntax ipv6 pim cisco register checksum no ipv6 pim cisco register checksum Default This command is dis...

Page 1387: ...no ipv6 pim cisco register checksum group list IPv6 access list Mode Global Configuration Default This command is disabled by default By default Register Checksum is calculated only over the header E...

Page 1388: ...variant of this command to revert to the default settings Syntax ipv6 pim crp cisco prefix no ipv6 pim crp cisco prefix Mode Global Configuration Usage Cisco s BSR code does not conform to the latest...

Page 1389: ...To set the Designated Router priority value to 11234 for the VLAN interface vlan2 apply the commands as shown below awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicas...

Page 1390: ...o IOS versions Use the no variant of this command to revert to default settings Syntax ipv6 pim exclude genid no ipv6 pim exclude genid Default By default this command is disabled the GenID option is...

Page 1391: ...d no ipv6 pim ext srcs directly connected Default The no variant of this command is the default behavior Mode Interface Configuration for a VLAN interface Example To configure PIM SMv6 to treat all so...

Page 1392: ...The default hello holdtime is restored using the negated form of this command Mode Interface Configuration for a VLAN interface Usage Each time the hello interval is updated the hello holdtime is also...

Page 1393: ...ored using the negated form of this command Mode Interface Configuration for a VLAN interface Usage When the hello interval is configured and the hello holdtime is not configured or when the configure...

Page 1394: ...echanism for RP selection Use the no variant of this command to disable this setting Syntax ipv6 pim ignore rp set priority no ipv6 pim ignore rp set priority Mode Global Configuration Usage This comm...

Page 1395: ...neighbors Use the no variant of this command to return the PIM SMv6 join prune timer to its default value of 210 seconds Syntax ipv6 pim jp timer 1 65535 no ipv6 pim jp timer 1 65535 Default The defa...

Page 1396: ...ipv6 pim neighbor filter IPv6 accesslist Default By default there is no neighbor filtering applied to an interface Mode Interface Configuration for a VLAN interface Example awplus configure terminal a...

Page 1397: ...is command to remove the limit and reset to the default rate limit Syntax ipv6 pim register rate limit 1 65535 no ipv6 pim register rate limit Mode Global Configuration Default The default is 0 as res...

Page 1398: ...ng is no checking for RP reachability Use the no variant of this command to disable this processing Syntax ipv6 pim register rp reachability no ipv6 pim register rp reachability Default This command i...

Page 1399: ...by the RP to send corresponding Register Stop messages in response It is normally the local loopback IPv6 interface address but can also be a physical IPv6 address This IPv6 addressmustbeadvertised b...

Page 1400: ...r suppression Mode Global Configuration Default The default PIM SMv6 register suppression time is 60 seconds and is restored with the no variant of this command Usage Configuring this value modifies r...

Page 1401: ...BSR is chosen over the statically configured RP address A single static RP can be configured for multiple group ranges using software IPv6 access lists ACLs However configuring multiple static RPs usi...

Page 1402: ...s the static RP with highest IPv6 address is chosen RP address deletion is handled by removing the static RP from all the existing group ranges and recalculating the RPs for existing TIB states if req...

Page 1403: ...re the candidate RP with a priority value of 192 Examples To specify a priority of 3 use the following commands awplus configure terminal awplus config ipv6 forwarding awplus config ipv6 multicast rou...

Page 1404: ...ng System Version 5 4 7 1 x PIM SMV6 COMMANDS IPV6 PIM RP CANDIDATE To stop the device from being an RP candidate on vlan2 use the following commands awplus configure terminal awplus config no ipv6 pi...

Page 1405: ...rt is enabled by default use the no variant of this command to disable the default Syntax ipv6 pim rp embedded no ipv6 pim rp embedded Mode Global Configuration Default Embedded RP is enabled by defau...

Page 1406: ...SMv6 KAT timer to its default value of 210 seconds Syntax ipv6 pim rp register kat 1 65535 no ipv6 pim rp register kat Mode Global Configuration Default The default PIM SMv6 KAT timer value is 210 sec...

Page 1407: ...of this command to disable PIM SMv6 on a VLAN interface Syntax ipv6 pim sparse mode no ipv6 pim sparse mode Mode Interface Configuration for a VLAN interface Examples awplus configure terminal awplus...

Page 1408: ...local members on a VLAN interface Syntax ipv6 pim sparse mode passive no ipv6 pim sparse mode passive Mode Interface Configuration for a VLAN interface Usage Passive mode essentially stops PIM SMv6 t...

Page 1409: ...PT happens either at the receiving of the first data packet or not at all it is not rate based Syntax ipv6 pim spt threshold no ipv6 pim spt threshold Mode Global Configuration Examples To enable the...

Page 1410: ...spt threshold group list IPv6 access list Mode Global Configuration Examples To enable the last hop PIM SMv6 router to switch to SPT for groups specified by the ACL named G1 use the following commands...

Page 1411: ...lticast groups addresses within the range are not installed in PIM SMv6 mroute table Examples The following example shows how to configure SSM service for the IPv6 address range defined by IPv6 access...

Page 1412: ...face Configuration for a VLAN interface Default Unicast BSM is disabled by default on an interface Usage This command provides backward compatibility with older versions of the Boot Strap Router BSR s...

Page 1413: ...m sparse mode Figure 34 2 Example output from the show debugging ipv6 pim sparse mode command Related commands debug ipv6 pim sparse mode undebug ipv6 pim sparse mode awplus show debugging ipv6 pim sp...

Page 1414: ...m sparse mode bsr router Mode User Exec and Privileged Exec Example To display the BSR IPv6 address use the command awplus show ipv6 pim sparse mode bsr router Output Figure 34 3 Example output from t...

Page 1415: ...Mode User Exec and Privileged Exec Examples To display information about all PIM SMv6 interfaces use the command awplus show ipv6 pim sparse mode interface awplus show ipv6 pim sparse mode interface I...

Page 1416: ...for x510 Series 1416 AlliedWare Plus Operating System Version 5 4 7 1 x PIM SMV6 COMMANDS SHOW IPV6 PIM SPARSE MODE INTERFACE Related commands ipv6 pim sparse mode show ipv6 pim sparse mode rp mappin...

Page 1417: ...Example To show detailed PIM SMv6 information for all PIM SMv6 configured interfaces use the command awplus show ipv6 pim sparse mode interface detail Output Figure 34 4 Example output from the show i...

Page 1418: ...Overview and Configuration Guide Syntax show ipv6 pim sparse mode local members interface Mode User Exec and Privileged Exec Example To show detailed PIM SMv6 information for all PIM SMv6 configured V...

Page 1419: ...Version 5 4 7 1 x PIM SMV6 COMMANDS SHOW IPV6 PIM SPARSE MODE LOCAL MEMBERS Output Figure 34 6 Example output from the show ipv6 pim sparse mode local members vlan1 command awplus show ipv6 pim spars...

Page 1420: ...w ipv6 pim sparse mode mroute source IPv6 address group IPv6 address Mode User Exec and Privileged Exec Usage Note that when a feature license is enabled the output for the show ipv6 pim sparse mode m...

Page 1421: ...P Entries 0 G Entries 2 S G Entries 0 S G rpt Entries 0 FCR Entries 2 ff0x db8 0 0 96 RP 3ffe 10 10 5 153 RPF nbr fe80 202 b3ff fed4 69fe RPF idx wm0 Upstream State JOINED Local l Joined Asserted FCR...

Page 1422: ...s source IPv6 address detail show ipv6 pim sparse mode mroute group IPv6 address source IPv6 address detail show ipv6 pim sparse mode mroute source IPv6 address group IPv6 address detail Usage Based o...

Page 1423: ...IPv6 Multicast Routing Table RP Entries 0 G Entries 1 S G Entries 0 S G rpt Entries 0 FCR Entries 0 ff13 10 Uptime 00 00 09 RP RPF nbr None RPF idx None Upstream State JOINED SPT Switch Enabled JT of...

Page 1424: ...put from the show ipv6 pim sparse mode neighbor command Figure 34 10 Example output from the show ipv6 pim sparse mode neighbor interface detail command Parameter Description interface Interface name...

Page 1425: ...e Nexthop Nexthop Nexthop Nexthop Metric Pref Refcnt Num Addr Ifindex Name _____________________________________________________________________________________ 3ffe 10 10 5 153 RS 1 fe80 20e cff fe01...

Page 1426: ...Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ipv6 pim sparse mode rp hash IPv6 group addr Mode User Exec and Privileged Exec Example awplus show ipv6 pim...

Page 1427: ...mmand output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ipv6 pim sparse mode rp mapping Mode User Exec and Privileged Exec Example awplus show ip...

Page 1428: ...o display next hop RP information entered in the form X X X X awplus show ipv6 pim sparse mode rp nexthop 3ffe 10 10 5 153 Flags N New R RP S Source U Unreachable Destination Type Nexthop Nexthop Next...

Page 1429: ...PIM SMV6 COMMANDS SHOW IPV6 PIM SPARSE MODE RP NEXTHOP Metric The metric of the route towards the destination Preference The preference of the route towards destination Refcnt Only used for debugging...

Page 1430: ...7 1 x PIM SMV6 COMMANDS UNDEBUG ALL IPV6 PIM SPARSE MODE undebug all ipv6 pim sparse mode Overview Use this command to disable all PIM SMv6 debugging Syntax undebug all ipv6 pim sparse mode Mode Priv...

Page 1431: ...bug ipv6 pim sparse mode all awplus configure terminal awplus config terminal monitor awplus config undebug ipv6 pim sparse mode events awplus configure terminal awplus config terminal monitor awplus...

Page 1432: ...sparse mode PIM SMv6 debugging status PIM event debugging is off PIM MFC debugging is off PIM state debugging is off PIM packet debugging is off PIM Hello HT timer debugging is off PIM Hello NLT timer...

Page 1433: ...ebug pim dense mode fsm on page 1439 debug pim dense mode mrt on page 1440 debug pim dense mode nexthop on page 1441 debug pim dense mode nsm on page 1442 debug pim dense mode vif on page 1443 ip pim...

Page 1434: ...4 7 1 x PIM DM COMMANDS show ip pim dense mode interface detail on page 1457 show ip pim dense mode mroute on page 1458 show ip pim dense mode neighbor on page 1459 show ip pim dense mode neighbor de...

Page 1435: ...wplus configure terminal awplus config debug pim dense mode all Output Figure 35 1 Example output from the debug pim dense mode all command Validation Commands show debugging pim dense mode Related Co...

Page 1436: ...command disables debugging of general configuration context Syntax debug pim dense mode context no debug pim dense mode context Mode Privileged Exec and Global Configuration Example awplus configure...

Page 1437: ...command disables debugging of the PIM DM message decoder Syntax debug pim dense mode decode no debug pim dense mode decode Mode Privileged Exec and Global Configuration Example awplus configure termi...

Page 1438: ...command disables debugging of the PIM DM message encoder Syntax debug pim dense mode encode no debug pim dense mode encode Mode Privileged Exec and Global Configuration Example awplus configure termi...

Page 1439: ...command disables debugging of Finite State Machine FSM specific information of all Multicast Routing Table MRT and MRT Virtual Multicast Interface MRT VIF entries Syntax debug pim dense mode fsm no d...

Page 1440: ...no variant of this command disables debugging of MRT and MRT VIF entry handling Syntax debug pim dense mode mrt no debug pim dense mode mrt Mode Privileged Exec and Global Configuration Example awplu...

Page 1441: ...command disables debugging of Reverse Path Forwarding RPF neighbor next hop cache handling Syntax debug pim dense mode nexthop no debug pim dense mode nexthop Mode Privileged Exec and Global Configur...

Page 1442: ...command disables debugging of PIM DM interface with NSM Syntax debug pim dense mode nsm no debug pim dense mode nsm Mode Privileged Exec and Global Configuration Example awplus configure terminal awp...

Page 1443: ...command disables debugging of VIF handling Syntax debug pim dense mode vif no debug pim dense mode vif Mode Privileged Exec and Global Configuration Example awplus configure terminal awplus config de...

Page 1444: ...on the current VLAN interface This command also disables passive mode on the VLAN interface if passive mode has been enabled using an ip pim dense mode passive command The no variant of this command d...

Page 1445: ...sive no ip pim dense mode passive Mode Interface Configuration for a VLAN interface Usage Configuring a VLAN interface as a passive PIM DM interface indicates that the VLAN interface is connected to a...

Page 1446: ...nected Syntax ip pim ext srcs directly connected no ip pim ext srcs directly connected Default The no variant of this command is the default behavior Mode Interface Configuration for a VLAN interface...

Page 1447: ...is less than the current hello interval Eachtimethehello intervalisupdated the hello holdtimeisalso updated according to the following rules If the hello holdtime is not configured or if the hello hol...

Page 1448: ...figured or when the configured hello holdtime value is less than the new hello interval value the hello holdtime value is modified to 3 5 times the hello interval value Otherwise the hello holdtime va...

Page 1449: ...atency when a previously pruned branch of the source tree must be grafted back when a member joins the group after the PIM DM device has sent a Prune message to prune unwanted traffic Graft messages a...

Page 1450: ...FT RETRIES To configure PIM DM on the VLAN interface vlan2 to send Graft message retries forever which is the default behavior use the following commands awplus configure terminal awplus config interf...

Page 1451: ...bor or terminate adjacency with the existing neighbors if denied by the filtering access list Use the no variant of this command to disable this function Syntax ip pim neighbor filter number accesslis...

Page 1452: ...ariant of this command to return the propagation delay to the default 1000 milliseconds Syntax ip pim propagation delay delay no ip pim propagation delay Default The propagation delay is set to 1000 m...

Page 1453: ...o variant of this command to return the origination interval to the default Syntax ip pim state refresh origination interval interval no ip pim state refresh origination interval Default The state ref...

Page 1454: ...t see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging pim dense mode Mode User Exec and Privileged Exec Output Figure 35 2 Example output from t...

Page 1455: ...otal configured interfaces 24 Maximum allowed 32 Total active interfaces 22 Address Interface VIFIndex Ver Nbr Mode Count 192 168 1 53 24 vlan2 0 v2 D 2 192 168 2 1 vlan3 2 v2 D 0 Note that this scree...

Page 1456: ...Rev B Command Reference for x510 Series 1456 AlliedWare Plus Operating System Version 5 4 7 1 x PIM DM COMMANDS SHOW IP PIM DENSE MODE INTERFACE Related Commands ip pim dense mode show ip pim dense m...

Page 1457: ...Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip pim dense mode interface detail Mode User Exec and Privileged Exec Example awplus show ip pim dense mode i...

Page 1458: ...etting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip pim dense mode mroute Mode User Exec and Privileged Exec Example awplus show ip pim dense mode mroute Output...

Page 1459: ...ghbors is restricted to 500 PIM DM neighbors When the 500 PIM DM neighbor limit is reached as a result of receiving hello packets from new PIM DM neighbors a log entry will be issued to the log file i...

Page 1460: ...n on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show ip pim dense mode neighbor detail Mode User Exec and Privileg...

Page 1461: ...e nexthop Mode User Exec and Privileged Exec Example awplus show ip pim dense mode nexthop Output Figure 35 7 Example output from the show ip pim dense mode neighbor nexthop command Destination Nextho...

Page 1462: ...ion mode to disable all PIM DM debugging Syntax undebug all pim dense mode Mode Global Configuration Example awplus configure terminal awplus config undebug all pim dense mode Related Commands debug p...

Page 1463: ...C613 50170 01 Rev B Command Reference for x510 Series 1463 AlliedWare Plus Operating System Version 5 4 7 1 x Part 5 Access and Security...

Page 1464: ...he command title ends with words in parentheses these words indicate usage instead of keywords to enter into the CLI For example the title access list numbered hardware ACL for ICMP indicates that the...

Page 1465: ...us access list numbered hardware ACL for IP packets Global Configuration awplus config access list numbered hardware ACL for ICMP Global Configuration awplus config access list numbered hardware ACL f...

Page 1466: ...n page 1480 access list numbered hardware ACL for TCP or UDP on page 1483 access list hardware named hardware ACL on page 1487 named hardware ACL ICMP entry on page 1489 named hardware ACL IP packet e...

Page 1467: ...a filter is permitted Usage FirstcreateanIPaccess listthatappliestheappropriatepermit denyrequirements with the access list numbered hardware ACL for IP packets command the access list numbered hardw...

Page 1468: ...w acl to switch port interface port1 0 2 enter the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if access group hw acl To apply an ACL to static channel...

Page 1469: ...specified access list Syntax access list 3000 3699 action icmp source ip dest ip icmp type number vlan 1 4094 no access list 3000 3699 Parameter Description 3000 3699 An ID number for this hardware IP...

Page 1470: ...0 255 is the same as entering 192 168 1 1 24 dest ip The destination addresses to match against You can specify a single host a subnet or all destination addresses The following are the valid formats...

Page 1471: ...them to the CPU the mirror port or a specific VLAN on a specific port Use such ACLs with caution They could prevent control packets from reaching the correct destination such as EPSR healthcheck messa...

Page 1472: ...Operating System Version 5 4 7 1 x IPV4 HARDWARE ACCESS CONTROL LIST ACL COMMANDS ACCESS LIST NUMBERED HARDWARE ACL FOR ICMP match access group show running config show access list IPv4 Hardware ACLs...

Page 1473: ...cess list Syntax access list 3000 3699 action ip source ip dest ip vlan 1 4094 no access list 3000 3699 Table 36 2 IP and ICMP parameters in access list hardware IP numbered Parameter Description 3000...

Page 1474: ...he specified subnet Specify the subnet by entering a reverse mask in dotted decimal format For example entering 192 168 1 1 0 0 0 255 is the same as entering 192 168 1 1 24 dest ip The destination add...

Page 1475: ...c VLAN on a specific port Use such ACLs with caution They could prevent control packets from reaching the correct destination such as EPSR healthcheck messages and VCStack messages Hardware ACLs will...

Page 1476: ...IP hardware access list Syntax access list 3000 3699 action proto 1 255 source ip dest ip vlan 1 4094 no access list 3000 3699 Table 36 3 Parameters in access list hardware IP numbered Parameter Desc...

Page 1477: ...source IP address within the specified subnet Specify the subnet by entering a reverse mask in dotted decimal format For example entering 192 168 1 1 0 0 0 255 is the same as entering 192 168 1 1 24...

Page 1478: ...monitoring RFC869 27 RDP Reliable Data Protocol RFC908 28 IRTP Internet Reliable Transaction Protocol RFC938 29 ISO TP4 ISO Transport Protocol Class 4 RFC905 30 Bulk Data Transfer Protocol RFC969 33...

Page 1479: ...nt control packets from reaching the correct destination such as EPSR healthcheck messages and VCStack messages Hardware ACLs will permit access unless explicitly denied by an ACL action Examples To c...

Page 1480: ...ess list Syntax access list 4000 4699 action source mac any dest mac any vlan 1 4094 inner vlan 1 4094 no access list 4000 4699 Parameter Description 4000 4699 Hardware MAC access list action The acti...

Page 1481: ...access list that will permit packets with a source MAC address of 0000 00ab 1234 and any destination address use the commands awplus configure terminal awplus config access list 4000 permit 0000 00ab...

Page 1482: ...access list that will send a copy of packets to the mirror port if their source MAC address starts with 0000 00ab use the commands awplus configure terminal awplus config access list 4001 copy to mirr...

Page 1483: ...re access list Syntax access list 3000 3699 action tcp udp source ip source ports dest ip dest ports vlan 1 4094 no access list 3000 3699 Parameter Description 3000 3699 An ID number for this hardware...

Page 1484: ...1 0 0 0 255 is the same as entering 192 168 1 1 24 source ports Match source TCP or UDP port numbers Port numbers are specified as integers between 0 and 65535 You can specify one or more port number...

Page 1485: ...ss unless explicitly denied by an ACL action Examples To create an access list that will permit TCP packets with a destination address of 192 168 1 1 a destination port of 80 and any source address an...

Page 1486: ...hey have a destination addressof 192 168 1 1 adestinationport of80 and anysourceaddress and source port enter the commands awplus configure terminal awplus config access list 3000 copy to mirror tcp a...

Page 1487: ...IPv4 Hardware ACL Configuration mode If the named hardware ACL does not exist it will be created after entry If the named hardware ACL already exists then this command puts you into IPv4 Hardware ACL...

Page 1488: ...5 4 7 1 x IPV4 HARDWARE ACCESS CONTROL LIST ACL COMMANDS ACCESS LIST HARDWARE NAMED HARDWARE ACL Related Commands access group named hardware ACL ICMP entry named hardware ACL IP protocol entry named...

Page 1489: ...itssequencenumber e g nopermiticmp192 168 1 0 24any icmp type 11 You can find the sequence number by running the show access list IPv4 Hardware ACLs command Hardware ACLs will permit access unless exp...

Page 1490: ...urce host with the IP address given by ip addr in dotted decimal notation ip addr prefix Match any source IP address within the specified subnet Specify the subnet by entering the IPv4 address then a...

Page 1491: ...st by specifying the appropriate sequence number If you do not specify a sequence number the switch puts the entry at the end of the ACL and assigns it the next available multiple of 10 as its sequenc...

Page 1492: ...ages Examples To add an access list filter entry with a sequence number of 100 to the access list named my list that will permit ICMP packets with a source address of 192 168 1 0 24 any destination ad...

Page 1493: ...sequence number e g no deny ip 192 168 0 0 16 any You can find the sequence number by running the show access list IPv4 Hardware ACLs command Hardware ACLs will permit access unless explicitly denied...

Page 1494: ...ding database host ip addr Match a single source host with the IP address given by ip addr in dotted decimal notation ip addr prefix Match any source IP address within the specified subnet Specify the...

Page 1495: ...ainst any source MAC address source mac The source MAC address to match against followed by the mask Enter the address in the format HHHH HHHH HHHH where each H is a hexadecimal number Enter the mask...

Page 1496: ...a specific port Use such ACLs with caution They could prevent control packets from reaching the correct destination such as EPSR healthcheck messages and VCStack messages Examples To add a filter ent...

Page 1497: ...mber e g no deny proto 2 192 168 0 0 16 any You can find the sequence number by running the show access list IPv4 Hardware ACLs command Hardware ACLs will permit access unless explicitly denied by an...

Page 1498: ...are the valid formats for specifying the source any Match any source IP address dhcpsnooping Match the source address learned from the DHCP Snooping binding database host ip addr Match a single source...

Page 1499: ...ddress to match against followed by the mask Enter the address in the format HHHH HHHH HHHH where each H is a hexadecimal number Enter the mask in the format HHHH HHHH HHHH where each H is a hexadecim...

Page 1500: ...ring RFC869 27 RDP Reliable Data Protocol RFC908 28 IRTP Internet Reliable Transaction Protocol RFC938 29 ISO TP4 ISO Transport Protocol Class 4 RFC905 30 Bulk Data Transfer Protocol RFC969 33 DCCP Da...

Page 1501: ...e multiple of 10 as its sequence number Then use the access group or the match access group command to apply this ACL to a port VLAN or QoS class map Note that the ACL will only apply to incoming data...

Page 1502: ...us Operating System Version 5 4 7 1 x IPV4 HARDWARE ACCESS CONTROL LIST ACL COMMANDS NAMED HARDWARE ACL IP PROTOCOL ENTRY match access group show running config show access list IPv4 Hardware ACLs Com...

Page 1503: ...its filter profile without specifying its sequence number e g no permit mac aaaa bbbb cccc 0000 0000 0000 any You can find the sequence number by running the show access list IPv4 Hardware ACLs comma...

Page 1504: ...that the ACL will only apply to incoming data packets send to vlan port vlan vid port port number Send matching packets to the specified port tagged with the specified VLAN The specified port must bel...

Page 1505: ...packets with a source MAC address of 0000 00ab 1234 and any destination MAC address use the commands awplus configure terminal awplus config access list hardware my list awplus config ip hw acl permi...

Page 1506: ...pecifying its sequence number e g no permit udp 192 168 0 0 16 any You can find the sequence number by running the show access list IPv4 Hardware ACLs command Hardware ACLs will permit access unless e...

Page 1507: ...ip addr Match a single source host with the IP address given by ip addr in dotted decimal notation ip addr prefix Match any source IP address within the specified subnet Specify the subnet by enterin...

Page 1508: ...y destination IP address host ip addr Match a single destination host with the IP address given by ip addr in dotted decimal notation ip addr prefix Match any destination IP address within the specifi...

Page 1509: ...ckets You can use ACLs to redirect packets by sending them to the CPU the mirror port or a specific VLAN on a specific port Use such ACLs with caution They could prevent control packets from reaching...

Page 1510: ...ACL is not written to hardware until you exit IPv4 Hardware ACL Configuration mode By entering this command you can ensure that the current state of a hardware access list that is being edited is writ...

Page 1511: ...show access list To show the access list with an ID of 20 awplus show access list 20 Parameter Description 1 99 IP standard access list 100 199 IP extended access list 1300 1999 IP standard access li...

Page 1512: ...ONTROL LIST ACL COMMANDS SHOW ACCESS LIST IPV4 HARDWARE ACLS The following error message is displayed if you try to show an undefined access list awplus show access list 2 Related Commands access list...

Page 1513: ...t access group 3000 3699 4000 4699 Mode User Exec and Privileged Exec Example To show all access lists attached to port1 0 1 use the command awplus show interface port1 0 1 access group Output Figure...

Page 1514: ...lf For more information on link aggregation see the following references the Link Aggregation Feature Overview_and Configuration Guide Link Aggregation Commands NOTE Text in parenthesis in command nam...

Page 1515: ...ivileged Exec awplus access group Global Configuration awplus config access list extended named Global Configuration awplus config access list extended numbered Global Configuration awplus config acce...

Page 1516: ...ESS CONTROL LIST ACL COMMANDS clear ip prefix list on page 1547 dos on page 1548 ip prefix list on page 1551 maximum access list on page 1553 show access list IPv4 Software ACLs on page 1554 show dos...

Page 1517: ...list extended list name no access list extended list name Syntax icmp access list extended list name deny permit icmp source destination icmp type type number log no access list extended list name de...

Page 1518: ...enter a reverse mask in dotted decimal format For example entering 192 168 1 1 0 0 0 255 is the same as entering 192 168 1 1 24 destination The destination address of the packets You can specify a si...

Page 1519: ...Echo replies 3 Destination unreachable messages 4 Source quench messages 5 Redirect change route messages 8 Echo requests 11 Time exceeded messages 12 Parameter problem messages 13 Timestamp requests...

Page 1520: ...all destinations The following are the valid formats for specifying the destination any Matches any destination IP address host ip addr Matches a single destination host with the IP address given by...

Page 1521: ...jects packets that match the type source and destination filtering specified with this command permit The access list permits packets that match the type source and destination filtering specified wit...

Page 1522: ...rmat For example entering 192 168 1 1 0 0 0 255 is the same as entering 192 168 1 1 24 log Logs the results ip protocol The IP protocol number as defined by IANA Internet Assigned Numbers Authority ww...

Page 1523: ...gram Congestion Control Protocol RFC4340 48 DSR Dynamic Source Routing Protocol RFC4728 50 ESP Encap Security Payload RFC2406 51 AH Authentication Header RFC2402 54 NARP NBMA Address Resolution Protoc...

Page 1524: ...ware ACLs will deny access unless explicitly permitted by an ACL action Examples You can enter the extended named ACL in the Global Configuration mode together with the ACL filter entry on the same li...

Page 1525: ...nation no access list 100 199 2000 2699 deny permit ip source destination Parameter Description 100 199 IP extended access list 2000 2699 IP extended access list expanded range Parameter Description 1...

Page 1526: ...rmitted by an ACL action Examples You can enter the extended ACL in the Global Configuration mode together with the ACL filter entry on the same line as shown below awplus configure terminal awplus co...

Page 1527: ...ermit icmp source destination icmp type icmp value log no sequence number Parameter Description sequence number 1 65535 The sequence number for the filter entry of the selected access control list den...

Page 1528: ...red command or the access list extended named command with the required access control list number or name but with no further parameters selected Software ACLs will deny access unless explicitly perm...

Page 1529: ...found by running theshowaccess list IPv4 Software ACLs command Syntax ip sequence number deny permit ip source destination no deny permit ip source destination no sequence number Parameter Description...

Page 1530: ...e following commands to enter the IPv4 Extended ACL Configuration mode and define a numbered extended access list 101 awplus configure terminal awplus config access list 101 awplus config ip ext acl T...

Page 1531: ...st 10 0 0 1 host 192 168 1 1 awplus config ip ext acl 20 permit ip any any Example 3 list number Use the following commands to remove the access list filter entry with sequence number 20 from extended...

Page 1532: ...s command Syntax proto sequence number deny permit proto ip protocol source destination log no deny permit proto ip protocol source destination log no sequence number Parameter Description sequence nu...

Page 1533: ...escription RFC 1 Internet Control Message RFC792 2 Internet Group Management RFC1112 3 Gateway to Gateway RFC823 4 IP in IP RFC2003 5 Stream RFC1190 RFC1819 6 TCP Transmission Control Protocol RFC793...

Page 1534: ...elected Software ACLs will deny access unless explicitly permitted by an ACL action Example 1 creating a list Use the following commands to add a new access list filter entry to the access list named...

Page 1535: ...OL FILTER Example 2 adding to a list Use the following commands to add a new access list filter entry at sequence position 5 in the access list named my list that will accept packets from source addre...

Page 1536: ...rt lt sourceport gt sourceport ne sourceport destination eq destport lt destport gt destport ne destport log no sequence number deny permit tcp udp source eq sourceport lt sourceport gt sourceport ne...

Page 1537: ...creating a list To add a new entry to the access list named my list that will reject TCP packets from 10 0 0 1on TCP port 10 to 192 168 1 1 on TCP port 20 use the commands awplus configure terminal aw...

Page 1538: ...ED TCP UDP FILTER Example 2 adding to a list To insert a new entry with sequence number 5 of the access list named my list that will accept UDP packets from 10 1 1 0 24 network to 192 168 1 0 24 netwo...

Page 1539: ...ermit access list standard standard access list name deny permit source no access list standard standard access list name deny permit source Mode Global Configuration Default Any traffic controlled by...

Page 1540: ...you can configure your access lists by using the command access list standard named filter NOTE Software ACLs will deny access unless explicitly permitted by an ACL action Examples To define a standar...

Page 1541: ...99 deny permit source no access list 1 99 1300 1999 deny permit source Mode Global Configuration Default Any traffic controlled by a software ACL that does not explicitly match a filter is denied Usag...

Page 1542: ...access list standard numbered filter NOTE Software ACLs will deny access unless explicitly permitted by an ACL action Examples To create ACL number 67 that will deny packets from subnet 172 16 10 use...

Page 1543: ...equence numbercanbefound by running theshowaccess list IPv4 Software ACLs command Syntax sequence number deny permit source exact match any no deny permit source exact match any no sequence number Mod...

Page 1544: ...he access list standard named command with the required access control list name but with no further parameters selected Software ACLs will deny access unless explicitly permitted by an ACL action Exa...

Page 1545: ...nce numbercanbefound by running theshowaccess list IPv4 Software ACLs command Syntax sequence number deny permit source host host address any no deny permit source host host address any no sequence nu...

Page 1546: ...an existing list by specifying the appropriate sequence number NOTE The access control list being configured is selected by running the access list standard numbered command with the required access...

Page 1547: ...EFIX LIST clear ip prefix list Overview Use this command to reset the hit count to zero in the prefix list entries Syntax clear ip prefix list list name ip address mask Mode Privileged Exec Example To...

Page 1548: ...os ipoptions land ping of death smurf broadcast ip address synflood teardrop action shutdown trap mirror Mode Interface Configuration for a switch port interface Default DoS attack detection is not co...

Page 1549: ...ct normal traffic switching between ports but other protocols such as IGMP and STP may be affected This defense is not recommended where a large number of fragmented packets are expected smurf This ty...

Page 1550: ...he interface if an attack is detected use the commands awplus configure terminal awplus config interface port1 0 1 awplus config if dos ipoptions action shutdown To configure ping of death DoS detecti...

Page 1551: ...rated in a sequence of 5 The parameters ge and le specify the range of the prefix lengths to be matched When setting these parameters set the levalueto be less than 32 and the gevalue to be less than...

Page 1552: ...OL LIST ACL COMMANDS IP PREFIX LIST Example To deny the IP addresses between 10 0 0 0 14 10 0 0 0 255 252 0 0 and 10 0 0 0 22 10 0 0 0 255 255 252 0 within the 10 0 0 0 8 10 0 0 0 255 0 0 0 addressing...

Page 1553: ...e access lists within the ranges 1 199 1300 1999 and 2000 2699 and named standard and extended access lists The no variant of this command removes the limit on the number of filters that can be added...

Page 1554: ...o show all access lists configured on the switch awplus show access list To show the access list with an ID of 20 awplus show access list 20 Parameter Description 1 99 IP standard access list 100 199...

Page 1555: ...V4 SOFTWARE ACLS Note the following error message is displayed if you attempt to show an undefined access list awplus show access list 2 Related Commands access list standard named access list standar...

Page 1556: ...1 Example output from the show dos interface command prior to a DoS attack Parameter Description port list Specify the switch port or port list to display DoS configuration options set with the dos co...

Page 1557: ...down with the shutdown command ipoptions Displays Enabled when the ipoptions parameter is configured with thedos command plus the action Shutdown port Mirror port or Trap port and the number of insta...

Page 1558: ...s Enabled when the synflood parameter is configured with the dos command plus the action Shutdown port Mirror port or Trap port and the number of instances of any synflood DoS attacks that have occurr...

Page 1559: ...2000 2699 access list name Mode User Exec and Privileged Exec Example awplus show ip access list Output Figure 37 3 Example output from the show ip access list command Parameter Description 1 99 IP s...

Page 1560: ...RIP and BGP routing protocols only Syntax show ip prefix list name detail summary Mode User Exec and Privileged Exec Example awplus show ip prefix list awplus show ip prefix list 10 10 0 98 8 awplus s...

Page 1561: ...ld be to permit a specific address or range of addresses and rely on the deny all filter to block all other access Use the no variant of this command to remove the access list Syntax vty access class...

Page 1562: ...a static channel group apply it to the static channel group itself For more information on link aggregation see the following references Link Aggregation Feature Overview_and Configuration Guide Link...

Page 1563: ...le 38 1 IPv6 Hardware Access List Commands and Prompts Command Name Command Mode Prompt show ipv6 access list IPv6 Hardware ACLs Privileged Exec awplus ipv6 access list named IPv6 hardware ACL Global...

Page 1564: ...IPv6 ACL is not written to hardware until you exit IPv6 Hardware ACL Configuration mode By entering this command you can ensure that the current state of a hardware access list that is being edited i...

Page 1565: ...sion of IPv6 packets on an interface and restrict the content of routing updates The switch stops checking the IPv6 hardware named access list when a match is encountered This command moves you to the...

Page 1566: ...4 7 1 x IPV6 HARDWARE ACCESS CONTROL LIST ACL COMMANDS IPV6 ACCESS LIST NAMED IPV6 HARDWARE ACL named IPv6 hardware ACL IPv6 packet entry named IPv6 hardware ACL IP protocol entry named IPv6 hardware...

Page 1567: ...ou can find the sequence number by running the show ipv6 access list IPv6 Hardware ACLs command Hardware ACLs will permit access unless explicitly denied by an ACL action Syntax sequence number action...

Page 1568: ...lly set between 0 and 64 ipv6 src address ipv6 src wildcard Match the specified IPv6 source address masked using wildcard bits The IPv6 address uses the format X X X X In the wildcard bits 1 represent...

Page 1569: ...tion If you do not specify a sequence number the switch puts the entry at the end of the ACL and assigns it the next available multiple of 10 as its sequence number Once you have configured the ACL us...

Page 1570: ...inal awplus config ipv6 access list my acl awplus config ipv6 hw acl no deny icmp 2001 0db8 0 64 any To specify anACL named my acl1 and add a filter entry that blocks all ICMP6echo requests enter the...

Page 1571: ...y ipv6 2001 0db8 0 64 any You can find the sequence number by running the show ipv6 access list IPv6 Hardware ACLs command Hardware ACLs will permit access unless explicitly denied by an ACL action Sy...

Page 1572: ...sually set between 0 and 64 ipv6 src address ipv6 src wildcard Match the specified IPv6 source address masked using wildcard bits The IPv6 address uses the format X X X X In the wildcard bits 1 repres...

Page 1573: ...you have configured the ACL use the ipv6 traffic filter or the match access group command to apply this ACL to a port VLAN or QoS class map Note that the ACL will only apply to incoming data packets...

Page 1574: ...1 x IPV6 HARDWARE ACCESS CONTROL LIST ACL COMMANDS NAMED IPV6 HARDWARE ACL IPV6 PACKET ENTRY Related Commands ipv6 access list named IPv6 hardware ACL ipv6 traffic filter match access group show ipv6...

Page 1575: ...u can find the sequence number by running the show ipv6 access list IPv6 Hardware ACLs command Hardware ACLs will permit access unless explicitly denied by an ACL action Syntax sequence number action...

Page 1576: ...y source host ipv6 src address prefix length Match the specified source address and prefix length The IPv6 address prefix uses the format X X prefix length The prefix length is usually set between 0 a...

Page 1577: ...ol number and description Protocol Number Protocol Description RFC 1 Internet Control Message RFC792 2 Internet Group Management RFC1112 3 Gateway to Gateway RFC823 4 IP in IP RFC2003 5 Stream RFC1190...

Page 1578: ...witch puts the entry at the end of the ACL and assigns it the next available multiple of 10 as its sequence number Once you have configured the ACL use the ipv6 traffic filter or the match access grou...

Page 1579: ...add a filter entry to the ACL named my acl to deny IGMP packets from 2001 0db8 0 64 use the commands awplus configure terminal awplus config ipv6 access list my acl awplus config ipv6 hw acl deny pro...

Page 1580: ...Hardware ACLs command Hardware ACLs will permit access unless explicitly denied by an ACL action Syntax sequence number action tcp udp source addr source ports dest addr dest ports vlan 1 4094 no seq...

Page 1581: ...et Specify the subnet by entering the IPv4 address then a forward slash then the prefix length ip addr reverse mask Match any source IP address within the specified subnet Specify the subnet by enteri...

Page 1582: ...iple of 10 as its sequence number host ip addr Match a single destination host with the IP address given by ip addr in dotted decimal notation ip addr prefix Match any destination IP address within th...

Page 1583: ...hardware IPv6 access list named my acl use the commands awplus configure terminal awplus config ipv6 access list my acl awplus config ipv6 hw acl deny tcp 2001 0db8 0 64 any eq 22 To add a filter entr...

Page 1584: ...e number of access lists that can be added is determined by the amount of available space in the hardware based packet classification tables To apply the access list to all ports on the switch execute...

Page 1585: ...ing System Version 5 4 7 1 x IPV6 HARDWARE ACCESS CONTROL LIST ACL COMMANDS IPV6 TRAFFIC FILTER named IPv6 hardware ACL IPv6 packet entry named IPv6 hardware ACL IP protocol entry named IPv6 hardware...

Page 1586: ...show ipv6 access list name Mode User Exec and Privileged Exec Example To show all configured IPv6 access lists use the command awplus show ipv6 access list Output Figure 38 1 Example output from the s...

Page 1587: ...more information on link aggregation see the following references the Link Aggregation Feature Overview_and_Configuration Guide Link Aggregation Commands Note that text in parenthesis in command names...

Page 1588: ...ccess list IPv6 Software ACLs on page 1607 show ipv6 prefix list on page 1609 vty ipv6 access class named on page 1610 Table 39 1 IPv6 Software Access List Commands and Prompts Command Name Command Mo...

Page 1589: ...s prefix length any ipv6 destination address prefix length any icmp type icmp type log Syntax tcp udp ipv6 access list extended list name deny permit tcp udp ipv6 source address prefix length any eq s...

Page 1590: ...stination address prefix length Specifies a destination address and prefix length The IPv6 address uses the format X X X X Prefix Length The prefix length is usually set between 0 and 64 any Matches a...

Page 1591: ...ss list extended followed by only the IPv6 extended access list name This latter and preferred method moves you to the config ipv6 ext acl prompt for the selected IPv6 extended access list number and...

Page 1592: ...insert a new filter at sequence number 5 of the access list named my listthat will accept ICMP type 8 packets from the 2001 0db8 0 64 network to the 2001 0db8 f 64 network use the commands awplus con...

Page 1593: ...user defined name for the IPv6 software extended access list deny Specifies the packets to reject permit Specifies the packets to accept proto The IP Protocol type specified by its protocol number in...

Page 1594: ...ta Transfer Protocol RFC969 33 DCCP Datagram Congestion Control Protocol RFC4340 48 DSR Dynamic Source Routing Protocol RFC4728 50 ESP Encap Security Payload RFC2406 51 AH Authentication Header RFC240...

Page 1595: ...CLs will deny access unless explicitly permitted by an ACL action Examples To create the IPv6 access list named ACL 1 to deny IP protocol 9 packets from 2001 0db8 1 1 128 to 2001 0db8 f 1 128 use the...

Page 1596: ...p any proto ip protocol ipv6 source address prefix any ipv6 destination address prefix any log no deny permit ip any proto ip protocol ipv6 source address prefix any ipv6 destination address prefix an...

Page 1597: ...nitoring RFC869 27 RDP Reliable Data Protocol RFC908 28 IRTP Internet Reliable Transaction Protocol RFC938 29 ISO TP4 ISO Transport Protocol Class 4 RFC905 30 Bulk Data Transfer Protocol RFC969 33 DCC...

Page 1598: ...access list named my list with sequence number 5 rejecting the IPv6 packet from 2001 db8 1 1 to 2001 db8 f 1 use the commands awplus configure terminal awplus config ipv6 access list extended my list...

Page 1599: ...moval by entering either its sequence number or its filter entry profile Syntax tcp udp sequence number deny permit tcp udp ipv6 source address prefix any eq sourceport lt sourceport gt sourceport ne...

Page 1600: ...ss list extended my list awplus config ipv6 ext acl 5 deny tcp 2001 0db8 0 64 eq 10 2001 0db8 f 64 eq 20 To add a new filter entry with sequence number 5 to the extended IPv6 access list named my list...

Page 1601: ...ed by a software ACL that does not explicitly match a filter is denied Usage Use IPv6 standard access lists to control the transmission of IPv6 packets on an interface and restrict the content of rout...

Page 1602: ...and preferred method moves you to the config ipv6 std acl prompt for the selected IPv6 standard access list and from here you can configure the filters for this selected IPv6 standard access list NOTE...

Page 1603: ...ipv6 source address prefix length any no sequence number Mode IPv6 Standard ACL Configuration Default Any traffic controlled by a software ACL that does not explicitly match a filter is denied Usage...

Page 1604: ...ed my list enter the commands awplus configure terminal awplus config ipv6 access list standard my list awplus config ipv6 std acl no deny any Alternately to remove the ACL filter entry with sequence...

Page 1605: ...The parameters ge and le specify the range of the prefix lengths to be matched The parameters ge and le are only used if an ip prefix is stated When setting these parameters set the le value to be le...

Page 1606: ...Example To check the first 32 bits of the prefix 2001 db8 and the subnet mask must be greater than or equal to 34 and less than or equal to 40 enter the following commands awplus configure terminal a...

Page 1607: ...w all configured IPv6 access lists use the following command awplus show ipv6 access list Output Figure 39 1 Example output from show ipv6 access list Example To show the IPv6 access list named deny_i...

Page 1608: ...5 4 7 1 x IPV6 SOFTWARE ACCESS CONTROL LIST ACL COMMANDS SHOW IPV6 ACCESS LIST IPV6 SOFTWARE ACLS Related Commands ipv6 access list extended named ipv6 access list extended IP protocol filter ipv6 ac...

Page 1609: ...and BGP4 routing protocols only Syntax show ipv6 prefix list name detail summary Mode User Exec and Privileged Exec Example awplus show ipv6 prefix list awplus show ipv6 prefix list 10 10 0 98 8 awpl...

Page 1610: ...ddress or range of addresses and rely on the deny all filter to block all other access Use the no variant of this command to remove the access list Syntax vty ipv6 access class access name no vty ipv6...

Page 1611: ...class map on page 1614 clear mls qos interface policer counters on page 1615 default action on page 1616 description QoS policy map on page 1617 egress rate limit on page 1618 match access group on p...

Page 1612: ...s qos on page 1653 show mls qos interface on page 1654 show mls qos interface policer counters on page 1657 show mls qos interface queue counters on page 1659 show mls qos interface storm status on pa...

Page 1613: ...ss map If your class map does not exist you can create it by using the class map command Syntax class name default no class name Mode Policy Map Configuration Example The following example creates the...

Page 1614: ...and to create a class map Use the no variant of this command to delete the named class map Syntax class map name no class map name Mode Global Configuration Example This example creates a class map ca...

Page 1615: ...ps by not specifying a class map Syntax clear mls qos interface port policer counters class map class map Mode Privileged Exec Example To reset the policy counters to zero for all class maps for port1...

Page 1616: ...lt action of permit Syntax default action permit deny send to cpu copy to cpu copy to mirror send to mirror no default action Default The default is permit Mode Policy Map Configuration Examples To se...

Page 1617: ...l description of the policy map This can be up to 80 characters long Use the no variant of this command to remove the current description from the policy map Syntax description line no description Mod...

Page 1618: ...awplus config if egress rate limit 64k Egress rate limit has been set to 64 Kb Parameter Description rate limit Bandwidth 1 10000000 units per second usable units k m g The egress rate limit can be c...

Page 1619: ...ate limit 5m max burst size 200k When maximum burst size is 200KB a burst of up to approximately 200KB can be sent at line rate 100 or 1000Mbps if there are packets in the queues to send If traffic is...

Page 1620: ...ming data packets Examples To configure a class map named cmap1 which matches traffic against access list 3001 which allows IP traffic from any source to any destination use the commands awplus config...

Page 1621: ...g ip hw acl permit ip any any awplus config class map cmap3 awplus config cmap match access group hw_acl To apply ACL 3001 to VLAN 48 where the ACL drops IP traffic from any source to any destination...

Page 1622: ...variant of this command to remove CoS Syntax match cos 0 7 no match cos Mode Class Map Configuration Examples To set the class map s CoS to 4 use the commands awplus configure terminal awplus config c...

Page 1623: ...ion Usage Use the match dscp command to define the match criterion after creating a class map Examples To configure a class map named cmap1 with criterion that matches DSCP 56 use the commands awplus...

Page 1624: ...enter the parameter name ethii untagged EthII Untagged Packets enter the parameter name ethii any EthII Tagged or Untagged Packets enter the parameter name netwareraw tagged Netware Raw Tagged Packet...

Page 1625: ...ber 0807 enter the parameter name or its number banyan systems Protocol Number 0BAD enter the parameter name or its number bbn simnet Protocol Number 5208 enter the parameter name or its number dec mo...

Page 1626: ...ss map cmap1 awplus config cmap no match eth format protocol appletalk Protocol Number 809B enter the parameter name or its number ibm sna Protocol Number 80D5 enter the parameter name or its number a...

Page 1627: ...to remove CoS Syntax match inner cos 0 7 no match inner cos Mode Class Map Configuration Examples To set the class map s inner cos to 4 use the commands awplus configure terminal awplus config class...

Page 1628: ...d in double tagged networks to match on a VLAN ID belonging to the client network For more information on VLAN double tagged networks see the VLAN Feature Overview and Configuration Guide Examples To...

Page 1629: ...Use the no variant of this command to remove IP precedence values from a class map Syntax match ip precedence 0 7 no match ip precedence Mode Class Map Configuration Example To configure a class map n...

Page 1630: ...cast l2mcast l2ucast no match mac type Mode Class Map Configuration Examples To set the class map s MAC type to Layer 2 multicast use the commands awplus configure terminal awplus config class map cma...

Page 1631: ...yntax match tcp flags ack fin psh rst syn urg no match tcp flags ack fin psh rst syn urg Mode Class Map Configuration Examples To set the class map s TCP flags to ack and syn use the commands awplus c...

Page 1632: ...ria Syntax match vlan 1 4094 no match vlan Mode Class Map Configuration Examples To configure a class map named cmap1 to include traffic from VLAN 3 use the commands awplus configure terminal awplus c...

Page 1633: ...nterface to the default CoS setting for untagged frames entering the interface Syntax mls qos cos 0 7 no mls qos cos Default By default all untagged frames are assigned a CoS value of 0 Note that for...

Page 1634: ...of this command to globally disable QoS and remove all QoS configuration The no variant of this command removes all class maps policy maps and policers that have been created Running the no mls qos co...

Page 1635: ...setting The default mappings for this command are Syntax mls qos map cos queue cos priority to queue number no mls qos map cos queue Mode Global Configuration Examples To map CoS 2 to queue 0 use the...

Page 1636: ...p command set this command mls qos map premark dscp enables you to make the following changes remap the DSCP leaving the other settings unchanged remap any or all of CoS outputqueue or bandwidth class...

Page 1637: ...use a new DSCP of 2 a new CoS of 3 and a new bandwidth class of yellow use the command awplus configure terminal awplus config mls qos map premark dscp 1 to new dscp 2 new cos 3 new bandwidth class y...

Page 1638: ...nfigured on the class map Syntax no police Mode Policy Map Class Configuration Usage This command disables any policer previously configured on the class map Example To disable policing on a class map...

Page 1639: ...does not only apply to red traffic If a remark map is configured on the same class map as the policer then the remark map will apply to green colored and yellow colored traffic irrespectiveof the val...

Page 1640: ...ction of the remark map applied to it and is then transmitted Example To configure a single rate meter measuring traffic of 10 Mbps that drops a sustained burst of traffic over this rate use the comma...

Page 1641: ...ckets classed as red will be discarded Parameter Description cir Specify the Committed Information Rate CIR 1 40000000 kbps pir Specify the Peak Information Rate PIR 1 40000000 kbps cbs Specify the Co...

Page 1642: ...arameter of the policer So even if action is configured to drop red the remark map will be applied to green and yellow traffic So the action parameter only applies to red colored traffic If action is...

Page 1643: ...y Map Configuration mode to configure the specified policy map Use the no variant of this command to delete an existing policy map Syntax policy map name no policy map name Mode Global Configuration E...

Page 1644: ...You can then use the priority queue command to reset the selected queues to priority queuing Note that the emptying sequence for priority queuing is always highest queue number to lowest queue number...

Page 1645: ...s Syntax remark map bandwidth class green yellow red to new dscp 0 63 new bandwidth class green yellow red no remark map bandwidth class green yellow red to new dscp 0 63 new bandwidth class green yel...

Page 1646: ...configure terminal awplus config policy map pmap1 awplus config pmap class cmap1 awplus config pmap c remark map bandwidth class green to new dscp 2 To reset the DSCP for all bandwidth classes use th...

Page 1647: ...ew cos internal external both Mode Policy Map Class Configuration Usage The default CoS to Queue mappings are shown in the following table The relationship between this command and the CoS to queue ma...

Page 1648: ...INPUT FROM THE XISTING O3 VALUE 7ITH THE REMARK NEW COS COMMAND SET TO INTERNAL OR BOTH THE QUEUE MAPPING TAKES ITS INPUT FROM THE VALUE SET BY THE COMMAND REMARK NEW COS OTE THAT ALTHOUGH THE O3 TO 1...

Page 1649: ...terface association Syntax service policy input policy map no service policy input policy map Mode Interface Configuration Usage This command can be applied to switch ports or static channel groups bu...

Page 1650: ...is make a policy map that contains one or more class maps that match the traffic to be policy routed Then configure their next hop with this command set ip next hop The remaining traffic will be conve...

Page 1651: ...7 1 x QOS COMMANDS SET IP NEXT HOP PBR Example To forward packets to 192 168 1 1 if they match the class map called cmap1 use the commands awplus configure terminal awplus config policy map pmap1 awp...

Page 1652: ...or classifying traffic Syntax show class map class map name Mode User Exec and Privileged Exec Example To display a QoS class map s match criteria for classifying traffic use the command awplus show c...

Page 1653: ...erview Use this command to display whether QoS is enabled or disabled on the switch Syntax show mls qos Mode User Exec and Privileged Exec Example To display whether QoS is enabled or disabled use the...

Page 1654: ...qos interface port Mode User Exec and Privileged Exec Example To display current CoS and queue settings for interface port1 0 1 use the command awplus show mls qos interface port1 0 1 Output Figure 40...

Page 1655: ...Queue 6 Status Enabled Scheduler Strict Priority Queue Limit 12 Egress Rate Limit 0 Kb Egress Queue 7 Status Enabled Scheduler Strict Priority Queue Limit 12 Egress Rate Limit 0 Kb Table 41 Parameters...

Page 1656: ...INTERFACE Queue Limit The percentage of the port s buffers that have been allocated to this queue Egress Rate Limit The amount of traffic that can be transmitted via this queue per second 0 Kb means t...

Page 1657: ...e counters are based on metering performed on the specified class map Therefore the Dropped Bytes counter is the number of bytes dropped due to metering This is different from packets dropped via a de...

Page 1658: ...ersion 5 4 7 1 x QOS COMMANDS SHOW MLS QOS INTERFACE POLICER COUNTERS This output shows a policer configured with remarking through action remark transmit so although bytes are marked as Red none are...

Page 1659: ...port s queue which will be a sum of all egress queues Syntax show mls qos interface port queue counters queue number Mode User Exec and Privileged Exec Example To show the counters for all queues on p...

Page 1660: ...HOW MLS QOS INTERFACE QUEUE COUNTERS Port queue length Number of frames in the port s queue This will be the sum of all egress queues on the port Egress Queue length Number of frames in a specific egr...

Page 1661: ...ode User Exec and Privileged Exec Example To see the QSP status on port1 0 1 use the command awplus show mls qos interface port1 0 1 storm status Output Figure 40 7 Example output from show mls qos in...

Page 1662: ...current configuration of the cos queue map Syntax show mls qos maps cos queue Mode User Exec and Privileged Exec Example To display the current configuration of the cos queue map use the command awplu...

Page 1663: ...CP CoS and or bandwidth class of a packet matching the class map based on a lookup DSCP value Syntax show mls qos maps premark dscp 0 63 Mode User Exec and Privileged Exec Example To display the prema...

Page 1664: ...resents of the total available Syntax show platform classifier statistics utilization brief Mode Privileged Exec Example To display the platform classifier utilization statistics use the following com...

Page 1665: ...s their associated class maps Syntax show policy map name Mode User Exec and Privileged Exec Example To display a listing of the policy maps configured on the switch use the command awplus show policy...

Page 1666: ...action portdisable vlandisable linkdown no storm action Mode Policy Map Class Configuration Examples To apply the storm protection of vlandisable to the policy map named pmap2 and the class map named...

Page 1667: ...0 seconds Syntax storm downtime 1 86400 no storm downtime Default 10 seconds Mode Policy Map Class Configuration Examples To re enable the port in 1 minute use the following commands awplus configure...

Page 1668: ...riant of this command disables Policy Based Storm Protection Syntax storm protection no storm protection Default By default storm protection is disabled Mode Policy Map Class Configuration Examples To...

Page 1669: ...e Default No default Mode Policy Map Class Configuration Usage This setting is made in conjunction with the storm window command Examples To limit the data rate to 100Mbps use the following commands a...

Page 1670: ...efault Mode Policy Map Class Configuration Usage This command should be set in conjunction with the storm rate command Examples To set the QSP window size to 5000 ms use the following commands awplus...

Page 1671: ...nts of the packet existing either at ingress or applied by the class map will pass unchanged Syntax trust dscp no trust Mode Policy Map Configuration Because policy maps are applied to ports you can t...

Page 1672: ...ble queues 0 1 2 3 4 5 6 7 no wrr queue disable queues 0 1 2 3 4 5 6 7 Mode Interface Configuration Examples To disable queue 1 from transmitting traffic use the commands awplus configure terminal awp...

Page 1673: ...ified The minimum is 651Kb Syntax wrr queue egress rate limit bandwidth queues 0 1 2 3 4 5 6 7 no wrr queue egress rate limit bandwidth queues 0 1 2 3 4 5 6 7 Mode Interface Configuration Example To l...

Page 1674: ...ted round robin based scheduling to static aggregated interfaces for example awplus config interface sa2 Attempting to apply weighted round robin based scheduling on aggregated interfaces will display...

Page 1675: ...hentication on page 1678 debug dot1x on page 1679 dot1x control direction on page 1680 dot1x eap on page 1682 dot1x eapol version on page 1683 dot1x initialize interface on page 1685 dot1x initialize...

Page 1676: ...v B Command Reference for x510 Series 1676 AlliedWare Plus Operating System Version 5 4 7 1 x 802 1X COMMANDS show dot1x supplicant on page 1709 show dot1x supplicant interface on page 1711 undebug do...

Page 1677: ...fault list name no dot1x accounting Default The default method list is applied to an interface by default Mode Interface Mode Example To apply the named list vlan10_acct on the vlan10 interface use th...

Page 1678: ...x authentication Default The default method list is applied to an interface by default Mode Interface Mode Example To apply the named list vlan10_auth on the vlan10 interface use the commands awplus c...

Page 1679: ...aware that this is a very verbose output It is mostly useful to capture this as part of escalating an issue to ATI support Examples Use this command without any parameters to turn on normal 802 1X deb...

Page 1680: ...ntax dot1x control direction in both no dot1x control direction Default The authentication port direction is set to both by default Mode Interface Configuration for a static channel a dynamic LACP cha...

Page 1681: ...ONTROL DIRECTION To set the port direction to the default both for authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config auth profi...

Page 1682: ...e commands awplus configure terminal awplus config dot1x eap forward To set the transmit mode of EAP packet to discard to discard EAP packets use the commands awplus configure terminal awplus config d...

Page 1683: ...Examples To set the EAPOL protocol version to 2 for port1 0 2 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if dot1x eapol version 2 To set the EAPOL proto...

Page 1684: ...v B Command Reference for x510 Series 1684 AlliedWare Plus Operating System Version 5 4 7 1 x 802 1X COMMANDS DOT1X EAPOL VERSION Validation Commands auth profile Global Configuration show dot1x show...

Page 1685: ...ommand awplus dot1x initialize interface port1 0 2 To unauthorize switch port1 0 1 and attempt reauthentication on switch port1 0 1 use the command awplus dot1x initialize interface port1 0 1 To unaut...

Page 1686: ...iscommand Theattemptistriggered by the first packet from the supplicant trying to access the network resources Syntax dot1x initialize supplicant macadd username Mode Privileged Exec Example To initia...

Page 1687: ...LACP channel group or a switch port Usage Use this command to enable key transmission over an Extensible Authentication Protocol EAP packet between the authenticator and supplicant Use the no variant...

Page 1688: ...aximum number of login attempts for supplicants on an interface The supplicant is moved to the auth fail VLAN from the Guest VLAN after the number of failed login attempts using 802 1X authentication...

Page 1689: ...l awplus config auth profile student awplus config auth profile dot1x max auth fail 1 To configure the maximum number of login attempts for a supplicant on authentication profile student to the defaul...

Page 1690: ...ication attempts after failure Examples To configure the maximum number of reauthentication attempts for interface port1 0 2 to a single 1 reauthentication request use the commands awplus configure te...

Page 1691: ...authentication attempts for authentication profile student to the default maximum number of two 2 reauthentication attempts use the commands awplus configure terminal awplus config auth profile studen...

Page 1692: ...t controlis set to auto the 802 1X authentication feature is executed on the interface but only if the aaa authentication dot1x command has been issued Examples To enable port authentication on the in...

Page 1693: ...inal awplus config auth profile student awplus config auth profile dot1x port control auto To enable port authentication force authorized on authentication profile student use the commands awplus conf...

Page 1694: ...tempts to request an ID Examples To set the transmit timeout period to 5 seconds on interface port1 0 2 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if do...

Page 1695: ...B Command Reference for x510 Series 1695 AlliedWare Plus Operating System Version 5 4 7 1 x 802 1X COMMANDS DOT1X TIMEOUT TX PERIOD Validation Commands auth profile Global Configuration show dot1x sho...

Page 1696: ...ng and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Syntax show debugging dot1x Mode User Exec and Privileged Exec Usage This is a sample...

Page 1697: ...ow dot1x all Parameter Description all Displays all authentication information for each port available on the switch Table 1 Example output from the show dot1x all command awplus show dot1x all 802 1X...

Page 1698: ...false KR rxKey false KT keyAvailable false keyTxEnabled false criticalState off dynamicVlanId 2 802 1X statistics for interface port1 0 6 EAPOL Frames Rx 5 EAPOL Frames Tx 16 EAPOL Start Frames Rx 0...

Page 1699: ...SHOW DOT1X authEaplogoggWhileAuthenticating 0 authReauthsWhileAuthenticated 0 authEapstartWhileAuthenticated 0 authEaplogoffWhileAuthenticated 0 BackendResponses 2 BackendAccessChallenges 1 BackendOt...

Page 1700: ...iguration Guide Syntax show dot1x diagnostics interface interface list Mode Privileged Exec Example See the sample output below showing 802 1X authentication diagnostics for port1 0 5 awplus show dot1...

Page 1701: ...upplicant address 00d0 59ab 7037 authEnterConnecting 2 authEaplogoffWhileConnecting 1 authEnterAuthenticating 2 authSuccessWhileAuthenticating 1 authTimeoutWhileAuthenticating 1 authFailWhileAuthentic...

Page 1702: ...saving command output see the Getting Started with AlliedWare_Plus Feature Overview and Configuration Guide Syntax show dot1x interface interface list diagnostics sessionstatistics statistics supplica...

Page 1703: ...ized reAuthenticate disabled reAuthPeriod 3600 PAE quietPeriod 60 maxReauthReq 2 txPeriod 30 PAE connectTimeout 30 BE suppTimeout 30 serverTimeout 30 CD adminControlledDirections in KT keyTxEnabled fa...

Page 1704: ...aplogoggWhileAuthenticating 0 authReauthsWhileAuthenticated 0 authEapstartWhileAuthenticated 0 authEaplogoffWhileAuthenticated 0 BackendResponses 2 BackendAccessChallenges 1 BackendOtherrequestToSuppl...

Page 1705: ...status of the port for 802 1X control portStatus 802 1X status of the port authorized unauthorized reAuthenticate Reauthentication enabled disabled status on port reAuthPeriod Value holds meaning only...

Page 1706: ...t CD Controlled Directions State machine adminControlledDi r ections Administrative value Both In operControlledDir e ctions Operational Value Both In KR Key receive state machine rxKey True when EAPO...

Page 1707: ...authentication session statistics for port1 0 6 awplus show dot1x sessionstatistics interface port1 0 6 Parameter Description interface Specify a port to show interface list The interfaces or ports to...

Page 1708: ...statistics interface port1 0 6 Parameter Description interface list The interfaces or ports to configure An interface list can be an interface e g vlan2 a switch port e g port1 0 6 a static channel g...

Page 1709: ...eter awplus show dot1x supplicant 00d0 59ab 7037 brief Parameter Description macadd MAC hardware address of the Supplicant brief Brief summary of the Supplicant state authenticationMethod dot1x totalS...

Page 1710: ...cationMethod dot1x totalSupplicantNum 1 authorizedSupplicantNum 1 macBasedAuthenticationSupplicantNum 0 dot1xAuthenticationSupplicantNum 1 webBasedAuthenticationSupplicantNum 0 Interface VID Mode MAC...

Page 1711: ...onfiguration Guide Syntax show dot1x supplicant interface interface list brief Mode Privileged Exec Examples See sample output below showing the supplicant on the interface port1 0 6 awplus show dot1x...

Page 1712: ...ant address 0000 cd07 7b60 authenticationMethod 802 1X Two Step Authentication firstAuthentication Pass Method mac secondAuthentication Pass Method dot1x portStatus Authorized currentId 3 abort F fail...

Page 1713: ...face sa1 supplicant brief Interface sa1 authenticationMethod dot1x Two Step Authentication firstMethod mac secondMethod dot1x totalSupplicantNum 1 authorizedSupplicantNum 1 macBasedAuthenticationSuppl...

Page 1714: ...mand Reference for x510 Series 1714 AlliedWare Plus Operating System Version 5 4 7 1 x 802 1X COMMANDS UNDEBUG DOT1X undebug dot1x Overview This command applies the functionality of the no variant of...

Page 1715: ...namic vlan creation on page 1721 auth guest vlan on page 1724 auth guest vlan forward on page 1727 auth host mode on page 1729 auth log on page 1731 auth max supplicant on page 1733 auth profile Globa...

Page 1716: ...ode on page 1778 auth web server dhcp ipaddress on page 1779 auth web server dhcp lease on page 1780 auth web server dhcp wpad option on page 1781 auth web server host name on page 1782 auth web serve...

Page 1717: ...tion Authentication Profile on page 1805 erase proxy autoconfig file on page 1806 erase web auth https file on page 1807 platform l3 vlan hashing algorithm on page 1808 platform mac vlan hashing algor...

Page 1718: ...feature enables assignment to a different VLAN if a supplicant fails authentication To enable the auth fail vlan feature with Web Authentication you need to set the Web Authentication Server virtual...

Page 1719: ...following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth auth fail vlan 100 To disable the auth fail vlan feature for port1 0 2 use the following commands a...

Page 1720: ...de Examples To enable the critical port feature on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth critical To disable...

Page 1721: ...signed to ports Dynamic VLANs may be associated with authenticated MAC addresses if the type parameter is applied with the rule parameter The rule parameter deals with the case where there are multipl...

Page 1722: ...LAN ID assigned for the MAC Base VLAN is displayed using the show platform table vlan command To configure Dynamic Vlan with Web Authentication you need to set Web Authentication Server virtual IP add...

Page 1723: ...able the Dynamic VLAN assignment feature on authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config auth profile auth dynamic vlan cr...

Page 1724: ...a port is in multi supplicant mode with per port dynamic VLAN configuration after the first successful authentication subsequent hosts cannot use the guest VLAN due to the change in VLAN ID This may...

Page 1725: ...nds awplus configure terminal awplus config vlan database awplus config vlan vlan 100 awplus config vlan exit awplus config interface port1 0 2 awplus config if dot1x port control auto awplus config i...

Page 1726: ...mmand Reference for x510 Series 1726 AlliedWare Plus Operating System Version 5 4 7 1 x AUTHENTICATION COMMANDS AUTH GUEST VLAN auth guest vlan forward dot1x port control show dot1x show dot1x interfa...

Page 1727: ...g is disabled by default Mode Interface Configuration mode for a specified switch port or Authentication Profile mode Usage Before using this command you must configure the guest VLAN with the auth gu...

Page 1728: ...h guest vlan forward 10 0 0 1 dns To enable the tcp forwarding port 137 on authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config au...

Page 1729: ...se the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth host mode multi supplicant Parameter Description single host Single host mode In this mode o...

Page 1730: ...host mode To set the host mode to multi supplicant on authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config auth profile auth host...

Page 1731: ...ing of MAC authentication failures to the log file for supplicants client devices connected to interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0...

Page 1732: ...ure the logging of web authentication failures to the log file for supplicants client devices connected to authentication profile student use the commands awplus configure terminal awplus config auth...

Page 1733: ...ofile mode Examples To set the maximum number of supplicants to 10 on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth m...

Page 1734: ...Reference for x510 Series 1734 AlliedWare Plus Operating System Version 5 4 7 1 x AUTHENTICATION COMMANDS AUTH MAX SUPPLICANT Related Commands auth profile Global Configuration show dot1x show dot1x i...

Page 1735: ...o port authentication profiles are created by default Mode Global Configuration Usage A port authentication profile is a configuration object that aggregates multiple port authentication commands Thes...

Page 1736: ...a authentication profile created using the auth profile Global Configuration command to a static channel a dynamic LACP channel group or a switch port You can only attach one profile to an interface...

Page 1737: ...or Authentication Profile mode Examples To enable reauthentication on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth...

Page 1738: ...ce goes down so supplicants must reauthenticate Mode Interface Configuration for a static channel a dynamic LACP channel group or a switch port or Authentication Profile mode Usage Note that 802 1X po...

Page 1739: ...al awplus config auth profile student awplus config auth profile auth roaming disconnected To require supplicants using authentication profile student to reauthenticate when moving between ports if th...

Page 1740: ...ion MAC authentication or Web authentication must be configured before using this feature The port that the supplicant is moving to must have the same authentication configuration as the port the supp...

Page 1741: ...ng authentication for authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config auth profile no auth roaming enable Related Commands au...

Page 1742: ...entry in A B C D P format max reauth req The number of reauthentication attempts before becoming unauthorized 1 10 Count of reauthentication attempts default 2 port control Port control commands auto...

Page 1743: ...terface port1 0 2 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if no auth supplicant ip 192 168 10 0 24 To disable reauthentication for the supplicant s I...

Page 1744: ...ntaining a specific string mac addr mask The mask comprises a string of three period separated bytes where each byte comprises four hexadecimal characters that will generally be either 1or 0 When the...

Page 1745: ...for port 1 0 2 use the commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth supplicant mac 0000 5E00 0000 mask ffff ff00 0000 port control force authorized To del...

Page 1746: ...3 port control force authorized To delete the supplicant MAC address 0000 5E00 5343 for authentication profile student use the commands awplus configure terminal awplus config auth profile student awp...

Page 1747: ...nt has the state connecting then the supplicant is deleted When auth web server session keep or auth two step enableis enabled we recommend you configure a longer connect timeout period Examples To se...

Page 1748: ...IMEOUT CONNECT TIMEOUT To reset the connect timeout period to the default 30 seconds for authentication profile student use the commands awplus configure terminal awplus config auth profile student aw...

Page 1749: ...seconds for interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth timeout quiet period 10 To reset the quiet period to the d...

Page 1750: ...switch port or Authentication Profile mode Examples To set the reauthentication period to 1 day for interface port1 0 2 use the following commands awplus configure terminal awplus config interface po...

Page 1751: ...510 Series 1751 AlliedWare Plus Operating System Version 5 4 7 1 x AUTHENTICATION COMMANDS AUTH TIMEOUT REAUTH PERIOD Related Commands auth profile Global Configuration auth reauthentication show dot1...

Page 1752: ...o 120 seconds for interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth timeout server timeout 120 To set the server timeout...

Page 1753: ...rence for x510 Series 1753 AlliedWare Plus Operating System Version 5 4 7 1 x AUTHENTICATION COMMANDS AUTH TIMEOUT SERVER TIMEOUT Related Commands auth profile Global Configuration show dot1x show dot...

Page 1754: ...timeout to 2 seconds for interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth timeout supp timeout 2 To reset the server ti...

Page 1755: ...erence for x510 Series 1755 AlliedWare Plus Operating System Version 5 4 7 1 x AUTHENTICATION COMMANDS AUTH TIMEOUT SUPP TIMEOUT Related Commands auth profile Global Configuration show dot1x show dot1...

Page 1756: ...ecurity risk an unauthorized user can access the network with an authorized device or an authorized user can access the network with an unauthorized device Two step authentication solves this problem...

Page 1757: ...ng commands awplus configure terminal awplus config interface port1 0 2 awplus config if switchport mode access awplus config if auth web enable awplus config if dot1x port control auto awplus config...

Page 1758: ...Operating System Version 5 4 7 1 x AUTHENTICATION COMMANDS AUTH TWO STEP ENABLE Relat ed Commands auth profile Global Configuration show auth two step supplicant brief show auth show auth interface s...

Page 1759: ...list name no auth mac accounting Default The default method list is applied to an interface by default Mode Interface Mode Example To apply the named list vlan10_acct on the vlan10 interface use the...

Page 1760: ...th mac authentication Default The default method list is applied to an interface by default Mode Interface Mode Example To apply the named list vlan10_auth on the vlan10 interface use the commands awp...

Page 1761: ...s enabled Note that re authentication is correct behavior without spanning tree edgeport enabled Applying switchport mode access on ports is also good practice to set the ports to access mode with ing...

Page 1762: ...ATION COMMANDS AUTH MAC ENABLE To disable MAC authentication on authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config auth profile...

Page 1763: ...e Configuration for a static channel a dynamic LACP channel group or a switch port or Authentication Profile mode Examples To set the MAC Authentication method to pap on interface port1 0 2 use the fo...

Page 1764: ...ATION COMMANDS AUTH MAC METHOD To disable MAC authentication on authentication profile student use the commands awplus configure terminal awplus config auth profile student awplus config auth profile...

Page 1765: ...particularly important if some MAC based supplicants on the network are intelligent devices such as computers and or you are using two step authentication see the Ensuring Authentication Methods Requ...

Page 1766: ...tication re learning feature on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus config if auth mac reauth relearning To disable the re...

Page 1767: ...provided to allow other vendors AlliedWare and AlliedWare Plus switches to share the same format on the RADIUS server Example To configure the format of the MAC address in the username and password f...

Page 1768: ...ist name no auth web accounting Default The default method list is applied to an interface by default Mode Interface Mode Example To apply the named list vlan10_acct on the vlan10 interface use the co...

Page 1769: ...h web authentication Default The default method list is applied to an interface by default Mode Interface Mode Example To apply the named list vlan10_auth on the vlan10 interface use the commands awpl...

Page 1770: ...nds awplus configure terminal awplus config interface port1 0 2 awplus config if static channel group 2 awplus config if exit awplus config interface sa2 awplus config if auth web enable To disable We...

Page 1771: ...nd Reference for x510 Series 1771 AlliedWare Plus Operating System Version 5 4 7 1 x AUTHENTICATION COMMANDS AUTH WEB ENABLE Related Commands auth profile Global Configuration show auth show auth inte...

Page 1772: ...address ip address prefix length dns tcp 1 65535 udp 1 65535 Or no auth web forward arp dhcp dns tcp 1 65535 udp 1 65535 Default Packet forwarding for port authentication is enabled by default for ar...

Page 1773: ...port mode access awplus config if auth web enable awplus config if auth dynamic vlan creation awplus config if auth web forward 192 168 1 10 dns To disable the ARP forwarding feature on interface port...

Page 1774: ...student use the commands awplus configure terminal awplus config auth profile student awplus config auth profile no auth web forward arp To delete the tcp forwarding port 137 on authentication profile...

Page 1775: ...channel group or a switch port or Authentication Profile mode Examples To set the lock count to 5 on interface port1 0 2 use the following commands awplus configure terminal awplus config interface po...

Page 1776: ...x510 Series 1776 AlliedWare Plus Operating System Version 5 4 7 1 x AUTHENTICATION COMMANDS AUTH WEB MAX AUTH FAIL Related Commands auth profile Global Configuration auth timeout quiet period show aut...

Page 1777: ...tication Profile mode Example To set the Web Authentication method to eap md5 on interface port1 0 2 use the following commands awplus configure terminal awplus config interface port1 0 2 awplus confi...

Page 1778: ...isable blocking mode for the Web Authentication server Syntax auth web server blocking mode no auth web server blocking mode Default By default blocking mode is disabled for the Web Authentication ser...

Page 1779: ...cation Feature Overview and Configuration Guide for information about using DHCP with web authentication and restrictions regarding combinations of authentication enhancements working together You can...

Page 1780: ...See the AAA and Port Authentication Feature Overview and Configuration Guide for information about using DHCP with web authentication and restrictions regarding combinations of authentication enhancem...

Page 1781: ...d to use WPAD the supplicant s web browser will use TCP port 80 as usual Therefore the packet can be intercepted by Web Authentication as normal and the Web Authentication Login page can be sent Howev...

Page 1782: ...TPS protocol the web browser will validate the certificate If the certificate is invalid the web page gives a warning message before displaying server content However the web page will not give warnin...

Page 1783: ...port number In this case Web Authentication cannot intercept the connection To overcome this limitation you can use this command to tell the switch which additional port it should intercept and then s...

Page 1784: ...web server ipaddress ip address no auth web server ipaddress Default The Web Authentication server address on the system is not set by default Mode Global Configuration Examples To set the IP address...

Page 1785: ...English by default Mode Global Configuration Examples To set Japanese as the presentation language of Web authentication pages use the following commands awplus configure terminal awplus config auth w...

Page 1786: ...onfiguration Guide for details Use the no variant of this command to delete the URL Syntax auth web server login url URL no auth web server login url Default The built in login page is set by default...

Page 1787: ...nd Port Authentication Feature Overview and Configuration Guide Syntax auth web server page logo auto default hidden no auth web server page logo Default Logo type is auto by default Mode Global Confi...

Page 1788: ...e Overview and Configuration Guide Syntax auth web server page sub title hidden text sub title no auth web server page sub title Default Allied Telesis is displayed by default Mode Global Configuratio...

Page 1789: ...nd Port Authentication Feature Overview and Configuration Guide Syntax auth web server page success message text success message no auth web server page success message Default No success message is s...

Page 1790: ...Syntax auth web server page title hidden text title no auth web server page title Default Web Access Authentication Gateway is displayed by default Mode Global Configuration Examples To set the custo...

Page 1791: ...and Port Authentication Feature Overview and Configuration Guide Syntax auth web server page welcome message text welcome message no auth web server page welcome message Default No welcome message is...

Page 1792: ...nticated by Web Authentication Syntax auth web server ping poll enable no auth web server ping poll enable Default The ping polling feature for Web Authentication is disabled by default Mode Global Co...

Page 1793: ...se the no variant of this command to resets the fail count for the ping polling feature to the default 5 pings Syntax auth web server ping poll failcount 1 100 no auth web server ping poll failcount D...

Page 1794: ...ng polling 30 seconds Syntax auth web server ping poll interval 1 65535 no auth web server ping poll interval Default The interval for ping polling is 30 seconds by default Mode Global Configuration E...

Page 1795: ...no variant of this command to reset the reauth timer refresh parameter to the default setting disabled Syntax auth web server ping poll reauth timer refresh no auth web server ping poll reauth timer r...

Page 1796: ...reset the timeout of ping polling to the default 1 second Syntax auth web server ping poll timeout 1 30 no auth web server ping poll timeout Default The default timeout for ping polling is 1 second Mo...

Page 1797: ...Authentication server HTTP port number is set to 80 by default Mode Global Configuration Examples To set the HTTP port number 8080 for the Web Authentication server use the following commands awplus c...

Page 1798: ...rect delay time Default The default redirect delay time is 5 seconds Mode Global Configuration Examples To set the delay time to 60 seconds for the Web Authentication server use the following commands...

Page 1799: ...tax auth web server redirect url url no auth web server redirect url Default The redirect URL for the Web Authentication server feature is not set by default null Mode Global Configuration Examples To...

Page 1800: ...is disabled by default Mode Global Configuration Usage This function doesn t ensure to keep session information in all cases Authenticated supplicant may be redirected to unexpected page when session...

Page 1801: ...ntax auth web server ssl no auth web server ssl Default HTTPS functionality for the Web Authentication server feature is disabled by default Mode Global Configuration Examples To enable HTTPS function...

Page 1802: ...ariant of this command to delete registered port number Syntax auth web server ssl intercept port 1 65535 no auth web server ssl intercept port 1 65535 Default 443 TCP is registered by default Mode Gl...

Page 1803: ...o configuration PAC file to your switch The Web Authentication supplicant can get the downloaded file from the system web server Syntax copy filename proxy autoconfig file Mode Privileged Exec Example...

Page 1804: ...be in PEM Privacy Enhanced Mail format and contain the private key and the server certificate Syntax copy filename web auth https file Mode Privileged Exec Example To download the server certificate f...

Page 1805: ...ult No description configured by default Mode Authentication Profile Example To add a description to the authentication profile student use the following commands awplus configure terminal awplus conf...

Page 1806: ...AUTOCONFIG FILE erase proxy autoconfig file Overview Use this command to remove the proxy auto configuration file Syntax erase proxy autoconfig file Mode Privileged Exec Example To remove the proxy a...

Page 1807: ...uth https file Overview Use this command to remove the SSL server certificate for web based authentication Syntax erase web auth https file Mode Privileged Exec Example To remove the SSL server certif...

Page 1808: ...re than four different IP addresses produce the same hash key When this situation occurs collisions can sometimes be avoided by changing the hashing algorithm from its default of crc32l Several differ...

Page 1809: ...more than four different MAC addresses produce the same hash key When this situation occurs collisions can sometimes be avoided by changing the hashing algorithm from its default of crc32l Several dif...

Page 1810: ...amic or LACP channel group or a switch port awplus show auth all 802 1X Port Based Authentication Enabled MAC based Port Authentication Disabled WEB based Port Authentication Enabled RADIUS server add...

Page 1811: ...uthenticationMethod WEB based Authentication Two Step Authentication firstAuthentication Pass Method dot1x secondAuthentication Pass Method web portStatus Authorized currentId 3 abort F fail F start F...

Page 1812: ...ace list Mode Privileged Exec Example To display authentication diagnostics for port1 0 6 enter the command awplus show auth diagnostics interface port1 0 6 Parameter Description interface Specify por...

Page 1813: ...interface port1 0 6 Supplicant address 00d0 59ab 7037 authEnterConnecting 2 authEaplogoffWhileConnecting 1 authEnterAuthenticating 2 authSuccessWhileAuthenticating 1 authTimeoutWhileAuthenticating 1...

Page 1814: ...terface interface list diagnostics sessionstatistics statistics supplicant brief Mode Privileged Exec Example To display the Web based authentication status for port1 0 6 enter the command awplus show...

Page 1815: ...1 0 1 Authentication Info for interface port1 0 1 portEnabled true portControl Auto portStatus Authorized reAuthenticate disabled reAuthPeriod 3600 PAE quietPeriod 60 maxReauthReq 2 txPeriod 30 BE sup...

Page 1816: ...onstatistics show dot1x statistics interface show dot1x supplicant interface Authentication Diagnostics for interface port1 0 6 Supplicant address 00d0 59ab 7037 authEnterConnecting 2 authEaplogoffWhi...

Page 1817: ...3 Example output from the show auth sessionstatistics command Parameter Description interface Specify ports to show interface list The interfaces or ports to configure An interface list can be an int...

Page 1818: ...lay Web Authentication statistics for port1 0 4 enter the command awplus show auth statistics interface port1 0 4 Related Commands show dot1x interface Parameter Description interface list The interfa...

Page 1819: ...t To display authenticated supplicant information for device with MAC address 0000 5E00 5301 enter the command awplus show auth supplicant 0000 5E00 5301 Output Figure 42 4 Example output from show au...

Page 1820: ...F start F timeout F success T PAE state Authenticated portMode Auto PAE reAuthCount 0 rxRespId 0 PAE quietPeriod 60 maxReauthReq 2 BE state Idle reqCount 0 idFromServer 0 CD adminControlledDirections...

Page 1821: ...liedWare Plus Operating System Version 5 4 7 1 x AUTHENTICATION COMMANDS SHOW AUTH SUPPLICANT Related Commands aaa accounting auth mac aaa accounting auth web aaa accounting dot1x aaa authentication a...

Page 1822: ...thenticated supplicant on the interface port1 0 3 enter the command awplus show auth supplicant interface port1 0 3 To display brief summary output for the authenticated supplicant enter the command a...

Page 1823: ...tep supplicant interface port1 0 6 brief Output Figure 42 7 Example output from show auth two step supplicant brief Related Commands auth two step enable Parameter Description interface The interface...

Page 1824: ...8 Example output from the show auth web server command Related Commands auth web server ipaddress auth web server port auth web server redirect delay time auth web server redirect url auth web server...

Page 1825: ...ow the web authentication page information use the command awplus show auth web server page Figure 42 9 Example output from the show auth web server page command Related Commands auth web forward auth...

Page 1826: ...Syntax show proxy autoconfig file Mode Privileged Exec Example To display the contents of the proxy auto configuration PAC file enter the command awplus show auth proxy autoconfig file Output Figure...

Page 1827: ...1833 aaa accounting dot1x on page 1835 aaa accounting login on page 1837 aaa accounting update on page 1840 aaa authentication auth mac on page 1842 aaa authentication auth web on page 1844 aaa authe...

Page 1828: ...page 1865 login authentication on page 1866 proxy port on page 1867 radius secure proxy aaa on page 1868 server radsecproxy aaa on page 1869 server mutual authentication on page 1871 server name check...

Page 1829: ...y none group group name radius no aaa accounting auth mac default list name Default RADIUS accounting for MAC based Authentication is disabled by default Mode Global Configuration Usage This command c...

Page 1830: ...IUS servers use the commands awplus configure terminal awplus config aaa accounting auth mac default start stop group radius To disable RADIUS accounting for MAC based Authentication use the commands...

Page 1831: ...y none group group name radius no aaa accounting auth web default list name Default RADIUS accounting for Web based authentication is disabled by default Mode Global Configuration Usage This command c...

Page 1832: ...rvers use the commands awplus configure terminal awplus config aaa accounting auth web default start stop group radius To disable the default RADIUS accounting method for Web based authentication use...

Page 1833: ...ed by default Mode Global Configuration Usage This command only supports a default method list this means that it is applied to every console and VTY line The stop only parameter indicates that the co...

Page 1834: ...rivilege levels 1 7 and 15 use the following commands awplus configure terminal awplus config aaa accounting commands 1 default stop only group tacacs awplus config aaa accounting commands 7 default s...

Page 1835: ...e start stop stop only none group group name radius no aaa accounting dot1x default list name Default RADIUS accounting for 802 1X based authentication is disabled by default there is no default serve...

Page 1836: ...nd use all available RADIUS Servers use the commands awplus configure terminal awplus config aaa accounting dot1x default start stop group radius To disable RADIUS accounting for 802 1X based authenti...

Page 1837: ...ccounting method list for login shell sessions configured by an aaa accounting login command If the method list being deleted is already applied to a console or VTY line accounting on that line will b...

Page 1838: ...name use the specified RADIUS server group configured with the aaa group server command There is one way to define servers where TACACS accounting messages are sent group tacacs use all TACACS server...

Page 1839: ...1839 AlliedWare Plus Operating System Version 5 4 7 1 x AAA COMMANDS AAA ACCOUNTING LOGIN Related Commands aaa accounting commands aaa authentication login aaa accounting login aaa accounting update a...

Page 1840: ...de Global Configuration Usage Use this command to enable the device to send periodic AAA login accounting reports to the accounting server When periodic accounting report is enabled interim accounting...

Page 1841: ...AA COMMANDS AAA ACCOUNTING UPDATE To disable periodic accounting update wherever accounting has been configured use the following commands awplus configure terminal awplus config no aaa accounting upd...

Page 1842: ...ed Port Authentication is disabled by default Mode Global Configuration Usage This command can be used to configure either the default authentication method list or a named authentication method list...

Page 1843: ...commands awplus configure terminal awplus config no aaa authentication auth mac default To enable MAC based authentication for named list vlan10_auth with RADIUS server group rad_group_vlan10 use the...

Page 1844: ...eb default list name Default Web based authentication is disabled by default Mode Global Configuration Usage This command can be used to configure either the default authentication method list or a na...

Page 1845: ...ication use the commands awplus configure terminal awplus config no aaa authentication auth web default To enable Web based authentication for named list vlan10_auth with RADIUS server group rad_group...

Page 1846: ...tion is disabled by default Mode Global Configuration Usage This command can be used to configure either the default authentication method list or a named authentication method list default the defaul...

Page 1847: ...authentication for named list vlan10_auth with RADIUS server group rad_group_vlan10 use the commands awplus configure terminal awplus config aaa authentication dot1x vlan10_auth group rad_group_vlan1...

Page 1848: ...fied privilege level is equal to or less than the users maximum privilege level then they are granted access to that level If the user attempts to access a privilege level that is higher than their ma...

Page 1849: ...I Examples To enable a privilege level authentication method that will not allow the user to access Privileged Exec mode if the TACACS server goes offline or is not reachable during enable password au...

Page 1850: ...ion Usage The privilege level configured for a particular user in the local user database is the privilege threshold above which the user is prompted for an enable Privileged Exec mode command Example...

Page 1851: ...default method list This will return the default method list to its default state local is the default Syntax aaa authentication login default list name local group radius tacacs group name no aaa au...

Page 1852: ...for user login to first use all available RADIUS servers for user login authentication and then use the local user database use the following commands awplus configure terminal awplus config aaa authe...

Page 1853: ...ent to the first available configured TACACS server the first server configured for authorization Parameter Description privilege level The privilege level of the set of commands the method list will...

Page 1854: ...fallback is not configured and all servers become unreachable then all commands except logout exit and quit will be denied The default method list is defined with a local fallback unless configured di...

Page 1855: ...on Usage If authorization of configuration mode commands is not enabled then all configuration commands are accepted by default including command authorization commands NOTE Authorization of configura...

Page 1856: ...al Configuration Usage Use this command to create an AAA group of RADIUS servers and to enter Server Group Configurationmode inwhich you canadd servers to thegroup Use a server groupto specify a subse...

Page 1857: ...x AAA COMMANDS AAA GROUP SERVER Related Commands aaa accounting auth mac aaa accounting auth web aaa accounting dot1x aaa accounting login aaa authentication auth mac aaa authentication auth web aaa a...

Page 1858: ...guration Default The default for the lockout time is 300 seconds 5 minutes Usage While locked out all attempts to login with the locked account will fail The lockout can be manually cleared by another...

Page 1859: ...d login counter reaches the limit configured by this command that user account is locked out for a specified duration configured by the aaa local authentication attempts lockout time command When a su...

Page 1860: ...he console SSH and Telnet Use the novariantof this commandtoresetthe minimumtimeperiod to itsdefault value Syntax aaa login fail delay 1 10 no aaa login fail delay 1 10 Default 1 second Mode Global co...

Page 1861: ...f this command resets AAA Accounting applied to console or VTY lines for local or remote login default login accounting is applied after issuing the no accounting login command Accounting is disabled...

Page 1862: ...d list with privilege level 15 to VTY lines 0 to 5 use the following commands awplus configure terminal awplus config line vty 0 5 awplus config line authorization commands 15 TAC15 To reset the comma...

Page 1863: ...mand Reference for x510 Series 1863 AlliedWare Plus Operating System Version 5 4 7 1 x AAA COMMANDS AUTHORIZATION COMMANDS aaa authorization config commands tacacs server host Command changes Version...

Page 1864: ...ar aaa local user lockout username username all Mode Privileged Exec Examples To unlock the user account bob use the following command awplus clear aaa local user lockout username bob To unlock all us...

Page 1865: ...ccounting all authentication authorization Default AAA debugging is disabled by default Mode Privileged Exec Examples To enable authentication debugging for AAA use the command awplus debug aaa authen...

Page 1866: ...ication on these console or VTY lines Command Syntax login authentication default list name no login authentication Default The default login authentication method list as specified by the aaa authent...

Page 1867: ...proxy port Default The default port is 1645 Mode RadSecProxy AAA Configuration Mode Usage It is not necessary to change the value from the default unless UDP port 1645 is required for another purpose...

Page 1868: ...iguration mode This application allows local RADIUS based clients on system to communicate with remote RadSec servers via a secure TLS proxy Syntax radius secure proxy aaa Mode Global Configuration Mo...

Page 1869: ...t value for RADIUS servers will be used The global timeout may be changed using the radius server timeout command The default global timeout is 5 seconds Each server may be configured to use certifica...

Page 1870: ...RVER RADSECPROXY AAA Example To add a server which waits 3 seconds before receiving replies use the commands awplus configure terminal awplus config radius secure proxy aaa awplus config radsecproxy a...

Page 1871: ...ing the RadSecProxy AAA application to not transmit a certificate to the server NOTE Ifmutualauthenticationisdisabledontheclient AAA applicationbutenabled on the server a connection will not be establ...

Page 1872: ...ubject field of the client s X 509 certificate must match the domain name or IP address specified in the server radsecproxy aaa command Use the no variant of this command to set the global behavior fo...

Page 1873: ...erver must have an issuer chain that terminates with the root CA certificate for any of the trustpoints that are associated with the application If no trustpoints are specified in the command the trus...

Page 1874: ...C613 50170 01 Rev B Command Reference for x510 Series 1874 AlliedWare Plus Operating System Version 5 4 7 1 x AAA COMMANDS SERVER TRUSTPOINT server radsecproxy aaa server name check...

Page 1875: ...cked account successfully logs into the system after waiting for the lockout time this command will display nothing for that particular account Syntax show aaa local user locked Mode User Exec and Pri...

Page 1876: ...aa accounting auth mac aaa authentication auth web aaa authentication dot1x awplus show aaa server group User List Name Method Acct Event login auth default local login acct dot1x auth default radius...

Page 1877: ...isplays the current debugging status for AAA Authentication Authorization Accounting Syntax show debugging aaa Mode User Exec and Privileged Exec Example To display the current debugging status of AAA...

Page 1878: ...r groups use the command awplus show radius server group To display a information for a RADIUS server group named rad_group_list1 use the command awplus show radius server group rad_group_list1 Output...

Page 1879: ...IUS SERVER GROUP Figure 43 5 Example output from show radius server group rad_group_list1 Related Commands aaa group server awplus show radius server group rad_group_list1 RADIUS Group Configuration G...

Page 1880: ...01 Rev B Command Reference for x510 Series 1880 AlliedWare Plus Operating System Version 5 4 7 1 x AAA COMMANDS UNDEBUG AAA undebug aaa Overview This command applies the functionality of the no debug...

Page 1881: ...Command List auth radius send nas identifier on page 1882 auth radius send service type on page 1883 deadtime RADIUS server group on page 1884 debug radius on page 1885 ip radius source interface on...

Page 1882: ...ntifierof NASID100 as the NAS Identifier attribute use the commands awplus configure terminal awplus config auth radius send nas identifier NASID100 To use the VLAN ID as the NAS Identifier attribute...

Page 1883: ...requests The Service Type attribute has a value of Framed 2 for 802 1x Call Check 10 for MAC authentication Unbound 5 for Web authentication Use the no variant of this command to stop including the S...

Page 1884: ...ADIUS server is set to 0 minutes by default Syntax deadtime 0 1440 no deadtime Default The deadtime is set to 0 minutes by default Mode Server Group Configuration Usage If the RADIUS server does not r...

Page 1885: ...all Default RADIUS debugging is disabled by default Mode Privileged Exec Examples To enable debugging for RADIUS packets use the command awplus debug radius packet To enable debugging for RADIUS event...

Page 1886: ...e interface interface ip address no ip radius source interface Default Source IP address of outgoing RADIUS packets depends on the interface the packets leave Mode Global Configuration Examples To con...

Page 1887: ...deadtime configured on the system is 0 seconds Mode Global Configuration Usage The RADIUS client considers a RADIUS server to be dead if it fails to respond to a request after it has been retransmitt...

Page 1888: ...65535 auth port 0 65535 key key string retransmit 0 100 timeout 1 1000 no radius server host host name ip address acct port 0 65535 auth port 0 65535 Parameter Description host name Server host name...

Page 1889: ...he time interval in seconds to wait for the RADIUS server to reply before retransmitting a request or considering the server dead This setting overrides the global value set by the radius server timeo...

Page 1890: ...r 10 0 0 20 use the following commands awplus configure terminal awplus config no radius server host 10 0 0 20 To configure rad1 company com for authentication only use the following commands awplus c...

Page 1891: ...key shared between this client and its RADIUS servers If no secret key is specified for a particular RADIUS server using the radius server host c ommand this global key is used After enabling AAA aut...

Page 1892: ...ult RADIUS retransmit count on the device is 3 Mode Global Configuration Examples To set the RADIUS retransmit count to 1 use the following commands awplus configure terminal awplus config radius serv...

Page 1893: ...v B Command Reference for x510 Series 1893 AlliedWare Plus Operating System Version 5 4 7 1 x RADIUS COMMANDS RADIUS SERVER RETRANSMIT Related Commands radius server deadtime radius server host show r...

Page 1894: ...s 5 seconds Mode Global Configuration Examples To globally set the device to wait 20 seconds before retransmitting a RADIUS request to unresponsive RADIUS servers use the following commands awplus con...

Page 1895: ...x RADIUS COMMANDS RADIUS SERVER TIMEOUT To reset the global timeout period for RADIUS servers to the default use the following command awplus configure terminal awplus config no radius server timeout...

Page 1896: ...n port for accounting requests to the server To disable accounting for the server set acct port to 0 If the accounting port is missing the default port number is 1812 Use the no variant of this comman...

Page 1897: ...inal awplus config aaa group server radius RAD_AUTH1 awplus config sg server 192 168 1 1 acct port 0 awplus config sg server 192 168 2 1 auth port 1000 acct port 0 To create a RADIUS server group RAD_...

Page 1898: ...isplays the current debugging status for the RADIUS servers Syntax show debugging radius Mode User Exec and Privileged Exec Example To display the current debugging status of RADIUS servers use the co...

Page 1899: ...e show radius command showing RADIUS servers Example See the sample output below showing RADIUS client status and RADIUS configuration awplus show radius RADIUS Global Configuration Source Interface n...

Page 1900: ...Interface The interface name or IP address to be used for the source address of all outgoing RADIUS packets Secret Key A shared secret key to a radius server Timeout A time interval in seconds Retran...

Page 1901: ...s been dead for Alive The server is alive Error The server is not responding Dead The server is detected as dead and it will not be used for deadtime period The time displayed in the output shows the...

Page 1902: ...ileged Exec Example See the sample output below showing RADIUS client statistics and RADIUS configuration awplus show radius statistics Output Figure 44 4 Example output from the show radius statistic...

Page 1903: ...B Command Reference for x510 Series 1903 AlliedWare Plus Operating System Version 5 4 7 1 x RADIUS COMMANDS UNDEBUG RADIUS undebug radius Overview This command applies the functionality of the no deb...

Page 1904: ...authentication on page 1912 client name check on page 1913 client trustpoint on page 1914 clear radius local server statistics on page 1915 copy fdb radius users to file on page 1916 copy local radiu...

Page 1905: ...age 1936 server enable on page 1937 show crypto pki certificates deleted on page 1938 show crypto pki certificates local radius all users deleted on page 1939 show crypto pki certificates user deleted...

Page 1906: ...group If the specified attribute is already defined then it is replaced with the new value Use the no variant of this command to delete an attribute from the local RADIUS server user group Syntax att...

Page 1907: ...es use the following commands awplus configure terminal awplus config radius server local awplus config radsrv group Admin awplus config radsrv group attribute help A list of Vendor specific Attribute...

Page 1908: ...following commands awplus configure terminal awplus config radius server local awplus config radsrv group Admin awplus config radsrv group attribute Service Type 6 To delete the attribute Service Typ...

Page 1909: ...enabled by default Mode RADIUS Server Configuration Examples The following commands enable EAP MD5 authentication methods on the local RADIUS server awplus configure terminal awplus config radius serv...

Page 1910: ...e global behavior defined by client name check or no client name check will be used If name checking is enabled the Common Name portion of the subject field of the client s X 509 certificate must matc...

Page 1911: ...0170 01 Rev B Command Reference for x510 Series 1911 AlliedWare Plus Operating System Version 5 4 7 1 x LOCAL RADIUS SERVER COMMANDS CLIENT RADSECPROXY SRV client trustpoint radius secure proxy local...

Page 1912: ...ual certificate validation The local server application will still transmit the local server certificate to the client but will not expect or validate a certificate from the client Syntax client mutua...

Page 1913: ...on of the subject field of the client s X 509 certificate must match the domain name or IP address specified in the client radsecproxy aaa command Use the no variant of this command to set the global...

Page 1914: ...with the root CA certificate for any of the trustpoints that are associated with the application If no trustpoints are specified in the command the trustpoint list will be unchanged If no client trust...

Page 1915: ...ears the number of successful and failed logins for each local RADIUS server user Examples To clear the NAS Network Access Server statistics stored on the device use the command awplus clear radius lo...

Page 1916: ...al RADIUS server users created to NVS memory flash Copy the local RADIUS server users created to Flash memory usb Copy the local RADIUS server users created to USB storage device debug Copy the local...

Page 1917: ...the specified VLAN Examples To register the local RADIUS server users from the local FDB directly to the local RADIUS server use the command awplus copy fdb radius users local radius user db To regis...

Page 1918: ...al RADIUS server user database before copying the contents of specified file Syntax copy source url local radius user db add replace Default When no copy method is specified with this command the repl...

Page 1919: ...Values format Syntax copy local radius user db nvs flash usb tftp scp destination url Mode Privileged Exec Example Copy the current local RADIUS server user data to http datahost user csv awplus copy...

Page 1920: ...RADIUS SERVER COMMANDS CRYPTO PKI ENROLL LOCAL DELETED crypto pki enroll local deleted Overview This command is no longer available Please use the following command instead crypto pki enroll trustpoi...

Page 1921: ...ENROLL LOCAL LOCAL RADIUS ALL USERS DELETED crypto pki enroll local local radius all users deleted Overview This command is no longer available Please use the following command instead crypto pki enro...

Page 1922: ...ER COMMANDS CRYPTO PKI ENROLL LOCAL USER DELETED crypto pki enroll local user deleted Overview This command is no longer available Please use the following command instead crypto pki enroll trustpoint...

Page 1923: ...ANDS CRYPTO PKI EXPORT LOCAL PEM DELETED crypto pki export local pem deleted Overview This command is no longer available Please use the crypto pki export pem command instead crypto pki export trustpo...

Page 1924: ...PKI EXPORT LOCAL PKCS12 DELETED crypto pki export local pkcs12 deleted Overview This command is no longer available Please use the crypto pki export pkcs12 command instead crypto pki export trustpoin...

Page 1925: ...S SERVER COMMANDS CRYPTO PKI TRUSTPOINT LOCAL DELETED crypto pki trustpoint local deleted Overview This command is no longer available Please use the following command instead crypto pki trustpoint tr...

Page 1926: ...B Command Reference for x510 Series 1926 AlliedWare Plus Operating System Version 5 4 7 1 x LOCAL RADIUS SERVER COMMANDS DEBUG CRYPTO PKI DELETED debug crypto pki deleted Overview This command is no...

Page 1927: ...ration Usage When both domain styles are enabled the first domain style configured has the highest priority A username login string is matched against the first domain style enabled Then if the userna...

Page 1928: ...command or the egress vlan name command and specify the tagged parameter Examples To set the Egress VLANID attribute for the NormalUsers local RADIUS server user group to VLAN identifier 200 with tag...

Page 1929: ...01 Rev B Command Reference for x510 Series 1929 AlliedWare Plus Operating System Version 5 4 7 1 x LOCAL RADIUS SERVER COMMANDS EGRESS VLAN ID Related Commands attribute egress vlan name switchport v...

Page 1930: ...he egress vlan id command or the egress vlan name command and specify the tagged parameter Examples To configure the Egress VLAN Name attribute for the RADIUS server user group NormalUsers with the VL...

Page 1931: ...01 Rev B Command Reference for x510 Series 1931 AlliedWare Plus Operating System Version 5 4 7 1 x LOCAL RADIUS SERVER COMMANDS EGRESS VLAN NAME Related Commands attribute egress vlan id switchport v...

Page 1932: ...oup Syntax group user group name no group user group name Mode RADIUS Server Configuration Examples The following command creates the user group NormalUsers awplus configure terminal awplus config rad...

Page 1933: ...address key nas keystring no nas ip address Mode RADIUS Server Configuration Examples The following commands add the NAS with an IP address of 192 168 1 2 to the list of clients that may send authent...

Page 1934: ...on mode This application allows remote RadSec clients to communicate with the local RADIUS server process via a secure TLS proxy Syntax radius secure proxy local server Mode Global Configuration Mode...

Page 1935: ...ion Example Local RADIUS Server commands are available from config radsrv configuration mode To change mode from User Exec mode to the Local RADIUS Server mode config radsrv use the commands awplus co...

Page 1936: ...rt Default The default local RADIUS server UDP authentication port number is 1812 Mode RADIUS Server Configuration Examples The following commands set the RADIUS server authentication port to 10000 aw...

Page 1937: ...e local RADIUS server stops operating Syntax server enable no server enable Default The local RADIUS server is disabled by default and must be enabled for use with this command Mode RADIUS Server Conf...

Page 1938: ...rsion 5 4 7 1 x LOCAL RADIUS SERVER COMMANDS SHOW CRYPTO PKI CERTIFICATES DELETED show crypto pki certificates deleted Overview This command is no longer available Please use the following command ins...

Page 1939: ...5 4 7 1 x LOCAL RADIUS SERVER COMMANDS SHOW CRYPTO PKI CERTIFICATES LOCAL RADIUS ALL USERS DELETED show crypto pki certificates local radius all users deleted Overview This command is no longeravaila...

Page 1940: ...ing System Version 5 4 7 1 x LOCAL RADIUS SERVER COMMANDS SHOW CRYPTO PKI CERTIFICATES USER DELETED show crypto pki certificates user deleted Overview This command is no longeravailablebecause usercer...

Page 1941: ...Version 5 4 7 1 x LOCAL RADIUS SERVER COMMANDS SHOW CRYPTO PKI TRUSTPOINTS DELETED show crypto pki trustpoints deleted Overview This command is no longer available Please use the following command ins...

Page 1942: ...iguration Guide Syntax show radius local server group user group name Mode User Exec and Privileged Exec Example The following command displays Local RADIUS server user group information awplus show r...

Page 1943: ...ature Overview and Configuration Guide Syntax show radius local server nas ip address Mode User Exec and Privileged Exec Example The following command displays NAS information awplus show radius local...

Page 1944: ...command displays Local RADIUS server statistics awplus show radius local server statistics Output Related Commands clear radius local server statistics radius server local server enable server auth po...

Page 1945: ...S server user information for user Tom awplus show radius local server user Tom The following command displays all Local RADIUS server information for all users awplus show radius local server user Th...

Page 1946: ...RADIUS SERVER COMMANDS SHOW RADIUS LOCAL SERVER USER Related Commands group user RADIUS server Table 8 Parameters in the output from the show radius local server user command Parameter Description Us...

Page 1947: ...plicant MAC address to configure the user name and user password parameters to use local RADIUS server for MAC Authentication See the AAA and Port_Authentication Feature Overview and Configuration_Gui...

Page 1948: ...nfigure terminal awplus config radius server local awplus config radsrv user Tom password QwerSD group NormalUsers The following commands remove user Tom from the local RADIUS server awplus configure...

Page 1949: ...Syntax vlan vid vlan name no vlan Default VLAN information is not set by default Mode RADIUS Server Group Configuration Examples The following commands set VLAN ID 200 to the group named NormalUsers...

Page 1950: ...1952 crypto pki authenticate on page 1953 crypto pki enroll on page 1954 crypto pki enroll user on page 1955 crypto pki export pem on page 1957 crypto pki export pkcs12 on page 1958 crypto pki import...

Page 1951: ...bit lengths are more secure but require more computation time The specified key must not already exist Example To create a key with the label example server key and a bit length of 2048 use the comman...

Page 1952: ...ith zeros The specified key must exist but must not be in use for any existing server certificates A key may not be deleted if it is associated with the server certificate or server certificate signin...

Page 1953: ...llment setting is terminal then this command prompts the user to paste a certificate Privacy Enhanced Mail PEM file at the CLI terminal If the certificate is a valid selfsigned CA certificate then it...

Page 1954: ...s command results in the direct generation of the server certificate signed by the root CA for the trustpoint If the trustpoint represents an external certificate authority then this command results i...

Page 1955: ...IUS server The specified trustpoint must represent a locally self signed certificate authority The private key and certificate are packaged into a PKCS 12 formatted file suitable for export using the...

Page 1956: ...sion 5 4 7 1 x PUBLIC KEY INFRASTRUCTURE COMMANDS CRYPTO PKI ENROLL USER To enroll all local RADIUS users with the trustpoint example use the following commands awplus enable awplus crypto pki enroll...

Page 1957: ...ed Exec Usage The specified trustpoint must already exist and it must already be authenticated Example To display the PEM file for the trustpoint example to the terminal use the following commands awp...

Page 1958: ...server certificate and thecorrespondingprivatekey iftheserverhasbeen enrolledtothetrustpoint The command prompts for a passphrase to encrypt the private key If a RADIUS username is specified this com...

Page 1959: ...URE COMMANDS CRYPTO PKI EXPORT PKCS12 Example To export the PKCS 12 file example pk12 for the trustpoint example to the URL tftp backup use the following commands awplus enable awplus crypto pki expor...

Page 1960: ...ure they are proper CA certificates and that the issuer chain ends in a root CA certificate already installed for the trustpoint If there is no root CA certificate for the trustpoint i e if the trustp...

Page 1961: ...KEY INFRASTRUCTURE COMMANDS CRYPTO PKI IMPORT PEM To import the PEM file for the trustpoint example from the URL tftp server_a use the following commands awplus enable awplus crypto pki import exampl...

Page 1962: ...here N is a non negative integer This operation is only valid if the server certificate does not already exist for the trustpoint i e if the server is not enrolled to the trustpoint PKCS 12 files for...

Page 1963: ...cate the trustpoint as a local self signed certificate authority The no variant of this command destroys the trustpoint by removing all CA and server certificates associated with the trustpoint as wel...

Page 1964: ...the root CA certificate Privacy Enhanced Mail PEM file at the terminal when the crypto pki authenticate command is issued It will create a Certificate Signing Request CSR file for the local server whe...

Page 1965: ...ch any pre accepted value then the user will be prompted to verify the certificate contents and fingerprint visually This command is useful when certificates from an external certificate authority are...

Page 1966: ...50170 01 Rev B Command Reference for x510 Series 1966 AlliedWare Plus Operating System Version 5 4 7 1 x PUBLIC KEY INFRASTRUCTURE COMMANDS FINGERPRINT TRUSTPOINT CONFIGURATION MODE crypto pki import...

Page 1967: ...ed by the specified certificate the command will be rejected If the specified certificate is the root CA certificate and the trustpoint represents a locally selfsigned CA then the corresponding privat...

Page 1968: ...equest The optional numeric parameter defines the bit length for the key and is only applicable for keys that are implicitly created during enrollment This command does not affect server certificates...

Page 1969: ...erprint a hash of the key contents to help uniquely identify a key and a list of trustpoints in which the server certificate is using the key The specified keys must exist Example To show all keys use...

Page 1970: ...with the server certificate and then displays its issuer and continues up the issuer chain until the root CA certificate is reached For each certificate the command displays the certificate type the...

Page 1971: ...CN local loc lc Issuer C NZ CN local_Signing_CA Valid From Nov 11 15 35 21 2015 GMT Valid To Aug 31 15 35 21 2018 GMT Fingerprint 5A81D34C 759CC4DA CFCA9F65 0303AD83 410B03AF Intermediate CA certifica...

Page 1972: ...rustpoints using the crypto pki export pkcs12 command Syntax crypto pki enrollment user username Mode Privileged Exec Example To show the list of trustpoints to which user exampleuser1 is enrolled use...

Page 1973: ...nfigured to use the trustpoint and the trustpoint parameters that were configured from trustpoint configuration mode The specified trustpoints must already exist Example To show the details of the tru...

Page 1974: ...ion Usage The subject name is specified as a variable number of fields where each field begins with a forward slash character Each field is of the form XX value where XX is the abbreviation of the nod...

Page 1975: ...0 01 Rev B Command Reference for x510 Series 1975 AlliedWare Plus Operating System Version 5 4 7 1 x PUBLIC KEY INFRASTRUCTURE COMMANDS SUBJECT NAME TRUSTPOINT CONFIGURATION Related Commands crypto pk...

Page 1976: ...ure the device to use TACACS servers For more information about TACACS see the TACACS Feature Overview and Configuration Guide Command List authorization commands on page 1977 aaa authorization comman...

Page 1977: ...hod list with privilege level 15 to VTY lines 0 to 5 use the following commands awplus configure terminal awplus config line vty 0 5 awplus config line authorization commands 15 TAC15 To reset the com...

Page 1978: ...nd Reference for x510 Series 1978 AlliedWare Plus Operating System Version 5 4 7 1 x TACACS COMMANDS AUTHORIZATION COMMANDS aaa authorization config commands tacacs server host Command changes Version...

Page 1979: ...sent to the first available configured TACACS server the first server configured for authorization Parameter Description privilege level The privilege level of the set of commands the method list will...

Page 1980: ...l fallback is not configured and all servers become unreachable then all commands except logout exit and quit will be denied The default method list is defined with a local fallback unless configured...

Page 1981: ...tion Usage If authorization of configuration mode commands is not enabled then all configuration commands are accepted by default including command authorization commands NOTE Authorization of configu...

Page 1982: ...ures that all TACACS packets sent from the device will have the same source IP address Once configured this affects all TACACS packets namely accounting authentication and authorization If the specifi...

Page 1983: ...ured Timeout 5 sec Server Host Server IP Address Status 192 168 1 10 Alive 192 168 1 11 Unknown Table 1 Parameters in the output of the show tacacs command Output Parameter Meaning Source Interface IP...

Page 1984: ...13 50170 01 Rev B Command Reference for x510 Series 1984 AlliedWare Plus Operating System Version 5 4 7 1 x TACACS COMMANDS SHOW TACACS Command changes Version 5 4 6 2 1 Source Interface parameter add...

Page 1985: ...onfigured is regarded as the primary server and if the primary server fails then the backup servers are consulted in turn A backup server is consulted if the primary server fails not if a login authen...

Page 1986: ...lowing commands awplus configure terminal awplus config tacacs server host tac1 company com To set the secret key to secret on the TACACS server 192 168 1 1 use the following commands awplus configure...

Page 1987: ...s client and its TACACS servers If no secret key is specified for a particular TACACS server using the tacacs server host command this global key is used Examples To set the global secret key to secre...

Page 1988: ...he no variant of this command resets the transmit timeout to the default 5 seconds Syntax tacacs server timeout seconds no tacacs server timeout Default The default timeout value is 5 seconds Mode Glo...

Page 1989: ...itch ports e g port1 0 2 Command List arp security on page 1991 arp security violation on page 1992 clear arp security statistics on page 1994 clear ip dhcp snooping binding on page 1995 clear ip dhcp...

Page 1990: ...13 service dhcp snooping on page 2015 show arp security on page 2017 show arp security interface on page 2018 show arp security statistics on page 2020 show debugging arp security on page 2022 show de...

Page 1991: ...to disable ARP security on the VLANs Syntax arp security no arp security Default Disabled Mode Interface Configuration VLANs Usage Enable ARP security to provide protection against ARP spoofing DHCP s...

Page 1992: ...has ARP security enabled it drops the packet This command sets the switch to perform additional actions in response to ARP violations If a port has been shut down in response to a violation to bring i...

Page 1993: ...for x510 Series 1993 AlliedWare Plus Operating System Version 5 4 7 1 x DHCP SNOOPING COMMANDS ARP SECURITY VIOLATION Related Commands arp security show arp security interface show arp security statis...

Page 1994: ...x clear arp security statistics interface port list Mode Privileged Exec Example To clear statistics for ARP security on interface port1 0 1 use the command awplus clear arp security statistics interf...

Page 1995: ...t Mode Privileged Exec Usage This command removes dynamic entries from the database Note that dynamic entries can also be deleted by using the novariant of theip dhcp snooping binding command Dynamic...

Page 1996: ...p snooping statistics interface port list Mode Privileged Exec Example To clear statistics for the DHCP snooping on interface port1 0 1 use the command awplus clear ip dhcp snooping statistics interfa...

Page 1997: ...verview Use this command to enable ARP security debugging Use the no variant of this command to disable debugging for ARP security Syntax debug arp security no debug arp security Default Disabled Mode...

Page 1998: ...t detail no debug ip dhcp snooping all acl db packet detail Default Disabled Mode Privileged Exec Example To enable access list debugging for DHCP snooping use the commands awplus debug ip dhcp snoopi...

Page 1999: ...one port connected to a DHCP server configured as a trusted port by using the ip dhcp snooping trust command Any ACLs on a port that permit traffic matching DHCP snooping entries and block other traf...

Page 2000: ...oping agent option no ip dhcp snooping agent option Default DHCP Relay Agent Option 82 insertion is enabled by default when DHCP snooping is enabled Mode Global Configuration Usage DHCP snooping must...

Page 2001: ...If the switch is connected via untrusted ports to edge switches that insert DHCP Relay Agent Option 82 information into DHCP packets you may need to allow these DHCP packets through the untrusted por...

Page 2002: ...number Mode Interface Configuration for a VLAN interface Usage The Circuit ID sub option is included in the DHCP Relay Agent Option 82 field of forwarded client DHCP packets DHCP snooping Option 82 in...

Page 2003: ...DHCP Relay Agent Option 82 field of forwarded client DHCP packets DHCP snooping Option 82 information insertion is enabled ip dhcp snooping agent option command enabled by default and DHCPsnoopingise...

Page 2004: ...g binding ipaddr macaddr vlan vid interface port expiry expiry time no ip dhcp snooping binding ipaddr Mode Privileged Exec Usage Note that dynamic entries can also be deleted from the DHCP snooping d...

Page 2005: ...master it is only synchronized across stack members that also have USB storage devices installed If the location of the backup file is changed by using this command a new file is created in the new lo...

Page 2006: ...ed from the DHCP snooping database when matching DHCP release messages are received Mode Global Configuration Usage DHCP clients send a release message when they no longer wish to use the IP address t...

Page 2007: ...lete by linkdown Default Disabled by default DHCP Snooping bindings are not deleted when an interface goes down Mode Global Configuration Usage If this command is enabled in a stack and the master goe...

Page 2008: ...hcp snooping acl command In general the default 1 will work well on an edge port with a single directly connected DHCP client If the port is on an aggregation switch that is connected to an edge switc...

Page 2009: ...nooping Option 82 information insertion is enabled ip dhcp snooping agent option command enabled by default and DHCPsnoopingisenabled onthe switch servicedhcp snooping and onthe VLAN to which the port...

Page 2010: ...p snooping trust Default All ports are untrusted by default Mode Interface Configuration port Usage Typically ports connecting the switch to trusted elements in the network towards the core are set as...

Page 2011: ...Enabled source MAC addresses are verified by default Mode Global Configuration Usage When MAC address verification is enabled the switch treats DHCP packets with source MAC address and client hardwar...

Page 2012: ...command IP packets dropped by DHCP snooping filters do not resultin other DHCP snooping violation actions Example To set the switch to send an SNMP notification and set the link status to link down if...

Page 2013: ...amples To add a static entry to the DHCP snooping database for a client with the IP address 192 168 1 2 MAC address 0001 0002 0003 on port1 0 6 of vlan6 use the command awplus configure terminal awplu...

Page 2014: ...for x510 Series 2014 AlliedWare Plus Operating System Version 5 4 7 1 x DHCP SNOOPING COMMANDS IP SOURCE BINDING Related Commands clear ip dhcp snooping binding ip dhcp snooping binding show ip dhcp s...

Page 2015: ...ing this command be enabled on the particular VLAN by using the ip dhcp snooping command have at least one port connected to a DHCP server configured as a trusted port by using the ip dhcp snooping tr...

Page 2016: ...ntain connectivity no access group command Examples To enable DHCP snooping on the switch use the command awplus configure terminal awplus config service dhcp snooping To disable DHCP snooping on the...

Page 2017: ...y interface show arp security statistics Table 1 Example output from the show arp security command awplus show arp security ARP Security Information Total VLANs enabled 2 Total VLANs disabled 11 vlan1...

Page 2018: ...security configuration for ports use the command awplus show arp security interface Parameter Description port list The ports to display ARP security information about The port list can include switc...

Page 2019: ...p security statistics show log snmp server enable trap Table 4 Parameters in the output from the show arp security interface command Parameter Description Action The action the switch takes when it de...

Page 2020: ...scription detail Display detailed statistics interface port list Display statistics for the specified ports Table 5 Example output from the show arp security statistics command awplus show arp securit...

Page 2021: ...how log Table 7 Example output from the show arp security statistics detail command awplus show arp security statistics detail DHCP Snooping ARP Security Statistics Interface port1 0 3 In Packets 20 I...

Page 2022: ...ity debugging configuration Syntax show debugging arp security Mode User and Privileged Exec Example To display the debugging settings for ARP security on the switch use the command awplus show debugg...

Page 2023: ...ed Exec Example To display the DHCP snooping debugging configuration use the command awplus show debugging ip dhcp snooping Related Commands debug ip dhcp snooping show log Table 9 Example output from...

Page 2024: ...ng acl show ip dhcp snooping agent option show ip dhcp snooping binding show ip dhcp snooping interface Table 48 1 Example output from show ip dhcp snooping DHCP Snooping Information DHCP Snooping ser...

Page 2025: ...hardware ACL information use the command awplus show ip dhcp snooping acl hardware Parameter Description detail Detailed DHCP Snooping ACL information hardware DHCP Snooping hardware ACL information i...

Page 2026: ...0 20 0000 aaaa bbbb port1 0 2 dhcpsn1 0 0 0 0 0000 0000 0000 port1 0 2 dhcpsn1 0 0 0 0 0000 0000 0000 port1 0 2 dhcpsn1 0 0 0 0 0000 0000 0000 port1 0 2 dhcpsn1 0 0 0 0 0000 0000 0000 port1 0 3 dhcpsn...

Page 2027: ...imum Bindings 2 port1 0 4 Template filters 7 port1 0 4 Attached hardware filters 14 port1 0 4 Current bindings 1 1 free port1 0 4 Client 1 120 120 120 120 port1 0 4 Templates cheese via class map cmap...

Page 2028: ...ption interface interface list Mode User Exec and Privileged Exec Examples To display DHCP snooping Option 82 information for all interfaces use the command awplus show ip dhcp snooping agent option T...

Page 2029: ...p snooping show ip dhcp snooping interface awplus show ip dhcp snooping agent option DHCP Snooping Option 82 Configuration Key C Id Circuit Id Format R Id Remote Id S Id Subscriber Id Option 82 insert...

Page 2030: ...1 2 3 4 aaaa bbbb cccc 7 1 0 6 Infinite Stat 1 2 3 6 any 4077 1 0 6 Infinite Stat 1 3 4 5 any 1 sa1 Infinite Stat 111 111 100 101 0000 0000 0001 111 112 1 1 1 1 0 6 4076 Dyna 111 111 101 108 0000 000...

Page 2031: ...ng Type The source of the entry Dyna dynamically entered by snooping DHCP traffic configured by the ip dhcp snooping binding command or loaded from the database backup file Stat added statically by th...

Page 2032: ...configuration information for If no ports are specified information for all ports is displayed Table 54 Example output from the show ip dhcp snooping interface command awplus show ip dhcp snooping int...

Page 2033: ...nd Parameter Description Port The port interface name Status The port status untrusted default or trusted Full Leases The number of entries in the DHCP snooping database for the port Max Leases The ma...

Page 2034: ...ces use the command awplus show ip dhcp snooping statistics Parameter Description detail Display detailed statistics interface interface list Display statistics for the specified interfaces The interf...

Page 2035: ...ived Invalid 0 Option 82 Received On Untrusted Port 0 Option 82 Transmit On Untrusted Port 0 Reply Received On Untrusted Port 0 Source MAC CHADDR Mismatch 0 Static Entry Already Exists 0 Interface por...

Page 2036: ...ile trying to insert DHCP Relay Agent Option 82 information Option 82 Received Invalid The DHCP Relay Agent Option 82 information received did not match the information inserted by DHCP Snooping Optio...

Page 2037: ...Related Commands ip source binding show ip dhcp snooping binding Table 59 Example output from the show ip source binding command awplus show ip source binding IP Source Bindings Client MAC Expires IP...

Page 2038: ...openflow controller on page 2040 openflow datapath id on page 2042 openflow failmode standalone on page 2043 openflow inactivity on page 2044 openflow native vlan on page 2045 openflow ssl peer certi...

Page 2039: ...OpenFlow Controller A data plane port number is assigned to the port automatically Use the no variant of this command to cancel the setting of a port as a data plane port Syntax openflow no openflow D...

Page 2040: ...e IANA assigned port number of 6653 awplus configure terminal awplus config openflow controller tcp 10 1 1 1 6653 To add an OpenFlow Controller with the address 10 1 1 1 using the SSL protocol awplus...

Page 2041: ...C613 50170 01 Rev B Command Reference for x510 Series 2041 AlliedWare Plus Operating System Version 5 4 7 1 x OPENFLOW COMMANDS OPENFLOW CONTROLLER Command changes Version 5 4 7 1 1 command added...

Page 2042: ...r 48 bits are configured based on the switch MAC address The top 16 bits are padded with zeros Mode Global Configuration Usage This command changes the DPID which is used as the OpenFlow switch ID in...

Page 2043: ...OpenFlow Controller for three times the inactivity probe interval then OpenFlow will take over responsibility for setting up flows OpenFlow will cause the switch to act like an ordinary MAC learning...

Page 2044: ...s connection to Controller s If no message is received from any Controller for three times the inactivity probe interval then OpenFlow will take over responsibility for setting up flows if in standalo...

Page 2045: ...ntrol plane native VLAN The VLAN used as the OpenFlow native VLAN should not be used on non OpenFlow ports Use the no variant of this command to change the native VLAN for the data plane ports back to...

Page 2046: ...eer certificate using the bootstrap mode use the commands awplus configure terminal awplus config openflow ssl peer certificate bootstrap To disable peer certificate validation use the commands awplus...

Page 2047: ...local Default There is no trustpoint configured by default Mode Global Configuration mode Usage Use this command to specify a local self signed certificate authority trustpoint for authentication You...

Page 2048: ...3 Syntax openflow version version list no openflow version Default The OpenFlow version is set to 1 3 by default Mode Global Configuration Usage This command overwrites any previously configured OpenF...

Page 2049: ...d349 4d18 9d75 09ab66e19d81 Bridge of0 Controller tcp 192 168 1 2 6653 is_connected true fail_mode standalone Port of0 Interface of0 type internal Port port1 0 12 Interface port1 0 12 type system opti...

Page 2050: ...When the fail mode is secure OpenFlow on the switch does not set up flows when the OpenFlow Controller fails When the fail mode is standalone OpenFlow on the switch sets up flows to work as a Layer 2...

Page 2051: ...0 000 sec 0 4594 sec total 1768 vconn_open 0 4 sec 0 267 sec 0 2372 sec total 876 util_xalloc 370 2 sec 354 183 sec 416 7711 sec total 1590959 unixctl_replied 0 0 sec 0 017 sec 0 0028 sec total 10 uni...

Page 2052: ...c total 521 handler_duplicate_upcall 0 0 sec 0 000 sec 0 1258 sec total 483 ofproto_update_port 0 0 sec 0 000 sec 0 0000 sec total 29 ofproto_recv_openflow 0 0 sec 0 000 sec 0 4111 sec total 1573 ofpr...

Page 2053: ...of how the switch puts entries into the software and silicon flow tables Thiscommand displaysflowsinboththesoftwareandsiliconflow tables Asymbol at the start of each flow output indicates whether it...

Page 2054: ...79 pcp 0 encap eth_type 0x0800 ipv4 frag no packets 1 bytes 346 used 3 938s actions pop_vlan 3 recirc_id 0 in_port 6 eth dst ff ff ff ff ff ff 01 00 00 00 00 00 eth_type 0x080 0 ipv4 frag no packets...

Page 2055: ...drop duration 14s n_packets 0 n_bytes 0 priority 399 in_port 3 dl_src ec cd 6d c4 21 bd actions drop duration 14s n_packets 0 n_bytes 0 priority 399 in_port 4 dl_src ec cd 6d c4 21 bd actions drop du...

Page 2056: ...n 85668s n_packets 736 n_bytes 144050 priority 0 reg0 0x1 actions controller reason no_match table_id 254 duration 85668s n_packets 19 n_bytes 5668 priority 0 reg0 0x2 actions drop Table 49 4 Paramete...

Page 2057: ...ys the current SSL configuration for OpenFlow Example To display the current SSL configuration for OpenFlow use the command awplus show openflow ssl Output Figure 49 5 Example output from show openflo...

Page 2058: ...d 0000eccd6dc421bd n_tables 254 n_buffers 0 capabilities FLOW_STATS TABLE_STATS PORT_STATS GROUP_STATS QUEUE_STATS OFPST_PORT_DESC reply OF1 3 xid 0x3 1 port1 0 1 addr ec cd 6d c4 21 bd config 0 state...

Page 2059: ...agments reassemble QUEUE_STATS queue statistics and GROUP_STATS group statistics OFPST_PORT_DESC replay OF1 3 xid 0x3 Indicates that the following information is from the OpenFlow version 1 3 Port Des...

Page 2060: ...openflow config frags The action for the IP fragments normal dropped or reassembled Normal means that an attempt should be made to pass the fragments through the OpenFlow tables miss_send_len 0 The n...

Page 2061: ...C613 50170 01 Rev B Command Reference for x510 Series 2061 AlliedWare Plus Operating System Version 5 4 7 1 x Part 6 Network Availability...

Page 2062: ...cking see VCStack Feature Overview and Configuration Guide Also note the following stacking trigger commands that are documented in the Triggers chapter type stack disabled master type stack master fa...

Page 2063: ...nter stack on page 2072 show debugging stack on page 2076 show running config stack on page 2077 show provisioning stack on page 2078 show stack on page 2079 show stack detail on page 2081 show stack...

Page 2064: ...7 1 x VIRTUAL CHASSIS STACKING VCSTACK COMMANDS CLEAR COUNTER STACK clear counter stack Overview This command clears all stack counters for all stack members Syntax clear counter stack Mode Privileged...

Page 2065: ...g link events topology discovery messages and all notable stacking events If link parameter is specified only the link events debugging information will be displayed Examples To enable debugging enter...

Page 2066: ...r You can use this command within an AMF working set Examples To delete a file test scp that is located in Flash memory on all stack members use the following command awplus delete stack wide force te...

Page 2067: ...ible for the path taken by packets travelling from host A to B to traverse different stack members than packets travelling from host B to A In this case the MAC addresses may not be learnt and traffic...

Page 2068: ...Exec Usage If you are upgrading to a new software version the new version must also support rolling reboot NOTE When stacking is used with EPSR the EPSR failovertime must be set to at least 5 seconds...

Page 2069: ...ference for x510 Series 2069 AlliedWare Plus Operating System Version 5 4 7 1 x VIRTUAL CHASSIS STACKING VCSTACK COMMANDS RELOAD ROLLING reload rolling Overview This command performs the same function...

Page 2070: ...System Version 5 4 7 1 x VIRTUAL CHASSIS STACKING VCSTACK COMMANDS REMOTE COMMAND DELETED remote command deleted Overview This command has been deleted in Software Version 5 4 4 1 1 and later Instead...

Page 2071: ...commands are still applied to all stack members but show commands and commands that access the file system are executed locally The specific output obtained will vary greatly depending on the show co...

Page 2072: ...ples To display the stacking counter information about the whole stack use the following command awplus show counter stack Figure 50 1 Example output from the show counter stack command Virtual Chassi...

Page 2073: ...1 Rx Layer 2 transport 0 Topology Error counters Version unsupported 0 Product unsupported 0 XEM unsupported 0 Too many units 0 Invalid messages 0 Resiliency Link counters Health status good 1 Health...

Page 2074: ...that this unit s physical stack link has come down Nbr re init Number of times that the neighbor is detected as having reinitialized Nbr incompatible Number of times that the neighbor is detected as i...

Page 2075: ...M unsupported Number of XEM unsupported errors Too many units Number of too many units errors Invalid messages Number of invalid messages Health status good The number of times that the resiliency lin...

Page 2076: ...h debugging modes are currently enabled for stacking Syntax show debugging stack Mode User Exec and Privileged Exec Example To display the stack debugging mode status use the command awplus show debug...

Page 2077: ...stack show running config stack Mode Privileged Exec and Global Configuration Example To display the stacking running configuration information use the command awplus show running config stack Output...

Page 2078: ...o show provisioning use the following command awplus show provisioning Output Figure 50 4 Example output from show provisioning Related Commands show stack switch provision stack Switch provisioning s...

Page 2079: ...y Backup Member 3 0015 77c9 7464 128 Syncing Backup Member 4 Provisioned Operational Status Normal operation Stack MAC address 0000 cd28 07e1 Table 3 Parameters in the output from the show stack comma...

Page 2080: ...dWare Plus Operating System Version 5 4 7 1 x VIRTUAL CHASSIS STACKING VCSTACK COMMANDS SHOW STACK Related Commands show stack detail show counter stack show stack resiliencylink stack disabled master...

Page 2081: ...ation about the stack s overall status awplus show stack detail Figure 50 6 Example output from show stack detail Virtual Chassis Stacking detailed information Stack Status Operational Status Not all...

Page 2082: ...Down Stack port2 0 21 status Learnt neighbor 1 Virtual Chassis Stacking detailed information Stack Status Operational Status Normal operation Management VLAN ID 4094 Management VLAN subnet address 19...

Page 2083: ...Member Priority 3 Host name awplus 3 S W version auto synchronizaion On Resiliency link status Successful Stack port 3 0 51 status learned neighbor 1 Stack port 3 0 52 status learned neighbor 2 Table...

Page 2084: ...other stack members are present Not all stack ports are up One or more stacking ports may be down or stacking discovery may not have detected the neighbor successfully Stack Status The stack s overall...

Page 2085: ...Master Monitoring feature is not used Role Stack member s role in the stack this can be one of Active Master DisabledMaster The temporary master when there is a communication break within the stack bu...

Page 2086: ...show stack resiliencylink Mode User Exec and Privileged Exec Example To display information about the current status of the resiliency link across the stack members use the command awplus show stack r...

Page 2087: ...iency link Can be one of Not configured Master or Member Configured Master only Successful Successfully receiving healthchecks from the Active Master Failed Member only Not receiving any healthchecks...

Page 2088: ...oming a disabled master which has the configuration as a normal stack master except that all its switchports are shutdown For more information about the disabled master state see the VCStack Feature O...

Page 2089: ...mand will remove the selected stack member from the stack At this point the removed member will act as a stand alone master and will disable all of its ports The switch can then only be accessed via i...

Page 2090: ...edWare Plus Operating System Version 5 4 7 1 x VIRTUAL CHASSIS STACKING VCSTACK COMMANDS STACK ENABLE Example To turn on stacking on a stackable stand alone unit use the command awplus configure termi...

Page 2091: ...command enables you to change the IP address command the subnet mask must always remain as shown The stack management IP subnet is solely used internally to the stacked devices and cannot be reached...

Page 2092: ...gement VLAN is created and configured automatically so that the stack VLAN cannot be used in the stack s VLAN configuration commands This means you cannot enter commands such as awplus config vlan vla...

Page 2093: ...master Where two stack members both have the same lowest priority value then the stack member with the lowest MAC address will be elected as master NOTE Assigning a new priority value will not immedi...

Page 2094: ...k member 2 The existing stack ID must already be assigned to an existing stack member To avoid duplicating IDs a warning message will appear if you assign a new stack ID that is currently assigned to...

Page 2095: ...sequentially This would normally be done either when the stack is initially configured or following a major reconfiguration The renumber will start on the specified stack member If that stack ID is no...

Page 2096: ...Command Reference for x510 Series 2096 AlliedWare Plus Operating System Version 5 4 7 1 x VIRTUAL CHASSIS STACKING VCSTACK COMMANDS STACK RENUMBER CASCADE Related Commands show stack switch provision...

Page 2097: ...master is still online but the stack will now split into two different stubs The stub containing the existing master will continue operating as normal The members in the masterless stub will now use a...

Page 2098: ...ency link to be VLAN 4093 first create VLAN 4093 awplus configure terminal awplus config stack resiliencylink vlan4093 Then assign VLAN 4093 to the interface port in this case port1 0 1 awplus config...

Page 2099: ...vice attempts to join a stack but is running a software release that is different to the other stack members the software version auto synchronization feature will copy the master s software release o...

Page 2100: ...virtual chassis id entered will form the last 12 bits of a pre selected MAC prefix component that is 0000 cd37 0xxx If you enable the stack virtual MAC address feature by using the stack virtual mac c...

Page 2101: ...me the VCStack master Before enabling the virtual MAC address feature you should check that the stack s virtual chassis id is not already used by another stack in the network Otherwise the duplicate M...

Page 2102: ...ld be run to provision any stack member within this range and we advise this procedure In effect the syntax then becomes switch 1 4 provision x510 28 x510 52 However you could number the stack units w...

Page 2103: ...rom the resiliency link VLAN Syntax switchport resiliencylink no switchport resiliencylink Mode Interface Configuration Usage Note that a resiliency link cannot be part of a static or dynamic aggregat...

Page 2104: ...N if it is connected to a Microsoft Windows PC To avoid this we recommend disabling IGMP snooping on stack local VLANs by using the command no ip igmp snooping Examples To add a stack local VLAN with...

Page 2105: ...ng System Version 5 4 7 1 x VIRTUAL CHASSIS STACKING VCSTACK COMMANDS VLAN MODE STACK LOCAL VLAN To remove VLAN 4002 use the following commands awplus configure terminal awplus config vlan database aw...

Page 2106: ...eference for x510 Series 2106 AlliedWare Plus Operating System Version 5 4 7 1 x VIRTUAL CHASSIS STACKING VCSTACK COMMANDS UNDEBUG STACK undebug stack Overview This command applies the functionality o...

Page 2107: ...Ware Plus Feature Overview and Configuration Guide Command List advertisement interval on page 2109 alternate checksum mode on page 2111 circuit failover on page 2112 debug vrrp on page 2114 debug vrr...

Page 2108: ...Operating System Version 5 4 7 1 x VRRP COMMANDS show vrrp session on page 2136 transition mode on page 2138 undebug vrrp on page 2140 undebug vrrp events on page 2141 undebug vrrp packet on page 214...

Page 2109: ...t interval is 1 second Mode Router Configuration Usage Note when using VRRP with VCStacking ensure the VRRP advertisement interval is larger than the VCStacking failover time to avoid VCStacking failo...

Page 2110: ...interval 6 The example below shows you how to reset the advertisement interval to the default of 1 second for the VRRP IPv4 session with VR ID 5 on interface vlan2 awplus configure terminal awplus co...

Page 2111: ...s sent by AlliedWare Plus devices Use the no variant of this command to disable the alternate checksum mode Syntax alternate checksum mode no alternate checksum mode Default Disabled Mode Router Confi...

Page 2112: ...f VRRP is configured to monitor VLAN2 and VLAN3 with the commands awplus configure terminal awplus config interface vlan1 awplus config if ip address 192 168 1 1 24 awplus config if exit awplus config...

Page 2113: ...above zero if all the interfaces go down Examples To configure circuit failover on an IPv4 VRRP instance so that if interface VLAN3 goes down then the priority of VRRP instance 1 is reduced by 30 use...

Page 2114: ...s function Syntax debug vrrp all no debug vrrp all Mode Privileged Exec and Global Configuration Usage See the VRRP Feature Overview and Configuration Guide for more information about VRRPv3 debugging...

Page 2115: ...Exec and Global Configuration Usage The debug vrrp events command enables the display of debug information related to VRRP internal events See the VRRP Feature Overview and Configuration Guide for mo...

Page 2116: ...formation about VRRPv3 debugging details Examples The example belowshows youhow to enablereceived and sentpacket debugging for VRRP awplus configure terminal awplus config debug vrrp packet The exampl...

Page 2117: ...on or a VRRPv3 IPv6 session on the router Syntax disable Mode Router Configuration Usage See the VRRP Feature Overview and Configuration Guide for more information about VRRPv3 IPv4 and IPv6 configura...

Page 2118: ...RRP session using the virtual ip or virtual ipv6 and the router vrrp interface or router ipv6 vrrp interface commands before using this command See the VRRP Feature Overview and Configuration Guide fo...

Page 2119: ...up router to relieve a lower priority backup router By default a preemptive scheme is enabled whereby a higher priority backup virtual router that becomes available take over for the backup virtual ro...

Page 2120: ...preempt mode false The example below shows you how to configure preempt mode as true for VRRPv3 VR ID 3 on vlan1 awplus configure terminal awplus config router ipv6 vrrp 3 vlan1 awplus config router...

Page 2121: ...ce then this VRRP router functions as the master virtual router Priority also determines whether a VRRP router functions as a backup virtual router and the order of ascendancy to becoming a master vir...

Page 2122: ...as the priority for VRRPv3 VR ID 3 on vlan1 awplus configure terminal awplus config router ipv6 vrrp 3 vlan1 awplus config router priority 101 The example below shows you how to remove the configured...

Page 2123: ...the virtual router when in master state NOTE Configuring a high number of instances may adversely affect the device s performance depending on the device CPU the other protocols it is running and whet...

Page 2124: ...50170 01 Rev B Command Reference for x510 Series 2124 AlliedWare Plus Operating System Version 5 4 7 1 x VRRP COMMANDS ROUTER IPV6 VRRP INTERFACE Related Commands advertisement interval circuit failo...

Page 2125: ...to forward on behalf of the virtual router when in master state NOTE Configuring a high number of instances may adversely affect the device s performance depending on the device CPU the other protoco...

Page 2126: ...Rev B Command Reference for x510 Series 2126 AlliedWare Plus Operating System Version 5 4 7 1 x VRRP COMMANDS ROUTER VRRP INTERFACE Related Commands advertisement interval circuit failover disable VRR...

Page 2127: ...wise debug output is in the log file For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide See the VRRP Feature O...

Page 2128: ...Guide See the VRRP Feature Overview and Configuration Guide for more information about VRRPv3 IPv6 configuration details Syntax show running config router vrrp Mode Privileged Exec Global Configuratio...

Page 2129: ...rview and Configuration Guide See the VRRP Feature Overview and Configuration Guide for more information about VRRPv3 IPv4 configuration details Syntax show running config router vrrp Mode Privileged...

Page 2130: ...p To display brief summary output about VRRP IPv4 sessions enter the command awplus show vrrp brief Output Figure 51 3 Example output from the show vrrp command Figure 51 4 Example output from the sho...

Page 2131: ...C613 50170 01 Rev B Command Reference for x510 Series 2131 AlliedWare Plus Operating System Version 5 4 7 1 x VRRP COMMANDS SHOW VRRP Related Commands enable VRRP disable VRRP...

Page 2132: ...the counters below the sample output as per RFC2787 NOTE Note that the counters displayed with this commands are the same counters as described in RFC 2787 Copyright C The Internet Society 2000 All Ri...

Page 2133: ...ith descriptions for the show vrrp counters command Counter Description Master Transitions The total number of times that this virtual router s state has transitioned to MASTER Received Advertisements...

Page 2134: ...of packets received with a packet length less than the length of the VRRP header Monitored Circuit Up The total number of times the monitored circuit has generated the UP event Monitored Circuit Down...

Page 2135: ...information about VRRPv3 IPv6 configuration details Syntax show vrrp ipv6 interface Mode User Exec and Privileged Exec Example To display information about all VRRPv3 IPv6 sessions enter the command a...

Page 2136: ...e See the below sample output from the show vrrp command displaying information about VRRP session 1 configured on vlan2 Output shows that a Virtual IP address has been set awplus show vrrp 1 vlan2 Se...

Page 2137: ...S SHOW VRRP SESSION Example The following command shows information about VRRP session 5 for interface vlan2 awplus show vrrp 5 vlan2 awplus show vrrp 1 vlan3 Address family IPv4 VrId 1 Interface is v...

Page 2138: ...hen using transition mode VRRPv2 can only use advertisements in whole second intervals Syntax transition mode true false Default The default is false Mode Router Configuration Usage See the VRRP Featu...

Page 2139: ...Version 5 4 7 1 x VRRP COMMANDS TRANSITION MODE The example below shows you how to configure IPv4 transition mode as false for VRRP VR ID 5 on vlan2 awplus configure terminal awplus config router vrr...

Page 2140: ...ystem Version 5 4 7 1 x VRRP COMMANDS UNDEBUG VRRP undebug vrrp Overview Use this command to disable all VRRP debugging Syntax undebug vrrp all Mode Privileged Exec Example The example below shows you...

Page 2141: ...OMMANDS UNDEBUG VRRP EVENTS undebug vrrp events Overview Use this command to disable debugging options for VRRP event troubleshooting Syntax undebug vrrp events Mode Privileged Exec Example The exampl...

Page 2142: ...ged Exec Examples The example below shows you how to disable VRRP sent packet debugging awplus undebug vrrp packet send The example below shows you how to disable VRRP received packet debugging awplus...

Page 2143: ...VRRP Feature Overview and Configuration Guide for more information about VRRPv3 IPv4 configuration details Examples The example below shows you how to set the virtual IP address for VRRP VR ID 5 and t...

Page 2144: ...R ID 5 and the router as owner of the virtual IPv4 address awplus configure terminal awplus config router vrrp 5 vlan2 awplus config router virtual ip 192 0 2 30 owner The example below shows you how...

Page 2145: ...link local addresses are used by IPv6 ND Neighbor Discovery A host s default route to a router points to the IPv6 link local address not a specific global IPv6 address for the router For the host s tr...

Page 2146: ...awplus config router virtual ipv6 fe80 1 master The example below shows you how to set the virtual IPv6 address for VRRPv3 VR ID 3 and the router as the VRRPv3 backup awplus configure terminal awplus...

Page 2147: ...s for any ARP responses associated with the virtual IP address or any gratuitous ARPs sent on behalf of the virtual IP address All VRRP advertisements are sent using this virtual MAC address as the so...

Page 2148: ...AlliedWare Plus Feature Overview and Configuration Guide Command List debug epsr on page 2150 epsr on page 2151 epsr configuration on page 2153 epsr datavlan on page 2154 epsr enhancedrecovery enable...

Page 2149: ...0 01 Rev B Command Reference for x510 Series 2149 AlliedWare Plus Operating System Version 5 4 7 1 x ETHERNET PROTECTION SWITCHED RING EPSRING COMMANDS show epsr summary on page 2173 undebug epsr on p...

Page 2150: ...n from being sent to the console msg Send the decoded received and transmitted EPSR packets to the console Using this parameter with the no debug epsr command will explicitly exclude the above packets...

Page 2151: ...nstance called blue use the command awplus config epsr epsr blue hellotime 5 NOTE When stacking is used with EPSR the EPSR failovertime should be at least 5 seconds To delete the EPSR instance called...

Page 2152: ...re Plus Operating System Version 5 4 7 1 x ETHERNET PROTECTION SWITCHED RING EPSRING COMMANDS EPSR Related Commands epsr mode master controlvlan primary port epsr mode transit controlvlan epsr configu...

Page 2153: ...RING COMMANDS EPSR CONFIGURATION epsr configuration Overview Use this command to enter EPSR Configuration mode so that EPSR can be configured Syntax epsr configuration Mode Global Configuration Exampl...

Page 2154: ...94 using the epsr datavlan command Examples To add vlan3 to the EPSR instance called blue use the command awplus config epsr epsr blue datavlan vlan3 To add vlan2 and vlan3 to the EPSR instance called...

Page 2155: ...e than one break partially mends For more information see the EPSR Feature Overview and Configuration Guide The no variant of this command disables the enhanced recovery mode Syntax epsr epsr instance...

Page 2156: ...gainst this because in certain situations it can produce unpredictable results Mode EPSR Configuration Example To create a master EPSR instance called blue with vlan2 as the control VLAN and port1 0 1...

Page 2157: ...r static channels an algorithm selects the two ports or channels with the lowest number to be the ring ports However if the switch has only one channel group is defined to the control vlan EPSR will n...

Page 2158: ...on Syntax epsr epsr instance priority 0 127 no epsr instance priority Default The default priority of an EPSR instance on an EPSR node is 0 The negated form of this command resets the priority of an E...

Page 2159: ...Syntax epsr epsr instance state enabled disabled Mode EPSR Configuration Example To enable the EPSR instance called blue use the command awplus config epsr epsr blue state enabled Related Commands eps...

Page 2160: ...mand is to allow EPSR to accept notifications from other topology protocols namely G 8032 about Topology Change Notifications TCN Once EPSR accepts the TCN it will in turn notify the other nodes on th...

Page 2161: ...stance The traps will no longer be sent when the EPSR instance changes state Syntax epsr epsr instance trap no epsr epsr instance trap Mode EPSR Configuration Example To enable traps for the EPSR inst...

Page 2162: ...OTECTION SWITCHED RING EPSRING COMMANDS SHOW DEBUGGING EPSR show debugging epsr Overview This command shows the debugging modes enabled for EPSR Syntax show debugging epsr Mode User Exec and Privilege...

Page 2163: ...es use the command awplus show epsr Output non superloop topology The following examples show the output display for a non superloop topology network Table 1 Example output from the show epsr command...

Page 2164: ...Control Vlan 4 Data VLAN s 20 Interface Mode Ports Only Primary Port port1 0 3 Primary Port Status Forwarding Secondary Port port1 0 4 Secondary Port Status Forwarding Hello Time 1 s Failover Time 2...

Page 2165: ...Priority 12 Table 5 Parameters displayed in the output of the show epsr command Parameter on Master Node Parameter on Transit Node Description Name Name The name of the EPSR instance Mode Mode The mod...

Page 2166: ...physical control of it Note that on a master configured for SuperLoop Prevention non zero priority its secondary ring port can be physically forwarding but logically blocking This situation arises whe...

Page 2167: ...e master controlvlan primary port epsr mode transit controlvlan show epsr counters Enhanced Recovery Enhanced Recovery Whether the EPSR instance has enhanced recovery mode enabled SLP Priority SLP Pri...

Page 2168: ...orts on the switch use the command awplus show epsr common segments Related Commands show epsr show epsr summary show epsr counters Table 6 Example output from the show epsr common segments command EP...

Page 2169: ...less than 5 seconds for a stacked device The instance is a master with its secondary port on a common segment Syntax show epsr instance config check Mode User Exec and Privileged Exec Example To chec...

Page 2170: ...ew This command displays information about the specified EPSR instance Syntax show epsr epsr instance Mode User Exec and Privileged Exec Example To show the current settings of the EPSR instance calle...

Page 2171: ...verview This command displays counter information about the specified EPSR instance Syntax show epsr epsr instance counters Mode User Exec and Privileged Exec Example To show the counters of the EPSR...

Page 2172: ...W EPSR COUNTERS show epsr counters Overview This command displays counter information about all EPSR instances Syntax show epsr counters Mode User Exec and Privileged Exec Example To show the counters...

Page 2173: ...ut from the show epsr summary command EPSR Summary Information Abbreviations M Master node T Transit node C is on a common segment with other instances P instance on a common segment has physical cont...

Page 2174: ...or x510 Series 2174 AlliedWare Plus Operating System Version 5 4 7 1 x ETHERNET PROTECTION SWITCHED RING EPSRING COMMANDS UNDEBUG EPSR undebug epsr Overview This command applies the functionality of t...

Page 2175: ...Configuration Guide Command List cfm sf notify on page 2177 clear g8032 erp instance on page 2179 clear g8032 erp instance statistics on page 2180 data traffic on page 2181 debug g8032 on page 2182 e...

Page 2176: ...ON SWITCHING COMMANDS show debugging g8032 on page 2199 show g8032 erp instance on page 2200 show g8032 erp instance statistics on page 2205 show g8032 physical ring on page 2207 show g8032 profile on...

Page 2177: ...SF for that East or West ring port Similarly CFM Local MEPs can notify G 8032 that the fault has cleared When this command is used this G 8032 ERP instance will ensure that the specified Local MEP is...

Page 2178: ...Plus Operating System Version 5 4 7 1 x G 8032 ETHERNET RING PROTECTION SWITCHING COMMANDS CFM SF NOTIFY Related Commands ethernet cfm domain name ethernet cfm mep g8032 erp instance service ma name s...

Page 2179: ...used on an ERP instance where a forced switch or manual switch command has been successfully entered to clear that action The command will be ignored if a force switch or manual switch command had not...

Page 2180: ...Exec Usage A G 8032 ERP instance keeps statistical data as counts on a variety of data such as the number of certain types of Ring Automatic Protection Switching R APS messages sent and received over...

Page 2181: ...ce The data VLAN s must already exist The data VLAN s port members should be members of the ring interface s but it is not enforced When a data traffic VLAN s is removed any blocks that were in place...

Page 2182: ...sable G 8032 debugging Syntax debug g8032 all event rx tx no debug g8032 all event rx tx Mode Privileged Exec Example To enable all G 8032 debugging use the following command awplus debug g8032 all Re...

Page 2183: ...e modes of operation Once a ring failure has abated a G 8032 ring instance will check its mode of operation and if the mode is revertive it will attempt to revert back to where the RPL Owner controls...

Page 2184: ...mand is to allow EPSR to accept notifications from other topology protocols namely G 8032 about Topology Change Notifications TCN Once EPSR accepts the TCN it will in turn notify the other nodes on th...

Page 2185: ...ked Otherwise the node will block one of its ring ports All the nodes will send Ring Automatic Protection Switching R APS messages initially The G 8032 protocol and state machines will transition the...

Page 2186: ...ERP instance is made up of two ERP ring ports a Control VLAN that carries Ring Automatic Protection Switching R APS messages and zero one or more Protected traffic data VLANs that the instance protec...

Page 2187: ...lliedWare Plus Operating System Version 5 4 7 1 x G 8032 ETHERNET RING PROTECTION SWITCHING COMMANDS G8032 ERP INSTANCE rpl role show g8032 erp instance show g8032 erp instance statistics sub ring top...

Page 2188: ...r the clearing of a failure If a node that was issued a Force Switch command later fails then it becomes difficult to remove the Force Switch condition from the ring In this situation the operator has...

Page 2189: ...difference between a Manual switch and a Forced switch is that the Manual Switch will be ignored under various conditions In particular only one Manual Switch is allowed on a G 8032 ring at a time If...

Page 2190: ...s When only a single port is used it is referred to as a Terminating port Example To create a physical ring profile named red where the East interface port is port1 0 5 and the West interface port is...

Page 2191: ...Command Reference for x510 Series 2191 AlliedWare Plus Operating System Version 5 4 7 1 x G 8032 ETHERNET RING PROTECTION SWITCHING COMMANDS G8032 PHYSICAL RING sub ring Command changes Version 5 4 7...

Page 2192: ...the name default profile will exist in the system and is used by default by an ERP instance All the parameters in the default profile take on the default values Mode Global Configuration Example To e...

Page 2193: ...tance will use the configured level for sending R APS messages and is the level that the instance expects to receive If the node receives an R APS message with the improper level then the message will...

Page 2194: ...has two ring ports unless it is at the end of a sub ring in which case it has only one ring port Ring port s are specified using a G 8032 physical ring instance This command can only be accepted when...

Page 2195: ...ses a profile which contains timer configurations and configurations for revertive modes of operation This configuration can be accepted regardless of the ERP instance being disabled or enabled Any pa...

Page 2196: ...or carrying an R APS message This VLAN is also used to identify the proper ring instance to all the other nodes in the ring The VLAN must be tagged members of the G 8032 physical ring instance associa...

Page 2197: ...for the other ring port When using this command to set the RPL role to none an interface need not be specified as this command will set all the ring ports RPL role to none The command can onlybe acce...

Page 2198: ...erence for x510 Series 2198 AlliedWare Plus Operating System Version 5 4 7 1 x G 8032 ETHERNET RING PROTECTION SWITCHING COMMANDS RPL ROLE g8032 physical ring show g8032 erp instance Command changes V...

Page 2199: ...r G 8032 Syntax show debugging g8032 Mode User Exec and Privileged Exec Example To show the debugging modes enabled for G 8032 use the following command awplus show debugging g8032 Output Figure 53 1...

Page 2200: ...ow g8032 erp instance blue Output Figure 53 2 Example output from the show g8032 erp instance command Parameter Description erp instance name The name of a specific G 8032 ERP instance all Use this to...

Page 2201: ...tance name for this instance Admin State The configured administrative state of this instance either enabled or disabled When the ERP instance is disabled all dynamic data for other parameters in this...

Page 2202: ...d in which case will be displayed if no target instances have been identified Otherwise a is displayed anyway Identifies the protocol to notify Only G8032 will be supported initially instance name Ide...

Page 2203: ...the protection switch request being sent or received in the R APS message Consists of one of NR No Request for protection switching SF Signal Fail MS Manual Switch request FS Force Switch request Eve...

Page 2204: ...m Version 5 4 7 1 x G 8032 ETHERNET RING PROTECTION SWITCHING COMMANDS SHOW G8032 ERP INSTANCE Related Commands data traffic erp instance g8032 erp instance level G 8032 physical ring profile name rpl...

Page 2205: ...g8032 erp instance blue statistics Output Figure 53 3 Example output from the show g8032 erp instance statistics command Parameter Description erp instance name The name of a specific G 8032 ERP inst...

Page 2206: ...ved or sent RAPS NR RB The number of R APS messages with a No Request RPL Blocked NR RB being received or sent RAPS SF The number of R APS messages with Signal Fail SF being received or sent RAPS FS T...

Page 2207: ...Example output from the show g8032 physical ring command Related Commands g8032 physical ring Command changes Version 5 4 7 0 1 command added Parameter Description physical ring name The name of the p...

Page 2208: ...ription erp profile name The name of the G 8032 profile that was created by the user default profile The default name of the G 8032 profile that was created automatically by the system all Using this...

Page 2209: ...510 Series 2209 AlliedWare Plus Operating System Version 5 4 7 1 x G 8032 ETHERNET RING PROTECTION SWITCHING COMMANDS SHOW G8032 PROFILE Related Commands enable G 8032 g8032 profile timer G 8032 Comma...

Page 2210: ...gs must be attached to either a major ring one that is fully closed or to other sub rings where one of the other sub rings itself is attached to a major ring Setting the mode to sub ring should also b...

Page 2211: ...me for the G 8032 defect to clear A classic example is when the ERP Physical ring port is carried over a SONET SDH transmission system that itself has 50ms recovery times If G 8032 detects a failure t...

Page 2212: ...e for x510 Series 2212 AlliedWare Plus Operating System Version 5 4 7 1 x G 8032 ETHERNET RING PROTECTION SWITCHING COMMANDS TIMER G 8032 Related Commands g8032 profile show g8032 profile Command chan...

Page 2213: ...as a sub ring with a Terminating interface it is protecting the same data VLANs as the target instance and the target ERP instance must have two ring ports When the detecting ERP instance detects a t...

Page 2214: ...SWITCHING COMMANDS TOPOLOGY CHANGE Example To enable sending of R APS flush event messages on an ERP instance named blue use the following commands awplus config g8032 erp instance blue awplus g8032 c...

Page 2215: ...ed Mode G8032 Configure Switch Usage Globally ERP traps are disabled by default but can be enabled globally using the snmp server enable trap command Example To disable the SNMP traps for an ERP insta...

Page 2216: ...or various G 8032 debug attributes Syntax undebug g8032 all event rx tx Mode Privileged Exec Example To turn off all G 8032 debugging use the following command awplus undebug g8032 all Related Command...

Page 2217: ...C613 50170 01 Rev B Command Reference for x510 Series 2217 AlliedWare Plus Operating System Version 5 4 7 1 x Part 7 Network Management...

Page 2218: ...only link to one other AMF node They cannot form cross links or virtual links AMF naming convention When AMF is enabled on a device it will automatically be assigned a host name If a host name has alr...

Page 2219: ...backup guests synchronize on page 2244 atmf backup now on page 2245 atmf backup redundancy enable on page 2247 atmf backup server on page 2248 atmf backup stop on page 2250 atmf backup synchronize on...

Page 2220: ...299 atmf secure mode certificate expire on page 2301 atmf secure mode certificate expiry on page 2302 atmf secure mode certificate renew on page 2303 atmf secure mode enable all on page 2304 atmf sele...

Page 2221: ...e 2365 show atmf guests on page 2367 show atmf guests detail on page 2369 show atmf links on page 2372 show atmf links detail on page 2374 show atmf links guest on page 2383 show atmf links guest deta...

Page 2222: ...ELESIS MANAGEMENT FRAMEWORK AMF COMMANDS switchport atmf agentlink on page 2418 switchport atmf arealink remote area on page 2419 switchport atmf crosslink on page 2421 switchport atmf guestlink on pa...

Page 2223: ...de AMF Container Configuration Usage The AMF area link connects the AMF controller on a VAA host to the AMF container Once a container has been created with the atmf container command and an area link...

Page 2224: ...ESIS MANAGEMENT FRAMEWORK AMF COMMANDS AREA LINK To remove an area link from container vac wlg 1 use the commands awplus configure terminal awplus config atmf container vac wlg 1 awplus config atmf co...

Page 2225: ...ber of areas supported on a controller depends on the license installed on that controller You must give each area in an AMF network a unique name and ID number Only one local area can be configured o...

Page 2226: ...ies 2226 AlliedWare Plus Operating System Version 5 4 7 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS ATMF AREA Related Commands atmf area password show atmf area show atmf area summary show at...

Page 2227: ...ally on both of the area that locally contains the controller and the remote AMF area masters The command show running config atmf will display the encrypted version of this password The encryption ke...

Page 2228: ...ies 2228 AlliedWare Plus Operating System Version 5 4 7 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS ATMF AREA PASSWORD Related Commands atmf area show atmf area show atmf area summary show at...

Page 2229: ...sters must be authorized by the controller and the AMF remote area masters will also need to authorized access from the AMF controller Example To authorize all AMF nodes in the pending authorization q...

Page 2230: ...0 Series 2230 AlliedWare Plus Operating System Version 5 4 7 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS ATMF AUTHORIZE show atmf secure mode certificates show atmf secure mode statistics Com...

Page 2231: ...f authorize provision mac mac address no atmf authorize provision all Default The default timeout is 60 minutes Mode Privileged Exec Example To provisionally authorize all non secure AMF nodes use the...

Page 2232: ...ROVISION To authorize a node with a MAC address of 0000 cd28 0880 for 2 hours use the command awplus authorize provision timeout 120 mac 0000 cd28 0880 To remove all provisional authorization on an AM...

Page 2233: ...schedule backup requests to begin at 11 am and execute twice per day 11 am and 11 pm use the following command node_1 configure terminal node_1 config atmf backup 11 00 frequency 2 CAUTION File names...

Page 2234: ...Note that this command can only be run on an AMF controller Syntax atmf backup area masters delete area area name node node name Mode Privileged Exec Example To delete the backup of the remote area m...

Page 2235: ...lt Remote area backups are disabled by default Usage Use the following commands to configure the remote area master backups atmf backup to configure when the backups begin and how often they run atmf...

Page 2236: ...eged Exec Example To back up all local master nodes in all areas controlled by controller 1 use the command controller 1 atmf backup area masters now To back up all local masters in the AMF area named...

Page 2237: ...en the active remote file server and the backup remote file server Files are copied from the active server to the remote server Note that this command is only valid on AMF controllers Syntax atmf back...

Page 2238: ...the maximum configurable speed of 1000 kBps In effect zero means unlimited Use the no variant of this command to reset to its default value of zero the maximum bandwidth in kilobytes per second kBps a...

Page 2239: ...ackup file from the external media of a specified AMF node Note that this command can only be run from an AMF master node Syntax atmf backup delete node name Mode Privileged Exec Example To delete the...

Page 2240: ...up enable Default Automatic AMF backup functionality is enabled on the AMF master when it is configured and external media i e an SD card or a USB storage device or remote server is detected Mode Glob...

Page 2241: ...Syntax atmf backup guests delete node name guest port Mode User Exec Privileged Exec Example On a parent node named node1 which in this case the user has a direct console connection to usethefollowing...

Page 2242: ...isable the ability of the guest nodes to be backed up Syntax atmf backup guests enable no atmf backup guests enable Default Guest node backups are enabled by default Mode Global Config Usage We recomm...

Page 2243: ...now node name guest port Default N A Mode Privileged Exec Example Use the following command to manually trigger the backup of all guests in the AMF network awplus atmf backup guests now Example To ma...

Page 2244: ...ndancy backup media such as USB storage devices This facility ensures that each device contains the same backup image files Note that this backup synchronization process will occur as part of the regu...

Page 2245: ...nt backups on both masters you can apply the backup now command to the master working set This is shown in Example 4 below Example 1 In this example an AMF member has not been assigned a host name The...

Page 2246: ...nex and store the configuration on both masters use the following process From the AMF_master_1 set the working set to comprise only of the automatic group master nodes AMF_Master_1 atmf working set g...

Page 2247: ...r supports any removable media SD card USB it uses the removable media as the redundant backup for the AMF data backup This feature is valid only if remote file servers are configured on the AMF Maste...

Page 2248: ...mmands AMF_Master_1 configure terminal AMF_Master_1 config atmf backup server id 1 192 168 1 1 username backup1 Parameter Description id Remote server backup server identifier 1 2 The backup server id...

Page 2249: ...2 with a hostname and username use the command AMF_Master_1 configure terminal AMF_Master_1 config atmf backup server id 2 www example com username backup2 To configure server 2 with a hostname and us...

Page 2250: ...is command separately on each master node or add both masters to a working set and issue this command to the working set Note that this command can only be run on a master node Syntax atmf backup stop...

Page 2251: ...o its backup remote file server Note that this process happens automatically each time the network is backed up Note that this command can only be run from a master node Syntax atmf backup synchronize...

Page 2252: ...t then reboots to put the device in a clean state ready to be used as a replacement node on a provisioned port Syntax atmf cleanup Mode Privileged Exec Usage This command is an alias to the erase fact...

Page 2253: ...nfiguration Guide for more information on running multiple tenants on a single VAA host Use the no variant of this command to remove an AMF container Syntax atmf container container name no atmf conta...

Page 2254: ...ation Guide for more information on running multiple tenants on a single VAA host Syntax atmf container login container name Mode Privileged Exec Usage If you try to login to a AMF container that has...

Page 2255: ...valid AMF controller license is not available on the device the device will accept this command but will not act as a controller until you install a valid license The following message will warn you...

Page 2256: ...nameisupdatedusingthe bootsystemcommand Theoldrelease will become the backup release file If a release file exists in a remote device such as TFTP or HTTP for example then the URL should specify the e...

Page 2257: ...e File Status Team1 x510 5 4 7 1 1 rel Release ready Team2 x930 5 4 7 1 1 rel Release ready Team3 x930 5 4 7 1 1 rel Release ready Continue the rolling reboot y n y Copying Release x510 5 4 7 1 1 rel...

Page 2258: ...in VLANs each having the same VID and each being applied to a horizontal slice domain of the AMF It follows therefore thatthedomain VLANsare only applied to ports that form cross links and not to port...

Page 2259: ...execute the command in parallel leave the AMF network and attempt to rejoin through the new VLAN 4 Create the working set again using the commands master config exit master atmf working set group all...

Page 2260: ...MMANDS ATMF DOMAIN VLAN To reset the AMF domain VLAN to its default of 4091in an existing AMF network use the following commands master atmf working set group all test 10 configure terminal test confi...

Page 2261: ...configured the AMF feature starts automatically when the device starts up Mode Global Configuration Usage The device does not auto negotiate AMF domain specific settings such as the Network Name You...

Page 2262: ...are automatically assigned to the master group Use the no variant of this command to remove the membership Syntax atmf group group list no atmf group group list Mode Global Configuration Usage You ca...

Page 2263: ...d sales first add the nodes to the working set master_node atmf working set member_node_1 member_node_2 This command returns the following output confirming that the nodes member_node_1 and member_nod...

Page 2264: ...mode discovery method model type http enable setting guest port user name and password The no variant of this command removes the guest class Note that you cannot remove a guest class that is assigned...

Page 2265: ...170 01 Rev B Command Reference for x510 Series 2265 AlliedWare Plus Operating System Version 5 4 7 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS ATMF GUEST CLASS show atmf links guest show atmf...

Page 2266: ...mand to reset to the default Syntax atmf log verbose 1 3 no atmf log verbose Default The default log display is 3 Usage This command is intended for use in large networks where verbose output can make...

Page 2267: ...ll devices the same setting so they can all rejoin the AMF network Use the no variant of this command to remove the assigned subnet Syntax atmf management subnet a b 0 0 no atmf management subnet Defa...

Page 2268: ...10 nodes test 10 3 Enter the new subnet address using the commands test 10 configure terminal test config 10 atmf management subnet a b 0 0 The nodes will execute the command in parallel leave the AM...

Page 2269: ...NAGEMENT SUBNET To reset the AMF management subnet address to its default of 172 31 0 0 in an existing AMF network use the following commands master atmf working set group all test 10 configure termin...

Page 2270: ...d try to rejoin it The AMF network will not be complete until you have given all devices the same setting so they can all rejoin the AMF network Use the no variant of this command to restore the VID t...

Page 2271: ...ogging into their consoles directly NOTE The management VLAN will automatically be assigned an IP subnet address based on the value configured by the command atmf management subnet The default VLAN ID...

Page 2272: ...r nodes may exist in a network and they must be connected by an AMF crosslink NOTE Master nodes are an essential component of an AMF network In order to run AMF an AMF License is required for each mas...

Page 2273: ...de Global Configuration Usage The default value of 1300 will work for all AMF networks including those that involve virtual links over IPsec tunnels If there are virtual links over IPsec tunnels anywh...

Page 2274: ...ring an AMF master node see the command atmf master Use the no variant of this command to remove the AMF network name Syntax atmf network name name no atmf network name Mode Global Configuration Usage...

Page 2275: ...ision nodename no atmf provision Default No AMF provisioning Mode Interface Configuration for a switchport a static aggregator or a dynamic channel group Usage The port should be configured as an AMF...

Page 2276: ...st delete it before using the atmf provision node clone command When using this command it is important to be aware of the following A copy of media atmf atmf_name nodes source_node flash will be made...

Page 2277: ...he new provisioned node device3 Figure 54 2 Sample output from the show atmf backup command device1 atmf provision node device3 clone device2 Copying Successful operation device1 show atmf backup Sche...

Page 2278: ...ng this command to set a backup configuration file the specified AMF provisioned node must exist The specified file must exist in the flash directory created for the provisioned node in the AMF remote...

Page 2279: ...Usage When using this command to set a backup release file the specified AMF provisioned node must exist The specified file must exist in the flash directory created for the provisioned node in the A...

Page 2280: ...rovision node clone must be executed before you can use other atmf provision node commands with the specified node name If a backup or provisioned node already exists for the specified node name then...

Page 2281: ...AMF Feature Overview and Configuration Guide Related commands atmf provision node clone device1 show atmf backup Scheduled Backup Enabled Schedule 1 per day starting at 03 00 Next Backup Time 01 Oct 2...

Page 2282: ...want to use the atmf provision node delete command to delete a provisioned node that was created in error or that is no longer needed This command cannot be used to delete backups created by the AMF...

Page 2283: ...provision node create device1 show atmf backup Scheduled Backup Enabled Schedule 1 per day starting at 03 00 Next Backup Time 01 Oct 2016 03 00 Backup Bandwidth Unlimited Backup Media USB Total 7446...

Page 2284: ...copy of the certificate file is deleted from AMF backup media Use the no variant of this command to set it back to the default This command can only be run on AMF master nodes Syntax atmf provision no...

Page 2285: ...mf provision nodes command Related commands show atmf provision nodes device1 show atmf provision nodes ATMF Provisioned Node Information Backup Media SD Total 3827 0MB Free 3481 1MB Node Name device2...

Page 2286: ...n the command has already been set up Otherwise an error message is shown when the command is run NOTE We advise that after running this command you return to a known working directory typically flash...

Page 2287: ...reboot the next node in the sequence This command can take a significant amount of time to complete Syntax atmf reboot rolling force url Mode Privileged Exec Usage You can load the software from a var...

Page 2288: ...ecify the exact release filename without using wild card characters On bootup the software release is verified Should an upgrade fail the upgrading unit will revert back to its previous software versi...

Page 2289: ...m3 Working set join ATMF_NETWORK 3 atmf reboot rolling ATMF Rolling Reboot Nodes Timeout Node Name Minutes SW_Team1 14 SW_Team2 8 SW_Team3 8 Continue the rolling reboot y n y ATMF Rolling Reboot Reboo...

Page 2290: ...lling Reboot Nodes Timeout Node Name Minutes New Release File Status SW_Team1 8 x510 5 4 6 0 1 rel Release Ready SW_Team2 10 x510 5 4 6 0 1 rel Release Ready SW_Team3 8 Not Supported HW_Team1 6 Incomp...

Page 2291: ...ice will poll all known AMF masters and controllers and execute an election process based on the last successful backup and its timestamp to determine which to use If no valid backup master or control...

Page 2292: ...sion 5 4 7 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS ATMF RECOVER Example To recover the AMF node named Node_10 from the AMF master node named Master_2 use the following command Master_2 at...

Page 2293: ...ent by reloading its backup file set that is located within the AMF backup system Note that this command must be run on the edge node device that connects to the guest node Syntax atmf recover guest g...

Page 2294: ...nction to their normal operational mode and in doing so assists with resolving the recovery problem You can repeat this process until the recovery failure has been resolved For more information see th...

Page 2295: ...er account that does not exist on the second node provided that atmf restricted login is disabled and the user account on the first node has privilege level 15 Moreover it is possible to use a RADIUS...

Page 2296: ...ssion on Node20 and return to Node10 s command line use the following command Node20 exit Node10 In this example user User1 is a valid user of node5 They can remotely login from node5 to node3 by usin...

Page 2297: ...rk This allows access to the atmf working set command from any node in the AMF network Syntax atmf restricted login no atmf restricted login Mode Privileged Exec Default Master nodes operate with atmf...

Page 2298: ...Reference for x510 Series 2298 AlliedWare Plus Operating System Version 5 4 7 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS ATMF RESTRICTED LOGIN Command changes Version 5 4 6 2 1 changes to AM...

Page 2299: ...network Use the no variant of this command to disable AMF secure mode on an AMF node Syntax atmf secure mode no atmf secure mode Default Secure mode is disabled by default Mode Global Configuration U...

Page 2300: ...SIS MANAGEMENT FRAMEWORK AMF COMMANDS ATMF SECURE MODE clear atmf secure mode certificates clear atmf secure mode statistics show atmf show atmf authorization show atmf secure mode show atmf secure mo...

Page 2301: ...ileged Exec Example To remove an AMF node named node3 from an AMF network use the following command on the AMF master awplus atmf secure mode certificate expire node3 To remove an AMF node named node2...

Page 2302: ...bal Configuration Example To set AMF secure mode certificate expiry to 7 days use the commands awplus configure terminal awplus config atmf secure mode certificate expiry 7 To set AMF secure mode cert...

Page 2303: ...network Secure mode certificates renew automatically but this command could be used to renew a certificate in a situation where the automatic renewal may happen while the device is not attached to the...

Page 2304: ...t of this command to disable AMF secure mode on an entire network Syntax atmf secure mode enable all no atmf secure mode enable all Default Secure mode is disabled by default Mode Privileged Exec Usag...

Page 2305: ...hat ticks every 10 seconds for a maximum of 10 times and checks if all the secure mode capable nodes rejoin the AMF network NOTE Enabling or disabling secure mode on the network saves the running conf...

Page 2306: ...Privileged Exec Usage After running this command use the atmf working set command to select the set of nodes you want to access in the remote area Example To access nodes in the area Canterbury use t...

Page 2307: ...mber nodes Enabled by default on Controllers Mode Global Configuration mode Usage To use Vista Manager EX you must also enable the HTTP service on all AMF nodes including all AMF masters and controlle...

Page 2308: ...command allows a virtual tunnel to be created between two remote sites over a layer 3 link The tunnel encapsulates AMF packets and allows them to be sent transparently across a Wide Area Network WAN...

Page 2309: ...virtual crosslink id 10 ip 192 168 200 1 remote id 5 remote ip 192 168 100 1 To remove this virtual crosslink run the following commands on the local site siteA configure terminal siteA config no atm...

Page 2310: ...If the tunnel is configured to connect a head office and branch office over the Internet typically this would involve using some type of managed WAN service such as a site to site VPN Tunnels are onl...

Page 2311: ...2 168 1 1 remote id 2 remote ip 192 168 2 1 Node_20 config atmf virtual link id 2 ip 192 168 2 1 remote id 1 remote ip 192 168 1 1 Example 2 To set up an area virtual link to a remote site assuming IP...

Page 2312: ...ything other than the local device the prompt will change to the AMF network name followed by the size of the working set shown in square brackets This command has to be run at privilege level 15 In a...

Page 2313: ...ng set use the command node1 atmf working set group all NOTE This command adds the implicit group all to the working set where all comprises all nodes in the AMF This command displays an output screen...

Page 2314: ...he no variant of this command to remove a bridge group from an AMF container Syntax bridge group bridge id no bridge group Mode AMF Container Configuration Usage Each container has two virtual interfa...

Page 2315: ...MMANDS CLEAR ATMF LINKS STATISTICS clear atmf links statistics Overview This command resets the values of all AMF link port and global statistics to zero Syntax clear atmf links statistics Mode Privil...

Page 2316: ...atmf secure mode certificates If this is the only master on the network you will see the following warning On an AMF member you will see the following message Related Commands atmf authorize atmf secu...

Page 2317: ...ar atmf secure mode statistics Overview Use this command to reset all secure mode statistics to 0 Syntax clear atmf secure mode statistics Mode Privileged Exec Example To reset the AMF secure mode sta...

Page 2318: ...osslink arealink database neighbor error all Default All debugging facilities are disabled Mode User Exec and Global Configuration Usage If no additional parameters are specified then the command outp...

Page 2319: ...C613 50170 01 Rev B Command Reference for x510 Series 2319 AlliedWare Plus Operating System Version 5 4 7 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS DEBUG ATMF Related Commands no debug all...

Page 2320: ...of 60 seconds with no filters applied NOTE An alias to the no variant of this command undebug atmf can be found elsewhere in this chapter Mode User Exec and Global Configuration Usage If no additiona...

Page 2321: ...o dump packets from an interface portx x x on the local node ifname Interface port or virtual link pkt type Sets the filter on packets with a particular AMF packet type 1 Crosslink Hello BPDU packet w...

Page 2322: ...ystem Version 5 4 7 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS DEBUG ATMF PACKET This example applies the debug atmf packet command and combines many of its options node_1 debug atmf packet...

Page 2323: ...tchport atmf guestlink command to separately assign an individual switch port to each of the guest nodes The MAC addresses of each of the guests of that class can then be learned from ARP or Neighbor...

Page 2324: ...F COMMANDS DISCOVERY Example 2 To return the discovery method for the guest class TQ4600 1 to its default of dynamic use the following commands Node1 conf t Node1 config atmf guest class TQ4600 1 Node...

Page 2325: ...AA host See the AMF Feature Overview and Configuration Guide for more information on running multiple tenants on a single VAA host Use the no variant of this command to remove the description from an...

Page 2326: ...device is then rebooted and returned to its factory default condition The device can then be used for AMF automatic node recovery Syntax erase factory default Mode Privileged Exec Usage This command...

Page 2327: ...port number no http enable Default http enable is off If http enable is selected without a port parameter the port number will default to 80 Mode ATMF Guest Configuration Mode Example 1 To enable HTTP...

Page 2328: ...nce for x510 Series 2328 AlliedWare Plus Operating System Version 5 4 7 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS HTTP ENABLE Related Commands atmf guest class switchport atmf guestlink sho...

Page 2329: ...sts are set so syslog sends the messages out as they come NOTE There is a difference between log event and log host messages Log event messages are sent out as they come by syslog Log host messages ar...

Page 2330: ...pe tq to the guest class called tq_device use the following commands node1 conf t node1 config atmf guest class tq_device node1 config atmf guest modeltype tq node1 config atmf guest end Example 2 To...

Page 2331: ...tarted with AlliedWare Plus Feature Overview and Configuration Guide Example 1 To show summary information on AMF node_1 use the following command node_1 show atmf summary Example 2 To show informatio...

Page 2332: ...node_1 show atmf tech Table 2 Output from the show atmf session command node_1 show atmf session CLI Session Neighbors Session ID 73518 Node Name node_1 PID 7982 Link type Broadcast cli MAC Address 00...

Page 2333: ...MAC 0014 2299 137d Parent Domain Parent Domain Controller Parent Domain Controller MAC 0000 0000 0000 Number of Domain Events 0 Crosslink Ports Blocking 0 Uplink Ports Waiting on Sync 0 Crosslink Sequ...

Page 2334: ...The VLAN created for traffic between Nodes of different domain up down links VLAN ID In this example VLAN 4092 is configured as the Management VLAN Management Subnet Network prefix for the subnet Man...

Page 2335: ...roller 1 show atmf area The following figure shows example output from running this command on a controller The following figure shows example output from running this command on a remote master Param...

Page 2336: ...a has not been established This could meanthat a port or vlan is down or that inconsistent VLANs have been configured using the switchport atmf arealink remote area command N A for the area of the con...

Page 2337: ...atmf area summary show atmf area nodes show atmf area nodes detail Table 8 Output from the show atmf area detail command controller 1 show atmf area detail ATMF Area Detail Information Controller dis...

Page 2338: ...The area name for guest information node name The name of the node that connects to the guests main building Area Guest Node Information Device MAC IP IPv6 Type Address Parent Port Address 0008 5d10 7...

Page 2339: ...510 Series 2339 AlliedWare Plus Operating System Version 5 4 7 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS SHOW ATMF AREA GUESTS Related Commands show atmf area show atmf area nodes show atmf...

Page 2340: ...tail northern node1 Output Figure 54 9 Example output from the show atmf guest detail command Parameter Description area name The name assigned to the AMF area An area is an AMF network that is under...

Page 2341: ...t number on the parent node Guest Description A brief description of the guest node as manually entered into the description interface command for the guest node port on the parent node Device Type Th...

Page 2342: ...xample To show summarized information about all the nodes the controller is aware of use the command controller 1 show atmf area nodes The following figure shows partial example output from running th...

Page 2343: ...es detail ATMF Master Whether the node is an AMF master node for its area Y if it is and N if it is not SC The device configuration one of C Chassis SBx8100 series S Stackable VCS or N Standalone Pare...

Page 2344: ...Example To show information about all the nodes the controller is aware of use the command controller 1 show atmf area nodes detail The following figure shows partial example output from running this...

Page 2345: ...rom the show atmf area nodes detail command Parameter Definition Node name The name assigned to a particular node Parent node name The node to which the current node has an active uplink Domain id Boa...

Page 2346: ...area summary The following figure shows example output from running this command Related Commands show atmf area show atmf area nodes show atmf area nodes detail Parameter Description area name Displ...

Page 2347: ...AMF nodes which are requesting authorization on an AMF controller or AMF master use the command awplus show atmf authorization pending To display AMF nodes which have provisional authorization use th...

Page 2348: ...authorization Authorization expiry time is set using atmf secure mode certificate expiry Pending Authorizations NZ Requests Node Name Product Parent Node Interface area_1_node_3 x230 18GP master_1 por...

Page 2349: ...f show atmf secure mode show atmf secure mode certificates Command changes Version 5 4 7 0 3 command added Table 54 3 Parameters in the output from show atmf authorization provisional Parameter Descri...

Page 2350: ...logs Displays detailed log information server status Displays connectivity diagnostics information for each configured remote file server synchronize Display the file server synchronization status lo...

Page 2351: ...p logs Backup Redundancy Enabled Local media SD Total 3788 0MB Free 1792 8MB State Inactive Remote file server is not available Log File Location card atmf ATMF logs rsync_ node name log Node Name Log...

Page 2352: ...e a combination of either Idle Starting Doing Stopping or manual scheduled Started The date and time that the currently executing task was initiated in the format DD MMM YYYY HH MM Current Node The na...

Page 2353: ...sues note that the backup may still be deemed successful depending on the errors Stopped meaning that the backup attempt was manually aborted Good meaning that the backup was completed successfully In...

Page 2354: ...master nodes in one or more areas Note that this command is only available on AMF controllers Syntax show atmf backup area area name node name logs Mode Privileged Exec Example To show information ab...

Page 2355: ...ime 15 Oct 2016 04 30 Backup Bandwidth Unlimited Backup Media FILE SERVER 1 Total 128886 5MB Free 26234 2MB Server Config 1 Configured Mounted Active Host 10 37 74 1 Username root Path tftpboot backup...

Page 2356: ...t status use the command x930 master show atmf backup guest Output Figure 54 13 Example output from show atmf backup guest Parameter Description node name The name of parent guest node guest port The...

Page 2357: ...21 46 Good USB 19 Jan 2016 22 21 46 Good Table 54 1 Parameters in the output from show atmf backup guest Parameter Description Guest Backup The status of the guest node backup process Scheduled Backu...

Page 2358: ...a single VAA host See the AMF Feature Overview and_Configuration Guide for more information on running multiple tenants on a single VAA host Syntax show atmf container detail container name Mode Privi...

Page 2359: ...e command Memory The amount of memory the container is using on the VAA host CPU The percentage of CPU time the container is using on the VAA at the time the show command is run awplus show atmf conta...

Page 2360: ...AMF management IP address CPU use The CPU usage of the container since it was enabled Memory use Container memory usage Link Each container has two links 1 An AMF area link this connects the container...

Page 2361: ...t screen from this command is shown below Parameter Description detail Displays output in greater depth atmf 1 show atmf detail ATMF Detail Information Network Name Test_network Network Mtu 1300 Node...

Page 2362: ...AMF root node Domain State The state of Node in a Domain in AMF network as Controller Backup Recovery State The AMF node recovery status Indicates whether a node recovery is in progress on this device...

Page 2363: ...of these groups Syntax show atmf group user defined automatic Default All groups are displayed Mode Privileged Exec Example 1 To display group membership of node2 use the following command node2 show...

Page 2364: ...on master poe x8100 node1 node2 node3 node4 node5 node6 ATMF group information sysadmin x8100 AMF_NETWORK 6 Table 56 Sample output from the show atmf group command for a working set AMF_NETWORK 6 show...

Page 2365: ...rs based on their own criteria which can be used to select groups of nodes Syntax show atmf group members user defined automatic Mode Privileged Exec Example To display group membership of all nodes i...

Page 2366: ...e 59 Parameter definitions from the show atmf group members command Parameter Definition Automatic Groups Lists the Automatic Groups and their nodal composition The sample output shows AMF nodes based...

Page 2367: ...command awplus show atmf guests Output Figure 54 17 Example output from the show atmf guests command master show atmf guests Guest Information Device Device Parent Guest IP IPv6 Name Type Node Port A...

Page 2368: ...mf guestlink show atmf backup guest show atmf links guest Parent Node The name of the AMF node that directly connects to the guest node Guest Port The port on the parent node that directly connects to...

Page 2369: ...and specify the node name or show atmf links guest detail which shows information about the guest nodes and also about their link to their parent node Note that the parameters that are displayed depen...

Page 2370: ...is discovered from the device or failing that auto assigned by AMF The auto assigned name consists of parent node name attached port number You can change this by configuring a description on the por...

Page 2371: ...ence for x510 Series 2371 AlliedWare Plus Operating System Version 5 4 7 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS SHOW ATMF GUESTS DETAIL Related Commands atmf guest class switchport atmf...

Page 2372: ...f links brief Figure 54 19 Example output from show atmf links brief Parameter Description brief A brief summary of AMF links their configuration and status Example core show atmf links ATMF Link Brie...

Page 2373: ...d to ensure link is stable Incompatible Neighbor rejected the link because of inconsistency in AMF configurations OneWay Link is up and has waited the hold down period and now attempting to link to an...

Page 2374: ...etail The output from this command will display all the internal data held for AMF links The following example gives details of the links that are summarized in the example in show atmf links Paramete...

Page 2375: ...610 Example core 4610 Transaction ID 2 2 MAC Address eccd 6dd1 64d0 0000 cd37 054b Link State Full Full Domain Nodes Tree Node Building A Links on Node 1 Link 0 Building A 4630 Example core 4630 Forwa...

Page 2376: ...e Depth 0 Transaction ID 6 Flags 32 Domain Controller Domain Controller MAC 0000 0000 0000 Downlink Domain Information Domain Dept A s domain Domain Controller Dept A Domain Controller MAC eccd 6d20 c...

Page 2377: ...t Domain Dorm D s domain Node Building A Ifindex 0 Transaction ID 20 Flags 32 Domain Dorm D s domain Node Building B Ifindex 0 Transaction ID 20 Flags 32 Domain Dorm D s domain Node Example core Ifind...

Page 2378: ...ent MAC eccd 6ddf 6cdf Adjacent Domain Controller Dorm D Adjacent Domain Controller MAC 0000 cd37 082c Port Forwarding State Forwarding Port BPDU Receive Count 95 Port Sequence Number 11 Port Adjacent...

Page 2379: ...n Link has been shut down by user configuration Port BPDU Receive Count The number of AMF protocol PDU s received Adjacent Node Name The name of the adjacent node connected to this node Adjacent Ifind...

Page 2380: ...er for the neighbor in crosslink Flags Used in domain messages to exchange the state ATMF_DOMAIN_FLAG_DOWN 0 ATMF_DOMAIN_FLAG_UP 1 ATMF_DOMAIN_FLAG_BLOCK 2 ATMF_DOMAIN_FLAG_NOT_PRESENT 4 ATMF_DOMAIN_F...

Page 2381: ...irtual router id for the local port Port Status Shows status of the local port on the Node as UP DOWN Port State AMF state of the local port Adjacent Node nodename of the adjacent node Adjacent Intern...

Page 2382: ...nd Reference for x510 Series 2382 AlliedWare Plus Operating System Version 5 4 7 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS SHOW ATMF LINKS DETAIL Related Commands no debug all clear atmf li...

Page 2383: ...tion about AMF guests that are connectible from node1 use the command node1 show atmf links guest Output Figure 54 20 Example output from show atmf links guest Parameter Description interface interfac...

Page 2384: ...hport atmf guestlink show atmf backup guest Model Type The model type of the guest node as entered by the modeltype command Can be one of the following alliedware aw tq other DC The discovery method a...

Page 2385: ...Display details for all ports with guest nodes connected Mode User Exec Privileged Exec Usage Use this command to display the guest nodes connected to a single parent node If you want to see a list o...

Page 2386: ...n node1 1 0 17 Firmware Version 3 2 1 A02 Table 54 2 Parameters in the output from show atmf links guest detail Parameter Description Interface The port on the parent node that connects to the guest L...

Page 2387: ...is in the process of retrieving any other available information from the guest firmware version etc The information available depends on what device the guest node is Full The AMF device has retrieve...

Page 2388: ...guest Serial Number The serial number of the guest node Firmware Name The name of the firmware operating on the guest node Firmware Version The version of the firmware operating on the guest node HTT...

Page 2389: ...vice1 show atmf links statistics Parameter Description interface Specifies that the command applies to a specific interface port or range of ports Where both the interface and port number are unspecif...

Page 2390: ...hecksum or type Type7 0 Incarnation is not possible with the data received Type8 0 Discard crosslink hello received not correct state Type9 0 Discard crosslink domain hello received on non crosslink T...

Page 2391: ...o debug all clear atmf links statistics show atmf device1 show atmf links statistics interface port1 0 5 ATMF Port Statistics Transmit Receive port1 0 5 Crosslink Hello 231 232 port1 0 5 Crosslink Hel...

Page 2392: ...d other improvements Syntax show atmf nodes guest all Mode Privileged Exec Usage You can use this command to display one of three sets of nodes all nodes except guest nodes by specifying show atmf nod...

Page 2393: ...age at the end node1 show atmf nodes all Node and Guest Information Local device SC Switch Configuration C Chassis S Stackable N Standalone G Guest Node Guest Device ATMF Parent Node Name Type Master...

Page 2394: ...d is run Example To show the details of all the provisioned nodes in the backup use the command NodeName show atmf provision nodes Figure 54 24 Sample output from the show atmf provision nodes command...

Page 2395: ...secure mode Output Figure 54 25 Example output from show atmf secure mode on an AMF master Figure 54 26 Example output from show atmf secure mode on an AMF node ATMF Secure Mode Secure Mode Status Ena...

Page 2396: ...cate Expiry Certificate expiry time Set with atmf secure mode certificate expiry Certificates Total Total number of certificates Certificates Revoked Certificates that have been revoked by the AMF mas...

Page 2397: ...rning The default username and password is enabled Good SNMP V1 or V2 is disabled Warning Telnet server is enabled Good ATMF is enabled Secure Mode is on Good ATMF Topology GUI is disabled No trustpoi...

Page 2398: ...F secure mode link audits for a node use the command awplus show atmf secure mode audit link Output Figure 54 28 Example output from show atmf secure mode audit link Related Commands show atmf show at...

Page 2399: ...MF secure mode certificates for a node named area_2_node_1 in an area named area 2 use the command awplus show atmf secure mode certificates detail area area 2 node area_2_node_1 Output Figure 54 29 E...

Page 2400: ...AMF commands Valid statuses are Active Revoked and Rejected Certificates Detail area_2_node_1 area area 2 MAC Address 0000 cd37 0003 Status Active Serial Number A24SC8001 Product x510 28GTX Key Finger...

Page 2401: ...LLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS SHOW ATMF SECURE MODE CERTIFICATES Related Commands atmf authorize atmf secure mode atmf secure mode certificate expire atmf secure mode certificate ren...

Page 2402: ...ster or member node use the command awplus show atmf secure mode sa detail neighbor Output Figure 54 31 Example output from show atmf secure mode sa Parameter Description detail Display detailed secur...

Page 2403: ...eccd 6d82 6c16 Flags 000003c0 Id 83 40000053 Type Neighbor Gateway State Complete Remote MAC Address 001a eb54 e53b Flags 000003c0 Id 175 400000af Type Neighbor Gateway State Complete Remote MAC Addre...

Page 2404: ...ler master neighbor relationship Broadcast SA for working set broadcast requests State Current state of the Security Association The state must be Complete before a member node is trusted and can be a...

Page 2405: ...le To display AMF secure mode statistics on a master or member node use the command awplus show atmf secure mode statistics Output Figure 54 33 Example output from show atmf secure mode statistics on...

Page 2406: ...e mode atmf secure mode certificate renew clear atmf secure mode statistics show atmf secure mode Command changes Version 5 4 7 0 3 command added ATMF Secure Mode Statistics Local Certificates Valid 3...

Page 2407: ...ow atmf tech Table 55 Sample output from the show atmf tech command node1 show atmf tech ATMF Summary Information ATMF Status Enabled Network Name ATMF_NET Node Name node1 Role Master Current ATMF Nod...

Page 2408: ...gned to the node within the AMF network Role The role configured on the device within the AMF either master or member Current ATMF Nodes A count of the AMF nodes in the AMF network Node Address The id...

Page 2409: ...t address used for this traffic Domain IP Address the IP address allocated for this traffic Domain Mask the Netmask used to create a subnet for this traffic 255 255 128 0 prefix 17 Device Type Shows t...

Page 2410: ...nects to a virtual link The first link has the IP address 192 168 1 1 and has a Local ID of 1 The second has the IP address 192 168 2 1 and has the Local ID of 2 Example 2 To display AMF virtual links...

Page 2411: ...amed vlink1 equivalent to an L2TP tunnel Local ID The local ID of the virtual link This matches the vlink number State The operational state of the vlink either Up or Down This state is always display...

Page 2412: ...d displays the nodes that form the current AMF working set Syntax show atmf working set Mode Privileged Exec Example To show current members of the working set use the command ATMF_NETWORK 6 show atmf...

Page 2413: ...Mode User Exec and Global Configuration Example To display the AMF debugging status use the command node_1 show debugging atmf Figure 54 35 Sample output from the show debugging atmf command Related...

Page 2414: ...the AMF packet debugging status use the command node_1 show debug atmf packet Figure 54 36 Sample output from the show debugging atmf packet command Related Commands debug atmf debug atmf packet Tabl...

Page 2415: ...plays the running system information that is specific to AMF Syntax show running config atmf Mode User Exec and Global Configuration Example To display the current configuration of AMF use the followi...

Page 2416: ...is disabled Mode AMF Container Configuration Usage The first time the state enable command is executed on a container it assigns the container to an area and configures it as an AMF master This is ach...

Page 2417: ...er vac wlg 1 use the commands awplus configure terminal awplus config atmf container vac wlg 1 awplus config atmf container state enable To stop the AMF container vac wlg 1 use the commands awplus con...

Page 2418: ...are not visible to AMF networks Mode Interface mode for a switch port Note that the link between the x600 and the AMF network must be a single link not an aggregated link Usage The x600 Series switch...

Page 2419: ...he same area password must exist on both ends of the link Running this command will automatically place the port or static aggregator into trunk mode i e switchport mode trunk and will synchronize the...

Page 2420: ...for x510 Series 2420 AlliedWare Plus Operating System Version 5 4 7 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS SWITCHPORT ATMF AREALINK REMOTE AREA Related Commands atmf area atmf area passw...

Page 2421: ...tion for a switchport a static aggregator or a dynamic channel group Usage Crosslinks can be used anywhere within an AMF network They have the effect of separating the AMF network into separate domain...

Page 2422: ...ure terminal Node_1 config interface sa1 Node_1 config if switchport atmf crosslink Node_1 config if switchport trunk allowed vlan add 2 Node_1 config if switchport trunk native vlan none In this exam...

Page 2423: ...configure switch port 1 0 44 to be a guest link that will connect to a guest node having a guest class of camera and an IPv4 address of 192 168 3 3 use the following commands node1 configure terminal...

Page 2424: ...link node1 config if end Example 4 To configure switch ports 1 0 52 to 1 0 54 to be guest links for the guest class camera use the following commands node1 configure terminal node1 config int port1 0...

Page 2425: ...nterconnected AMF domains This tree must be loop free Therefore you must configure your links so that no rings are formed only from up down links and or virtual links Within each domain cross links be...

Page 2426: ...leave Example 2 The following commands will configure trigger 5 to activate if an AMF node join event occurs on any node within the working set node1 atmf working set group all This command returns t...

Page 2427: ...returns the following display node1 TR Type Details Description Ac Te Tr Repeat Scr Days Date 001 Periodic 2 min Periodic Status Chk Y N Y Continuous 1 smtwtfs 005 ATMF node leave E mail on ATMF Exit...

Page 2428: ...13 50170 01 Rev B Command Reference for x510 Series 2428 AlliedWare Plus Operating System Version 5 4 7 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS TYPE ATMF NODE Related Commands show trigge...

Page 2429: ...rence for x510 Series 2429 AlliedWare Plus Operating System Version 5 4 7 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS UNDEBUG ATMF undebug atmf Overview This command is an alias for the no va...

Page 2430: ...as the guest class of phone1 use the following commands node1 conf t node1 config amf guest class phone1 node1 config atmf guest username reception password secret node1 config atmf guest end Example...

Page 2431: ...3 50170 01 Rev B Command Reference for x510 Series 2431 AlliedWare Plus Operating System Version 5 4 7 1 x ALLIED TELESIS MANAGEMENT FRAMEWORK AMF COMMANDS USERNAME show atmf links guest show atmf nod...

Page 2432: ...h AlliedWare Plus Feature Overview and Configuration Guide This guide is available at the above link on alliedtelesis com Command List bootfile on page 2434 clear ip dhcp binding on page 2435 default...

Page 2433: ...age 2464 probe enable on page 2466 probe packets on page 2467 probe timeout on page 2468 probe type on page 2469 range on page 2470 route on page 2471 service dhcp relay on page 2472 service dhcp serv...

Page 2434: ...of the boot file that the client should use in its bootstrap process It may need to include a path The no variant of this command removes the boot filename from a DHCP server pool Syntax bootfile fil...

Page 2435: ...or range are specified and one or more static DHCP bindings exist within those addresses any dynamic entries within those addresses are cleared but any static entries are not cleared Examples To clea...

Page 2436: ...fault router or all default routers from the DHCP pool Syntax default router ip address no default router ip address Mode DHCP Configuration Examples To add a router with an IP address 192 168 1 2 to...

Page 2437: ...CP pool Syntax dns server ip address no dns server ip address Mode DHCP Configuration Examples To add the DNS server with the assigned IP address 192 168 1 1 to the DHCP pool named P1 use the followin...

Page 2438: ...e no variant of this command removes the domain name from the address pool Syntax domain name domain name no domain name Mode DHCP Configuration Examples To add the domain name Nerv_Office to DHCP poo...

Page 2439: ...ust be configured using a network command before issuing a host command Also note that a host address must match a network to add a static host address Examples To add the host at 192 168 1 5 with the...

Page 2440: ...e with the ip name server command Option 15 a domain name used to resolve host names This option replaces the domain name set with the ip domain name command Your device ignores this domain name if it...

Page 2441: ...ONFIGURATION PROTOCOL DHCP COMMANDS IP ADDRESS DHCP To stop the interface vlan10 from using DHCP to obtain its IP address use the commands awplus configure terminal awplus config interface vlan10 awpl...

Page 2442: ...ts by default The no variant of this command configures the DHCP server to accept BOOTP requests This is the default setting Syntax ip dhcp bootp ignore no ip dhcp bootp ignore Mode Global Configurati...

Page 2443: ...ges Use the no variant of this command to disable the support of DHCPLEASEQUERY packets For more information see the DHCP Feature Overview and Configuration Guide Syntax ip dhcp leasequery enable no i...

Page 2444: ...on 1 254 The option number of the option Options with the same number as one of the standard options overrides the standard option definition option name Option name used to identify the option You ca...

Page 2445: ...defined IP address option as option 175 with the name special address use the commands awplus configure terminal awplus config ip dhcp option 175 name special address ip To remove the specific user de...

Page 2446: ...ltiple interfaces This allows the device to act as a DHCP server on multiple interfaces to distribute different information to clients on the different networks The no variant of this command deletes...

Page 2447: ...e is added to the IP routing table This can be problematic if the DHCP client is operating via an interface that is only intended to be used for back up interface redundancy purposes such as a VLAN co...

Page 2448: ...P COMMANDS IP DHCP CLIENT DEFAULT ROUTE DISTANCE To set the AD for the default route back to the default value of 1 use the commands awplus configure terminal awplus config interface vlan10 awplus con...

Page 2449: ...gent Option 82 introductory information see the DHCP Feature Overview and Configuration Guide NOTE The DHCP relay service mightalter the content of the DHCP Relay AgentOption 82 field if the commands...

Page 2450: ...edWare Plus Operating System Version 5 4 7 1 x DYNAMIC HOST CONFIGURATION PROTOCOL DHCP COMMANDS IP DHCP RELAY AGENT OPTION Related Commands ip dhcp relay agent option remote id ip dhcp relay informat...

Page 2451: ...nabled on the device service dhcp relay For DHCP Relay Agent and DHCP Relay Agent Option 82 introductory information see the DHCP Feature Overview and Configuration Guide Syntax ip dhcp relay agent op...

Page 2452: ...relay agent option remote id Default The Remote ID is set to the device s MAC address by default Mode Interface Configuration for a VLAN interface Usage The Remote ID sub option is included in the DHC...

Page 2453: ...g DHCP Relay Agent Option 82 field with its own DHCP Relay Agent field This is equivalent to the functionality of the replace parameter The no variant of this command returns the policy to the default...

Page 2454: ...contain DHCP Relay Agent Option 82 information use the commands awplus configure terminal awplus config interface vlan15 awplus config if ip dhcp relay information policy drop To reset the DHCP relay...

Page 2455: ...e no variant of this command to reset the hop count to the default For DHCP Relay Agent and DHCP Relay Agent Option 82 introductory information see the DHCP Feature Overview and Configuration Guide Sy...

Page 2456: ...sage When a DHCP Relay Agent that has DHCP Relay Agent Option 82 insertion enabled receives a request packet from a DHCP client it will append the DHCP Relay Agent Option 82 component data and forward...

Page 2457: ...TION PROTOCOL DHCP COMMANDS IP DHCP RELAY MAX MESSAGE LENGTH To reset the maximum DHCP message length to the default of 1400 bytes for packets arriving in interface vlan7 use the commands awplus confi...

Page 2458: ...e no ip dhcp relay server address ipv4 address ipv6 address server interface no ip dhcp relay Mode Interface Configuration for a VLAN interface Usage For a DHCP server with an IPv6 address you must sp...

Page 2459: ...an2 awplus config if no ip dhcp relay server address 192 0 2 200 To enable the DHCP Relay Agent on your device to relay DHCP packets on interface vlan10 to the DHCP server with the IPv6 address 2001 0...

Page 2460: ...set the lease expiry time to infinite leases never expire Use the no variant of this command to return the lease expiration time back to the default of one day Syntax lease days hours minutes seconds...

Page 2461: ...plus config ip dhcp pool Nerv_Office awplus dhcp config lease 1 5 30 To set the lease expiration time for the address pool P3 to 20 seconds use the commands awplus configure terminal awplus config ip...

Page 2462: ...the pool You must remove all ranges in the pool before issuing a no network command to remove a network from the pool Examples To configure a network for the address pool P2 where the subnet is 192 0...

Page 2463: ...t server that the client should use in its bootstrap process The no variant of this command removes the next server address from the DHCP address pool Syntax next server ip address no next server Mode...

Page 2464: ...oves the specified user defined option from the DHCP pool or all user defined options from the DHCP pool Syntax option 1 254 option name option value no option 1 254 option value Mode DHCP Configurati...

Page 2465: ...option tcpip node type 08af To add multiple IP addresses for the ip type option 175 use the command awplus dhcp config option 175 192 0 2 6 awplus dhcp config option 175 192 0 2 12 awplus dhcp config...

Page 2466: ...used by another host The no variant of this command disables probing for a DHCP pool Syntax probe enable no probe enable Default Probing is enabled by default Mode DHCP Pool Configuration Examples To...

Page 2467: ...er of probe packets sent to the default of 5 Syntax probe packets 0 10 no probe packets Default The default is 5 Mode DHCP Pool Configuration Examples To set the number of probe packets to 2 for pool...

Page 2468: ...ting 200 milliseconds Syntax probe timeout 50 5000 no probe timeout Default The default timeout interval is 200 milliseconds Mode DHCP Pool Configuration Examples To set the probe timeout value to 500...

Page 2469: ...ill send an ICMP Echo Request ping The no variant of this command sets the probe type to the default setting ping Syntax probe type arp ping no probe type Default The default probe type is ping Mode D...

Page 2470: ...l address ranges from the DHCP pool Syntax range ip address ip address no range ip address ip address no range all Mode DHCP Configuration Examples To add an address range of 192 0 2 5 to 192 0 2 16 t...

Page 2471: ...de DHCP Configuration Examples To distribute static routes for route 0 0 0 0 0 whose next hop is 192 16 1 1 to clients using both opt249 and rfc3442 use the command awplus configure terminal awplus co...

Page 2472: ...cp relay no service dhcp relay Mode Global Configuration Usage A maximum number of 400 DHCP Relay Agents one per interface can be configured on the device Once this limit has been reached any further...

Page 2473: ...n your device The server then listens for DHCP requests on all IP interfaces It will not run if there are no IP interfaces configured The no variant of this command disables the DHCP server Syntax ser...

Page 2474: ...output from the show counter dhcp client command Related Commands ip address dhcp show counter dhcp client DHCPDISCOVER out 10 DHCPREQUEST out 34 DHCPDECLINE out 4 DHCPRELEASE out 0 DHCPOFFER in 22 DH...

Page 2475: ...lay Output Figure 55 2 Example output from the show counter dhcp relay command awplus show counter dhcp relay DHCP relay counters Requests In 4 Replies In 4 Relayed To Server 4 Relayed To Client 4 Out...

Page 2476: ...t Option The number of incoming DHCP Reply messages dropped due to a missing relay agent information option field Note that Agent Option counters only increment on errors occurring if the ip dhcp rela...

Page 2477: ...interface Messages generating the errors are only dropped if the ip dhcp relay agent option checking command is configured on the interface as well as the ip dhcp relay agent option command Option In...

Page 2478: ...from the show counter dhcp server command DHCP server counters DHCPDISCOVER in 20 DHCPREQUEST in 12 DHCPDECLINE in 1 DHCPRELEASE in 0 DHCPINFORM in 0 DHCPOFFER out 8 DHCPACK out 4 DHCPNAK out 0 BOOTR...

Page 2479: ...ssages sent by the DHCP server The server sends these after receiving a request that it cannot fulfil because either there are no available IP addresses in the related address pool or the request has...

Page 2480: ...device For information on filtering and saving command output see Controlling show Command Output in the Getting Started with AlliedWare_Plus Feature Overview and Configuration Guide Syntax show dhcp...

Page 2481: ...19 Renew 13 Mar 2017 18 37 06 Rebind 13 Mar 2017 19 49 29 Server Options subnet mask 255 255 255 0 routers 19 18 2 100 12 16 2 17 dhcp lease time 3600 dhcp message type 5 domain name servers 192 168...

Page 2482: ...plus show ip dhcp binding 172 16 2 16 To display the leases from the address pool MyPool use the command awplus show ip dhcp binding MyPool Output Figure 55 5 Example output from the show ip dhcp bind...

Page 2483: ...x510 Series 2483 AlliedWare Plus Operating System Version 5 4 7 1 x DYNAMIC HOST CONFIGURATION PROTOCOL DHCP COMMANDS SHOW IP DHCP BINDING Related Commands clear ip dhcp binding ip dhcp pool lease ra...

Page 2484: ...ss pool Mode User Exec and Privileged Exec Example awplus show ip dhcp pool Output Figure 55 6 Example output from the show ip dhcp pool command Parameter Description address pool Name of a specific a...

Page 2485: ...dresses Total 8 Leased 2 Utilization 25 0 Static host addresses Total 1 Leased 1 Table 3 Parameters in the output of the show ip dhcp pool command Parameter Description Pool Name of the pool network S...

Page 2486: ...is sent In the range 50 to 5000 dns servers The DNS server addresses sent to by the pool to clients default router s The default router addresses sent by the pool to clients user defined options The l...

Page 2487: ...ries 2487 AlliedWare Plus Operating System Version 5 4 7 1 x DYNAMIC HOST CONFIGURATION PROTOCOL DHCP COMMANDS SHOW IP DHCP POOL Related Commands ip dhcp pool probe enable probe packets probe timeout...

Page 2488: ...terface vlan100 use the command awplus show ip dhcp relay interface vlan100 Output Figure 55 8 Example output from the show ip dhcp relay command Related Commands ip dhcp relay agent option ip dhcp re...

Page 2489: ...vileged Exec Example To display the server statistics use the command awplus show ip dhcp server statistics Output Figure 55 9 Example output from the show ip dhcp server statistics command DHCP serve...

Page 2490: ...a request that it cannot fulfil because either there are no available IP addresses in the related address pool or the request has come from a client that doesn t fit the network setting for an address...

Page 2491: ...ls currently configured This show command does not include any configuration details of the address pools You can display these using the show ip dhcp pool command For information on filtering and sav...

Page 2492: ...en the pool s network mask specified using the next server command is applied The no variant of this command removes a subnet mask option from a DHCP pool The pool reverts to using the pool s network...

Page 2493: ...prefixes DHCPv6 Prefix Delegation provides automatic configuration of IPv6 addresses and IPv6 prefixes For information on filtering and saving command output see the Getting Started with AlliedWare Pl...

Page 2494: ...2515 ipv6 dhcp pool on page 2517 ipv6 dhcp server on page 2519 ipv6 local pool on page 2520 ipv6 nd prefix DHCPv6 on page 2522 link address on page 2524 option DHCPv6 on page 2526 prefix delegation p...

Page 2495: ...nge available allocated by the IPv6 prefix randomly generating the suffix of the IPv6 address with the specified preferred and valid lifetime leases Leased IPv6 address are found in the Parameter Desc...

Page 2496: ...sent from deprecated addresses or prefixes are delivered as expected An IPv6 address or prefix becomes invalid and is not available to an interface when the valid lifetime timer expires Invalid addres...

Page 2497: ...n A deprecated address or prefix should not be used as a source address or prefix but packets sent from deprecated addresses or prefixes are delivered as expected Parameter Description first ipv6 addr...

Page 2498: ...To add the IPv6 address range 2001 0db8 1 1 to 2001 0db8 1fff 1 for DHCPv6 server pool configuration use the following commands awplus configure terminal awplus config ipv6 dhcp pool pool1 awplus con...

Page 2499: ...OUNTER IPV6 DHCP CLIENT clear counter ipv6 dhcp client Overview Use this command in Privileged Exec mode to clear DHCPv6 client counters Syntax clear counter ipv6 dhcp client Mode Privileged Exec Exam...

Page 2500: ...OUNTER IPV6 DHCP SERVER clear counter ipv6 dhcp server Overview Use this command in Privileged Exec mode to clear DHCPv6 server counters Syntax clear counter ipv6 dhcp server Mode Privileged Exec Exam...

Page 2501: ...es are cleared but any static entries are not cleared The clear ipv6 dhcp binding command is used as a server function A binding table entry on the DHCPv6 server is automatically Created whenever a pr...

Page 2502: ...DHCPV6 COMMANDS CLEAR IPV6 DHCP BINDING Example To clear all dynamic DHCPv6 server binding entries use the command awplus clear ipv6 dhcp binding all Output Figure 56 1 Example output from the clear...

Page 2503: ...ew Use this command in Privileged Exec mode to restart a DHCPv6 client on an interface Syntax clear ipv6 dhcp client interface Mode Privileged Exec Example To restart a DHCPv6 client on interface vlan...

Page 2504: ...add the DNS server with the assigned IPv6 address 2001 0db8 3000 3000 32 to the DHCPv6 server pool named P2 use the following commands awplus configure terminal awplus config ipv6 dhcp pool P2 awplus...

Page 2505: ...1 Rev B Command Reference for x510 Series 2505 AlliedWare Plus Operating System Version 5 4 7 1 x DHCP FOR IPV6 DHCPV6 COMMANDS DNS SERVER DHCPV6 Related Commands ipv6 dhcp pool option DHCPv6 show ipv...

Page 2506: ...the pre defined option 15 Note that if you add a user defined option 15 using the option DHCPv6 command then you will override any settings created with this command Examples To add the domain name E...

Page 2507: ...is generated by the operating system when DHCP first starts If the OS is reinstalled the DUID LLT can change and any multiple operating systems on the machine will all have different DUIDs Configuring...

Page 2508: ...n specifying the eui64 parameter the interface identifier of the IPv6 address is derived from the MAC address of the device For more information about EUI64 see the IPv6 Feature Overview and Configura...

Page 2509: ...gn the IPv6 address 2001 0db8 a2 48 to the VLAN interface vlan2 use the following commands awplus configure terminal awplus config interface vlan2 awplus config if ipv6 address 2001 0db8 a2 48 To remo...

Page 2510: ...db8 32 from VLAN interface vlan2 use the following commands awplus configure terminal awplus config interface vlan2 awplus config interface vlan2 awplus config if no ipv6 address 2001 0db8 64 eui64 V...

Page 2511: ...ault routers Option 6 a list of DNS servers This list appends the DNS servers set on your device with the dns server DHCPv6 command Option 15 a domain name used to resolve host names This option repla...

Page 2512: ...or x510 Series 2512 AlliedWare Plus Operating System Version 5 4 7 1 x DHCP FOR IPV6 DHCPV6 COMMANDS IPV6 ADDRESS DHCP Related Commands clear ipv6 dhcp client ipv6 address ipv6 address DHCPv6 PD show...

Page 2513: ...an interface Usage Entering the ipv6 dhcp client pd command starts the DHCPv6 client process if not already running and enables requests for prefix delegation through the interface on which the comma...

Page 2514: ...V6 DHCP CLIENT PD To disable prefix delegation on the VLAN interface vlan2 use the following commands awplus configure terminal awplus config interface vlan2 awplus config if no ipv6 dhcp client pd Re...

Page 2515: ...54 The option number of the option Options with the same number as one of the standard options overrides the standard option definition option name Option name used to identify the option You cannot u...

Page 2516: ...ig ipv6 dhcp option 46 name tcpip node type hex To define a user defined IP address option as option 175 with the name special address use the following commands awplus configure terminal awplus confi...

Page 2517: ...nd to delete the specific DHCPv6 pool Syntax ipv6 dhcp pool DHCPv6 poolname no ipv6 dhcp pool DHCPv6 poolname Mode Global Configuration Usage All DHCPv6 prefix pool names must be unique IPv6 prefix po...

Page 2518: ...nce for x510 Series 2518 AlliedWare Plus Operating System Version 5 4 7 1 x DHCP FOR IPV6 DHCPV6 COMMANDS IPV6 DHCP POOL Related Commands ipv6 local pool option DHCPv6 prefix delegation pool show ipv6...

Page 2519: ...egation and configuration through the specified interface Note that DHCPv6 client DHCPv6 server and DHCPv6 relay are mutually exclusive on an interface When one of the DHCPv6 functions is enabled on a...

Page 2520: ...dresses an IPv6 address prefix areassignedandnotsingleIPv6addresses IPv6prefixpoolsarenotallowed to overlap Parameter Description DHCPv6 poolname Description used to identify this DHCPv6 server pool V...

Page 2521: ...fixpool All IPv6prefixesalready allocated are also freed Examples To create alocalDHCPv6 local pool named P2 withtheIPv6 prefixand prefixlength 2001 0db8 32 with an assigned length of 64 use the follo...

Page 2522: ...s usually set between 0 and 64 valid lifetime The the period during which the specified IPv6 address prefix is valid This can be set to a value between 5 and 315360000 seconds Note that this period sh...

Page 2523: ...ddresses or prefixes should not appear as the source or destination for a packet Examples The following example configures the device to issue RAs Router Advertisements on the VLAN interface vlan4 and...

Page 2524: ...eceived via an intermediate relay to a configured delegation pool When an address on the incoming interface of the DHCPv6 server or a link address set in the incoming delegation request packet from th...

Page 2525: ...0db8 1 48 as the link address for pool P2 use the following commands awplus configure terminal awplus config ipv6 dhcp pool P2 awplus config dhcp6 address prefix 2001 0db8 2 48 awplus config dhcp6 lin...

Page 2526: ...ddress format so if the option already exists in the pool then the new IP address is added to the list of existing IPv6 prefixes Also note options with the same number as one of the pre defined option...

Page 2527: ...ue 08af use the following commands awplus configure terminal awplus config ipv6 dhcp pool P2 awplus config dhcp6 option tcpip node type 08af To add multiple IP addresses for the ip type option 175 use...

Page 2528: ...ain unassignedprefixes fromthe pool After the client releases the previously assigned prefixes the server returns the prefixes to the pool for reassignment Preferred IPv6 addresses or prefixes are ava...

Page 2529: ...invalid and is not available to an interface when the valid lifetime timer expires Invalid addresses or prefixes should not appear as the source or destination for a packet Example This example adds...

Page 2530: ...er information use the command awplus show counter ipv6 dhcp client Output Figure 56 2 Example output from the show counter ipv6 dhcp client command awplus show counter ipv6 dhcp client SOLICIT out 20...

Page 2531: ...s sent by the DHCPv6 client REPLY in Displays the count of REPLY messages received by the DHCPv6 client RELEASE out Displays the count of RELEASE messages sent by the DHCPv6 client DECLINE out Display...

Page 2532: ...r information use the command awplus show counter ipv6 dhcp server Output Figure 56 3 Example output from the show counter ipv6 dhcp server command awplus show counter ipv6 dhcp server SOLICIT in 20 A...

Page 2533: ...eived by the DHCPv6 server REPLY out Displays the count of REPLY messages sent by the DHCPv6 server RELEASE in Displays the count of RELEASE messages received by the DHCPv6 server DECLINE in Displays...

Page 2534: ...age The DUID is based on the link layer address for both DHCPv6 client and DHCPv6 server identifiers The device uses the MAC address from the lowest interface number for the DUID The DUID is used by a...

Page 2535: ...and Privileged Exec Example 1 To display the total DHCPv6 leasing address entries for all pools use the command awplus show ipv6 dhcp binding summary Output Figure 56 5 Example output from the show i...

Page 2536: ...ID DHCPv6 unique identifier DUID see RFC 3315 Each DHCPv6 client has as DUID DHCPv6 servers use DUIDs to identify clients for the association of IAs Identity Associations with DHCPv6 clients DHCPv6 cl...

Page 2537: ...COMMANDS SHOW IPV6 DHCP BINDING Related Commands clear ipv6 dhcp binding ipv6 dhcp pool show ipv6 dhcp pool starts at The date and time at which the valid lifetime expires expires at The date and tim...

Page 2538: ...information for all interfaces DHCPv6 is configured on use the command awplus show ipv6 dhcp interface Output Figure 56 7 Example output from the show ipv6 dhcp interface command Parameter Description...

Page 2539: ...efix 2002 0 3c0 42 preferred lifetime 604800 valid lifetime 2592000 starts at 20 Aug 2012 09 21 33 expires at 19 Sep 2012 09 21 33 Table 5 Parameters in the output of the show counter dhcp client comm...

Page 2540: ...us show ipv6 dhcp pool Output Figure 56 9 Example output from the show ipv6 dhcp pool command Parameter Description DHCPv6 address pool name Name of a specific DHCPv6 address pool This displays the co...

Page 2541: ...precated address or prefix should not be used as a source address or prefix but packets sent from deprecated addresses or prefixes are delivered as expected An IPv6 address or prefix becomes invalid a...

Page 2542: ...DHCPv6 Configuration Examples The following example adds an SNTP Server IPv6 address of 2001 0db8 32 to the DHCPv6 pool named P2 awplus configure terminal awplus config ipv6 dhcp pool P2 awplus config...

Page 2543: ...ion on filtering and saving command output see the Getting Started with AlliedWare_Plus Feature Overview and Configuration Guide Command List ntp access group deprecated on page 2544 ntp authenticate...

Page 2544: ...Series 2544 AlliedWare Plus Operating System Version 5 4 7 1 x NTP COMMANDS NTP ACCESS GROUP DEPRECATED ntp access group deprecated Overview This command has been deprecated in Software Version 5 4 6...

Page 2545: ...to authenticate the associations with other systems for security purposes The no variant of this command disables NTP authentication Syntax ntp authenticate no ntp authenticate Mode Global Configurati...

Page 2546: ...an MD5 authentication key number 134343 and a key value mystring use the commands awplus configure terminal awplus config ntp authentication key 134343 md5 mystring To disable the authentication key n...

Page 2547: ...roadcastdelay delay no ntp broadcastdelay Default 0 microsecond offset which can only be applied with the no variant of this command Mode Global Configuration Examples To set the estimated round trip...

Page 2548: ...192 168 1 0 16 subnet if they arrive more frequently than every 5 seconds and also send kiss of death messages use the commands awplus configure terminal awplus config ntp discard minimum 5 awplus co...

Page 2549: ...istance from the reference clock and exist to prevent cycles in the hierarchy Stratum 1 is used to indicate time servers which are more accurate than Stratum 2 servers For more information on the Netw...

Page 2550: ...92 0 2 23 awplus configure terminal awplus config ntp peer 192 0 2 23 awplus config ntp peer 192 0 2 23 prefer awplus config ntp peer 192 0 2 23 prefer version 4 awplus config ntp peer 192 0 2 23 pref...

Page 2551: ...lus config ntp peer 2001 0db8 010d 1 prefer awplus config ntp peer 2001 0db8 010d 1 prefer version 4 awplus config ntp peer 2001 0db8 010d 1 prefer version 4 key 1234 awplus config ntp peer 2001 0db8...

Page 2552: ...address Apply this restriction to the specified IPv4 or IPv6 host Enter an IPv4 address in the format A B C D Enter an IPv6 address in the format X X X X host subnet Apply this restriction to the spec...

Page 2553: ...0 2 1 and the subnet 192 168 1 0 16 to authenticate NTP sessions with this device use the commands awplus configure terminal awplus config ntp restrict 192 0 2 1 notrust awplus config ntp restrict 19...

Page 2554: ...s config ntp server 192 0 1 23 awplus config ntp server 192 0 1 23 prefer awplus config ntp server 192 0 1 23 prefer version 4 awplus config ntp server 192 0 1 23 prefer version 4 key 1234 awplus conf...

Page 2555: ...awplus config ntp server 2001 0db8 010e 2 prefer awplus config ntp server 2001 0db8 010e 2 prefer version 4 awplus config ntp server 2001 0db8 010e 2 prefer version 4 key 1234 awplus config ntp serve...

Page 2556: ...using this command is matched to the interface When selecting a source IP address to use for NTP messages to the peer if the configured NTP client source IP address is unavailable then default behavi...

Page 2557: ...onfigure the NTP source interface with the IPv6 address 2001 0db8 010e 2 enter the commands awplus configure terminal awplus config ntp source 2001 0db8 010e 2 To remove a configured address for the N...

Page 2558: ...dWare Plus Operating System Version 5 4 7 1 x NTP COMMANDS NTP TRUSTED KEY DEPRECATED ntp trusted key deprecated Overview This command has been deprecated in Software Version 5 4 6 1 1 Please use the...

Page 2559: ...x510 Series 2559 AlliedWare Plus Operating System Version 5 4 7 1 x NTP COMMANDS SHOW COUNTER NTP DEPRECATED show counter ntp deprecated Overview From version 5 4 6 1 x onwards this command has been...

Page 2560: ...5 256 377 27 144 0 775 0 193 system peer backup candidate outlier x false ticker Table 2 Parameters in the output from the show ntp associations command Parameter Description system peer The peer that...

Page 2561: ...when When last polled seconds ago h hours ago or d days ago poll Time between NTP requests from the device to the server reach An indication of whether or not the NTP server is responding to requests...

Page 2562: ...tricted 0 rate limited 0 KoD responses 0 processed for time 306 Table 57 1 Parameters in the output from show ntp counters Parameter Description uptime How long NTP has been running since it was last...

Page 2563: ...tch any restrict statements in the NTP restrictions NTP drops these packets See the command ntp restrict for more information rate limited The number of packets dropped because the packet rate exceede...

Page 2564: ...plicate 0 bad header 0 kod received 0 Table 57 2 Parameters in the output from show ntp counters associations Parameter Description Peer An NTP peer or server that the device is associated with sent T...

Page 2565: ...r The number of packets where one or more header fields are invalid kod received The number of Kiss of Death packets received from the peer KoD packets indicate that this device is sending NTP packets...

Page 2566: ...how ntp status For information about the output displayed by this command see ntp org Figure 57 3 Example output from the show ntp status command awplus show ntp status associd 0 status 061b leap_none...

Page 2567: ...mmand output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Command List debug snmp on page 2569 show counter snmp server on page 2570 show debugging snmp on pag...

Page 2568: ...eID local reset on page 2594 snmp server group on page 2595 snmp server host on page 2597 snmp server legacy ifadminstatus on page 2599 snmp server location on page 2600 snmp server source interface o...

Page 2569: ...mp detail To start SNMP debugging showing all SNMP debugging information use the command awplus debug snmp all Related Commands show debugging snmp terminal monitor undebug snmp Parameter Description...

Page 2570: ...ple output from the show counter snmp server command SNMP SERVER counters inPkts 11 inBadVersions 0 inBadCommunityNames 0 inBadCommunityUses 0 inASNParseErrs 0 inTooBigs 0 inNoSuchNames 0 inBadValues...

Page 2571: ...ed SNMP Messages inTooBigs The number of SNMP PDUs received by the SNMP agent where the value of the error status field is tooBig This is sent by an SNMP manager to indicate that an exception occurred...

Page 2572: ...SNMP agent has sent outTooBigs The number of SNMP PDUs that the SNMP agent has generated with the value tooBig in the error status field This is sent to the SNMP manager to indicate that an exception...

Page 2573: ...P agent s window UnknownUserNames The number of received packets that the SNMP agent has dropped because they referenced an unknown user UnknownEngineIDs The number of received packets that the SNMP a...

Page 2574: ...ew This command displays whether SNMP debugging is enabled or disabled Syntax show debugging snmp Mode User Exec and Privileged Exec Example To display the status of SNMP debugging use the command awp...

Page 2575: ...eged Exec Example To display the current configuration of SNMP on your device use the command awplus show running config snmp Output Figure 58 3 Example output from the show running config snmp comman...

Page 2576: ...show snmp server Mode Privileged Exec Example To display the status of the SNMP server use the command awplus show snmp server Output Figure 58 4 Example output from the show snmp server command Rela...

Page 2577: ...es configured on the device SNMP communities are specific to v1 and v2c Syntax show snmp server community Mode Privileged Exec Example To display the SNMP server communities use the command awplus sho...

Page 2578: ...show snmp server group Mode Privileged Exec Example To display the SNMP groups configured on the device use the command awplus show snmp server group Output Figure 58 6 Example output from the show s...

Page 2579: ...e SNMP server users and is used with SNMP version 3 only Syntax show snmp server user Mode Privileged Exec Example To display the SNMP server users configured on the device use the command awplus show...

Page 2580: ...he SNMP server views and is used with SNMP version 3 only Syntax show snmp server view Mode Privileged Exec Example To display the SNMP server views configured on the device use the command awplus sho...

Page 2581: ...regation e g sa2 po2 To specify where notifications are sent use the snmp server host command To configure the device globally to send other notifications use the snmp server enable trap command Examp...

Page 2582: ...nd Reference for x510 Series 2582 AlliedWare Plus Operating System Version 5 4 7 1 x SNMP COMMANDS SNMP TRAP LINK STATUS Related Commands show interface snmp trap link status suppress snmp server enab...

Page 2583: ...s started when the first link status notification of a particular type linkUp or linkDown is sent for an interface If the threshold number of notifications of this type is sent before the timerreaches...

Page 2584: ...1 x SNMP COMMANDS SNMP TRAP LINK STATUS SUPPRESS To disable the suppression link status notifications for port 1 0 2 use following commands awplus configure terminal awplus config interface port1 0 2...

Page 2585: ...ipv6 no snmp server ip ipv6 Default By default the SNMP agent is enabled for both IPv4 and IPv6 If neither the ip parameter nor the ipv6 parameter is specified for this command then SNMP is enabled or...

Page 2586: ...Version 5 4 7 1 x SNMP COMMANDS SNMP SERVER Related Commands show snmp server show snmp server community show snmp server user snmp server community snmp server contact snmp server enable trap snmp se...

Page 2587: ...no snmp server community community name view view name access list Mode Global Configuration Example The following command creates an SNMP community called public with read only access to all MIB vari...

Page 2588: ...is command removes the contact information from the system Syntax snmp server contact contact info no snmp server contact Mode Global Configuration Example To set the system contact information to sup...

Page 2589: ...Description atmf AMF traps atmflink AMF Link traps atmfnode AMF Node traps atmfrr AMF Reboot Rolling traps auth Authentication failure dhcpsnooping DHCP snooping and ARP security traps These notifica...

Page 2590: ...erver enable trap atmfnode To enable the device to send PoE related traps use the following commands awplus configure terminal awplus config snmp server enable trap power inline To disable PoE traps b...

Page 2591: ...Reference for x510 Series 2591 AlliedWare Plus Operating System Version 5 4 7 1 x SNMP COMMANDS SNMP SERVER ENABLE TRAP Related Commands show snmp server show ip dhcp snooping snmp trap link status s...

Page 2592: ...hich is permanently set unless it is configured by the user In a stacked environment if the same engine ID was automatically generated for all members of the stack conflicts would occur if the stack w...

Page 2593: ...values after configuration Related Commands show snmp server snmp server engineID local reset snmp server group awplus config snmp server engineid local asdgdfh231234d awplus config exit awplus show...

Page 2594: ...v3 engine ID by resetting the SNMPv3 engine If the current engine ID is user defined usethe snmp server engineID local command to set SNMPv3 engineID to a system generated value Syntax snmp server eng...

Page 2595: ...p server group groupname auth noauth priv Mode Global Configuration Examples To add SNMP group for ordinary users user the following commands awplus configure terminal awplus config snmp server group...

Page 2596: ...v B Command Reference for x510 Series 2596 AlliedWare Plus Operating System Version 5 4 7 1 x SNMP COMMANDS SNMP SERVER GROUP Related Commands snmp server show snmp server show snmp server group show...

Page 2597: ...NMP v2c or the authentication encryption parameters and user name SNMP v3 Syntax snmp server host ipv4 address ipv6 address traps version 1 community name snmp server host ipv4 address ipv6 address in...

Page 2598: ...traps to the IPv6 host destination 2001 db8 8a2e 7334 with the SNMPv2c community name private use the following command awplus configure terminal awplus config snmp server host version 2c private2001...

Page 2599: ...ct the administrative state of the interface Syntax snmp server legacy ifadminstatus no snmp server legacy ifadminstatus Default Legacy ifAdminStatus is turned off by default so by default the SNMP if...

Page 2600: ...variant of this command removes the configured location from the system Syntax snmp server location location name no snmp server location Mode Global Configuration Example To set the location to serv...

Page 2601: ...of the traps and informs messages Mode Global Configuration Usage An SNMP trap or inform message that is sent from an SNMP server carries the notification IP address of its originating interface Use...

Page 2602: ...delay time no snmp server startup trap delay Default The SNMP server trap delay time is 30 seconds The no variant restores the default Mode Global Configuration Example To delay the device sending SNM...

Page 2603: ...ords must be the same for both entities Use the encrypted parameter when you want to enter already encrypted passwords in encrypted form as displayed in the running and startup configs stored on the d...

Page 2604: ...command To enter existing SNMP user authuser with existing passwords as a member of group newusergroup with authentication protocol md5 plus the encrypted authentication password 0x1c74b9c22118291b0ce...

Page 2605: ...C613 50170 01 Rev B Command Reference for x510 Series 2605 AlliedWare Plus Operating System Version 5 4 7 1 x SNMP COMMANDS SNMP SERVER USER Related Commands show snmp server user snmp server view...

Page 2606: ...removes the specified view on the device The view must already exist Syntax snmp server view view name mib name included excluded no snmp server view view name Mode Global Configuration Examples The f...

Page 2607: ...Rev B Command Reference for x510 Series 2607 AlliedWare Plus Operating System Version 5 4 7 1 x SNMP COMMANDS UNDEBUG SNMP undebug snmp Overview This command applies the functionality of the no debug...

Page 2608: ...etwork information gathered using LLDP is transferred to a Network Management System by SNMP For security reasons we recommend using SNMPv3 for this purpose see the SNMP Feature Overview and Configura...

Page 2609: ...location identifier on page 2636 location civic location id on page 2637 location coord location configuration on page 2638 location coord location identifier on page 2640 location coord location id o...

Page 2610: ...plied LLDP statistics for all ports are cleared Syntax clear lldp statistics interface port list Mode Privileged Exec Examples To clear the LLDP statistics on ports 1 0 1 and 1 0 6 use the command awp...

Page 2611: ...information is cleared for all ports Syntax clear lldp table interface port list Mode Privileged Exec Examples To clear the table of neighbor information received on ports 1 0 1 and 1 0 6 use the com...

Page 2612: ...eration no debug lldp all Default By default no debug is enabled for any ports Mode Privileged Exec Examples To enable debugging of LLDP receive on ports 1 0 1 and 1 0 6 use the command awplus debug l...

Page 2613: ...170 01 Rev B Command Reference for x510 Series 2613 AlliedWare Plus Operating System Version 5 4 7 1 x LLDP COMMANDS DEBUG LLDP Related Commands show debugging lldp show running config lldp terminal m...

Page 2614: ...etects a new LLDP MED capable device The no variant of this command resets the LLDPD MED fast start count to the default 3 Syntax lldp faststart count 1 10 no lldp faststart count Default The default...

Page 2615: ...multiplier Default The default holdtime multiplier value is 4 Mode Global Configuration Usage The Time To Live defines the period for which the information advertised to the neighbor is valid If the T...

Page 2616: ...MAC address of the device s baseboard if no VLAN IP addresses are configured for the port Mode Interface Configuration Usage To see the management address that will be advertised use the show lldp in...

Page 2617: ...cations relating to the specified ports Syntax lldp med notifications no lldp med notifications Default The sending of LLDP MED notifications is disabled by default Mode Interface Configuration Exampl...

Page 2618: ...v select capabilities network policy location power management ext inventory management no lldp med tlv select all Parameter Description capabilities LLDP MED Capabilities TLV When this is enabled the...

Page 2619: ...ry TLV Set in advertisements transmitted via ports 1 0 1 and 1 0 6 use the commands awplus configure terminal awplus config interface port1 0 1 port1 0 6 awplus config if lldp med tlv select inventory...

Page 2620: ...TLV SELECT Related Commands lldp tlv select location elin location id location civic location identifier location civic location configuration location coord location identifier location coord locatio...

Page 2621: ...ed to LLDP MED advertisements according to ANSI TIA 1057 and LLDP MED TLVs in non standard order are discarded Mode Global Configuration Usage The ANSI TIA 1057 specifies standard order for TLVs in LL...

Page 2622: ...nt of this command sets the notification interval back to its default Syntax lldp notification interval 5 3600 no lldp notification interval Default The default notification interval is 5 seconds Mode...

Page 2623: ...tifications Default The sending of LLDP SNMP notifications is disabled by default Mode Interface Configuration Examples To enable sending of LLDP SNMP notifications for ports 1 0 1 and 1 0 6 use the c...

Page 2624: ...lt port identifier type is number The no variant of this command sets the port identifier type to the default Mode Global Configuration Examples To set the type of port identifier used to enumerate LL...

Page 2625: ...s command sets the reinitialization delay back to its default setting Syntax lldp reinit 1 10 no lldp reinit Default The default reinitialization delay is 2 seconds Mode Global Configuration Examples...

Page 2626: ...iant of this command disables the operation of LLDP on the device The LLDP configuration remains unchanged Syntax lldp run no lldp run Default LLDP is disabled by default Mode Global Configuration Exa...

Page 2627: ...tax lldp timer 5 32768 no lldp timer Default The default transmit interval is 30 seconds Mode Global Configuration Examples To set the transmit interval to 90 seconds use the commands awplus configure...

Page 2628: ...is command disables the specified optional TLVs or all optional TLVs for transmission in LLDP advertisements via the specified ports Syntax lldp tlv select tlv lldp tlv select all no lldp tlv select t...

Page 2629: ...ommands awplus configure terminal awplus config interface port1 0 1 port1 0 6 awplus config if lldp tlv select all To exclude the management address and system name TLVs from advertisements transmitte...

Page 2630: ...ansmission of LLDP advertisements on ports 1 0 1 and 1 0 6 use the commands awplus configure terminal awplus config interface port1 0 1 port1 0 6 awplus config if lldp transmit To enable LLDP advertis...

Page 2631: ...ts default setting Syntax lldp tx delay 1 8192 no lldp tx delay Default The default transmission delay timer is 2 seconds Mode Global Configuration Examples To set the transmission delay timer to 12 s...

Page 2632: ...to delete civic address parameters from the location Syntax country country state state no state county county no county city city no city division division no division neighborhood neighborhood no ne...

Page 2633: ...community name postal community name no postal community name post office box post office box no post office box additional code additional code no additional code seat seat no seat primary road name...

Page 2634: ...g street direction CA Type 16 trailing street suffix Trailing street suffix CA Type 17 street suffix Street suffix CA Type 18 street suffix or type house number House number CA Type 19 house number su...

Page 2635: ...ss location For more information about civic address format see the LLDP Feature Overview and Configuration Guide To specify the civic address location use the location civic location identifier comma...

Page 2636: ...civic address location identifier use the location civic location configuration command To associate this civic location identifier with particular ports use the location elin location id command Up...

Page 2637: ...port can be transmitted in Location Identification TLVs via the port Before using this command create the location using the following commands location civic location identifier command location civi...

Page 2638: ...as 34 bit fixed point binary numbers with a 25 bit fractional part irrespective of the number of digits entered by the user Likewise Parameter Description lat resolution Latitude resolution as a numbe...

Page 2639: ...rch area To specify the coordinate identifier use the location coord location identifier command To remove coordinate information delete the coordinate location by using the no variant of that command...

Page 2640: ...r each type of location information up to a total of 1200 locations To configure this coordinate location use the location coord location configuration command To associate this coordinate location wi...

Page 2641: ...an be transmitted in Location Identification TLVs via the port Before using this command configure the location using the following commands location coord location identifier command location coord l...

Page 2642: ...o a total of 1200 locations To assign this ELIN location to particular ports so that it can be advertised in TLVs from those ports use the location elin location id command Examples To create a new EL...

Page 2643: ...Configuration Usage An ELIN location associated with a port can be transmitted in Location Identification TLVs via the port Before using this command configure the location using the location elin loc...

Page 2644: ...gging lldp interface port1 0 1 1 0 6 Output Figure 59 1 Example output from the show debugging lldp command Parameter Description port list The ports for which the LLDP debug settings are shown LLDP D...

Page 2645: ...C613 50170 01 Rev B Command Reference for x510 Series 2645 AlliedWare Plus Operating System Version 5 4 7 1 x LLDP COMMANDS SHOW DEBUGGING LLDP Related Commands debug lldp...

Page 2646: ...secs Reinitialization Delay 2 secs 2 Tx Delay 2 secs 2 Port Number Type Ifindex Port Number Fast Start Count 5 3 LLDP Global Status Total Neighbor Count 47 Neighbors table last updated 0 hrs 0 mins 43...

Page 2647: ...e to a change in LLDP local information Port Number Type The type of port identifier used to enumerate LLDP MIB local port entries as set by the lldp port number type command Fast Start Count The numb...

Page 2648: ...s inactive on this port because it is a mirror analyser port Notification Abbreviations RC LLDP Remote Tables Change TC LLDP MED Topology Change TLV Abbreviations Base Pd Port Description Sn System Na...

Page 2649: ...ge Notification Management Addr Management address advertised to neighbors Base TLVs Enabled for Tx List of optional Base TLVs enabled for transmission Pd Port Description Sn System Name Sd System Des...

Page 2650: ...dp transmit receive command which TLVs it is configured to send lldp tlv select command lldp med tlv select command Examples To display local information transmitted via port 1 0 1 use the command awp...

Page 2651: ...ility Disabled Power Class Unknown Link Aggregation Supported Disabled Maximum Frame Size 1522 LLDP MED Device Type Network Connectivity LLDP MED Capabilities LLDP MED Capabilities Network Policy Loca...

Page 2652: ...em description System Capabilities Supported Capabilities that the local port supports System Capabilities Enabled Enabled capabilities on the local port Management Addresses Management address associ...

Page 2653: ...e capability of the implemented MAC and PHY LLDP MED Device Type LLDP MED device type LLDP MED Capabilities Capabilities LLDP MED capabilities supported on the local port Network Policy List of networ...

Page 2654: ...description interface hostname lldp transmit receive Power Value The total power the switch can source over a maximum length cable to a PD device on the port The value shows the power value in Watts...

Page 2655: ...neighbors interface port1 0 1 port1 0 6 Output Figure 59 4 Example output from the show lldp neighbors command Parameter Description port list The ports for which the neighbor information is to be sh...

Page 2656: ...l Port Local port on which the neighbor information was received Neighbor Chassis ID Chassis ID that uniquely identifies the neighbor Neighbor Port Name Port ID of the neighbor Neighbor Sys Name Syste...

Page 2657: ...lldp neighbors detail base dot1 dot3 med interface port list Mode User Exec and Privileged Exec Examples To display detailed neighbor information received via all ports use the command awplus show lld...

Page 2658: ...D 1 Port Protocol VLAN Supported Yes Enabled Yes VIDs 5 VLAN Names default vlan5 Protocol IDs 9000 0026424203000000 888e01 8100 88090101 00540000e302 0800 0806 86dd MAC PHY Auto negotiation Supported...

Page 2659: ...orted Capabilities that the neighbor supports System Capabilities Enabled Capabilities that are enabled on the neighbor Management Addresses List of neighbor s management addresses Port VLAN ID PVID V...

Page 2660: ...imum frame size capability LLDP MED Device Type LLDP MED Device type LLDP MED Capabilities LLDP MED capabilities supported Network Policy List of network policies Location Identification Location info...

Page 2661: ...3 In Errored 0 In Dropped 0 TLVs Unrecognized 0 Discarded 0 Neighbors New Entries 20 Deleted Entries 20 Dropped Entries 0 Entry Age outs 20 Table 63 Parameters in the output of the show lldp statistic...

Page 2662: ...neighbors has been removed from the neighbor table Neighbors Dropped Entries Number of times the information advertised by neighbors could not be entered into the neighbor table because of insufficien...

Page 2663: ...istics interface To display LLDP statistics information for ports 1 0 1 and 1 0 6 use the command awplus show lldp statistics interface port1 0 1 port1 0 6 Output Parameter Description port list The p...

Page 2664: ...gnized Number of LLDP TLVs received that are not recognized but the TLV type is in the range of reserved TLV types TLVs Discarded Number of LLDP TLVs discarded for any reason Neighbors New Entries Num...

Page 2665: ...ivic location interface port1 0 1 To display coordinate location information configured on the identifier 1 use the command awplus show location coord location identifier 1 Parameter Description civic...

Page 2666: ...lin location id location civic location identifier location civic location configuration location coord location identifier location coord location configuration location elin location Table 67 Exampl...

Page 2667: ...nce for commands used to configure SMTP For information on filtering and saving command output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Command List debug...

Page 2668: ...ing emails The no variant of this command turns off debugging for sending emails Syntax debug mail no debug mail Mode Privileged Exec Examples To turn on debugging for sending emails use the command a...

Page 2669: ...To delete a unique mail item 20060912142356 1234 from the queue use the command awplus delete mail 20060912142356 1234 To delete all mail from the queue use the command awplus delete mail all Related...

Page 2670: ...a mail server using the mail smtpserver command Syntax mail to to subject subject file filename Mode Privileged Exec Example To send an email to rei nerv comwith the subject dummy plug configuration...

Page 2671: ...mand You must specify a sending email address with this command before you can send any email Syntax mail from from Mode Global Configuration Example To set the email address from which you are sendin...

Page 2672: ...st also ensure that the DNS client on your device is enabled It is enabled by default but if it has been disabled you can re enable it by using the ip domain lookup command Example To specify a mail s...

Page 2673: ...from the show counter mail command Example To show the emails in the queue use the command awplus show counter mail Related Commands debug mail delete mail mail mail from show mail Mail Client SMTP c...

Page 2674: ...ng System Version 5 4 7 1 x SMTP COMMANDS SHOW MAIL show mail Overview This command displays the emails in the queue Syntax show mail Mode Privileged Exec Example To display the emails in the queue us...

Page 2675: ...Rev B Command Reference for x510 Series 2675 AlliedWare Plus Operating System Version 5 4 7 1 x SMTP COMMANDS UNDEBUG MAIL undebug mail Overview This command applies the functionality of the no debug...

Page 2676: ...Feature Overview and Configuration Guide RMON is disabled by default in AlliedWare Plus No RMON alarms or events are configured For information on filtering and saving command output see the Getting...

Page 2677: ...The variable SNMP MIB Object Identifier OID name to be monitored in the format etherStatsEntry field stats index For example etherStatsEntry 5 22 is the OID for the etherStatsPkts field in the etherSt...

Page 2678: ...alue with the form etherStatsEntry field stats index for example etherStatsEntry 22 5 Example To configure an alarm to monitor the change per minute in the etherStatsPkt value for interface 22 defined...

Page 2679: ...istory index buckets 1 65535 interval 1 3600 owner owner no rmon collection history history index Default The default interval is 1800 seconds and the default buckets is 50 buckets Mode Interface Conf...

Page 2680: ...ollection stats collection index Default RMON statistics are not enabled by default Mode Interface Configuration Example To enable the collection of RMON statistics with a statistics index of 200 use...

Page 2681: ...log description description owner owner trap trap rmon event event index log trap description description owner owner no rmon event event index Default No event is configured by default Mode Global C...

Page 2682: ...larm Overview Use this command to display the alarms and threshold configured for the RMON probe NOTE Only the alarms for switch port interfaces not for VLAN interfaces can be shown Syntax show rmon a...

Page 2683: ...owing etherStats counters are not currently available for Layer 3 interfaces etherStatsBroadcastPkts etherStatsCRCAlignErrors etherStatsUndersizePkts etherStatsOversizePkts etherStatsFragments etherSt...

Page 2684: ...nce for x510 Series 2684 AlliedWare Plus Operating System Version 5 4 7 1 x RMON COMMANDS SHOW RMON EVENT Example To display the events configured for the RMON probe use this command awplus show rmon...

Page 2685: ...tput from the show rmon history command NOTE The following etherStats counters are not currently available for Layer 3 interfaces etherStatsBroadcastPkts etherStatsCRCAlignErrors etherStatsUndersizePk...

Page 2686: ...perating System Version 5 4 7 1 x RMON COMMANDS SHOW RMON HISTORY etherStatsPkts1024to1518Octets Example To display the parameters specified on all the currently defined RMON history collections us th...

Page 2687: ...the show rmon statistics command NOTE The following etherStats counters are not currently available for Layer 3 interfaces etherStatsBroadcastPkts etherStatsCRCAlignErrors etherStatsUndersizePkts eth...

Page 2688: ...170 01 Rev B Command Reference for x510 Series 2688 AlliedWare Plus Operating System Version 5 4 7 1 x RMON COMMANDS SHOW RMON STATISTICS etherStatsPkts1024to1518Octets Related Commands rmon collectio...

Page 2689: ...hostkey on page 2693 crypto key destroy userkey on page 2694 crypto key generate hostkey on page 2695 crypto key generate userkey on page 2697 crypto key pubkey chain knownhosts on page 2698 crypto ke...

Page 2690: ...w ssh server deny users on page 2720 ssh on page 2721 ssh client on page 2723 ssh server on page 2725 ssh server allow users on page 2727 ssh server authentication on page 2729 ssh server deny users o...

Page 2691: ...d of your message to save the text and re enter the normal command line mode The banner message is preserved if the device restarts The no variant of this command deletes the login banner from the dev...

Page 2692: ...y delete an SSH session if you are a system manager or the user who initiated the session If all is specified then all active SSH sessions are deleted Syntax clear ssh 1 65535 all Mode Privileged Exec...

Page 2693: ...key generate hostkey command to generate that key before you enable the SSH server Syntax crypto key destroy hostkey dsa ecdsa rsa rsa1 Mode Global Configuration Example To destroy the RSA host key us...

Page 2694: ...user key for the SSH user remoteuser use the commands awplus configure terminal awplus config crypto key destroy userkey remoteuser rsa Related Commands crypto key generate hostkey show ssh show cryp...

Page 2695: ...y generate hostkey dsa 768 1024 crypto key generate hostkey rsa rsa1 768 32768 crypto key generate hostkey ecdsa 256 384 Default The default key length for RSA and DSA is 1024 bits The default key siz...

Page 2696: ...5 4 7 1 x SECURE SHELL SSH COMMANDS CRYPTO KEY GENERATE HOSTKEY To generate an ECDSA host key with an elliptic curve size of 384 bits use the commands awplus configure terminal awplus config crypto ke...

Page 2697: ...ions for the user bob use the commands awplus configure terminal awplus config crypto key generate userkey bob rsa 2048 To generate a DSA user key for the user lapo use the commands awplus configure t...

Page 2698: ...pv6 hostname rsa dsa rsa1 no crypto key pubkey chain knownhosts 1 65535 Default If no cryptography algorithm is specified then rsa is used as the default cryptography algorithm Mode Privilege Exec Usa...

Page 2699: ...he remote server then SSH clients will inform the user that the public key of the server is altered or unknown Examples To add the RSA host key of the remote SSH host IPv4 address 192 0 2 11 to the kn...

Page 2700: ...s text into the terminal To add a key as text into the terminal first enter the command crypto key pubkey chain userkey username and hit Enter Enter the key as text Note that the key you enter as text...

Page 2701: ...ain userkey joeType CNTL D to finish AAAAB3NzaC1yc2EAAAABIwAAAIEAr1s7SokW5aW2fcOw1TStpb9J20b WluhnUC768EoWhyPW6FZ2t5360O5M29EpKBmGqlkQaz5V0mU9IQe66 5YyD4Ux OKSDtTI 7jtjDcoGWHb2u4sFwRpXwJZcgYrXW16 6NvN...

Page 2702: ...the SSH client from generating diagnostic debugging message Syntax debug ssh client brief full no debug ssh client Default SSH client debugging is disabled by default Mode Privileged Exec and Global...

Page 2703: ...debugging facility This stops the SSH server from generating diagnostic debugging messages Syntax debug ssh server brief full no debug ssh server Default SSH server debugging is disabled by default Mo...

Page 2704: ...ssions use the clear ssh command Syntax service ssh ip ipv6 no service ssh ip ipv6 Default The Secure Shell server is disabled by default Both IPv4 and IPv6 Secure Shell server are enabled when you is...

Page 2705: ...or x510 Series 2705 AlliedWare Plus Operating System Version 5 4 7 1 x SECURE SHELL SSH COMMANDS SERVICE SSH Related Commands crypto key generate hostkey show running config ssh show ssh server ssh se...

Page 2706: ...mand displays the banner message configured on the device The banner message is displayed to the remote user before user authentication starts Syntax show banner login Mode User Exec Privileged Exec G...

Page 2707: ...y hostkey dsa ecdsa rsa rsa1 Mode User Exec Privileged Exec and Global Configuration Examples To show the public keys generated on the device for SSH server use the command awplus show crypto key host...

Page 2708: ...ELL SSH COMMANDS SHOW CRYPTO KEY HOSTKEY Related Commands crypto key destroy hostkey crypto key generate hostkey Table 1 Parameters in output of the show crypto key hostkey command Parameter Descripti...

Page 2709: ...e the command awplus show crypto key pubkey chain knownhosts 1 Output Figure 62 2 Example output from the show crypto key public chain knownhosts command Related Commands crypto key pubkey chain known...

Page 2710: ...t are registered with the SSH server use the command awplus show crypto key pubkey chain userkey manager Output Figure 62 3 Example output from the show crypto key public chain userkey command Related...

Page 2711: ...pub Output Figure 62 4 Example output from the show crypto key userkey command Related Commands crypto key generate userkey Parameter Description username User name of the local SSH user whose keys y...

Page 2712: ...92 168 1 ssh server allow users john ssh server deny user john a company com ssh server Table 5 Parameters in the output of the show running config ssh command Parameter Description ssh server SSH ser...

Page 2713: ...E SHELL SSH COMMANDS SHOW RUNNING CONFIG SSH Related Commands service ssh show ssh server ssh server allow users Add the user and hostname to the allow list ssh server deny users Add the user and host...

Page 2714: ...h command Secure Shell Sessions ID Type Mode Peer Host Username State Filename 414 ssh server 172 16 23 1 root open 456 ssh client 172 16 23 10 manager user auth 459 scp client 172 16 23 12 root downl...

Page 2715: ...e has accepted a new session host auth host to host authentication is in progress user auth User authentication is in progress authenticated User authentication is complete open The session is in prog...

Page 2716: ...ent Output Figure 62 7 Example output from the show ssh client command Related Commands show ssh server Secure Shell Client Configuration Port 22 Version 2 1 Connect Timeout 30 seconds Session Timeout...

Page 2717: ...Shell Server Configuration SSH Server Enabled Port 22 Version 2 Services scp sftp User Authentication publickey password Resolve Hosts Disabled Session Timeout 0 Off Login Timeout 60 seconds Maximum...

Page 2718: ...econds that the SSH server will wait to receive data from the SSH client The server disconnects if this timer limit is reached If set at 0 the idle timer remains off Maximum Startups The maximum numbe...

Page 2719: ...r use the command awplus show ssh server allow users Output Figure 62 9 Example output from the show ssh server allow users command Related Commands ssh server allow users ssh server deny users Userna...

Page 2720: ...obal Configuration Example To display the user entries in the deny list of the SSH server use the command awplus show ssh server deny users Output Figure 62 10 Example output from the show ssh server...

Page 2721: ...ername is used for login to the remote SSH server when user authentication is required Otherwise the current user name is used username User name to login on the remote server port SSH server port If...

Page 2722: ...the command awplus ssh ip user manager 192 0 2 5 To login to the remote SSH server at 192 0 2 5 that is listening TCP port 2000 use the command awplus ssh port 2000 192 0 2 5 To login to the remote SS...

Page 2723: ...ession timeout 0 3600 connect timeout 1 600 no ssh client port version session timeout connect timeout Parameter Description port The default TCP port of the remote SSH server If an SSH client specifi...

Page 2724: ...on timeout 600 To configure the connect timeout of SSH client to 10 seconds use the command awplus ssh client connect timeout 10 To restore the connect timeout to its default use the command awplus no...

Page 2725: ...orts both SSHv2 and SSHv1client connections Default v1v2 v2only Supports SSHv2 client connections only 1 65535 The TCP port number that the server listens to for incoming SSH sessions Default 22 sessi...

Page 2726: ...ctions waiting authentication from SSH server to 3 use the commands awplus configure terminal awplus config ssh server max startups To set max startups parameters of SSH server to the default configur...

Page 2727: ...xisting entry Syntax ssh server allow users username pattern hostname pattern no ssh server allow users username pattern hostname pattern Mode Global Configuration Examples To allow the user john to c...

Page 2728: ...x SECURE SHELL SSH COMMANDS SSH SERVER ALLOW USERS To delete the existing user entry john 192 168 1 in the allow list use the commands awplus configure terminal awplus config no ssh server allow user...

Page 2729: ...ver authentication password publickey no ssh server authentication password publickey Default Both RSA public key authentication and password authentication are enabled by default Mode Global Configur...

Page 2730: ...uthentication for users connecting through SSH use the commands awplus configure terminal awplus config no ssh server authentication password To disable publickey authentication for users connecting t...

Page 2731: ...ver deny users username pattern hostname pattern Mode Global Configuration Examples To deny the user john to access SSH login from any host use the commands awplus configure terminal awplus config ssh...

Page 2732: ...1 x SECURE SHELL SSH COMMANDS SSH SERVER DENY USERS To delete the existing user entry john 192 168 2 in the deny list use the commands awplus configure terminal awplus config no ssh server deny users...

Page 2733: ...its default value of 6 Syntax ssh server max auth tries 1 32 no ssh server max auth tries Default 6 attempts Mode Global Configuration Usage By default users must wait one second after a failed login...

Page 2734: ...Syntax ssh server resolve hosts no ssh server resolve hosts Default This feature is disabled by default Mode Global Configuration Usage Your device has a DNS Client that is enabled automatically when...

Page 2735: ...device accepts SCP connections The SCP service is enabled by default as soon as the SSH server is enabled The no variant of this command disables the SCP service on the SSH server Once disabled SCP r...

Page 2736: ...s The SFTP service is enabled by default as soon as the SSH server is enabled If the SSH server is disabled SFTP service is unavailable The no variant of this command disables SFTP service on the SSH...

Page 2737: ...Reference for x510 Series 2737 AlliedWare Plus Operating System Version 5 4 7 1 x SECURE SHELL SSH COMMANDS UNDEBUG SSH CLIENT undebug ssh client Overview This command applies the functionality of the...

Page 2738: ...Reference for x510 Series 2738 AlliedWare Plus Operating System Version 5 4 7 1 x SECURE SHELL SSH COMMANDS UNDEBUG SSH SERVER undebug ssh server Overview This command applies the functionality of the...

Page 2739: ...utput see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Command List active trigger on page 2741 day on page 2742 debug trigger on page 2744 description trigger on...

Page 2740: ...x TRIGGER COMMANDS type periodic on page 2768 type ping poll on page 2769 type reboot on page 2770 type stack disabled master on page 2771 type stack link on page 2772 type stack master fail on page 2...

Page 2741: ...active Mode Trigger Configuration Usage Configure a trigger first before you use this command to activate it Forinformationaboutconfiguringatrigger seethe TriggersFeatureOverviewand Configuration Gui...

Page 2742: ...Port LEDs in the Triggers Feature Overview and Configuration Guide Examples To permit trigger 55 to activate on the 1 October 2016 use the commands awplus configure terminal awplus config trigger 55 a...

Page 2743: ...rating System Version 5 4 7 1 x TRIGGER COMMANDS DAY To permit trigger 12 to activate on a Mondays Wednesdays and Fridays use the commands awplus configure terminal awplus config trigger 12 awplus con...

Page 2744: ...messages about how your device is processing the trigger commands and activating the triggers The no variant of this command disables trigger debugging Syntax debug trigger no debug trigger Mode Priv...

Page 2745: ...r this trigger Syntax description description no description Mode Trigger Configuration Examples To give trigger 240 the description daily status report use the commands awplus configure terminal awpl...

Page 2746: ...imited number of times To reset a trigger to this default specify either yes or forever Syntax repeat forever no once yes 1 4294967294 Mode Trigger Configuration Examples To allow trigger 21 to activa...

Page 2747: ...r position in the script list The all parameter removes all scripts from the trigger Syntax script 1 5 filename no script 1 5 filename all Mode Trigger Configuration Examples To configure trigger 71 t...

Page 2748: ...h cpu_trig sh from trigger 71 s script list use the commands awplus configure terminal awplus config trigger 71 awplus config trigger no script flash cpu_trig sh To remove all the scripts from trigger...

Page 2749: ...off from the debug trigger command Syntax show debugging trigger Mode User Exec and Privileged Exec Example To display the current configuration of trigger debugging use the command awplus show debug...

Page 2750: ...G CONFIG TRIGGER show running config trigger Overview This command displays the current running configuration of the trigger utility Syntax show running config trigger Mode Privileged Exec Example To...

Page 2751: ...on about all triggers full Displays detailed information about all triggers Table 1 Example output from the show trigger command awplus show trigger TR Type Details Name Ac Te Tr Repeat Scr Days Date...

Page 2752: ...number of times a trigger has activated use the show trigger 1 250 command Scr Number of scripts associated with the trigger Days Date Days or date when the trigger may be activated For the days opti...

Page 2753: ...ation not activated Number of scripts 0 1 not configured 2 not configured 3 not configured 4 not configured 5 not configured Trigger 2 Description no description Type and details USB out Days smtwtfs...

Page 2754: ...ntinuous or for a set number of times When the trigger can repeat only a set number of times then the number of times the trigger has been activated is displayed in brackets Modified The date and time...

Page 2755: ...has been activated Time triggers activated today Number of times a time trigger has been activated today Periodic triggers activated today Number of times a periodic trigger has been activated today...

Page 2756: ...activates the scripts associated with the trigger will be run as normal Syntax test no test Mode Trigger Configuration Usage Configure a trigger first before you use this command to diagnose it For in...

Page 2757: ...midnight during which the trigger may activate By default the value of this parameter is 23 59 59 that is the trigger may activate at any time If the value specified for before is later than the valu...

Page 2758: ...igger 63 to activate between midnight and 10 30am use the commands awplus configure terminal awplus config trigger 63 awplus config trigger time before 10 30 00 To allow trigger 64 to activate between...

Page 2759: ...ch MIB objects are supported the SNMP Feature Overview and Configuration_Guide the SNMP Commands chapter Since SNMP traps are enabled by default for all defined triggers a common usage will be for the...

Page 2760: ...nal parameters can be specified At a minimum the trigger type information must be specified before the trigger can become active The no variant of this command removes a specified trigger and all conf...

Page 2761: ...This command manually activates a trigger without the normal trigger conditions being met The trigger is activated even if it is configured as inactive The scripts associated with the trigger will be...

Page 2762: ...onfig trigger 5 node1 config trigger type atmf node leave Example 2 The following commands will configure trigger 5 to activate if an AMF node join event occurs on any node within the working set node...

Page 2763: ...r This command returns the following display Display the triggers configured on each of the nodes in the AMF Network AMF Net 3 show running config trigger This command returns the following display no...

Page 2764: ...4 7 1 x TRIGGER COMMANDS TYPE ATMF NODE Related Commands show trigger Node1 trigger 1 type periodic 2 script 1 atmf scp trigger 5 type atmf node leave description E mail on ATMF Exit script 1 email_me...

Page 2765: ...Activity in the Triggers Feature Overview and Configuration Guide Examples To configure trigger 28 to be a CPU trigger that activates when CPU usage exceeds 80 use the following commands awplus confi...

Page 2766: ...ne of these events occurs by using the any option Syntax type interface interface up down any Mode Trigger Configuration Example To configure trigger 19 to be an interface trigger that activates when...

Page 2767: ...emory trigger that activates when memory usage exceeds 50 use the following commands awplus configure terminal awplus config trigger 12 awplus config trigger type memory 50 up To configure trigger 40...

Page 2768: ...onfigured If you attempt to add more than 10 triggers the following error message is displayed For an example trigger configuration that uses the type periodic command see See Daily Statistics in the...

Page 2769: ...or unreachable Syntax type ping poll 1 100 up down Mode Trigger Configuration Example To configure trigger 106 to activate when ping poll 12 detects that its target device is now unreachable use the...

Page 2770: ...Overview This command configures a trigger that activates when your device is rebooted Syntax type reboot Mode Trigger Configuration Example To configure trigger 32 to activate when your device reboot...

Page 2771: ...rrectly on the device that is connected downstream If the stack virtual mac command command is enabled the stack uses a virtual MAC address The stack will always use this MAC address and the new elect...

Page 2772: ...er to occur when a stacking link is either activated or deactivated Syntax type stack link up down Mode Trigger Configuration Example To configure trigger 86 to activate when the stack link down event...

Page 2773: ...re configured trigger to occur when the stack enters the fail over state Syntax type stack master fail Mode Trigger Configuration Example To configure trigger 86 to activate when stack master fail ove...

Page 2774: ...ck Syntax type stack member join leave Mode Trigger Configuration Example To configure a pre configured trigger number 86 to activate when a new device joins the stack Note that the number 86 has no p...

Page 2775: ...limit of 10 triggers of the type time and type periodic can be configured If you attempt to add more than 10 triggers the following error message is displayed Example To configure trigger 86 to activ...

Page 2776: ...ut Mode Trigger Configuration Usage USB triggers cannot execute script files from a USB storage device Examples To configure trigger 1 to activate on the insertion of a USB storage device use the comm...

Page 2777: ...Command Reference for x510 Series 2777 AlliedWare Plus Operating System Version 5 4 7 1 x TRIGGER COMMANDS UNDEBUG TRIGGER undebug trigger Overview This command applies the functionality of the no de...

Page 2778: ...ommand output see the Getting Started with AlliedWare Plus Feature Overview and Configuration Guide Command List active ping polling on page 2780 clear ping poll on page 2781 critical interval on page...

Page 2779: ...ng on page 2784 fail count on page 2785 ip ping polling on page 2786 length ping poll data on page 2787 normal interval on page 2788 ping poll on page 2789 sample size on page 2790 show counter ping p...

Page 2780: ...lling is unreachable The no variant of this command disables a ping poll instance The polling instance no longer sends ICMP echo requests to the polled device This also resets all counters for this po...

Page 2781: ...mand The device status changes to reachable once the device responses have reached the up count Syntax clear ping poll 1 100 all Mode Privileged Exec Examples To reset the ping poll instance 12 use th...

Page 2782: ...f one second Syntax critical interval 1 65536 no critical interval Default The default is 1 second Mode Ping Polling Configuration Examples To set the critical interval to 2 seconds for the ping polli...

Page 2783: ...or the specified ping poll Syntax debug ping poll 1 100 no debug ping poll 1 100 all Mode Privileged Exec Examples To enable debugging for ping poll instance 88 use the command awplus debug ping poll...

Page 2784: ...ete the description set Syntax description description no description Mode Ping Polling Configuration Examples To add the text Primary Gateway to describe the ping poll instance 45 use the commands aw...

Page 2785: ...The no variant of this command resets the fail count to the default Syntax fail count 1 100 no fail count Default The default is 5 Mode Ping Polling Configuration Examples To specify the number of pi...

Page 2786: ...5 to poll the device with the IP address 192 168 0 1 use the commands awplus configure terminal awplus config ping poll 5 awplus config ping poll ip 192 168 0 1 To set ping poll instance 10 to poll t...

Page 2787: ...dropping packets of the size you are interested in The no variant of this command resets the data bytes to the default of 32 bytes Syntax length 4 1500 no length Default The default is 32 Mode Ping Po...

Page 2788: ...g Configuration Examples To specify a time period of 60 seconds between pings when the device is reachable for ping poll instance 45 use the commands awplus configure terminal awplus config ping poll...

Page 2789: ...t the polling instance to poll It is not necessary to specify any further commands unless you want to change a command s default The no variant of this command deletes the specified ping poll Syntax p...

Page 2790: ...at does not always reply to pings may be declared unreachable You cannot set this command s value lower than the fail count value The polling instance uses the number of pings specified by the up coun...

Page 2791: ...ference for x510 Series 2791 AlliedWare Plus Operating System Version 5 4 7 1 x PING POLLING COMMANDS SAMPLE SIZE Related Commands critical interval fail count normal interval ping poll show ping poll...

Page 2792: ...isplays the counters for the specified ping poll only If you do not specify a ping poll then this command displays counters for all ping polls Ping polling counters Ping poll 1 PingsSent 15 PingsFaile...

Page 2793: ...ile the target device is in the Up state This is a cumulative counter for multiple occurrences of the Up state PingsFailedDownState Number of unanswered pings while the target device is in the Down st...

Page 2794: ...e Displays polling instances based on whether the device they are polling is currently reachable or unreachable up Displays polling instance where the device state is reachable down Displays polling i...

Page 2795: ...he polled device may be going down Critical Down The device is unreachable but the polling instance received a reply to the last ping packet so the polled device may be coming back up Destinatio n The...

Page 2796: ...e is reachable Down The device is unreachable Critic a l Up The device is reachable but recently the polling instance has not received some ping replies so the polled device may be going down Critic a...

Page 2797: ...f pings that must be unanswered within the total number of pings specified by the sample size command for the polling instance to consider the device unreachable This is set using the fail count comma...

Page 2798: ...address no source ip Mode Ping Polling Configuration Examples To configure the ping polling instance 43 to use the source IP address 192 168 0 1 in ping packets use the commands awplus configure termi...

Page 2799: ...mand Reference for x510 Series 2799 AlliedWare Plus Operating System Version 5 4 7 1 x PING POLLING COMMANDS SOURCE IP Related Commands description ping polling ip ping polling length ping poll data p...

Page 2800: ...imeout 1 30 no timeout Default The default is 1 second Mode Ping Polling Configuration Examples To specify the timeout as 5 seconds for ping poll instance 43 use the commands awplus configure terminal...

Page 2801: ...Ping Polling Configuration Examples To set the upcount to 5 consecutive pings for ping polling instance 45 use the commands awplus configure terminal awplus config ping poll 45 awplus config ping pol...

Page 2802: ...nd Reference for x510 Series 2802 AlliedWare Plus Operating System Version 5 4 7 1 x PING POLLING COMMANDS UNDEBUG PING POLL undebug ping poll Overview This command applies the functionality of the no...

Page 2803: ...page 2804 debug sflow agent on page 2805 sflow agent address on page 2806 sflow collector address on page 2808 sflow collector max datagram size on page 2810 sflow enable on page 2811 sflow max header...

Page 2804: ...pling and or polling debug is disabled Mode Privileged Exec Examples To enable sFlow debug messagelogging for polling and sampling on port1 0 1 and port1 0 7 use the commands awplus debug sflow interf...

Page 2805: ...o particular ports For example sending an sFlow datagram to the collector The no variant of this command applies the command default Syntax debug sflow agent no debug sflow agent Default The sFlow age...

Page 2806: ...on or deletion of VLAN interfaces each of which will have its own specific IP address Note that sFlow is rendered inactive whenever the agent address is not set The no variant of this command applies...

Page 2807: ...C613 50170 01 Rev B Command Reference for x510 Series 2807 AlliedWare Plus Operating System Version 5 4 7 1 x SFLOW COMMANDS SFLOW AGENT ADDRESS Related Commands show running config sflow show sflow...

Page 2808: ...35 no sflow collector ip ipv6 port Default The collector address is 0 0 0 0 which renders sFlow inactive and the UDP port is 6343 Mode Global Configuration Examples To set the sFlow collector address...

Page 2809: ...mand awplus configure terminal awplus config sflow collector ipv6 2001 0db8 1 To remove the sFlow collector IPv6 address and leave the UDP port unchanged use the command awplus configure terminal awpl...

Page 2810: ...resets the maximum datagram size to the default Syntax sflow collector max datagram size 200 1500 no sflow collector max datagram size Default 1400 bytes Mode Global Configuration Example To set the...

Page 2811: ...ional status to active To activate sFlow the following conditions need to be met sFlow is enabled The sFlow agent address is set The sFlow collector address is set to a valid non zero IPv4 or IPv6 add...

Page 2812: ...ult Syntax sflow max header size 14 200 no sflow max header size Default The max header size is 128 bytes Mode Interface Configuration Usage The header size is measured from the first byte of the Ethe...

Page 2813: ...this command will be included in the sFlow packet samples For example with the default of 128 applied up to 128 82 46 bytes of user data could be included in the sFlow datagram samples sent between t...

Page 2814: ...nd The no variant of this command applies the default Syntax sflow polling interval 0 1 16777215 no sflow polling interval Default The polling interval is 0 polling disabled Mode Interface Configurati...

Page 2815: ...eceived i e one in every 1000 frames sent from the specified port A value of 0 disables sampling on the specified port s The no variant of this command applies the default Syntax sflow sampling rate 0...

Page 2816: ...nd awplus show debugging sflow interface port1 0 1 1 0 9 Output Figure 65 1 Sample obtained for an sFlow agent To display sFlow debug settings for all ports use the command awplus show debugging sflow...

Page 2817: ...50170 01 Rev B Command Reference for x510 Series 2817 AlliedWare Plus Operating System Version 5 4 7 1 x SFLOW COMMANDS SHOW DEBUGGING SFLOW Related Commands show running config sflow show sflow inter...

Page 2818: ...w running config sflow Mode Privileged Exec and Global Configuration Example To display the sFlow running configuration information use the command awplus show running config sflow Output Figure 65 2...

Page 2819: ...0 Collector UDP Port 6343 6343 Tx Max Datagram Size 1200 1400 sFlow Agent Status Polling sampling Tx Inactive because sFlow is disabled Agent Addr is not set Collector Addr is 0 0 0 0 Polling samplin...

Page 2820: ...unning config sflow show sflow interface Tx Max Datagram Size The maximum size of the sFlow datagrams sent to the collector Polling sampling Tx Whether sFlow sampling and or polling and hence sFlow da...

Page 2821: ...ystem Version 5 4 7 1 x SFLOW COMMANDS SHOW SFLOW INTERFACE show sflow interface Overview This command displays sFlow agent sampling and polling configuration for specified ports Syntax show sflow int...

Page 2822: ...mand Reference for x510 Series 2822 AlliedWare Plus Operating System Version 5 4 7 1 x SFLOW COMMANDS UNDEBUG SFLOW undebug sflow Overview This command applies the functionality of the no variant of t...

Reviews:

No comments

Related manuals for x510-28GPX

LaCie 1big Dock SSD Pro Quick Install Manual preview
1big Dock SSD Pro
Brand: LaCie Pages: 28
Qlogic SANbox 5000 Series Quick Start Manual preview
SANbox 5000 Series
Brand: Qlogic Pages: 8
Kramer VS-88DVI User Manual preview
VS-88DVI
Brand: Kramer Pages: 28
steute 1177987 Mounting And Wiring Instructions preview
1177987
Brand: steute Pages: 20
AVE 8PSWT Specification preview
8PSWT
Brand: AVE Pages: 2
Intermatic T1906 Supplementary Manual preview
T1906
Brand: Intermatic Pages: 1
IOGear GCS62DP Quick Start Manual preview
GCS62DP
Brand: IOGear Pages: 10
Crestron CLW-LSWEX-1GD Installation And Operation Manual preview
CLW-LSWEX-1GD
Brand: Crestron Pages: 2
N-Tron 100-POE4-MDR User Manual & Installation Manual preview
100-POE4-MDR
Brand: N-Tron Pages: 17
Dahua PFS4226-24ET-240 User Manual preview
PFS4226-24ET-240
Brand: Dahua Pages: 3
OTS IES8242MPp9H-S-DR Quick Installation Manual preview
IES8242MPp9H-S-DR
Brand: OTS Pages: 3
Lindy 38042 Quick Start Manual preview
38042
Brand: Lindy Pages: 5
Lockly PGH222 User Manual preview
PGH222
Brand: Lockly Pages: 12
Manhattan 522908 User Manual preview
522908
Brand: Manhattan Pages: 4
SLV 470819 Quick Installation Manual preview
470819
Brand: SLV Pages: 22
Black Box SW614A User Manual preview
SW614A
Brand: Black Box Pages: 57
Accton Technology CheetaHub Power-3004E Quick Installation Manual preview
CheetaHub Power-3004E
Brand: Accton Technology Pages: 11
System Q ScatterBox POE308 Quick Start Manual preview
ScatterBox POE308
Brand: System Q Pages: 2

Brands by name

Popular brands

Load more brands