Allied AT-8100L/8 User Manual Download Page 1

Page: 1 / 1962

613-001952 Rev. A

AT-8100 Series

Fast Ethernet Switches



AT-8100L/8



AT-8100L/8POE



AT-8100L/8POE-E



AT-8100S/24



AT-8100S/24C



AT-8100S/24F-LC



AT-8100S/24POE



AT-8100S/16F8-LC



AT-8100S/16F8-SC



AT-8100S/48



AT-8100S/48POE

Management Software
Command Line Interface User’s Guide

AlliedWare Plus Version 2.2.5

Summary of Contents for AT-8100L/8

Page 1: ...itches AT 8100L 8 AT 8100L 8POE AT 8100L 8POE E AT 8100S 24 AT 8100S 24C AT 8100S 24F LC AT 8100S 24POE AT 8100S 16F8 LC AT 8100S 16F8 SC AT 8100S 48 AT 8100S 48POE Management Software Command Line Interface User s Guide AlliedWare Plus Version 2 2 5 ...

Page 2: ...ing University of Posts and Telecommunications All rights reserved Copyright c 2003 by Fabasoft R D Software GmbH Co KG All rights reserved Copyright c 2004 2006 by Internet Systems Consortium Inc ISC All rights reserved Copyright c 1995 2003 by Internet Software Consortium All rights reserved Copyright c 1992 2003 by David Mills All rights reserved Copyright c 1995 by Tatu Ylonen ylo cs hut fi Es...

Page 3: ...sis logo are trademarks of Allied Telesis Incorporated Microsoft and Internet Explorer are registered trademarks of Microsoft Corporation All other product names company names logos or other designations mentioned herein are trademarks or registered trademarks of their respective owners Allied Telesis Inc reserves the right to make changes in specifications and other information contained in this ...

Page 4: ......

Page 5: ...mmand Dynamic Port Trunk 64 INTERFACE Command Ports 64 INTERFACE Command Static Port Trunk 65 INTERFACE VLAN Command 65 VLAN DATABASE Command 65 LOCATION CIVIC LOCATION Command 66 LOCATION COORD LOCATION Command 66 Moving Up the Hierarchy 67 EXIT and QUIT Commands 67 END Command 67 DISABLE Command 68 Port Numbers in Commands 69 Stand alone Switches 69 Stacks 70 Command Format 71 Command Line Inter...

Page 6: ...ol Overview 111 Overview 112 Displaying the System Environmental Status 113 Controlling Eco Mode LED 114 Chapter 6 Temperature and Fan Control Commands 115 ECOFRIENDLY LED 116 NO ECOFRIENDLY LED 117 SHOW ECOFRIENDLY 118 SHOW SYSTEM ENVIRONMENT 119 Section II Basic Operations 123 Chapter 7 Basic Switch Management 125 Adding a Name to the Switch 126 Adding Contact and Location Information 127 Displa...

Page 7: ...g Descriptions 184 Setting the Speed and Duplex Mode 185 Setting the MDI MDI X Wiring Configuration 187 Enabling or Disabling Ports 188 Enabling or Disabling Backpressure 189 Enabling or Disabling Flow Control 190 Resetting Ports 193 Configuring Threshold Limits for Ingress Packets 194 Displaying Threshold Limit Settings on Ports 196 Reinitializing Auto Negotiation 197 Restoring the Default Settin...

Page 8: ...Equipment PSE 258 Powered Device PD 258 PD Classes 258 Power Budget 258 Port Prioritization 259 Enabling and Disabling PoE 260 Adding PD Descriptions to Ports 262 Prioritizing Ports 263 Managing the Maximum Power Limit on Ports 264 Managing Legacy PDs 265 Monitoring Power Consumption 266 Displaying PoE Information 267 Chapter 12 Power Over Ethernet Commands 269 CLEAR POWER INLINE COUNTERS INTERFAC...

Page 9: ...IPv6 Management Address and Default Gateway 310 Displaying an IPv6 Management Address and Default Gateway 311 Chapter 14 IPv4 and IPv6 Management Address Commands 313 CLEAR IPV6 NEIGHBORS 315 IP ADDRESS 316 IP ADDRESS DHCP 318 IP ROUTE 320 IPV6 ADDRESS 322 IPV6 ROUTE 324 NO IP ADDRESS 326 NO IP ADDRESS DHCP 327 NO IP ROUTE 328 NO IPV6 ADDRESS 329 NO IPV6 ROUTE 330 SHOW IP INTERFACE 331 SHOW IP ROU...

Page 10: ... Addresses 378 Deleting MAC Addresses 380 Setting the Aging Timer 382 Displaying the MAC Address Table 383 Chapter 20 MAC Address Table Commands 385 CLEAR MAC ADDRESS TABLE 386 MAC ADDRESS TABLE AGEING TIME 388 MAC ADDRESS TABLE STATIC 390 NO MAC ADDRESS TABLE STATIC 392 SHOW MAC ADDRESS TABLE 394 Chapter 21 Hardware Stacking 397 Overview 398 Master Switch 398 Stacking Port Topologies 398 Active B...

Page 11: ...pter 25 Link flap Protection 455 Overview 456 Guidelines 457 Configuring the Feature 458 Chapter 26 Link flap Protection Commands 459 LINK FLAP DURATION 460 LINK FLAP PROTECTION 461 LINK FLAP RATE 462 NO LINK FLAP PROTECTION 463 SHOW LINK FLAP 464 Chapter 27 Port Mirror 465 Overview 466 Creating the Port Mirror or Adding New Source Ports 467 Removing Source Ports or Deleting the Port Mirror 468 Co...

Page 12: ...amples 521 Chapter 32 Group Link Control Commands 525 GROUP LINK CONTROL 526 GROUP LINK CONTROL DOWNSTREAM 527 GROUP LINK CONTROL UPSTREAM 529 NO GROUP LINK CONTROL 530 NO GROUP LINK CONTROL DOWNSTREAM 531 NO GROUP LINK CONTROL UPSTREAM 532 SHOW GROUP LINK CONTROL 533 Chapter 33 Multicast Commands 535 NO SWITCHPORT BLOCK EGRESS MULTICAST 536 NO SWITCHPORT BLOCK INGRESS MULTICAST 537 SWITCHPORT BLO...

Page 13: ...dem 583 Downloading Files to the Switch with Zmodem 583 Uploading Files from the Switch with Zmodem 584 Downloading Files with Enhanced Stacking 586 Chapter 39 File Transfer Commands 589 COPY FILENAME ZMODEM 590 COPY FLASH TFTP 591 COPY TFTP FLASH 592 COPY ZMODEM 594 UPLOAD IMAGE REMOTELIST 595 Section IV Snooping 597 Chapter 40 Internet Group Management Protocol IGMP Snooping 599 Overview 600 Und...

Page 14: ...48 IP DHCP SNOOPING AGENT OPTION 649 IP DHCP SNOOPING AGENT OPTION ALLOW UNTRUSTED 650 IP DHCP SNOOPING BINDING 651 IP DHCP SNOOPING DELETE BY CLIENT 653 IP DHCP SNOOPING DELETE BY LINKDOWN 654 IP DHCP SNOOPING MAX BINDINGS 655 IP DHCP SNOOPING SUBSCRIBER ID 657 IP DHCP SNOOPING TRUST 659 IP DHCP VERIFY MAC ADDRESS 660 IP DHCP SNOOPING VIOLATION 662 IP SOURCE BINDING 664 SERVICE DHCP SNOOPING 666 ...

Page 15: ...rt Trunks 729 Overview 730 Load Distribution Methods 730 Guidelines 732 Creating New Static Port Trunks or Adding Ports To Existing Trunks 734 Specifying the Load Distribution Method 735 Removing Ports from Static Port Trunks or Deleting Trunks 736 Displaying Static Port Trunks 737 Chapter 50 Static Port Trunk Commands 739 NO STATIC CHANNEL GROUP 740 PORT CHANNEL LOAD BALANCE 741 SHOW STATIC CHANN...

Page 16: ...e Protocol STP Procedures 795 Designating STP as the Active Spanning Tree Protocol 796 Enabling the Spanning Tree Protocol 797 Setting the Switch Parameters 798 Setting the Port Parameters 800 Disabling the Spanning Tree Protocol 801 Displaying STP Settings 802 Chapter 55 STP Commands 803 NO SPANNING TREE STP ENABLE 805 SHOW SPANNING TREE 806 SPANNING TREE FORWARD TIME 808 SPANNING TREE GUARD ROOT...

Page 17: ...ANNING TREE GUARD ROOT 843 SPANNING TREE HELLO TIME 844 SPANNING TREE LINK TYPE 845 SPANNING TREE LOOP GUARD 846 SPANNING TREE MAX AGE 847 SPANNING TREE MODE RSTP 848 SPANNING TREE PATH COST 849 SPANNING TREE PORTFAST 850 SPANNING TREE PORTFAST BPDU GUARD 851 SPANNING TREE PRIORITY Bridge Priority 852 SPANNING TREE PRIORITY Port Priority 853 SPANNING TREE RSTP ENABLE 854 Chapter 58 Multiple Spanni...

Page 18: ...rt VLAN Identifier 905 Untagged Ports 905 Guidelines to Creating a Port based VLAN 906 Drawbacks of Port based VLANs 906 Port based Example 1 907 Port based Example 2 907 Tagged VLAN Overview 910 Tagged and Untagged Ports 911 Port VLAN Identifier 911 Guidelines to Creating a Tagged VLAN 911 Tagged VLAN Example 912 Creating VLANs 915 Adding Untagged Ports to VLANs 916 Adding Tagged Ports to VLANs 9...

Page 19: ...REGISTRATION 969 GVRP TIMER JOIN 970 GVRP TIMER LEAVE 971 GVRP TIMER LEAVEALL 972 NO GVRP ENABLE 973 NO GVRP TIMER JOIN 974 NO GVRP TIMER LEAVE 975 NO GVRP TIMER LEAVEALL 976 PURGE GVRP 977 SHOW GVRP APPLICANT 978 SHOW GVRP CONFIGURATION 979 SHOW GVRP MACHINE 980 SHOW GVRP STATISTICS 981 SHOW GVRP TIMER 983 Chapter 64 MAC Address based VLANs 985 Overview 986 Egress Ports 986 VLANs that Span Switch...

Page 20: ... 1032 Section IX Port Security 1035 Chapter 69 MAC Address based Port Security 1037 Overview 1038 Static Versus Dynamic Addresses 1038 Intrusion Actions 1038 Guidelines 1039 Configuring Ports 1040 Enabling MAC Address based Security on Ports 1042 Disabling MAC Address based Security on Ports 1043 Displaying Port Settings 1044 Chapter 70 MAC Address based Port Security Commands 1047 NO SWITCHPORT P...

Page 21: ...pplicant Role 1086 Disabling 802 1x Port Based Network Access Control on the Switch 1087 Displaying Authenticator Ports 1088 Displaying EAP Packet Statistics 1089 Chapter 72 802 1x Port based Network Access Control Commands 1091 AAA AUTHENTICATION DOT1X DEFAULT GROUP RADIUS 1095 AUTH DYNAMIC VLAN CREATION 1096 AUTH GUEST VLAN 1098 AUTH HOST MODE 1099 AUTH REAUTHENTICATION 1101 AUTH TIMEOUT QUIET P...

Page 22: ...eivers 1148 Deleting Community Strings 1150 Disabling SNMPv1 and SNMPv2c 1151 Displaying SNMPv1 and SNMPv2c 1152 Chapter 74 SNMPv1 and SNMPv2c Commands 1155 NO SNMP SERVER 1157 NO SNMP SERVER COMMUNITY 1158 NO SNMP SERVER ENABLE TRAP 1159 NO SNMP SERVER ENABLE TRAP AUTH 1160 NO SNMP SERVER HOST 1161 NO SNMP SERVER VIEW 1163 NO SNMP TRAP LINK STATUS 1164 SHOW RUNNING CONFIG SNMP 1165 SHOW SNMP SERV...

Page 23: ...ECTOR IP 1220 SFLOW ENABLE 1221 SFLOW POLLING INTERVAL 1222 SFLOW SAMPLING RATE 1224 SHOW SFLOW 1226 Chapter 78 LLDP and LLDP MED 1229 Overview 1230 Mandatory LLDP TLVs 1231 Optional LLDP TLVs 1231 Optional LLDP MED TLVs 1233 Enabling LLDP and LLDP MED on the Switch 1235 Configuring Ports to Only Receive LLDP and LLDP MED TLVs 1236 Configuring Ports to Send Only Mandatory LLDP TLVs 1237 Configurin...

Page 24: ...1 NO LLDP MED NOTIFICATIONS 1292 NO LLDP MED TLV SELECT 1293 NO LLDP NOTIFICATIONS 1295 NO LLDP RUN 1296 NO LLDP TLV SELECT 1297 NO LLDP TRANSMIT RECEIVE 1298 NO LOCATION 1299 SHOW LLDP 1301 SHOW LLDP INTERFACE 1303 SHOW LLDP LOCAL INFO INTERFACE 1305 SHOW LLDP NEIGHBORS DETAIL 1307 SHOW LLDP NEIGHBORS INTERFACE 1312 SHOW LLDP STATISTICS 1314 SHOW LLDP STATISTICS INTERFACE 1316 SHOW LOCATION 1318 ...

Page 25: ...63 RMON EVENT LOG TRAP 1364 RMON EVENT TRAP 1366 SHOW RMON ALARM 1368 SHOW RMON EVENT 1370 SHOW RMON HISTORY 1372 SHOW RMON STATISTICS 1374 Section XII Management Security 1375 Chapter 84 Local Manager Accounts 1377 Overview 1378 Privilege Levels 1378 Command Mode Restriction 1378 Password Encryption 1379 Creating Local Manager Accounts 1381 Deleting Local Manager Accounts 1383 Activating Command ...

Page 26: ...ting Encryption Keys 1426 Displaying the SSH Server 1427 Chapter 91 SSH Server Commands 1429 CRYPTO KEY DESTROY HOSTKEY 1430 CRYPTO KEY GENERATE HOSTKEY 1432 NO SERVICE SSH 1434 SERVICE SSH 1435 SHOW CRYPTO KEY HOSTKEY 1436 SHOW SSH SERVER 1437 Chapter 92 Non secure HTTP Web Browser Server 1439 Overview 1440 Enabling the Web Browser Server 1441 Setting the Protocol Port Number 1442 Disabling the W...

Page 27: ...eout 1485 Specifying RADIUS Accounting 1486 Removing the Accounting Method List 1486 Deleting Server IP Addresses 1487 Displaying the RADIUS Client 1487 Managing the TACACS Client 1488 Adding IP Addresses of TACACS Servers 1488 Specifying TACACS Accounting 1489 Removing the Accounting Method List 1489 Deleting IP Addresses of TACACS Servers 1490 Displaying the TACACS Client 1490 Configuring Remote...

Page 28: ...moving Named IPv4 ACLs 1550 Removing Named IPv6 ACLs 1550 Deleting ACLs from the Switch 1552 Deleting Numbered IPv4 and MAC Address ACLs 1552 Deleting Named IPv4 Address ACLs 1553 Deleting Named IPv6 Address ACL 1553 Setting ACL Time Ranges 1555 Displaying the ACLs 1557 Displaying IPv4 ACLs 1557 Displaying IP ACL Port Assignments 1557 Displaying Named IPv6 ACLs 1558 Displaying Time Range Informati...

Page 29: ... a Class Map With a Policy Map 1659 Assigning a Policy Map to a Port 1659 Configuring Default Class Maps 1660 Prioritizing CoS and DSCP 1661 Creating Single rate and Twin rate Policers 1663 Creating an Aggregate Policer 1666 Configuring the Egress Queues 1669 Determining the Egress Queues 1670 Egress Queue Shaping 1674 Enabling Auto QoS Support on the Switch 1677 Auto QoS Macro Examples 1678 Auto ...

Page 30: ...ICY MAP 1759 SET COS 1760 SET DSCP 1762 SET QUEUE 1763 SERVICE POLICY INPUT 1765 SHOW CLASS MAP 1766 SHOW POLICY MAP 1767 SHOW MLS QOS 1769 SHOW MLS QOS AGGREGRATE POLICER 1770 SHOW MLS QOS INTERFACE 1772 SHOW MLS QOS MAPS COS QUEUE 1775 SHOW MLS QOS MAPS DSCP QUEUE 1776 SHOW MLS QOS MAPS POLICED DSCP 1779 TRUST DSCP 1780 WRR QUEUE EGRESS RATE LIMIT QUEUES 1782 WRR QUEUE WEIGHT 1784 Chapter 102 Qo...

Page 31: ...hapter 105 IPv4 Routing Commands 1833 IP ADDRESS 1835 IP ADDRESS DHCP 1837 IP ROUTE 1838 NO IP ADDRESS 1841 NO IP ADDRESS DHCP 1843 NO IP ROUTE 1845 SHOW IP INTERFACE 1847 SHOW IP ROUTE 1849 Chapter 106 Routing Information Protocol RIP 1851 Overview 1852 Enabling RIP 1853 Specifying a RIP Version 1855 Enabling Authentication 1856 Enabling and Disabling Automatic Route Summarization 1858 Enabling a...

Page 32: ...ommands 1907 SHOW CPU 1908 SHOW CPU HISTORY 1909 SHOW CPU USER THREADS 1910 SHOW MEMORY 1911 SHOW MEMORY ALLOCATION 1912 SHOW MEMORY HISTORY 1913 SHOW MEMORY POOLS 1914 SHOW PROCESS 1915 SHOW SYSTEM SERIALNUMBER 1916 SHOW SYSTEM INTERRUPTS 1917 SHOW TECH SUPPORT 1918 Appendix B Management Software Default Settings 1921 Boot Configuration File 1923 Class of Service 1924 Console Port 1925 DHCP Relay...

Page 33: ...otocol SNMPv1 SNMPv2c and SNMPv3 1945 Simple Network Time Protocol 1946 Spanning Tree Protocols STP RSTP and MSTP 1947 Spanning Tree Status 1947 Spanning Tree Protocol 1947 Rapid Spanning Tree Protocol 1947 Multiple Spanning Tree Protocol 1948 System Name 1949 TACACS Client 1950 Telnet Server 1951 VLANs 1952 Web Server 1953 ...

Page 34: ...Contents 34 ...

Page 35: ...s 70 Figure 23 Startup Messages continued 71 Figure 24 Startup Messages continued 72 Figure 25 Connecting the Management Cable to the Console Port 74 Figure 26 AlliedWare Plus Command Line Prompt 75 Figure 27 SHOW BOOT Command 79 Figure 28 Displaying the Keywords of a Mode 87 Figure 29 Displaying Subsequent Keywords of a Keyword 87 Figure 30 Displaying the Class of a Parameter 88 Figure 31 SHOW SY...

Page 36: ...US Command 341 Figure 79 SHOW NTP ASSOCIATIONS Command 351 Figure 80 SHOW NTP STATUS Command 353 Figure 81 DNS Hierarchy 356 Figure 82 SHOW IP NAME SERVER Command Display 358 Figure 83 SHOW IP DOMAIN NAME Command Display 360 Figure 84 SHOW HOSTS Command Display 360 Figure 85 Displaying the Default Domain 361 Figure 86 SHOW HOSTS Command Display 361 Figure 87 SHOW IP NAME SERVER Command 370 Figure ...

Page 37: ...re 138 SHOW LOG CONFIG Command with Syslog Server Entries 723 Figure 139 Static Port Trunk Example 728 Figure 140 SHOW STATIC CHANNEL GROUP Command 735 Figure 141 SHOW STATIC CHANNEL GROUP Command 741 Figure 142 SHOW ETHERCHANNEL DETAIL 754 Figure 143 SHOW LACP SYS ID Command 755 Figure 144 SHOW ETHERCHANNEL Command 764 Figure 145 SHOW ETHERCHANNEL DETAIL Command 765 Figure 146 SHOW ETHERCHANNEL S...

Page 38: ...ure 198 SHOW AUTH MAC SUPPLICANT INTERFACE Command 1132 Figure 199 SHOW DOT1X Command 1133 Figure 200 SHOW DOT1X INTERFACE Command 1134 Figure 201 SHOW DOT1X STATISTICS INTERFACE Command 1135 Figure 202 SHOW DOT1X SUPPLICANT INTERFACE Command 1136 Figure 203 SHOW SNMP SERVER Command 1150 Figure 204 SHOW SNMP SERVER COMMUNITY Command 1150 Figure 205 SHOW RUNNING CONFIG SNMP Command 1151 Figure 206 ...

Page 39: ... POLICY MAP command 1690 Figure 261 SHOW MLS QOS AGGREGATE POLICER Command 1690 Figure 262 SHOW MLS QOS INTERFACE Command Strict Priority 1691 Figure 263 SHOW MLS QOS MAPS COS QUEUE Command 1691 Figure 264 SHOW MLS QOS MAPS DSCP QUEUE Command 1693 Figure 265 SHOW MLS QOS MAPS POLICED DSCP Command 1694 Figure 266 SHOW CLASS MAP Command with TCP Flags 1725 Figure 267 CoS Priority to CoS Queue Mappin...

Page 40: ...Figures 40 Figure 291 SHOW IP RIP INTERFACE Command 1899 ...

Page 41: ...24 SHOW POWER INLINE Command 289 Table 25 SHOW POWER INLINE COUNTERS INTERFACE Command 291 Table 26 SHOW POWER INLINE INTERFACE DETAIL Command 294 Table 27 Features Requiring an IP Management Address on the Switch 300 Table 28 Management IP Address Commands 313 Table 29 SHOW IP ROUTE Command 332 Table 30 Route Codes in the SHOW IP ROUTE Command 333 Table 31 SHOW IPV6 INTERFACE Command 335 Table 32...

Page 42: ... 77 SHOW IP DHCP SOURCE BINDING Command Parameters 681 Table 78 Event Log Commands 689 Table 79 Event Message Severity Levels 694 Table 80 SHOW LOG Command 704 Table 81 Management Software Modules 705 Table 82 SHOW LOG CONFIG Command 707 Table 83 Event Message Severity Levels 715 Table 84 Program Abbreviations 715 Table 85 Syslog Client Commands 721 Table 86 Static Port Trunk Commands 739 Table 87...

Page 43: ...LDP STATISTICS INTERFACE Command 1318 Table 138 Deleting ARP Entries 1324 Table 139 ARP Commands 1327 Table 140 SHOW ARP Command 1332 Table 141 Abbreviated List of MIB Object Names and OID Numbers 1344 Table 142 RMON Commands 1351 Table 143 MIB Object Names and ID Numbers 1358 Table 144 SHOW RMON ALARM Command 1369 Table 145 SHOW RMON EVENT Command 1370 Table 146 SHOW RMON HISTORY Command 1372 Tab...

Page 44: ...e 199 Adding an DSCP Value to a Class Map 1655 Table 200 Adding IPv4 Precedence to a Class Map 1655 Table 201 Adding a MAC type to a Class Map 1656 Table 202 Adding a Protocol to a Class Map 1656 Table 203 Adding a TCP Flag to a Class Map 1657 Table 204 Adding a VLAN to a Class Map 1657 Table 205 Creating a Policy Map 1658 Table 206 Associating a Class Map with a Policy Map 1659 Table 207 Assignin...

Page 45: ...g the Storm Protection Feature 1791 Table 244 Setting Storm Control Action Disabling a VLAN 1792 Table 245 Setting Storm Control Action Disabling a Port 1793 Table 246 Setting Storm Control Action Shutting Down a Port 1794 Table 247 Setting the Storm Down Time 1795 Table 248 Setting the Storm Data Rate and Window Size 1796 Table 249 Quality of Service Commands 1799 Table 250 SHOW MLS QOS INTERFACE...

Page 46: ...Tables 46 ...

Page 47: ...s on page 49 Contacting Allied Telesis on page 50 Caution The customer re seller sub contractor distributor software developer or any buyer of an Allied Telesis ATI product known as customer hereby agrees to have all licenses required by any governmental agency and to comply with all applicable laws and regulations in its performance under this Agreement including export control maintained by U S ...

Page 48: ...ns Note Notes provide additional information Caution Cautions inform you that performing or omitting a specific action may result in equipment damage or loss of data Warning Warnings inform you that performing or omitting a specific action may result in bodily injury ...

Page 49: ... Guide 49 Where to Find Web based Guides The installation and user guides for all of the Allied Telesis products are available for viewing in portable document format PDF from our web site at www alliedtelesis com support documentation ...

Page 50: ...s and to contact Allied Telesis experts USA and EMEA phone support Select the phone number that best fits your location and customer type Hardware warranty information Learn about Allied Telesis warranties and register your product online Replacement Services Submit a Return Materials Authorization RMA request via our interactive support center Documentation View the most recent installation and u...

Page 51: ...d Line Interface on page 53 Chapter 2 Starting a Management Session on page 75 Chapter 3 Basic Command Line Management on page 87 Chapter 4 Basic Command Line Management Commands on page 93 Chapter 5 Temperature and Fan Control Overview on page 111 Chapter 6 Temperature and Fan Control Commands on page 115 ...

Page 52: ...52 ...

Page 53: ...agement Sessions on page 54 Management Interfaces on page 57 Local Manager Account on page 58 AlliedWare Plus Command Modes on page 59 Moving Down the Hierarchy on page 62 Moving Up the Hierarchy on page 67 Port Numbers in Commands on page 69 Command Format on page 71 Startup Messages on page 72 ...

Page 54: ...th the switch For modern PCs without a serial port a USB to serial adapter and driver software is required Note The initial management session of the switch must be from a local management session Remote Management You can manage the switch remotely with the following software tools Telnet client Secure Shell client Secure HTTPS or non secure HTTP web browser SNMPv1 SNMPv2c or SNMPv3 application M...

Page 55: ... Secure Shell Management The switch has an SSH server for remote management with an SSH client on a management workstation This management method is similar to Telnet management sessions in that it gives you access to the same command line interface and the same functions But where they differ is SSH management sessions are secure against snooping because the packets are encrypted rendering them u...

Page 56: ...iEdgeSwtich mib RFC 1155 MIB RFC 1213 MIB II RFC 1493 Bridge MIB RFC 1643 Ethernet MIB RFC 2096 IP Forwarding Table MIB RFC 2790 Host MIB RFC 2863 Interface Group MIB RFC 3176 sFlow MIB IEEE 802 1x 2010 MIB The Allied Telesis managed switch MIBs atistackinfo mib and atiEdgeSwitch mib are available from the Allied Telesis web site ...

Page 57: ... management interfaces AlliedWare Plus command line Web browser windows The AlliedWare Plus command line is available from local management sessions and remote Telnet and Secure Shell management sessions The web browser windows are available from remote web browser management sessions ...

Page 58: ...nticates the user name and password itself If more manager accounts are needed you can add up to eight more local manager accounts For instructions refer to Chapter 84 Local Manager Accounts on page 1377 Another way to create more manager accounts is to transfer the task of authenticating the accounts to a RADIUS or TACACS server on your network For instructions refer to Chapter 96 RADIUS and TACA...

Page 59: ...management function you first have to move to the mode that has the appropriate commands For instance to configure the speeds and wiring configurations of the ports you have to move to the Port Interface mode because the SPEED and POLARITY commands which are used to configure the speed and wiring parameters are stored in that mode Some management functions require that you perform commands from mo...

Page 60: ...time Saves the current configuration Downloads new versions of the management software Restores the default settings Renames files in the file system Resets the switch Global Configuration mode awplus config Creates classifiers and access control lists Creates encryption keys for remote HTTPS and SSH management Activates and deactivates 802 1x port based network access control Assigns a name to th...

Page 61: ...gs Disables and enables ports Configures the port mirror Configures 802 1x port based network access control Creates static port trunks Sets the load distribution method for static port trunks Adds and removes ports from VLANs Creates Quality of Service policies VLAN Configuration mode awplus config vlan Creates VLANs Class mode awplus config pmap c Configures traffic classes for Quality of Servic...

Page 62: ...command to move from the User Exec mode to the Privileged Exec mode The format of the command is enable Figure 2 ENABLE Command CONFIGURE TERMINAL Command You use this command to move from the Privileged Exec mode to the Global Configuration mode The format of the command is configure terminal Figure 3 CONFIGURE TERMINAL Command CLASS MAP Command You use this command to move from the Global Config...

Page 63: ...he range of the LINE_ID parameter is 0 to 9 For information on the VTY lines refer to VTY Lines on page 79 This example enters the Virtual Terminal Line mode for VTY line 2 Figure 6 LINE VTY Command POLICY MAP Command You use this command to move from the Global Configuration mode to the Policy Map mode where flow groups for Quality of Service policies are mapped to traffic classes The format of t...

Page 64: ... mode where you configure the parameter settings of the ports and add ports to VLANs and Quality of Service policies The format of the command is interface port This example enters the Port Interface mode for port 21 Figure 10 INTERFACE PORT Command Single Port You can configure more than one port at a time This example enters the Port Interface mode for ports 11 to 15 and 22 Figure 11 INTERFACE P...

Page 65: ...AN Command You use this command to move from the Global Configuration mode to the VLAN Interface mode to assign the switch a management IP address The format of the command is interface vlanvid The VID parameter is the ID of an existing VLAN on the switch This example enters the VLAN Interface mode for a VLAN that has the VID 12 Figure 14 INTERFACE VLAN Command Note A VLAN must be identified in th...

Page 66: ...ntry Figure 16 LLDP LOCATION CIVIC LOCATION Command LOCATION COORD LOCATION Command You use this command to move from the Global Configuration mode to the Coordinate Location mode to create LLDP coordinate location entries The format of the command is location coord location id_number This example assigns the ID number 8 to a new LLDP coordinate location entry Figure 17 LLDP LOCATION COORD LOCATIO...

Page 67: ...e level in the hierarchy as illustrated in Figure 18 Figure 18 Moving Up One Mode with the EXIT and QUIT Command END Command After you have configured a feature you may want to return to the Privileged Exec mode to verify your changes with the appropriate SHOW command You can step back through the modes one at a time with the EXIT or QUIT command However the END command is more convenient because ...

Page 68: ...face 68 Figure 19 Returning to the Privileged Exec Mode with the END Command DISABLE Command To return to the User Exec mode from the Privileged Exec mode use the DISABLE command Figure 20 Returning to the User Exec Mode with the DISABLE Command ...

Page 69: ... stack use this variable to specify its ID number displayed on the Stack ID LED You may specify only one ID number Module Slot ID This number is used to identify a slot in a modular switch This number should always be 0 for AT 8100 Series switches because they are not modular switches Port number This is the port number Stand alone Switches The correct format of the PORT parameter for stand alone ...

Page 70: ...or ports 2 and 19 on a switch with ID 2 awplus enable awplus configure terminal awplus config interface port2 0 8 port2 0 19 You may use the same command to display or configure ports on different switches in a stack This example uses SHOW INTERFACE command to display the status of port 4 on switch ID 1 port 2 or switch ID 2 and port 1 on switch ID 3 awplus enable awplus show interface port1 0 4 p...

Page 71: ...uses the following command format conventions screen text font This font illustrates the format of a command and command examples Brackets indicate optional parameters Vertical line separates parameter options for you to choose from Italics Italics indicate variables you have to provide Command Examples Most of the command examples in this guide start at the User Exec mode and include the navigati...

Page 72: ...901A 266MHz Total memory 0x8000000 bytes 128MB Total memory used by CFE 0x87EB8000 0x87FFFBE0 1342432 Initialized Data 0x87EFA324 0x87EFCAF0 10188 BSS Area 0x87EFCAF0 0x87EFDBE0 4336 Local Heap 0x87EFDBE0 0x87FFDBE0 1048576 Stack Area 0x87FFDBE0 0x87FFFBE0 8192 Text code segment 0x87EB8000 0x87EF9B6F 269167 Boot area physical 0x07E77000 0x07EB7000 Relocation Factor I E82B8000 D E82B8000 Resetting ...

Page 73: ...RT VLAN done Initializing Port Mirroring done Initializing Telnet done Initializing Snmp Service done Initializing Web Service done Initializing Monitor done Initializing STP done Initializing SPANNING TREE done Initializing L2_MGMT done Initializing LLDP_RX done Initializing LLDP_TX done Initializing GARP done Initializing GARP Post Init Task done Initializing IGMPSnoop done Initializing SYS_MGMT...

Page 74: ...TAB done Initializing FTABV6 done Initializing ACM done Initializing Filter done Initializing L3_MGMT done Initializing L3APP_MGMT done Initializing SFLOW done Initializing NTP done Initializing CPU_HIST done Initializing EStacking done Initializing MGMT_MGMT done Loading configuration file boot cfg done ...

Page 75: ...ctions Starting a Local Management Session on page 76 Starting a Remote Telnet or SSH Management Session on page 78 What to Configure First on page 80 Ending a Management Session on page 85 Note You must do the initial configuration of the switch from a local management session ...

Page 76: ...to an RS 232 port on a terminal or PC with a terminal emulator program 3 Configure the terminal or terminal emulator program as follows Baud rate 9600 bps The baud rate of the Console Port is adjustable from 1200 to 115200 bps The default is 9600 bps Data bits 8 Parity None Stop bits 1 Flow control None Note The port settings are for a DEC VT100 or ANSI terminal or an equivalent terminal emulator ...

Page 77: ...0 Switch Command Line User s Guide 77 The local management session has started when the AlliedWare Plus command line prompt shown in Figure 26 is displayed Figure 26 AlliedWare Plus Command Line Prompt awplus ...

Page 78: ... the client resides The default gateway must be a member of the same subnet as the management IP address For instructions refer to What to Configure First on page 80 or Chapter 13 IPv4 and IPv6 Management Addresses on page 299 For remote SSH management you must create an encryption key pair and configure the SSH server on the switch For instructions see Chapter 90 Secure Shell SSH Server on page 1...

Page 79: ...dividual lines Management session timer This timer is used by the switch to end inactive management sessions automatically This protects the switch from unauthorized changes to its configuration sessions should you leave your workstation unattended during a management session For instructions on how to set this timer refer to Configuring the Management Session Timers on page 136 Number of SHOW com...

Page 80: ...g container the file when you create it contains about 20 lines The quickest and easiest way to create a new boot configuration file and to designate it as the active file is with the BOOT CONFIG FILE command located in the Global Configuration mode Here is the format of the command boot config file filename cfg The name of the new boot configuration file which is specified with the FILENAME param...

Page 81: ... clearsky2a Note Write down the new password and keep it in a safe and secure location If you forget the manager password you cannot manage the switch if there are no other management accounts on the unit In this case contact Allied Telesis Technical Support for assistance For instructions on how to create additional management accounts refer to Chapter 84 Local Manager Accounts on page 1377 Assig...

Page 82: ...vers etc must be members of the same subnet as a management IP address or have access to it through the default gateway The switch must also have a default gateway if the network devices are not members of the same subnet as the management IP address The default gateway specifies the IP address of a router interface that represents the first hop to the subnets or networks of the network devices A ...

Page 83: ... right that constitute the network portion of the address For example the decimal masks 16 and 24 are equivalent to masks 255 255 0 0 and 255 255 255 0 respectively awplus config if exit Return to the Global Configuration mode awplus config ip route 0 0 0 0 0 149 82 112 18 Assign the default gateway to the switch using the IP ROUTE command awplus config exit Return to the Privileged Exec mode awpl...

Page 84: ... the ports as untagged ports to the VLAN with the SWITCHPORT ACCESS VLAN command awplus config if exit Return to the Global Configuration mode awplus config interface vlan5 Use the INTERFACE VLAN command to move to the VLAN Interface mode of VLAN 5 awplus config if ip address dhcp Activate the DHCP client on the switch with the IP ADDRESS DHCP command awplus config if end Return to the Global Conf...

Page 85: ... go to either the Privileged Exec mode or the User Exec mode From the Privileged Exec mode enter either the EXIT or LOGOUT to end a management session awplus exit or awplus logout From the User Exec mode enter either the EXIT or LOGOUT command to end a management session awplus exit or awplus logout ...

Page 86: ...Chapter 2 Starting a Management Session 86 ...

Page 87: ...ommand Line Management This chapter contains the following sections Clearing the Screen on page 88 Displaying the On line Help on page 89 Saving Your Configuration Changes on page 91 Ending a Management Session on page 92 ...

Page 88: ...s you can start fresh by entering the CLEAR SCREEN command in the User Exec or Privileged Exec mode If you are in a lower mode you have to move up the mode hierarchy to one of these modes to use the command Here is an example of the command from the Port Interface mode awplus config if end awplus clear screen ...

Page 89: ...stem simply displays the previous keyword Typing a question mark at the point in a command where a value is required displays a value s class that is integer string etc The example in Figure 30 on page 90 displays the class of the value for the HOSTNAME command in the Global Configuration mode awplus enable awplus configure terminal awplus config vlan database awplus config vlan convert Convert vl...

Page 90: ...nd Line Management 90 Figure 30 Displaying the Class of a Parameter awplus enable awplus configure terminal awplus config hostname STRING sysName awplus enable awplus configure terminal awplus config hostname STRING sysName ...

Page 91: ...NING CONFIG STARTUP CONFIG command both of which are found in the Privileged Exec mode When you enter either of these commands the switch copies its running configuration into the active boot configuration file for permanent storage To update the active configuration file enter awplus write or awplus copy running config startup config Note Parameter changes that are not saved in the active boot co...

Page 92: ... go to either the Privileged Exec mode or the User Exec mode From the Privileged Exec mode enter either the EXIT or LOGOUT to end a management session awplus exit or awplus logout From the User Exec mode enter either the EXIT or LOGOUT command to end a management session awplus exit or awplus logout ...

Page 93: ...th the current settings from the switch DISABLE on page 100 Privileged Exec Returns you to the User Exec mode from the Privileged Exec mode DO on page 101 Global Configuration Performs Privileged Exec mode commands from the Global Configuration mode ENABLE on page 103 User Exec Moves you from the User Exec mode to the Privileged Exec mode END on page 104 All modes below the Global Configuration mo...

Page 94: ... 109 All modes except the User Exec and Privileged Exec Moves you up one mode WRITE on page 110 Privileged Exec Updates the active boot configuration file with the current settings of the switch Table 5 Basic Command Line Commands Continued Command Mode Description ...

Page 95: ... available parameters Note You must type a space between a keyword and the question mark Otherwise the on line help returns the previous keyword Typing after a keyword or parameter that requires a value displays a value s class i e integer string etc Examples This example displays all the keywords in the Port Interface mode for port 4 awplus enable awplus configure terminal awplus config interface...

Page 96: ...Line Management Commands 96 This example displays the class of the value for the SPANNING TREE HELLO TIME command in the Global Configuration mode awplus enable awplus configure terminal awplus config spanning tree hello time ...

Page 97: ...00 Switch Command Line User s Guide 97 CLEAR SCREEN Syntax clear screen Parameters None Modes User Exec and Privileged Exec modes Description Use this command to clear the screen Example awplus clear screen ...

Page 98: ...mmands 98 CONFIGURE TERMINAL Syntax configure terminal Parameters None Mode Privileged Exec mode Description Use this command to move from the Privileged Exec mode to the Global Configuration mode Example awplus configure terminal awplus config ...

Page 99: ... When you enter the command the switch copies its parameter settings into the active boot configuration file The switch saves only those parameters that are not at their default settings Note Parameter changes that are not saved in the active boot configuration file are discarded when the switch is powered off or reset To view the name of the active boot configuration file see SHOW BOOT on page 57...

Page 100: ...0 DISABLE Syntax disable Parameters None Mode Privileged Exec mode Description Use this command to return to the User Exec mode from the Privileged Exec mode Example The following command returns the software to the User Exec mode awplus disable awplus ...

Page 101: ...commands from the Global Configuration mode You may use the command to perform some but not all of the Privileged Exec mode commands Here are the only Privileged Exec mode commands that are supported with the DO command ERASE STARTUP CONFIG PING REBOOT RELOAD SHOW INTERFACE SHOW INTERFACE STATUS SHOW IP IGMP SHOW IP IGMP HOSTLIST SHOW IP IGMP ROUTERLIST SHOW IP IGMP SNOOPING SHOW IP INTERFACE SHOW...

Page 102: ...mands 102 SHOW SYSTEM WRITE Examples This example performs the SHOW INTERFACE command for port 4 from the Global Configuration mode awplus config do show interface port1 0 4 This example pings a network device awplus config do ping 149 11 123 45 ...

Page 103: ...ntax enable Parameters None Mode User Exec mode Description Use this command to move from the User Exec mode to the Privileged Exec mode Example The following command moves the prompt from the User Exec mode to the Privileged Exec mode awplus enable awplus ...

Page 104: ... END Syntax end Parameters None Mode All modes below the Global Configuration mode Description Use this command to return to the Privileged Exec mode Example The following command returns the prompt to the Privileged Exec mode awplus config if end awplus ...

Page 105: ...down one mode in the mode hierarchy in all modes except the User Exec and Privileged Exec modes Using the EXIT command in the User Exec and Privileged Exec modes terminates the management session Example The following example moves the prompt from the Global Configuration mode to the Privileged Exec mode awplus config exit awplus ...

Page 106: ...ment methods To set this parameter for local management sessions enter the command in the Console Line mode To set this parameter for the ten VTY lines for remote Telnet and SSH sessions enter the same command in the Virtual Terminal Line modes Each VTY line can have a different setting The default value is 20 lines for the console port For the VTY lines the default value is negotiated with the VT...

Page 107: ...mmand Line User s Guide 107 This example returns the number of lines to the default setting for local management sessions awplus enable awplus configure terminal awplus config line console 0 awplus config line no length ...

Page 108: ...modes Description Use this command to end a management session Note Entering the EXIT command in either the User Exec or Privileged Exec mode also ends a management session Example This example shows the sequence of commands to logout starting from the Global Configuration mode awplus config exit awplus disable awplus logout ...

Page 109: ... this command to move up one mode in the mode hierarchy This command is almost identical to the EXIT command The difference is that unlike the EXIT command the QUIT command cannot be used to end a management session Example This example uses the QUIT command to return to the Privileged Exec mode from the Global Configuration mode awplus config quit awplus ...

Page 110: ...and the switch copies its parameter settings into the active boot configuration file The switch saves only those parameters that are not at their default settings Note Parameter changes that are not saved in the active boot configuration file are discarded when the switch is powered off or reset To view the name of the active boot configuration file see SHOW BOOT on page 572 This command is equiva...

Page 111: ...111 Chapter 5 Temperature and Fan Control Overview Overview on page 112 Displaying the System Environmental Status on page 113 Controlling Eco Mode LED on page 114 ...

Page 112: ...an modules Checking this information helps you to identify potential hardware issues before they become problems To check the switch s environmental and saving energy status and turn on and off the port LEDs use the following commands ECOFRIENDLY LED on page 116 NO ECOFRIENDLY LED on page 117 SHOW ECOFRIENDLY on page 118 SHOW SYSTEM ENVIRONMENT on page 119 ...

Page 113: ...ec or Privileged Exec mode and enter the command awplus show system environment Figure 31 shows an example of the information the command displays The columns are described in SHOW SYSTEM ENVIRONMENT on page 119 Figure 31 SHOW SYSTEM ENVIRONMENT Command Note Switches that do not contain fan controllers will not display temperature readings Environment Monitoring Status Switch Model AT 8100S 48POE ...

Page 114: ... Eco Mode LED control to conserve additional power on the port LEDs The Eco Mode LED is an eco friendly feature that turns off the port LEDs when they are not necessary To enable Eco Mode LED control enter the command awplus config ecofriendly led To disable Eco Mode LED control awplus config no ecofriendly led ...

Page 115: ...e 116 Global Configuration Turns off the port LEDs on the switch to save power NO ECOFRIENDLY LED on page 117 Global Configuration Turns on the port LEDs on the switch SHOW ECOFRIENDLY on page 118 Privileged Exec Displays the power saving status of the port LEDs SHOW SYSTEM ENVIRONMENT on page 119 Privileged Exec Displays the environmental information for the switch such as temperatures voltage an...

Page 116: ...6 ECOFRIENDLY LED Syntax ecofriendly led Parameters None Mode Global Configuration mode Description Use this command to turn off the port LEDs on the switch to save power Confirmation Command SHOW ECOFRIENDLY on page 118 Example awplus ecofriendly led ...

Page 117: ... ecofriendly led Parameters None Mode Global Configuration mode Description Use this command to turn on the port LEDs on the switch Confirmation Command SHOW ECOFRIENDLY on page 118 Example The following command turns on the port LEDs on the switch awplus no ecofriendly led ...

Page 118: ...xec mode Description Use this command to display the power saving status of the port LEDs An example of the information the command displays is shown in Figure 32 Figure 32 SHOW ECOFRIENDLY Command Example The following example displays the power saving status of the port LEDs awplus show ecofriendly Front panel port LEDs on ...

Page 119: ...ch When the command is entered on the stack master it displays the information for all the stack members Figure 33 shows an example of the information that the command displays when the switch is a stand alone Figure 33 SHOW SYSTEM ENVIRONMENT Command Environment Monitoring Status Switch Model AT 8100S 48POE ID Sensor Units Reading Status 0 Temp Degrees C 37 Normal 1 Fan 1 RPM 3467 Normal 2 PSU 1 ...

Page 120: ...mal 1 PSU 2 Off Off Switch Model AT 8100S 16F8 SC Stack Member Type Slave 3 ID Sensor Units Reading Status 0 Temp Degrees C 37 Normal 1 Fan 1 RPM 3467 Normal 2 PSU 1 On Normal 3 PSU 2 Off Off Table 7 SHOW SYSTEM ENVIRONMENT Command Parameter Description Switch Model Indicates a model name of the switch Stack Member Type Indicates a role of the switch as a stacking member This parameter is only app...

Page 121: ...AT 8100 Switch Command Line User s Guide 121 awplus show system environment ...

Page 122: ...Chapter 6 Temperature and Fan Control Commands 122 ...

Page 123: ...nt Commands on page 345 Chapter 17 Domain Name System DNS on page 357 Chapter 18 Domain Name System DNS Commands on page 365 Chapter 19 MAC Address Table on page 375 Chapter 20 MAC Address Table Commands on page 385 Chapter 21 Hardware Stacking on page 397 Chapter 22 Stacking Commands on page 409 Chapter 23 Enhanced Stacking on page 413 Chapter 24 Enhanced Stacking Commands on page 437 Chapter 25 ...

Page 124: ...124 Chapter 30 DHCP Relay Commands on page 493 Chapter 31 Group Link Control on page 511 Chapter 32 Group Link Control Commands on page 525 ...

Page 125: ...ings on page 128 Manually Setting the Date and Time on page 129 Pinging Network Devices on page 130 Resetting the Switch on page 131 Restoring the Default Settings to the Switch on page 132 Setting the Baud Rate of the Console Port on page 134 Configuring the Management Session Timers on page 136 Setting the Maximum Number of Manager Sessions on page 138 Configuring the Banners on page 139 ...

Page 126: ...onsist of up to 39 alphanumeric characters Spaces punctuation special characters and quotation marks are not permitted This example assigns the name Switch12 to the switch awplus enable awplus configure terminal awplus config hostname Switch12 Switch12 config To remove the current name without assigning a new name use the NO HOSTNAME command Unit2b_bld4 enable Unit2b_bld4 configure terminal Unit2b...

Page 127: ...Spaces and special characters are allowed To view the information use the SHOW SYSTEM command in the User Exec and Privileged Exec modes Here is an example that assigns the switch this contact and location information Contact JordanB Location 123_Westside_Dr_room_45 awplus enable awplus configure terminal awplus config snmp server contact JordanB awplus config snmp server location 123_Westside_Dr_...

Page 128: ...c mode The settings which are displayed in their equivalent command line commands are limited to just those parameters that have been changed from their default values The information includes new settings that have yet to be saved in the active boot configuration file Here is the command awplus show running config For reference information refer to SHOW RUNNING CONFIG on page 170 ...

Page 129: ...irst three letters For example June is Jun The first letter must be uppercase and the second and third letters lowercase yyyy Use this variable to specify the year The year must be specified in four digits for example 2011 or 2012 The command has to include both the date and time This example sets the time to 4 11 pm and the date to January 4 2011 awplus enable awplus clock set 16 11 0 4 Jan 2011 ...

Page 130: ... switch to send ICMP Echo Requests to a network device known by the IP address 149 122 14 15 awplus enable awplus ping 149 122 14 15 The results of the ping are displayed on the screen Note To send ICMP Echo Requests the switch must have a management IP address For instructions refer to Chapter 13 IPv4 and IPv6 Management Addresses on page 299 Note The switch sends the ICMP Echo Requests from the ...

Page 131: ...er and complexity of the commands in the active boot configuration file Note Any configuration changes that have not been saved in the active boot configuration file are discarded when you reset the switch To save your changes use the WRITE or COPY RUNNING CONFIG STARTUP CONFIG command in the Privileged Exec mode To reset the switch with the REBOOT command awplus enable awplus reboot Are you sure ...

Page 132: ...to delete the active boot configuration file One way is with the DELETE command in the Privileged Exec mode Here is the format of the command delete filename cfg This example deletes the active boot configuration file Sales_unit cfg and resets the switch awplus enable awplus delete Sales_unit cfg awplus reboot reboot switch y n y If you do not know the name of the active boot configuration file yo...

Page 133: ... active boot configuration file you can rename it with the MOVE command in the Privileged Exec mode and then reset the switch Here is the format of the MOVE command move filename1 cfg filename2 cfg The FILENAME1 parameter is the name of the configuration file you want to rename The FILENAME2 parameter is the file s new name The extensions of the files must be cfg For example if the name of the act...

Page 134: ... an example to set the baud rate of the Console port on the switch to 57600 bps Example 1 awplus enable awplus configure terminal awplus config conf baud rate set 57600 awplus config Enter configuration commands one per line End with CNTL Z awplus config line console awplus config line speed 57600 Baud rate changed to 57600 bps Please change your console baud rate correspondingly To display the cu...

Page 135: ...8100 Switch Command Line User s Guide 135 Note The baud rate is the only adjustable parameter on the Console port For reference information refer to BAUD RATE SET on page 151 and SHOW BAUD RATE on page 168 ...

Page 136: ...ter this command in different modes depending on the timer you want to set The timer for local management sessions is set in the Line Console mode which is accessed using the LINE CONSOLE 0 command from the Global Configuration mode This example of the commands sets the timer for local management sessions on the switch to 5 minutes awplus enable awplus configure terminal awplus config line console...

Page 137: ...f VTY lines This example sets the management session timer to 8 minutes on VTY line 2 awplus enable awplus configure terminal awplus config line vty 2 awplus config line exec timeout 8 This example sets the management session timer to 3 minutes for all VTY lines awplus enable awplus configure terminal awplus config line vty 0 9 awplus config line exec timeout 3 ...

Page 138: ...an manage the unit at a time You set the maximum number of sessions with the SERVICE MAXMANAGER command in the Global Configuration mode The default is three manager sessions This example sets the maximum number of manager sessions to three awplus enable awplus configure terminal awplus config service maxmanager 3 For reference information refer to SERVICE MAXMANAGER on page 166 ...

Page 139: ...nd SSH management sessions The display banner displays the contents of the login banner The User Exec and Privileged Exec modes banner is displayed above the command line prompts of these two modes after you log on or whenever you use the CLEAR SCREEN command to clear the screen Note The banners are not displayed in web browser management sessions The banner commands are BANNER MOTD BANNER LOGIN B...

Page 140: ...mode This example of the BANNER MOTD command assigns the switch the message of the day banner in Figure 37 on page 139 awplus enable awplus configure terminal awplus config banner motd Type CTRL D to finish This unit was updated to version 2 1 1 today May 21 2010 awplus config This example of the BANNER LOGIN command assigns the switch the login banner in Figure 37 on page 139 awplus enable awplus...

Page 141: ...oves the message of the day banner awplus enable awplus configure terminal awplus config no banner motd This example removes the login banner awplus enable awplus configure terminal awplus config no banner login This example removes the User Exec and Privileged Exec modes banner awplus enable awplus configure terminal awplus config no banner exec ...

Page 142: ...Chapter 7 Basic Switch Management 142 ...

Page 143: ... page 153 Privileged Exec Restores the default settings to all the parameter settings on the switch EXEC TIMEOUT on page 154 Line Console Sets the console timer which is used to end inactive management sessions HELP on page 156 All Displays how to use the on line help system HOSTNAME on page 157 Global Configuration Assigns a name to the switch LINE CONSOLE on page 158 Global Configuration Enters ...

Page 144: ...e active boot configuration file SHOW SWITCH on page 171 Privileged Exec Displays general information about the switch SHOW SYSTEM on page 173 User Exec Displays general information about the switch SHOW SYSTEM SERIALNUMBER on page 174 User Exec and Privileged Exec Displays the serial number of the switch SHOW USERS on page 175 Privileged Exec Displays the managers who are currently logged on the ...

Page 145: ...enter the command the Type CTRL D to finish prompt is displayed Enter a banner message of up to 256 characters Spaces and special characters are allowed When you are finished press CTRL D To remove the banner use the NO version of this command NO BANNER EXEC Note Web browser management sessions do not display this banner Confirmation Command SHOW RUNNING CONFIG on page 170 Examples This example cr...

Page 146: ...Chapter 8 Basic Switch Management Commands 146 This example deletes the banner awplus enable awplus configure terminal awplus config no banner exec ...

Page 147: ...r the command the Type CTRL D to finish prompt is displayed on your screen Enter a login message of up to 4 000 characters Spaces and special characters are allowed When you are finished press CTRL D To remove the login banner use the NO version of this command NO BANNER LOGIN Note Web browser management sessions do not display the login banner Confirmation Command SHOW BANNER LOGIN on page 167 Ex...

Page 148: ...Chapter 8 Basic Switch Management Commands 148 This example removes the login banner awplus enable awplus configure terminal awplus config no banner login ...

Page 149: ...r the command the Type CTRL D to finish prompt is displayed Enter a message of the day banner of up to 256 characters Spaces and special characters are allowed When you are finished press CTRL D To remove the message of the day banner use the NO version of this command NO BANNER MOTD Note Web browser management sessions do not display the message of the day banner Confirmation Command SHOW RUNNING...

Page 150: ...Chapter 8 Basic Switch Management Commands 150 This example removes the message of the day banner awplus enable awplus configure terminal awplus config no banner motd ...

Page 151: ... switch Note If you change the baud rate of the serial terminal port during a local management session your session will be interrupted To resume the session you must change the speed of your terminal or the terminal emulator program to match the new speed of the serial terminal port on the switch Confirmation Command SHOW BAUD RATE on page 168 Example This example sets the baud rate of the Consol...

Page 152: ... and the second and third letters lowercase year Specifies the year The year must be specified in four digits for example 2011 or 2012 Mode Privileged Exec mode Confirmation Command SHOW CLOCK on page 169 Description Use this command to manually set the date and the time on the switch The command must include both the date and the time Note When set manually the date and time are not retained by t...

Page 153: ... management software Some network traffic may be lost To resume managing the switch after restoring the default settings you must establish a local management session from the Console port Remote management is not possible because the switch will not have a management IP address Note For instructions on how to create a new boot configuration file refer to Chapter 36 Boot Configuration Files on pag...

Page 154: ...nactive by the switch if there is no management activity for the duration of a timer Local management sessions which are conducted through the Console port on the switch and remote Telnet and SSH sessions have different timers The timer for local management sessions is set in the Line Console mode The timers for remote Telnet and SSH sessions are set in the Virtual Terminal Line mode There is a di...

Page 155: ...ommand Line User s Guide 155 This example sets the session timer for the first vty 0 Telnet or SSH session to 5 minutes awplus enable awplus configure terminal awplus config line vty 0 awplus config line exec timeout 5 ...

Page 156: ...r the description displayed on the screen Figure 38 HELP Command Example This example displays the HELP command awplus help When you need help at the command line press If nothing matches the help list will be empty Delete characters until entering a shows the available options Enter after a complete parameter to show remaining valid command parameters e g show Enter after part of a parameter to s...

Page 157: ...ial characters and quotation marks are not permitted Mode Global Configuration mode Description Use this command to assign the switch a name The switch displays the name in the command line prompt in place of the default prefix awplus Example This example assigns the name Sw_Sales to the switch awplus enable awplus configure terminal awplus config hostname Sw_Sales Sw_Sales config ...

Page 158: ...e Console mode to set the session timer and to activate or deactivate remote authentication for local management sessions Example The following example enters the Line Console mode to set the session timer and to activate or deactivate remote authentication for local management sessions awplus enable awplus configure terminal awplus config line console 0 awplus config line ...

Page 159: ...e or a range of VTY lines to set the session timer or to activate or deactivate remote authentication for Telnet or SSH management sessions Refer to EXEC TIMEOUT on page 154 to set session timeout values and LOGIN AUTHENTICATION on page 1505 to activate remote authentication Examples This example enters the Virtual Terminal Line mode for VTY line 0 awplus enable awplus configure terminal awplus co...

Page 160: ...lobal Configuration mode Description Use this command to delete the switch s name without assigning a new name Example This example deletes the current name of the switch without assigning a new value Bld2_Shipping enable Bld2_Shipping configure terminal Bld2_Shipping config no hostname awplus config ...

Page 161: ...ine whether there is an active link between the switch and another network device such as a RADIUS server or a Telnet client or to troubleshoot communication problems To ping an IPv6 address see PING IPv6 on page 163 In order to specify the host name parameter the switch needs a connection to a name server There are two ways to accomplish this You can define a Domain Name Server DNS in the Global ...

Page 162: ...agement IP address The device the switch is pinging must be a member of that VLAN or must be accessible through routers or other Layer 3 devices Example This command instructs the switch to ping a network device with the IP address 149 122 14 15 awplus enable awplus ping 149 122 14 15 The results of the ping are displayed on the screen ...

Page 163: ...equivalent 12c4 421e 09a8 0000 0000 0000 00a4 1c50 12c4 421e 09a8 a4 1c50 X X X X repeat 1 99 Specifies the number of times the ping is sent The default is 4 times size 36 18024 Indicates the packet size in bytes that are sent to the destination IPv6 address The packet size excludes the 8 byte ICMP header The default is 56 bytes The range is 36 to 18 024 bytes Mode User Exec and Privileged Exec mo...

Page 164: ...e lost The reset can take from 10 seconds to two minutes depending on the number and complexity of the commands in the active boot configuration file Note The switch discards any configuration changes that have not been saved in its active boot configuration file To save your changes enter the WRITE command or the COPY RUNNING CONFIG STARTUP CONFIG command before resetting the switch For instructi...

Page 165: ... traffic may be lost The reset can take from 10 seconds to 2 minutes depending on the number and complexity of the commands in the active boot configuration file Note The switch discards any configuration changes that have not been saved in its active boot configuration file To save your changes enter the WRITE command or the COPY RUNNING CONFIG STARTUP CONFIG command before resetting the switch F...

Page 166: ... Use this command to set the maximum number of manager sessions that can be open on the switch simultaneously This feature makes it possible for more than one person to manage the unit at one time The range is one to three manager sessions with the default three manager sessions Confirmation Command SHOW RUNNING CONFIG on page 170 Example This example sets the maximum number of manager sessions to...

Page 167: ...y the contents of the banner login file configured with the BANNER LOGIN command A sample of the display is shown below Figure 39 SHOW BANNER LOGIN Command Example This example displays the contents of the banner login file configured with the BANNER LOGIN command awplus enable awplus show banner login This switch is located on the third floor of building 4 in lab 2B ...

Page 168: ...or local management sessions of the switch Here is an example of the information Figure 40 SHOW BAUD RATE Command To set the baud rate refer to BAUD RATE SET on page 151 Note The baud rate is the only adjustable parameter on the Console port Example This example displays the settings of the console port awplus show baud rate Asynchronous Port Console Information Baud Rate 9600 Parity User Configur...

Page 169: ...s Guide 169 SHOW CLOCK Syntax show clock Parameters None Modes User Exec mode Description Use this command to display the system s current date and time Example This example displays the system s current date and time awplus show clock ...

Page 170: ...mmands The command displays only the settings that have been changed from their default values and includes those values that have not yet been saved in the active boot configuration file Parameters at their default settings are not included in the running configuration file To display the port configuration settings see SHOW RUNNING CONFIG INTERFACE on page 245 Example This example displays the s...

Page 171: ...ation Software Version The version number of the management software Application Software Build Date The date and time when Allied Telesis released this version of the management software MAC Address The MAC address of the switch Switch Information Application Software Version v1 0 0 Application Software Build date May 2010 10 24 12 MAC Address 00 15 77 cc e2 42 Active Spanning Tree version RSTP C...

Page 172: ...itch ends management sessions if they are inactive for the length of the timer To set the timer refer to EXEC TIMEOUT on page 154 Telnet Server Status The status of the Telnet server The switch can be remotely managed from a Telnet client on your network when the server is enabled When the server is disabled the switch cannot be remotely managed with a Telnet client To configure the Telnet client ...

Page 173: ...nd Example This example displays general information about the switch awplus show system Switch System StatusFri 18 Nov 2011 00 37 26 BoardBoard NameRevSerial Number BaseAT 8100S 24 R1S05525A090200007 Environmental Status Normal Uptime 0 days 00 37 27 Bootloader version 5 1 2 Bootloader build date June 01 2010 10 24 05 Software version 2 2 2 0 Build date Oct 23 2011 01 40 25 Current boot config cf...

Page 174: ...eters None Mode User Exec and Privileged Exec modes Description Use this command to display the serial number of the switch Figure 43 is an example of the output Figure 43 SHOW SYSTEM SERIALNUMBER Command Example This example displays the system s serial number awplus show system serialnumber S05525A023600001 ...

Page 175: ... web browser application or an SNMP application Figure 44 displays an example of the information Figure 44 SHOW USERS Command The columns are described in Table 10 Table 10 SHOW USERS Command Parameter Description Line The active management sessions The possible designators are con0 for a local management session and vty for remote Telnet and SSH sessions User The login user name of the manager ac...

Page 176: ...ou just entered the SHOW USERS command Location The network device from which the manager is accessing the switch A device connected to the Console port is identified by ttys0 while remote Telnet and SSH devices are identified by their IP addresses Priv The privilege level of the manager account Manager accounts with the privilege level 1 are restricted to the User Exec mode while accounts with th...

Page 177: ...he management software Figure 45 displays an example of the information Figure 45 SHOW VERSION Command Example This example displays the management software version number awplus show version AlliedWare Plus TM 2 2 2 0 10 23 10 01 40 25 Application Build name ats 8100 2 2 2 0 img Application Build date Oct 23 2011 01 40 25 Application Build type RELEASE Bootloader version 5 1 2 Bootloader build da...

Page 178: ...tact information to the switch The contact information is usually the name of the person who is responsible for managing the unit To remove the current contact information without adding a new contact use the NO form of this command Confirmation Command SHOW SYSTEM on page 173 Example This example assigns the contact JSmith_ex5441 to the switch awplus enable awplus configure terminal awplus config...

Page 179: ...e this command to add location information to the switch To remove the current location information without adding new information use the NO form of this command Confirmation Command SHOW SYSTEM on page 173 Examples This example adds the location Bldg5_fl2_rm201a to the switch awplus enable awplus configure terminal awplus config snmp server location Bldg5_fl2_rm201a This example removes the curr...

Page 180: ...wing australia china europe japan korea nz New Zealand usa Mode Global Configuration mode Description Use this command to specify the territory of the switch The territory setting is not currently used by any of the features on the switch Confirmation Command SHOW SYSTEM on page 173 Examples This example sets the switch s territory to Australia awplus enable awplus configure terminal awplus config...

Page 181: ...AT 8100 Switch Command Line User s Guide 181 This example removes the current territory information awplus enable awplus configure terminal awplus config no system territory ...

Page 182: ...Chapter 8 Basic Switch Management Commands 182 ...

Page 183: ...ng or Disabling Backpressure on page 189 Enabling or Disabling Flow Control on page 190 Resetting Ports on page 193 Configuring Threshold Limits for Ingress Packets on page 194 Displaying Threshold Limit Settings on Ports on page 196 Reinitializing Auto Negotiation on page 197 Restoring the Default Settings on page 198 Displaying Port Settings on page 199 Displaying or Clearing Port Statistics on ...

Page 184: ...emove the current description from a port without assigning a new description use the NO form of this command This example assigns the name printer22 to port 15 awplus enable awplus configure terminal awplus config interface port1 0 15 awplus config if description printer22 This example removes the current name from port 16 without assigning a new description awplus enable awplus configure termina...

Page 185: ...to activates Auto Negotiation for duplex mode You should review the following information before configuring the ports Auto Negotiation may be activated separately for speed and duplex mode on a port For instance you may activate Auto Negotiation for speed on a port but set the duplex mode manually The 1000 Mbps setting in the SPEED command is for fiber optic modules The twisted pair ports on the ...

Page 186: ...igure terminal awplus config interface port1 0 2 port1 0 4 awplus config if speed 10 awplus config if duplex full This example sets the speed on port 15 to Auto Negotiation and the duplex mode to half duplex awplus enable awplus configure terminal awplus config interface port1 0 15 awplus config if speed auto awplus config if duplex half This example sets the speed on port 23 to 100 Mbps and the d...

Page 187: ... is the POLARITY command in the Port Interface mode Here is the format of the command polarity auto mdi mdix The AUTO setting activates auto MDI MDIX which enables a port to detect the wiring configuration of its link partner so that it can set its wiring configuration to the opposite setting This example of the command configures ports 22 and 23 to the MDI wiring configuration awplus enable awplu...

Page 188: ... disable ports use the SHUTDOWN command in the Port Interface mode To enable ports again use the NO SHUTDOWN command This example disables ports 1 to 4 awplus enable awplus configure terminal awplus config interface port1 0 1 port1 0 4 awplus config if shutdown This example enables ports 17 and 22 awplus enable awplus configure terminal awplus config interface port1 0 17 port1 0 22 awplus config i...

Page 189: ...ex modes manually If you enable backpressure the default setting a port initiates backpressure when it needs to prevent a buffer overrun from packet congestion If you disable backpressure a port does not use backpressure Ports that are set to Auto Negotiation always use backpressure when operating in half duplex mode at 10 or 100 Mbps Backpressure is set with the BACKPRESSURE command in the Port I...

Page 190: ...LOWCONTROL SEND command controls whether or not a port sends pause packets during periods of packet congestion If you set it to ON the port sends pause packets when it reaches the point of packet congestion If you set it to OFF the port does not send pause packets At the default setting the send portion of flow control is off The FLOWCONTROL RECEIVE command is used to control whether or not a port...

Page 191: ...flow control use the NO FLOWCONTROL command in the Port Interface mode This example disables flow control on ports 22 and 23 awplus enable awplus configure terminal awplus config interface port1 0 22 port1 0 23 awplus config if no flowcontrol To view the flow control settings on ports use the SHOW FLOWCONTROL INTERFACE command in the Privilege Exec mode Here is the format of the command show flowc...

Page 192: ...Chapter 9 Port Parameters 192 If flow control is not configured on a port this message is displayed Flow control is not set on interface port1 0 2 ...

Page 193: ...n the Port Interface mode This command performs a hardware reset The port parameter settings are retained The reset takes just a second or two to complete This example resets ports 16 and 17 awplus enable awplus configure terminal awplus config interface port1 0 16 port1 0 17 awplus config if reset For reference information refer to RESET on page 231 ...

Page 194: ...cronym for database lookup failure is for unknown unicast packets The VALUE parameter specifies the maximum permitted number of ingress packets per second a port will accept The range is 0 to 33 554 431 packets This example sets a threshold of 5 000 packets per second for ingress broadcast packets on port 12 awplus enable awplus configure terminal awplus config interface port1 0 12 awplus config i...

Page 195: ... no storm control broadcast This example disables unknown unicast rate limiting on port 5 6 and 15 awplus enable awplus configure terminal awplus config interface port1 0 5 port1 0 6 port1 0 15 awplus config if no storm control dlf This example removes the threshold limit for multicast packets on port 23 awplus enable awplus configure terminal awplus config interface port1 0 23 awplus config if no...

Page 196: ...tion the command displays Figure 47 SHOW STORM CONTROL Command The columns are described in Table 15 on page 240 If the parameter port is not specified the command displays the threshold settings on all the ports on the switch If you want to display information on multiple ports at a time enter awplus show storm control port1 0 18 port1 0 20 port1 0 21 Here is an example of the information the com...

Page 197: ...mplished with the RENEGOTIATE command in the Port Interface mode The command does not have any parameters A port must already be set to Auto Negotiation before you can use this command This example prompts ports 4 and 8 to use Auto Negotiation to renegotiate their settings with the ports on their network counterparts awplus enable awplus configure terminal awplus config interface port1 0 4 port1 0...

Page 198: ...n a port use the PURGE command in the Port Interface mode This example returns ports 12 13 and 15 to their default settings awplus enable awplus configure terminal awplus config interface port1 0 12 port1 0 13 port1 0 15 awplus config if purge For reference information refer to PURGE on page 229 ...

Page 199: ...8 and 20 awplus show interface port1 0 18 port1 0 20 status Here is an example of the information the command displays Figure 49 SHOW INTERFACE STATUS Command The columns are described in Table 15 on page 240 For a description of the command see SHOW INTERFACE STATUS on page 240 Displaying Port Status To display the current status of the ports on the switch use the SHOW INTERFACE command in the Pr...

Page 200: ...UNNING CONFIG INTERFACE Command For a description of the command see SHOW RUNNING CONFIG INTERFACE on page 245 Interface port1 0 1 Link is UP administrative state is UP Address is 0015 77cc e243 index 1 mtu 9198 SNMP link status traps Enabled Suppressed in 0 sec Bandwidth 1g input packets 0 bytes 0 dropped 0 multicast packets 0 output packets 0 bytes 0 multicast packets 0 broadcast packets 0 Inter...

Page 201: ...t of the command show platform table port port counters This example displays the statistics for ports 23 and 24 awplus show platform table port port1 0 23 port1 0 24 counter The statistics are described in Table 16 on page 242 To clear the port counters use the CLEAR PORT COUNTER command which has this format clear port counter port This example clears the counters for ports 1 and 4 awplus clear ...

Page 202: ...ABLE command in the Privileged Exec mode Here is the format of the command show system pluggable For more information about this command see SHOW SYSTEM PLUGGABLE on page 248 To view more detail information on a plugged SFP use the following command awplus show system pluggable detail The fields are described in Table 16 on page 242 ...

Page 203: ...SS RATE LIMIT on page 214 Port Interface Sets a limit on the amount of traffic that can be transmitted per second from the port FCTRLLIMIT on page 215 Port Interface Specifies threshold levels for flow control FLOWCONTROL on page 216 Port Interface Enables or disables flow control on ports that are operating in full duplex mode HOLBPLIMIT on page 219 Port Interface Specifies a threshold for head o...

Page 204: ...SHOW INTERFACE STATUS on page 240 Privileged Exec Displays the speed and duplex mode settings of the ports SHOW PLATFORM TABLE PORT COUNTERS on page 242 Privileged Exec Displays packet statistics for the individual ports SHOW RUNNING CONFIG INTERFACE on page 245 Privileged Exec Displays the settings of the specified ports SHOW STORM CONTROL on page 246 Privileged Exec Displays threshold settings f...

Page 205: ...M CONTROL on page 254 Port Interface Sets a maximum limit of the number of broadcast multicast or unknown unicast packets forwarded by a port Table 11 Port Parameter Commands Continued Command Mode Description ...

Page 206: ... buffer overrun and the subsequent loss and retransmission of network packets A port initiates backpressure by transmitting on the shared link to cause a data collision which causes its link partner to cease transmission To set backpressure on a port you must configure the speed and duplex mode manually You cannot set backpressure on a port that is using Auto Negotiation Confirmation Command SHOW ...

Page 207: ...e configures ports 8 and 21 to 100 Mbps half duplex mode with backpressure disabled awplus enable awplus configure terminal awplus config interface port1 0 8 port1 0 21 awplus config if speed 100 awplus config if duplex half awplus config if backpressure off ...

Page 208: ...the setting and set the default value of 7935 cells use the NO BPLIMIT command Confirmation Command SHOW RUNNING CONFIG on page 170 Examples This example sets the threshold for backpressure on ports 15 and 20 to 7000 cells awplus enable awplus configure terminal awplus config interface port1 0 15 port1 0 20 awplus config if bplimit 7000 This example cancels the settings and sets the default value ...

Page 209: ...ar You can specify more than one port at a time in the command Mode User Exec mode and Privileged Exec mode Description Use this command to clear the packet counters of the ports To display the counters refer to SHOW PLATFORM TABLE PORT COUNTERS on page 242 Example This example clears the packet counters for ports 4 to 7 awplus clear port counter port1 0 4 port1 0 7 ...

Page 210: ...dentify if they have descriptions Use the NO form of this command to remove descriptions from ports without assigning new descriptions Note The POWER INLINE DESCRIPTION command is used to describe powered devices that are connected to the ports For information about this command see POWER INLINE DESCRIPTION on page 281 Confirmation Command SHOW INTERFACE on page 234 Examples This example assigns t...

Page 211: ...Command Line User s Guide 211 This example removes the current name from port 11 without assigning a new name awplus enable awplus configure terminal awplus config interface port1 0 11 awplus config if no description ...

Page 212: ...send and receive packets simultaneously Note To avoid a duplex mode mismatch between switch ports and network devices do not select Auto Negotiation on ports that are connected to network devices on which the duplex modes are set manually Switch ports that are set to Auto Negotiation default to half duplex mode if they detect that the network devices are not using Auto Negotiation This may result ...

Page 213: ... 11 half duplex awplus enable awplus configure terminal awplus config interface port1 0 11 awplus config if duplex half This example configures the duplex mode with Auto Negotiation on port 15 awplus enable awplus configure terminal awplus config interface port1 0 15 awplus config if duplex auto ...

Page 214: ...ts per second Mode Port Interface mode Description Use this command to set a limit on the amount of traffic that can be transmitted per second from the port Confirmation Command SHOW RUNNING CONFIG on page 170 Example This example sets the egress rate limit to 1 000 000 kilobits per second on ports 15 16 and 21 awplus enable awplus configure terminal awplus config interface port1 0 15 port1 0 16 p...

Page 215: ...ts To cancel the setting and set the default value of 7935 cells use the NO FCTRLLIMIT command Confirmation Command SHOW RUNNING CONFIG on page 170 Examples This example sets the threshold level for flow control on port 14 to 5000 cells awplus enable awplus configure terminal awplus config interface port1 0 14 awplus config if fctrllimit 5000 This example cancels the flow control threshold level s...

Page 216: ...m time to process the packets already in their buffers A port that is experiencing traffic congestion initiates flow control by sending pause packets These packets instruct the link partner to stop transmitting packets A port continues to issue pause packets so long as the traffic congestion persists Once the condition has cleared a port stops sending pause packets to allow its link partner to res...

Page 217: ...operating in full duplex mode Confirmation Command SHOW FLOWCONTROL INTERFACE on page 232 Examples This example configures port 19 to 100 Mbps full duplex mode with both the send and receive parts of flow control enabled awplus enable awplus configure terminal awplus config interface port1 0 19 awplus config if speed 100 awplus config if duplex full awplus config if flowcontrol send on awplus conf...

Page 218: ...ring periods of traffic congestion But the receive portion is enabled so that the ports respond to pause packets from their network counterparts by temporarily ceasing transmission awplus enable awplus configure terminal awplus config interface port1 0 1 port1 0 2 awplus config if speed 10 awplus config if duplex full awplus config if flowcontrol send off awplus config if flowcontrol receive on ...

Page 219: ...ibed port can prevent other ports from forwarding packets to each other because ingress packets on a port are buffered in a First In First Out FIFO manner If a port has at the head of its ingress queue a packet destined for an oversubscribed port it will not be able to forward any of its other packets to the egress queues of the other ports A simplified version of the problem is illustrated in Fig...

Page 220: ...o discard packets destined for port D Port A drops the D packets enabling it to once again forward packets to port C The number you enter for this value represents cells A cell is 128 bytes The range is 1 to 8 191 cells the default is 7 168 cells To cancel the HOL threshold and set the default value of 682 cells use the NO HOLBPLIMIT command Confirmation Command SHOW RUNNING CONFIG on page 170 Exa...

Page 221: ...AT 8100 Switch Command Line User s Guide 221 awplus enable awplus configure terminal awplus config interface port1 0 9 awplus config if no holbplimit ...

Page 222: ... mode Description Use this command to disable egress rate limiting on the ports Confirmation Command SHOW RUNNING CONFIG on page 170 Example This example disable egress rate limiting on the ports 4 and 5 awplus enable awplus configure terminal awplus config interface port1 0 4 port1 0 5 awplus config if no egress rate limit ...

Page 223: ... Port Interface mode Description Use this command to disable flow control on ports Confirmation Command SHOW FLOWCONTROL INTERFACE on page 232 Example This example disables flow control on port 16 awplus enable awplus configure terminal awplus config interface port1 0 16 awplus config if no flowcontrol ...

Page 224: ...Description Use this command to enable ports so that they forward packets again This is the default setting for a port Confirmation Command SHOW RUNNING CONFIG on page 170 Example This example enables port 22 awplus enable awplus configure terminal awplus config interface port1 0 22 awplus config if no shutdown ...

Page 225: ...s on the ports of the switch The switch does not send traps when a port on which link trap is disabled experiences a change in its link state i e goes up or down Confirmation Command SHOW INTERFACE on page 234 Example This example deactivates link traps on ports 18 and 23 awplus enable awplus configure terminal awplus config interface port1 0 18 port1 0 23 awplus config if no snmp trap link status...

Page 226: ...n page 170 Examples This example removes the threshold limit for broadcast packets on port 12 awplus enable awplus configure terminal awplus config interface port1 0 12 awplus config if no storm control broadcast This example removes the threshold limit for unknown unicast rate on port 5 awplus enable awplus configure terminal awplus config interface port1 0 5 awplus config if no storm control dlf...

Page 227: ...is operating at 10 or 100 Mbps can have one of two wiring configurations known as MDI medium dependent interface and MDI X medium dependent interface crossover To forward traffic a port on the switch and a port on a network device must have different settings For instance the wiring configuration of a switch port has to be MDI if the wiring configuration on a port on a network device is MDIX Confi...

Page 228: ...nfiguration awplus enable awplus configure terminal awplus config interface port1 0 4 port1 0 18 awplus config if polarity mdix This example activates auto MDI MDIX on ports 1 to 3 awplus enable awplus configure terminal awplus config interface port1 0 1 port1 0 3 awplus config if polarity auto ...

Page 229: ...ings to these port parameters Enabled status NO SHUTDOWN Description Speed Duplex mode MDI MDI X Flow control Backpressure Head of line blocking threshold Backpressure cells Example This example restores the default settings to ports 5 6 and 12 awplus enable awplus configure terminal awplus config interface port1 0 5 port1 0 6 port1 0 12 awplus config if purge ...

Page 230: ...speed and duplex mode with its network device You might use this command if you believe that a port and a network device did not establish the highest possible common settings during the Auto Negotiation process Example This example prompts port 18 to renegotiate its settings with its network counterpart awplus enable awplus configure terminal awplus config interface port1 0 18 awplus config if re...

Page 231: ...command to perform a hardware reset on the ports The ports retain their parameter settings The reset takes only a second or two to complete You might reset a port if it is experiencing a problem Example This example resets port 14 awplus enable awplus configure terminal awplus config interface port1 0 14 awplus config if reset ...

Page 232: ...mmand The fields are described in Table 12 Table 12 SHOW FLOWCONTROL INTERFACE Command Parameter Description Port Port number Send admin Whether or not flow control is active on the transmit side of the port If yes the port transmits pause packets during periods of packet congestion If no the port does not transmit pause packets Receive admin Whether or not flow control is active on the receive si...

Page 233: ...mand displays the flow control settings for port 2 awplus show flowcontrol interface port1 0 2 RxPause The number of received pause packets TxPause The number of transmitted pause packets Table 12 SHOW FLOWCONTROL INTERFACE Command Continued Parameter Description ...

Page 234: ...rt whose current status you want to view You can display more than one port at a time To display all the ports do not include this parameter Modes Privileged Exec mode Description Use this command to display the current operating status of the ports An example of the information is shown in Figure 54 on page 235 ...

Page 235: ...g input packets 0 bytes 0 dropped 0 multicast packets 0 output packets 0 bytes 0 multicast packets 0 broadcast packets 0 Interface port1 0 2 Link is UP administrative state is UP Address is 0015 77cc e244 Description index 1 mtu 9198 Unknown Ingress Multicast Blocking Disabled Unknown Egress Multicast Blocking Disabled SNMP link status traps Enabled Suppressed in 0 sec Bandwidth 1g input packets 0...

Page 236: ...packet size of the ports The ports have a maximum packet size of 9198 bytes This is not adjustable Unknown Ingress Egress Multicast Blocking The status of multicast blocking on the port To set multicast blocking refer to Chapter 33 Multicast Commands on page 535 SNMP link status traps The status of SNMP link traps on the port The switch sends link traps if the status is Enabled and does not send l...

Page 237: ...e User s Guide 237 Examples This command displays the current operational state of all the ports awplus show interface This command displays the current operational state of ports 1 to 4 awplus show interface port1 0 1 port1 0 4 ...

Page 238: ... in Table 14 Table 14 SHOW INTERFACE BRIEF Command Field Description Interface Indicates the port number Status Indicates the administrative state of the port The administrative state is DOWN if the port was disabled with the SHUTDOWN command Otherwise the administrative state of the port is UP To disable and enable ports refer to SHUTDOWN on page 250 and NO SHUTDOWN on page 224 respectively Inter...

Page 239: ...nd link statuses of all of the ports on the switch awplus show interface brief Protocol Indicates the status of the link on the port This field is UP when the port has a link with a network device and DOWN when the port does not have a link Table 14 SHOW INTERFACE BRIEF Command Continued Field Description ...

Page 240: ...and The fields are described in Table 15 PortNameStatus Vlan Duplex SpeedType port1 0 1Port_01down3 half 10010 100 1000Base T port1 0 2Port_02up11 auto auto10 100 1000Base T port1 0 2Port_02up2 auto auto10 100 1000Base T port1 0 2Port_02up2 full 10010 100 1000Base T port1 0 2Port_02up2 auto auto10 100 1000Base T Table 15 SHOW INTERFACE STATUS Command Parameter Description Port Port number Name Des...

Page 241: ...how interface port1 0 17 port1 0 18 status Duplex The duplex mode setting of the port The setting can be half full or auto for Auto Negotiation To set the duplex mode refer to DUPLEX on page 212 Speed The speed of the port The settings are 10 100 or 1000 Mbps or auto for Auto Negotiation Type The Ethernet standard of the port Table 15 SHOW INTERFACE STATUS Command Continued Parameter Description ...

Page 242: ...tch The statistics are described in Table 16 To clear the packet counters refer to CLEAR PORT COUNTER on page 209 Table 16 SHOW PLATFORM TABLE PORT COUNTERS Command Parameter Description 64 65 127 128 255 256 511 512 1023 1024 1518 1519 1522 Number of frames transmitted by the port grouped by size General Counters Octets Number of received and transmitted octets Pkts Number received and transmitte...

Page 243: ...the port has encountered UnsupportOpcode Number of MAC Control frames with unsupported opcode UndersizePkts Number of frames that were less than the minimum length as specified in the IEEE 802 3 standard 64 bytes including the CRC SingleCollsnFrm Number of frames that were transmitted after at least one collision MultCollsnFrm Number of frames that were transmitted after more than one collision La...

Page 244: ...iscarded prior to transmission because of an error ipInHdrErrors Number of ingress packets that were discarded because of a hardware error Miscellaneous Counters MAC TxErr Number of frames not transmitted correctly or dropped due to an internal MAC transmit error MAC RxErr Number of Receive Error events seen by the receive side of the MAC Drop Events Number of frames successfully received and buff...

Page 245: ...gs of the ports The command displays only the settings that have been changed from their default values and includes those values that have not yet been saved in the active boot configuration file An example of the information is shown in Figure 57 Figure 57 SHOW RUNNING CONFIG INTERFACE Command Example This example displays the configuration settings for ports 1 3 and 4 awplus show running config...

Page 246: ...ws an example of the information when you enter the following command awplus show storm control port1 0 15 Figure 58 SHOW STORM CONTROL Command See Table 17 for a description of the table headings Table 17 SHOW STORM CONTROL Command Column Description Port Indicates the port number BcastLevel Indicates the maximum number of ingress broadcast packets per second for the port Broadcast packets beyond...

Page 247: ...s command displays the settings of ports 15 and 18 awplus show storm control port1 0 15 port1 0 18 DlfLevel Indicates the maximum number of unknown unicast packets destination lookup failure DLF packets per second for the port DLF packets beyond this number are discarded Table 17 SHOW STORM CONTROL Command Continued Column Description ...

Page 248: ... to display information about the SFP modules in the switch Figure 59 SHOW SYSTEM PLUGGABLE Command Example This example displays SFP module information awplus show system pluggable System Pluggable Information PortVendorDevice Serial NumberDatecode Type 1 0 49ATIAT SPSX A03240R08420074120081018 1000BASE SX 1 0 51ATIAT SPSX A03240R08420074920081018 1000BASE SX ...

Page 249: ...48 Figure 60 SHOW SYSTEM PLUGGABLE DETAIL Command The OM1 field specifies the link length supported by the pluggable transceiver using 62 5 micron multi mode fiber The OM2 field specifies the link length supported by the pluggable transceiver using 50 micron multi mode fiber Example This example displays detailed information about SFP modules awplus show system pluggable detail Port1 0 49 Vendor N...

Page 250: ...t are unused to secure them from unauthorized use or that are having problems with network cables or their link partners The default setting for the ports is enabled To reactivate a port refer to NO SHUTDOWN on page 224 Confirmation Command SHOW INTERFACE on page 234 Example This example disables ports 15 and 16 awplus enable awplus configure terminal awplus config interface port1 0 15 port1 0 16 ...

Page 251: ...ink state To disable link traps on a port refer to NO SNMP TRAP LINK STATUS on page 225 Note For the switch to send SNMP traps you must activate SNMP and specify one or more trap receivers For instructions refer to Chapter 74 SNMPv1 and SNMPv2c Commands on page 1155 or Chapter 75 SNMPv3 Commands on page 1179 Confirmation Command SHOW INTERFACE on page 234 Example This example activates link traps ...

Page 252: ...lex operation a twisted pair port must be set to Auto Negotiation Mode Port Interface mode Description Use this command to manually set the speeds of the twisted pair ports or to activate Auto Negotiation Confirmation Commands Configured speed SHOW INTERFACE STATUS on page 240 Current operating speed SHOW INTERFACE on page 234 Examples This example sets the speed on ports 11 and 17 to 100 Mbps awp...

Page 253: ...AT 8100 Switch Command Line User s Guide 253 This example activates Auto Negotiation on port 15 awplus enable awplus configure terminal awplus config interface port1 0 15 awplus config if speed auto ...

Page 254: ...to 33 554 431 packets Mode Port Interface mode Description Use this command to set maximum thresholds for the ingress packets on the ports Ingress packets that exceed the thresholds are discarded by the ports Thresholds can be set independently for broadcast packets multicast packets and unknown unicast packets To view the current thresholds of the ports refer to SHOW RUNNING CONFIG on page 170 To...

Page 255: ...his example sets the maximum threshold level of 100 000 packets per second for ingress multicast packets on port 4 awplus enable awplus configure terminal awplus config interface port1 0 4 awplus config if storm control multicast level 100000 This example sets the threshold level of 200 000 packets per second for ingress unknown unicast packets on ports 15 and 17 awplus enable awplus configure ter...

Page 256: ...Chapter 10 Port Parameter Commands 256 ...

Page 257: ...d Disabling PoE on page 260 Adding PD Descriptions to Ports on page 262 Prioritizing Ports on page 263 Managing the Maximum Power Limit on Ports on page 264 Managing Legacy PDs on page 265 Monitoring Power Consumption on page 266 Displaying PoE Information on page 267 ...

Page 258: ...ower sourcing equipment PSE The AT 8100L 8PoE AT 8100S 24PoE and AT 8100S 48PoE switches are PSE devices providing DC power to the network cable and functioning as a central power source for other network devices Powered Device PD A device that receives power from a PSE device is called a powered device PD Examples include wireless access points IP phones webcams and even other Ethernet switches P...

Page 259: ... the port number in ascending order For example when all of the ports in the switch are set to the low priority level and the power requirements are exceeded on the switch port 1 has the highest priority level port 2 has the next highest priority level and so forth Table 19 PoE Switch s Power Budget Switch Model When Using One Power Supply When Using Two Power Supplies AT 8100L 8POE 185W N A AT 81...

Page 260: ...ent them from unauthorized power use There are two ways to disable and enable PoE Globally all the ports on the switch or switches in the stack at a time Individually on a port basis To enable PoE globally use the SERVICE POWER INLINE command in the Global Configuration mode See SERVICE POWER INLINE on page 287 The NO SERVICE POWER INLINE command disables PoE on all the ports on the switch or all ...

Page 261: ... awplus enable awplus configure terminal awplus config interface port1 0 6 port1 0 8 awplus config if power inline enable This example disables PoE individually on port 5 to port 8 awplus enable awplus configure terminal awplus config interface port1 0 5 port1 0 8 awplus config if no power inline enable ...

Page 262: ...TION on page 281 To remove the current description from the port without assigning a new one use the NO POWER INLINE DESCRIPTION command See NO POWER INLINE DESCRIPTION on page 273 This example adds a PD description of Desk Phone to port 1 0 5 and port1 0 6 awplus enable awplus configure terminal awplus config interface port1 0 5 port1 0 6 awplus config if power inline description Desk Phone This ...

Page 263: ... priority level to the PDs See POWER INLINE PRIORITY on page 284 To reset the priority level to the default Low level use the NO POWER INLINE PRIORITY command See NO POWER INLINE PRIORITY on page 276 This example assigns ports 1 2 and 3 to the Critical priority level to guarantee these ports receive power before any other ports with the High or Low priority level awplus enable awplus configure ter...

Page 264: ...n IP phone to port 1 on the PoE switch The switch detects that the power class of the IP phone is 2 The maximum power output from the switch for a PD of class 2 is 7 0 watts Thus the switch sets 7 0 watts as the default power limit to port 1 If a PD connected to the port does not support power classification a default class of 0 is assigned to the PD The maximum power for a PD of class 0 is 15 4 w...

Page 265: ...legacy PDs as valid PDs use the POWER INLINE ALLOW LEGACY command to provide power to legacy PDs See POWER INLINE ALLOW LEGACY on page 280 To disable the switch to detect legacy PDs as valid PDs use the NO POWER INLINE ALLOW LEGACY command not to provide power to legacy PDs By default the switch detects legacy PDs as valid PDs See NO POWER INLINE ALLOW LEGACY on page 272 This example enables the s...

Page 266: ...n Table 21 Note You have to configure SNMP to use the trap For instructions refer to Chapter 73 SNMPv1 and SNMPv2c on page 1143 or Chapter 75 SNMPv3 Commands on page 1179 This example configures the switch to send the SNMP power inline trap if the power requirements of the switch and PDs exceed 90 of its nominal power awplus enable awplus configure terminal awplus config power inline usage thresho...

Page 267: ...e ports on the switch SHOW POWER INLINE COUNTERS Displays the PoE event counters for the ports SHOW POWER INLINE INTERFACE Displays PoE information of specified ports SHOW POWER INLINE INTERFACE DETAIL Displays detailed PoE information of the specified ports PoE Status Nominal Power 490W Power Allocated 346 0W Actual Power Consumption 151 0W Operational Status On Power Usage Threshold 80 392W PoE ...

Page 268: ... the information the command displays The columns are described in Table 26 on page 294 Figure 63 SHOW POWER INLINE INTERFACE DETAIL Command Interface Admin Pri Oper Power Device Class Max mW port1 0 1 Disabled Low Disabled 0 n a 0 15400 C port1 0 2 Enabled High Powered 3840 Desk Phone 1 5000 U port1 0 3 Enabled Crit Powered 6720 AccessPoint 2 7000 C port1 0 4 Disabled Low Disabled 0 n a 0 15400 C...

Page 269: ...e 275 Port Interface Restores a port s power limit to the default value NO POWER INLINE PRIORITY on page 276 Port Interface Restores a port s priority setting to the default Low level NO POWER INLINE USAGE THRESHOLD on page 277 Global Configuration Resets the power usage threshold to the default 80 NO SERVICE POWER INLINE on page 278 Global Configuration Disables PoE on all of the ports on the swi...

Page 270: ...OWER INLINE on page 288 Privileged Exec Displays switch and port PoE information SHOW POWER INLINE COUNTERS INTERFACE on page 291 Privileged Exec Displays the port PoE event counters SHOW POWER INLINE INTERFACE on page 293 Privileged Exec Displays port PoE information SHOW POWER INLINE INTERFACE DETAIL on page 294 Privileged Exec Displays additional port PoE information SNMP SERVER ENABLE TRAP POW...

Page 271: ...e Privileged Exec mode Description Use this command to clear the PoE port event counters To clear all of the port counters do not enter a port number Confirmation Command SHOW POWER INLINE COUNTERS INTERFACE on page 291 Examples This example clears all of the PoE port event counters awplus clear power inline counters interface This example clears the event counters on ports 4 to 6 awplus clear pow...

Page 272: ... Legacy PDs are PoE devices that were designed before the IEEE 802 3af and IEEE 802 3at PoE standards were finalized This is the default setting for the ports Confirmation Command SHOW POWER INLINE INTERFACE DETAIL on page 294 Example This example configures ports 1 to 12 to deny power to legacy PDs awplus enable awplus configure terminal awplus config interface port1 0 1 port1 0 12 awplus config ...

Page 273: ...mmand to delete PD descriptions from the ports Confirmation Commands SHOW POWER INLINE on page 288 SHOW POWER INLINE INTERFACE on page 293 SHOW POWER INLINE INTERFACE DETAIL on page 294 Example The following example deletes the PD description from port 5 awplus enable awplus configure terminal awplus config interface port1 0 5 awplus config if no power inline description ...

Page 274: ...not transmit power when PoE is disabled but they do forward network traffic Confirmation Commands SHOW POWER INLINE on page 288 SHOW POWER INLINE INTERFACE on page 293 SHOW POWER INLINE INTERFACE DETAIL on page 294 Example The following example disables PoE on ports 10 11 and 12 awplus enable awplus configure terminal awplus config interface port1 0 10 port1 0 12 awplus config if no power inline e...

Page 275: ...imits are based on the power classes of the PDs See Managing the Maximum Power Limit on Ports on page 264 for details Confirmation Commands SHOW POWER INLINE on page 288 SHOW POWER INLINE INTERFACE on page 293 SHOW POWER INLINE INTERFACE DETAIL on page 294 Example This example restores the default maximum power limit on port 6 awplus enable awplus configure terminal awplus config interface port1 0...

Page 276: ...tore the default Low priority setting to the ports Confirmation Commands SHOW POWER INLINE on page 288 SHOW POWER INLINE INTERFACE on page 293 SHOW POWER INLINE INTERFACE DETAIL on page 294 Example This example restores the default Low priority level to port 20 awplus enable awplus configure terminal awplus config interface port1 0 20 awplus config if no power inline priority ...

Page 277: ...ommand to reset the power usage threshold to the default 80 The switch sends an SNMP power inline trap if the power requirements of the switch and PDs exceed the defined threshold Confirmation Command SHOW POWER INLINE on page 288 Example This example restores the default power usage threshold of 80 awplus enable awplus configure terminal awplus config no power inline usage threshold ...

Page 278: ...d but they do forward network traffic The default setting for PoE is enabled When performed on the master switches of a stack the command disables PoE on the ports on all of the PoE switches in the stack Confirmation Commands SHOW POWER INLINE on page 288 SHOW POWER INLINE INTERFACE on page 293 SHOW POWER INLINE INTERFACE DETAIL on page 294 Example This example disables PoE on the switch awplus en...

Page 279: ...sable the transmission of SNMP power inline traps The switch sends this trap if the power requirements of the switch and PDs exceed the threshold set with POWER INLINE USAGE THRESHOLD on page 286 Confirmation Command SHOW RUNNING CONFIG SNMP on page 1165 Example The following example disables the SNMP power inline trap awplus enable awplus configure terminal awplus config no snmp server enable tra...

Page 280: ...cy PDs are PoE devices that were designed before the IEEE 802 3af and IEEE 802 3at PoE standards were finalized The default setting is no support for legacy PDs Confirmation Commands SHOW POWER INLINE INTERFACE DETAIL on page 294 Example This example configures ports 1 to 6 to support legacy PDs awplus enable awplus configure terminal awplus config interface port1 0 1 port1 0 6 awplus config if po...

Page 281: ...he ports to make the ports and PDs easier to identify Note To add a general description to a port use the DESCRIPTION command For more information see DESCRIPTION on page 210 Confirmation Commands SHOW POWER INLINE on page 288 SHOW POWER INLINE INTERFACE on page 293 SHOW POWER INLINE INTERFACE DETAIL on page 294 Example This example adds the PD description Surveillance Camera5 to port 5 awplus ena...

Page 282: ...ommand to enable PoE on the ports This is the default setting Confirmation Commands SHOW POWER INLINE on page 288 SHOW POWER INLINE INTERFACE on page 293 SHOW POWER INLINE INTERFACE DETAIL on page 294 Example This example enables PoE on port 12 awplus enable awplus configure terminal awplus config interface port1 0 12 awplus config if power inline enable ...

Page 283: ...mount of power a port may transmit to a PD Ports can have different limits The default power limits are based on the classes of the PDs See Managing the Maximum Power Limit on Ports on page 264 for details Confirmation Commands SHOW POWER INLINE on page 288 SHOW POWER INLINE INTERFACE on page 293 SHOW POWER INLINE INTERFACE DETAIL on page 294 Example This example sets the maximum power limits on p...

Page 284: ...ing power This level is the default setting Mode Port Interface mode Description Use this command to assign PoE priority levels to the ports The priority levels are Low High and Critical Ports connected to the most critical PDs should be assigned the Critical level to guarantee them power before any of the other ports in the event the switch does not have enough power for all of the PDs If the swi...

Page 285: ...ommand Line User s Guide 285 Example This example assigns the Critical priority level to port 5 awplus enable awplus configure terminal awplus config interface port1 0 5 awplus config if power inline priority critical ...

Page 286: ... Use this command to set a threshold of the switch s total available system and PoE power An SNMP trap is transmitted if the requirements of the switch and the PDs exceed the threshold To activate the trap refer to SNMP SERVER ENABLE TRAP POWER INLINE on page 297 The default setting is 80 Confirmation Command SHOW POWER INLINE on page 288 Example This example sets the threshold to 90 of the switch...

Page 287: ...n Use this command to enable PoE on the switch or stack This is the default setting Confirmation Commands SHOW POWER INLINE on page 288 SHOW POWER INLINE INTERFACE on page 293 SHOW POWER INLINE INTERFACE DETAIL on page 294 Example This example enables PoE on the switch or stack awplus enable awplus configure terminal awplus config service power inline ...

Page 288: ...tus Nominal Power 490W Power Allocated 346 0W Actual Power Consumption 151 0W Operational Status On Power Usage Threshold 80 392W PoE Interface Interface Admin Pri Oper Power mW DeviceClassMax mW port1 0 1 Enabled Low Powered 3840 n a1 4000 C port1 0 2 Enabled High Powered 6720 n a2 7000 C port1 0 3 Enabled Low Powered 14784 n a3 15400 C port1 0 4 Enabled Crit Powered 14784 n a3 15400 C port1 0 5 ...

Page 289: ... A SNMP trap is transmitted if the power requirements of the switch and PDs exceed the threshold This parameter is set with POWER INLINE USAGE THRESHOLD on page 286 PoE Interface A table of port PoE information Interface The port number Admin The status of PoE on the port The status can be one of the following Enabled PoE is enabled The port can transmit power to a PD PoE is enabled with POWER INL...

Page 290: ...switch is exceeding the total available power Test The port is in a test mode Power The port s current power consumption in milliwatts mW Device The port s PD description This parameter is set with POWER INLINE DESCRIPTION on page 281 Class The PD s class PD See PD Classes on page 258 for details Max mW The port s maximum power limit in milliwatts mW and how the limit was set The methods are liste...

Page 291: ...e 65 SHOW POWER INLINE COUNTERS INTERFACE Command The fields are described in Table 25 PoE Counters Interface MPSAbsent Overload Short Invalid Denied port1 0 4 0 0 0 0 0 port1 0 5 0 0 0 0 0 port1 0 6 0 0 0 0 0 Table 25 SHOW POWER INLINE COUNTERS INTERFACE Command Field Description Interface The port number Overload The number of times the PD exceeded the power limit set with POWER INLINE MAX on pa...

Page 292: ...nt counters for ports 4 to 6 awplus show power inline counters interface port1 0 4 port1 0 6 Denied The number of times the port had to deny power to the PD because the switch had reached its maximum power capacity Table 25 SHOW POWER INLINE COUNTERS INTERFACE Command Field Description ...

Page 293: ...HOW POWER INLINE INTERFACE Command This command displays a subset of the information the SHOW POWER INLINE command displays The fields are described in Table 24 on page 289 Example This example displays PoE information for ports 1 to 4 awplus show power inline interface port1 0 1 port1 0 4 Interface Admin Pri Oper Power Device Class Max mW port1 0 1 Disabled Low Disabled 0 0 15400 C port1 0 2 Enab...

Page 294: ...67 Figure 67 SHOW POWER INLINE INTERFACE DETAIL Command The fields are described in Table 26 Interface port1 0 1 Powered device type Desk Phone 1 PoE admin enabled Priority Low Detection status Powered Current power consumption 00 mW Powered device class 1 Power allocated 5000 mW from configuration Detection of legacy devices is disabled Table 26 SHOW POWER INLINE INTERFACE DETAIL Command Field De...

Page 295: ...level This is default level High the higher priority level Crit the critical or highest priority level Detection status The PoE operating status of the port The possible status are listed here Powered The port is transmitting power to the PD Denied The port is not transmitting power to the PD because the switch has reached its maximum power capacity Off PoE is disabled on the port Fault The switch...

Page 296: ...ices The status of support for a legacy PD on the port Enabled The port supports legacy devices Disabled The port does not support legacy devices Support for legacy devices is enabled with POWER INLINE ALLOW LEGACY on page 280 and disabled with NO POWER INLINE ALLOW LEGACY on page 272 Powered pairs The twisted pairs used to transfer power to the PD This parameter is not adjustable The value is one...

Page 297: ...ctivate the transmission of the SNMP power inline trap The trap is sent if the power requirements of the switch and PDs exceed the power limit threshold set with POWER INLINE USAGE THRESHOLD on page 286 Confirmation Command SHOW RUNNING CONFIG SNMP on page 1165 Example This example enables the SNMP power inline trap awplus enable awplus configure terminal awplus config snmp server enable trap powe...

Page 298: ...Chapter 12 Power Over Ethernet Commands 298 ...

Page 299: ...6 Management Addresses This chapter contains the following information Overview on page 300 Assigning an IPv4 Management Address and Default Gateway on page 303 Assigning an IPv6 Management Address and Default Gateway on page 308 ...

Page 300: ...ternet Protocol Version 4 Packet Routing on page 1813 If you do not plan to use the packet routing feature create only one IPv4 routing interface on the switch The switch does not route packets if it has only one interface You may also assign the switch one IPv6 management address However as the table indicates the switch does not support all of the features when assigned only an IPv6 address Tabl...

Page 301: ...s Used to add static ARP entries to the switch yes no Syslog client Used to send the event messages from the switch to syslog servers on your network for storage yes no TACACS client Used for remote management authentication using a TACACS server on your network yes no Telnet client Used to manage other network devices from the switch yes yes Telnet server Used to remotely manage the switch with a...

Page 302: ... management address can be assigned manually or from a DHCP server on your network To learn the switch s MAC address to add to a DHCP server refer to SHOW SWITCH on page 171 An IPv6 address must be assigned manually The switch does not support the assignment of an IPv6 management address from a DHCP server or by IPv6 auto assignment You must also assign the switch a default gateway if the manageme...

Page 303: ...dress is to be assigned If the VLAN does not already exist you have to create it before you can assign the address For instructions refer to Chapter 60 Port based and Tagged VLANs on page 901 Here is the format of the command ip address ipaddress mask dhcp The IPADDRESS parameter is the IPv4 management address to be assigned the switch The address is specified in this format nnn nnn nnn nnn Each N...

Page 304: ... The VLAN is assigned the VID 17 and consists of untagged ports 5 and 6 The first series of commands create the new VLAN awplus enable Enter the Privileged Executive mode from the User Exec mode awplus configure terminal Enter the Global Configuration mode awplus config vlan database Use the VLAN DATABASE command to enter the VLAN Configuration mode awplus config vlan vlan 17 name Tech_support Use...

Page 305: ...esents the first hop to the networks in which the management devices reside The switch can have only one IPv4 default gateway and the address must be a member of the same subnet as the management IPv4 address The command for assigning the default gateway is the IP ROUTE command in the Global Configuration mode Here is the format ip route 0 0 0 0 0 ipaddress The IPADDDRESS parameter is the default ...

Page 306: ...t to change the address or assign it to a different VLAN you have to delete it and recreate it with the necessary changes To delete a static IPv4 management address from the switch enter the NO IP ADDRESS command in the VLAN Interface mode in which the current address is assigned This example of the command deletes the address from a VLAN with the VID of 17 awplus enable awplus configure terminal ...

Page 307: ...switch is displayed in the first entry in the table and the default gateway address if assigned to the switch in the second entry Figure 68 displays an example of the information Figure 68 SHOW IP ROUTE Command The columns in the display are defined in Table 29 on page 332 To view only the management IP address use the SHOW IP INTERFACE command also in the Privileged Exec mode awplus show ip inter...

Page 308: ...ns refer to Chapter 60 Port based and Tagged VLANs on page 901 If the switch already has an IPv4 address the IPv6 address must be assigned to the same VLAN as that address Here is the format of the command ipv6 address ipaddress mask The IPADDRESS parameter is the management IPv6 address for the switch entered in this format nnnn nnnn nnnn nnnn nnnn nnnn nnnn nnnn Where N is a hexadecimal digit fr...

Page 309: ...ace vlan8 awplus config if ipv6 address 1857 80cf d54 1a 8f57 64 awplus config if exit Note You cannot use a DHCP server or SLAAC State Address Autoconfiguration to assign the switch a dynamic IPv6 address The switch supports only a single static IPv6 address Adding an IPv6 Default Gateway Address The switch must be assigned a default gateway if the management devices for example TFTP servers Teln...

Page 310: ...g ipv6 route 0 389c be45 78 c45 8156 To verify the default route issue these commands awplus config if end awplus show ipv6 route Deleting an IPv6 Management Address and Default Gateway To delete a static IPv6 management address enter the NO IPV6 ADDRESS command in the VLAN Interface mode in which the current address is assigned This example of the command deletes the address from a VLAN with the ...

Page 311: ...default route is displayed first followed by the management address Figure 70 SHOW IPV6 ROUTE Command Another way to display just the management address is with the SHOW IPV6 INTERFACE command shown here awplus show ipv6 interface Here is an example of the information from the command Figure 71 SHOW IPV6 INTERFACE Command The columns are defined in Table 31 on page 335 IPv6 Routing Table Codes C c...

Page 312: ...Chapter 13 IPv4 and IPv6 Management Addresses 312 ...

Page 313: ... address IPV6 ADDRESS on page 322 VLAN Interface Assigns the switch a static IPv6 management address IPV6 ROUTE on page 324 Global Configuration Assigns the switch an IPv6 default gateway address NO IP ADDRESS on page 326 VLAN Interface Deletes the IPv4 management address NO IP ADDRESS DHCP on page 327 VLAN Interface Deactivates the IPv4 DHCP client on the switch NO IP ROUTE on page 328 Global Con...

Page 314: ...HOW IPV6 INTERFACE on page 335 Privileged Exec Displays the IPv4 management address SHOW IPV6 ROUTE on page 336 Privileged Exec Displays the IPv6 management address and default gateway Table 28 Management IP Address Commands Continued Command Mode Description ...

Page 315: ...ORS Syntax clear ipv6 neighbors Parameters None Mode Privileged Exec mode Description Use this command to clear all of the dynamic IPv6 neighbor entries Example This example clears all of the dynamic IPv6 neighbor entries awplus enable awplus clear ipv6 neighbors ...

Page 316: ...masks 255 255 0 0 and 255 255 255 0 respectively Mode VLAN Interface mode Description Use this command to manually assign the switch an IPv4 management address You must perform this command from the VLAN Interface mode of the VLAN to which to the address is to be assigned To assign the switch an IPv4 address from a DHCP server refer to IP ADDRESS DHCP on page 318 An IPv4 management address is requ...

Page 317: ... which has the VID 1 awplus enable awplus configure terminal awplus config interface vlan1 awplus config if ip address 142 35 78 21 24 This example assigns the switch the IPv4 management address 116 152 173 45 and subnet mask 255 255 255 0 The VLAN assigned the address has the VID 14 awplus enable awplus configure terminal awplus config interface vlan14 awplus config if ip address 116 152 173 45 2...

Page 318: ...which you want to assign the address The switch must have a management IPv4 address to support the features listed in Table 27 on page 300 The switch can have only one IPv4 address and it must be assigned to the VLAN from which the switch is to communicate with the management devices such as Telnet workstations and syslog servers The VLAN must already exist on the switch To manually assign the swi...

Page 319: ... activates the DHCP client so that the switch obtains its IPv4 management address from a DHCP server on your network The address is applied to a VLAN with the VID 4 awplus enable awplus configure terminal awplus config interface vlan4 awplus config if ip address dhcp ...

Page 320: ...ork devices such as Telnet clients and syslog servers that are not members of the same subnet as its IPv4 address You must assign the switch a default gateway address if both of the following are true You assigned the switch an IPv4 management address The management network devices are not members of the same subnet as the management IP address Review the following guidelines before assigning a de...

Page 321: ...Switch Command Line User s Guide 321 Example This example assigns the switch the IPv4 default gateway address 143 87 132 45 awplus enable awplus configure terminal awplus config ip route 0 0 0 0 0 143 87 132 45 ...

Page 322: ... number that represents the number of bits from left to right that constitute the network portion of the address For example an address whose network designator consists of the first eight bytes would need a mask of 64 bits Mode VLAN Interface mode Description Use this command to manually assign the switch an IPv6 management address You must perform this command from the VLAN Interface mode of the...

Page 323: ...the IPv6 management address 4c57 17a9 11 190 a1d4 64 to the Default_VLAN which has the VID 1 awplus enable awplus configure terminal awplus config interface vlan1 awplus config if ipv6 address 4c57 17a9 11 190 a1d4 64 This example assigns the switch the IPv6 management IPv4 address 7891 c45b 78 96 24 64 to a VLAN with the VID 4 awplus enable awplus configure terminal awplus config interface vlan4 ...

Page 324: ...an address of an interface on a router or other Layer 3 device It defines the first hop to reaching the remote subnets or networks where the network devices are located You must assign the switch a default gateway address if both of the following are true You assigned the switch an IPv6 management address The remote management devices such as Telnet workstations and TFTP servers are not members of...

Page 325: ...h Command Line User s Guide 325 Example This example assigns the switch the IPv6 default gateway address 45ab 672 934c 78 17cb awplus enable awplus configure terminal awplus config ipv6 route 0 45ab 672 934c 78 17cb ...

Page 326: ...ommand from the VLAN Interface mode of the VLAN to which the address is attached Note The switch uses the IPv4 management address to perform the features listed Table 27 on page 300 If you delete it the switch will not support the features unless it also has an IPv6 management address Confirmation Commands SHOW IP INTERFACE on page 331 and SHOW IP ROUTE on page 332 Example This example removes the...

Page 327: ... is attached This command also disables the DHCP client Note The switch uses the IPv4 management address to perform the features listed Table 27 on page 300 If you delete it the switch will not support the features unless it also has an IPv6 management address Confirmation Command SHOW IP INTERFACE on page 331 and SHOW IP ROUTE on page 332 Example This example removes the IPv4 management address f...

Page 328: ...Mode Global Configuration mode Description Use this command to delete the current IPv4 default gateway The command must include the current default gateway Confirmation Command SHOW IP ROUTE on page 332 Example This example deletes the default route 121 114 17 28 from the switch awplus enable awplus configure terminal awplus config no ip route 0 0 0 0 0 121 114 17 28 ...

Page 329: ...dress is attached Note The switch uses the IPv6 management address to perform the features listed Table 27 on page 300 If you delete it the switch will not support the features unless it also has an IPv4 management address Confirmation Command SHOW IPV6 INTERFACE on page 335 and SHOW IPV6 ROUTE on page 336 Example This example removes the static IPv6 management address from the VLAN with the VID 3...

Page 330: ...figuration mode Description Use this command to delete the current IPv6 default gateway from the switch The command must include the current default gateway Confirmation Command SHOW IPV6 ROUTE on page 336 Example This example deletes the IPv6 default route 2b45 12 9ac4 5bc7 89 from the switch awplus enable awplus configure terminal awplus config no ipv6 route 0 2b45 12 9ac4 5bc7 89 ...

Page 331: ...ure 72 is an example of the information Figure 72 SHOW IP INTERFACE Command The Interface field is the VID of the VLAN to which the management IP address is assigned The IP Address field is the management IP address of the switch Example The following example displays the management IP address assigned to a switch awplus show ip interface Interface IP Address Status Protocol VLAN14 0 123 94 146 72...

Page 332: ...ation Mask NextHop Interface Protocol 192 168 1 0 255 255 255 0 192 168 1 1 vlan1 0 INTERFACE Table 29 SHOW IP ROUTE Command Parameter Description Mask The masks of the management IP address and the default gateway address The mask of the default gateway is always 0 0 0 0 NextHop The management IP address and the default gateway address The management IP address is the first entry in the table and...

Page 333: ...conds since the RIP entry was added See Figure 74 The elements of the static and RIP routes are identified in Figure 74 Figure 74 Static and RIP Route Elements Table 30 Route Codes in the SHOW IP ROUTE Command Code Description S Default gateway R Route to a remote network learned by RIP S Static route to a remote network C Local network of a routing interface 149 101 33 0 24 1 0 via 149 101 23 28 ...

Page 334: ...Chapter 14 IPv4 and IPv6 Management Address Commands 334 Example The following example displays the routes on the switch awplus show ip route ...

Page 335: ...ation Figure 75 SHOW IPV6 INTERFACE Command The fields are described in Table 31 Example The following example displays the IPv6 management address awplus show ipv6 interface Interface IPv6 Address Status Protocol VLAN3 0 832a 5821 b34a 0 0 0 187 95a 64 admin up down Table 31 SHOW IPV6 INTERFACE Command Parameter Description Interface The VID of the VLAN to which the management address is assigned...

Page 336: ...ay on the switch Figure 76 is an example of the information The default route is display first followed by the management address Figure 76 SHOW IPV6 ROUTE Command Example The following example displays the IPv6 management address and default gateway awplus show ipv6 route IPv6 Routing Table Codes C connected S static S 0 0 0 0 0 0 0 0 0 via 832a 5821 b34a 0 0 0 187 14 vlan4 0 C 832a 5821 b34a 0 0...

Page 337: ...ation Overview on page 338 Activating the SNTP Client and Specifying the IP Address of an NTP or SNTP Server on page 339 Configuring Daylight Savings Time and UTC Offset on page 340 Disabling the SNTP Client on page 342 Displaying the SNTP Client on page 343 Displaying the Date and Time on page 344 ...

Page 338: ...gs Time For instructions refer to Configuring Daylight Savings Time and UTC Offset on page 340 You must specify the offset of the switch from Coordinated Universal Time UTC For instructions refer to Configuring Daylight Savings Time and UTC Offset on page 340 The switch must have a management IP address to communicate with an SNTP or NTP server For instructions refer to Adding a Management IP Addr...

Page 339: ...an NTP or SNTP server use the NTP PEER command in the Global Configuration mode You can specify the IP address of only one server This example of the command specifies 1 77 122 54 as the IP address of the server awplus enable awplus configure terminal awplus config ntp peer 1 77 122 54 To display the date and time use the SHOW CLOCK command in the User Exec and Privileged Exec modes awplus show cl...

Page 340: ...tions refer to Activating the SNTP Client and Specifying the IP Address of an NTP or SNTP Server on page 339 This table lists the commands you use to configure the daylight savings time and UTC offset The commands are located in the Global Configuration mode This example configures the client for DST and a UTC offset of 8 hours awplus enable awplus configure terminal awplus config clock summer tim...

Page 341: ... Line User s Guide 341 In this example the client is configured for ST and a UTC offset of 2 hours and 45 minutes awplus enable awplus configure terminal awplus config no clock summer time awplus config clock timezone 02 45 ...

Page 342: ... Disabling the SNTP Client To disable the SNTP client so that the switch does not obtain its date and time from an NTP or SNTP server use the NO PEER command in the Global Configuration mode awplus enable awplus configure terminal awplus config no ntp peer ...

Page 343: ... SHOW NTP ASSOCIATIONS Command The fields are described in Table 34 on page 353 To learn whether the switch has synchronized its time with the designated NTP or SNTP server use the SHOW NTP STATUS command An example of the information is shown in Figure 78 Figure 78 SHOW NTP STATUS Command SNTP Configuration Status Enabled Server 149 134 23 154 UTC Offset 2 Daylight Savings Time DST Enabled Clock ...

Page 344: ...hapter 15 Simple Network Time Protocol SNTP Client 344 Displaying the Date and Time To display the date and time use the SHOW CLOCK command in the User Exec mode or Privileged Exec mode awplus show clock ...

Page 345: ...activates Daylight Savings Time and enables Standard Time NO NTP PEER on page 349 Global Configuration Disables the NTP client NTP PEER on page 350 Global Configuration Specifies the IP address of the NTP or SNTP server from which the switch is to obtain the date and time PURGE NTP on page 351 Global Configuration Restores the default settings to the SNTP client SHOW CLOCK on page 352 User Exec an...

Page 346: ...the switch is in a locale that uses DST you must remember to enable this when DST begins and disable when DST ends If the switch is in a locale that does not use DST set this option to disabled all the time To disable DST on the client refer to NO CLOCK SUMMER TIME on page 348 Confirmation Command SHOW NTP ASSOCIATIONS on page 353 Example The following example enables DST on the SNTP client awplus...

Page 347: ...t is 00 00 Mode Global Configuration mode Description Use this command to set the UTC offset which is used by the switch to convert the time from an SNTP or NTP server into local time You must configure the NTP client with NTP PEER on page 350 before setting the UTC offset Confirmation Command SHOW NTP ASSOCIATIONS on page 353 Examples This example specifies a time difference of 2 hours between UT...

Page 348: ...se this command to disable Daylight Savings Time DST and activate Standard Time ST on the SNTP client Confirmation Command SHOW NTP ASSOCIATIONS on page 353 Examples The following example disables Daylight Savings Time DST and activates Standard Time ST on the SNTP client awplus enable awplus configure terminal awplus config no clock summer time ...

Page 349: ...e the SNTP client on the switch When the client is disabled the switch does not obtain its date and time from an SNTP or NTP server the next time it is reset or power cycled Confirmation Command SHOW NTP ASSOCIATIONS on page 353 Example The following example deactivates the SNTP client on the switch awplus enable awplus configure terminal awplus config no ntp peer ...

Page 350: ...specify the IP address of the SNTP or NTP server from which it is to obtain its date and time You can specify only one SNTP or NTP server After you enter this command the switch automatically begins to query the network for the defined server Confirmation Command SHOW NTP ASSOCIATIONS on page 353 Example This example defines the IP address of the SNTP server as 1 77 122 54 awplus enable awplus con...

Page 351: ...lete the IP address of the SNTP or NTP server and restore the client settings to the default values Confirmation Command SHOW NTP ASSOCIATIONS on page 353 Example The following example disables the SNTP client deletes the IP address of the SNTP or NTP server and restores the client settings to the default values awplus enable awplus configure terminal awplus config purge ntp ...

Page 352: ...OW CLOCK Syntax show clock Parameters None Modes User Exec mode and Privileged Exec mode Description Use this command to display the switch s date and time Example The following example displays the switch s date and time awplus show clock ...

Page 353: ...4 SHOW NTP ASSOCIATIONS Command Parameter Description Status The status of the SNTP client software on the switch The status can be either enabled or disabled If enabled the switch seeks its date and time from an NTP or SNTP server The default is disabled To enable the client use NTP PEER on page 350 To disable the client refer to NO NTP PEER on page 349 Server The IP address of an NTP or SNTP ser...

Page 354: ...in hours between UTC and local time The range is 12 to 12 hours The default is 0 hours This value is set with CLOCK TIMEZONE on page 347 Daylight Savings Time DST The status of the daylight savings time setting The status can be enabled or disabled This value is set with CLOCK TIMEZONE on page 347 Table 34 SHOW NTP ASSOCIATIONS Command Continued Parameter Description ...

Page 355: ...P or SNTP server An example of the display is shown in Figure 80 Figure 80 SHOW NTP STATUS Command The IP address above is the address of the NTP or SNTP server specified with the NTP PEER command See NTP PEER on page 350 The clock offset is configured with the CLOCK TIMEZONE command See CLOCK TIMEZONE on page 347 Example The following example displays the status of the NTP or SNTP server assigned...

Page 356: ...Chapter 16 SNTP Client Commands 356 ...

Page 357: ...e System DNS Overview on page 358 Adding a DNS Server to the Switch on page 360 Enabling or Disabling the DNS Client on page 361 Adding a Domain to the DNS List on page 362 Setting a Default Domain Name for the DNS on page 363 ...

Page 358: ...name segments The format of a domain name is the same as the host portion of a Uniform Resource Locator URL and each segment is separated by a period The hierarchy of a domain name descends from right to left The segment on the far right is a top level domain name shared by many hosts For example the alliedtelesis of www alliedtelssis com belongs to the top level domain com and the www belongs to ...

Page 359: ...equests Each domain in the DNS list is tried in DNS lookups For example when you use the ping alliedtelesis command the switch sends a DNS request for alliedtelesis com When no match is found the switch tries alliedtelesis net You can create the DNS list using the IP DOMAIN LIST command Default Domain The switch can have one default domain The switch allows you to save typing of a domain in the CL...

Page 360: ...ere is no limit on the number of servers you can add to the list To add the IP address of a DNS server use the IP NAME SERVER command The following example adds the IP address of a DNS server 10 8 4 75 to the list of DNS servers awplus enable awplus configure terminal awplus config ip name server 10 8 4 75 To display the list of DNS servers use the SHOW IP NAME SERVER command in the Privileged Exe...

Page 361: ...ou to use domain names instead of IP addresses when you enter commands on your switch The DNS client on the switch is enable by default To disable the DNS client use the NO IP DOMAIN LOOKUP command awplus no ip domain lookup To enable the DNS client use the IP DOMAIN LOOKUP command awplus enable awplus ip domain lookup ...

Page 362: ...ip domain list net If you enter the command ping alliedtelesis the switch sends a DNS request for alliedtelesis com When no match was found the switch tries alliedtelesis net To view the entries in the DNS list use the command awplus show ip domain name Here is an example of the information the command displays Figure 83 SHOW IP DOMAIN NAME Command Display Also the SHOW HOSTS command displays the ...

Page 363: ...domain The switch uses the default domain only when no domains are specified in the DNS list To set alliedtelesis com as a default domain name use the IP DOMAIN NAME command awplus enable awplus configure terminal awplus config ip domain name alliedtelesis com To display the default domain use the SHOW IP DOMAIN NAME command in the Privileged Exec mode awplus show ip domain name Here is an example...

Page 364: ...Chapter 17 Domain Name System DNS 364 ...

Page 365: ... Global Configuration Adds a domain name to the DNS list that the switch tries starting with the first entry added IP DOMAIN LOOKUP on page 371 Global Configuration Enables the DNS client on the switch to use domain names instead of IP addresses in commands SHOW IP NAME SERVER on page 372 Privileged Exec Displays the list of DNS servers on the switch SHOW IP DOMAIN NAME on page 373 Privileged Exec...

Page 366: ...his list There is a maximum of three servers that you can add to the list When the switch is using its DHCP client for an interface it can receive Option code 6 from the DHCP server After a switch receives Option code 6 from a DHCP server it automatically adds information about the DHCP server to the end of the existing domain list To delete a DNS server from the switch s server list use the NO IP...

Page 367: ...tch Command Line User s Guide 367 To delete a DNS server with an IP address of 10 10 10 5 from the DNS server list use the command awplus enable awplus configure terminal awplus config no ip name server 10 10 10 5 ...

Page 368: ...ault domain you specify with this command The switch uses the default domain only when no domains are specified in the DNS list To view the DNS list use the SHOW IP DOMAIN NAME command When the switch is using its DHCP client for an interface it can receive DHCP option 15 from the DHCP server The option 15 replaces the domain name specified by the IP DOMAIN NAME command with the domain name from t...

Page 369: ...rn in DNS lookups The first entry you create is checked first For example when you add com first then net to the DNS list and enter the PING ALLIEDTELESIS command in the CLI the switch appends com to alliedtelesis using as a separator and sends a DNS request for alliedtelesis com When no match is found the switch appends the second entry net in the DNS list and tries alliedtelesis net Note Do not ...

Page 370: ... the DNS list use the following commands awplus enable awplus configure terminal awplus config ip domain list com awplus config ip domain list net To delete the domain net from the DNS list use the following command awplus enable awplus configure terminal awplus config no ip domain list net ...

Page 371: ...ing a DNS query to the DNS server specified with the IP NAME SERVER command The DNS client is enabled by default However it does not attempt DNS queries unless at least one DNS server is configured To disable the DNS client on the switch use the NO IP DOMAIN LOOKUP command Example The following example enables the DNS client on the switch awplus enable awplus configure terminal awplus config ip do...

Page 372: ...play the list of DNS servers on the DNS server list on the switch This command shows a static list configured using the IP NAME SERVER command An example of the information is shown in Figure 87 Figure 87 SHOW IP NAME SERVER Command Example To display the list of DNS servers configured using the IP NAME SERVER command awplus show ip name server DNS Name Servers 10 8 4 75 ...

Page 373: ...st of domains on the DNS list on the switch This command shows information configured using the IP DOMAIN NAME and IP DOMAIN LIST commands An example of the information is shown in Figure 88 Figure 88 SHOW IP DOMAIN NAME Command Example This example displays the default domain and the list of domains awplus show ip domain name DNS default domain alliedtelesis com DNS domain list domain com domain ...

Page 374: ...command to display the default domain name a list of DNS domain names and a list of DNS servers Figure 89 shows an example of the information Figure 89 SHOW HOSTS Command Example To display the information awplus show hosts DNS default domain alliedtelesis com DNS domain list domain com domain net domain oh us DNS Name Servers 192 168 1 85 ...

Page 375: ... Table This chapter discusses the following topics Overview on page 376 Adding Static MAC Addresses on page 378 Deleting MAC Addresses on page 380 Setting the Aging Timer on page 382 Displaying the MAC Address Table on page 383 ...

Page 376: ...ll its ports excluding the port where the packet was received If the ports are grouped into virtual LANs the switch floods the packet only to those ports that belong to the same VLAN from which the packet originated This prevents packets from being forwarded to inappropriate LAN segments and increases network security When the destination node responds the switch adds the node s MAC address and po...

Page 377: ...utes You can also enter addresses manually into the table These addresses are referred to as static addresses Static MAC addresses remain in the table indefinitely and are never deleted even when the network devices are inactive Static MAC addresses are useful for addresses that the switch might not learn through its normal learning process or for addresses that you want the switch to retain even ...

Page 378: ...riable to specify the port to which the end node of an address is connected You can specify just one port vlan name or VID Use this variable to specify the name or the ID number of the VLAN of the port of the address This information is optional in the command This example adds the static MAC address 00 1B 75 62 10 84 to port 12 in the Default VLAN The port forwards the packets of the designated n...

Page 379: ...AT 8100 Switch Command Line User s Guide 379 awplus enable awplus configure terminal awplus config mac address table static 00 a0 d2 18 1a 11 discard interface port1 0 7 ...

Page 380: ... xx xx or xxxx xxxx xxxx interface You can use this parameter to delete all of the static or dynamic addresses on a particular port You can specify more than one port at a time vlan You can use this parameter to delete all of the static or dynamic addresses on the ports of a particular VLAN You can specify just one VID at a time This example of the command deletes all of the dynamic addresses from...

Page 381: ...addresses added to ports 2 to 5 awplus enable awplus clear mac address table static interface port1 0 2 port1 0 5 This example deletes all of the dynamic addresses learned on the ports of the VLAN with the VID 82 awplus enable awplus clear mac address table dynamic vlan 82 This example deletes all of the static addresses added to the ports of the VLAN with the VID 18 awplus enable awplus clear mac...

Page 382: ... To set the aging timer use the MAC ADDRESS TABLE AGEING TIME command in the Global Configuration mode Here is the format of the command mac address table ageing time value none The aging time is expressed in seconds and has a range of 10 to 1000000 seconds The default is 300 seconds 5 minutes The value none disables the aging timer so that inactive MAC addresses are never deleted from the table T...

Page 383: ...he command displays the entire MAC address table awplus show mac address table This example displays the MAC addresses learned on port 2 awplus show mac address table interface port1 0 2 Aging Interval 300 second s Switch Forwarding Database VLAN Port MAC Fwd 1 1 0 5 0011 2495 53f8 forward dynamic 1 1 0 5 0023 6c90 08b9 forward dynamic 1 1 0 5 0024 36a0 1551 forward dynamic 1 1 0 5 0025 00d7 8908 ...

Page 384: ...Chapter 19 MAC Address Table 384 This example displays the addresses learned on the ports in a VLAN with the VID 8 awplus show mac address table vlan 8 ...

Page 385: ...GEING TIME on page 388 Global Configuration Sets the aging timer which is used by the switch to identify inactive dynamic MAC addresses for deletion from the table MAC ADDRESS TABLE STATIC on page 390 Global Configuration Adds static unicast MAC addresses to the table NO MAC ADDRESS TABLE STATIC on page 392 Global Configuration Deletes static unicast MAC addresses from the table SHOW MAC ADDRESS T...

Page 386: ...her one of the following formats xx xx xx xx xx xx or xxxx xxxx xxxx interface Deletes MAC addresses learned on a specific port port Specifies the port the MAC addresses to be deleted was learned on You can specify more than one port vlan Deletes MAC addresses learned on a specific VLAN vid Specifies the VID of the VLAN the MAC addresses to be deleted was learned on You can specify just one VID Mo...

Page 387: ...ar mac address table static address 00 12 a3 d4 67 da This example deletes all of the dynamic addresses learned on ports 17 to 20 awplus enable awplus clear mac address table dynamic interface port1 0 17 port1 0 20 This example deletes all of the static addresses added to port 19 awplus enable awplus clear mac address table static interface port1 0 19 This example deletes all of the dynamic addres...

Page 388: ...address table to prevent the table from becoming full of inactive addresses An address is considered inactive if no packets are sent to or received from the corresponding node for the duration of the timer Setting the aging timer to none disables the timer No dynamic MAC addresses are aged out and the table stops learning new addresses after reaching its maximum capacity To return the aging timer ...

Page 389: ... not delete inactive dynamic MAC addresses from the table awplus enable awplus configure terminal awplus config mac address table ageing time none This example returns the aging timer to its default setting of 300 seconds awplus enable awplus configure terminal awplus config no mac address table ageing time ...

Page 390: ...AC address is to be assigned A unicast MAC address can be added to only one port vlan name Specifies the name of the VLAN where the node designated by the MAC address is a member vid Specifies the ID number of the VLAN where the node designated by the MAC address is a member This parameter is optional Mode Global Configuration mode Description Use this command to add static unicast MAC addresses t...

Page 391: ... 0 4 vlan Production This example adds the static MAC address 00 a0 d2 18 1d 11 to port 7 in the Default_VLAN which has the VID 1 The port discards the packets from the specified node awplus enable awplus configure terminal awplus config mac address table static 00 a0 d2 18 1a 11 discard interface port1 0 7 vlan 1 This example adds the static MAC address 78 1a 45 c2 22 32 to port 15 in the Marketi...

Page 392: ... designated source MAC address port Specifies the port s where the MAC address is assigned vlan name Specifies the name of the VLAN where the node of the MAC address is a member This parameter is optional vid Specifies the ID number of the VLAN where the node of the MAC address is a member You can omit this parameter when removing addresses from the Default_VLAN Mode Global Configuration mode Desc...

Page 393: ... of the owner of the address awplus enable awplus configure terminal awplus config no mac address table static 00 a0 d2 18 1a 11 forward interface port1 0 12 vlan 1 This example deletes the MAC address 86 24 3c 79 52 32 from port 16 in the Sales VLAN The port is discarding packets of the owner of the address awplus enable awplus configure terminal awplus config no mac address table static 86 24 3c...

Page 394: ...C address is included in the display The address must be specified in either one of the following formats xx xx xx xx xx xx or xxxx xxxx xxxx port Specifies a port You may specify more than one port vid Specifies a VID You may specify one VID Modes Privileged Exec mode Description Use this command to display the aging timer and the unicast and multicast MAC addresses the switch has stored in the t...

Page 395: ...ward Dynamic 1 1 0 2 00a0 c416 3b80 Forward Dynamic 1 1 0 3 00a0 12c2 10c6 Forward Dynamic 1 1 0 4 00a0 c209 10d8 Forward Dynamic 1 1 0 4 00a0 3343 a187 Forward Dynamic 1 1 0 4 00a0 12a7 1468 Forward Dynamic Total Number of MAC Addresses 121 Multicast Switch Forwarding Database Total Number of MCAST MAC FDB Addresses 1 VLAN MAC Port Maps U Untagged T Tagged 1 01 00 51 00 00 01 Static U 18 24 T Tab...

Page 396: ...at include a value of 90 08 B9 awplus show mac address table include 90 08 B9 Fwd The status of the address MAC addresses have the status of Forward meaning that they are used by the switch to forward packets unlabeled The type of address static or dynamic Table 38 SHOW MAC ADDRESS TABLE Command Multicast Addresses Parameter Description VLAN The ID number of the VLAN where the port is an untagged ...

Page 397: ...on page 398 Configuring the Stack ID Number on page 405 Displaying the Switches of a Stack on page 406 Updating the Management Software on page 408 Note This feature is supported on the 8100S Series switches but not on the 8100L Series switches ...

Page 398: ...that the switches are using the same version of management software that no two switches have the same ID number and that the stacking ports are cabled correctly The selection of the master switch is based on the ID numbers The master switch is the switch with the lowest ID number of all the switches in the stack The selection occurs during the discovery process described in Initialization Process...

Page 399: ... both topologies is shown in Figure 92 Although the topologies are the same in terms of network speed and performance the duplex ring topology is the recommended wiring configuration because of the secondary path it provides through the stacking ports The two pathways protect the switches of the stack against the loss of communications due to a failure of a stacking port cable or switch Figure 92 ...

Page 400: ...tension For example you might name the file STACKBLF2RM4 CFG The master switch periodically sends the active boot configuration file over the stacking ports to the other switches in the stack which save the file in their respective file systems The master switch distributes the file so that should it stop functioning or be removed from the stack any of the other switches can assume the role of mas...

Page 401: ...ster unit it is BOOT CFG So does this mean that you should use BOOT CFG as the filename for the active boot configuration files on your stacks It does not really matter so long as you remember that if you use a different name the master switch changes it to BOOT CFG when it sends the file to the member switches To reduce the chance of errors keep the active boot file as BOOT CFG on all switches an...

Page 402: ...ly assumes the role as the master switch of the stack The remaining switches retain their configuration settings and there is no interruption of the forwarding of Layer 2 packets from the remaining switches Here are the actions of an active stack when a new switch is added If the ID number of the new member switch is higher than the numbers of the existing switches the master switch waits for the ...

Page 403: ...ity between the switches Guidelines Here are the general guidelines to building a new 8100S Series stack For complete installation instructions refer to the 8100S Series Stacking Installation Guide All 8100S Series switches support stacking A stack can have up to eight switches of one chip models or 208 ports The AT 8100S 48 and AT 8100S 48POE are two chip switches If a two chip switch is a part o...

Page 404: ... stand alone units to use enhanced stacking The 8100L Series switches do not support stacking but they have a stack ID LED and an ID number because they use the same management software as the 8100S Series switches The correct ID number of an 8100L Series switch is 0 Here are the general guidelines for adding a new switch to an existing stack You have to assign the new switch an ID number before y...

Page 405: ...one ID number Before assigning the stack ID number to a switch consider the following items A switch should be assigned a stack ID number before it is connected to the stack Each switch in a stack must have a unique ID number The stack ID number 0 is used for stand alone switches A switch can have only one ID number Caution This command causes the switch to reset The switch does not forward networ...

Page 406: ...splays this prompt Stacking is disabled on this switch If the switch has a stack ID number of 1 to 8 but is not connected to a stack the command displays the stack ID number and MAC address of the switch Here is an example of the information Figure 93 SHOW STACK Command for a Stand alone Switch with a Stack ID of 1 to 8 It the switch is part of an active stack the command lists information about t...

Page 407: ...ck In most situations the master and local fields display the same information because a stack should always be managed through the master switch Stacking summary Information ID MACADDRESS SwVer Model Status Role 1 00 00 54 55 56 42 2 2 1 3 AT 8100S 24 Ready Master 2 00 00 54 55 78 11 2 2 1 3 AT 8100S 24C Ready Member 3 00 00 54 55 12 09 2 2 1 3 AT 8100S 24 Ready Member 4 00 00 54 55 56 42 2 2 1 3...

Page 408: ...d the management software to the master switch of the stack using TFTP For instructions refer to Uploading or Downloading Files with TFTP on page 579 2 After the master switch has received the new software from the TFTP server on your network it writes the file to flash memory and automatically begins to download the new management software to the member switches 3 After all of the member switches...

Page 409: ... a stack of 8100S Switches refer to the 8100S Series Stack Installation Guide Table 40 Stacking Commands Command Mode Description SHOW STACK on page 410 Privileged Exec Displays the stack ID numbers and MAC addresses of the switches of a stack STACK on page 411 Global Configuration Sets the stack ID number of the switch ...

Page 410: ... Example The following example displays the stack ID numbers and MAC addresses of the switches in a stack awplus enable awplus show stack Stacking summary Information ID MACADDRESS SwVer Model Status Role 1 eec5 611d 6a54 2 2 5 0 AT 8100S 24C Ready Master 2 eccd 6d4b 2492 2 2 5 0 AT 8100S 24F LC Ready Member 3 0015 7700 010e 2 2 5 0 AT 8100S 16F8 SC Ready Member 4 00a0 d299 aabb 2 2 5 0 AT 8100S 2...

Page 411: ...he switch can have only one ID number The number should be set before the switch is connected to the stack The range is 0 to 8 Assign stand alone switches the stack ID number of 0 This command displays a confirmation prompt Type Y to renumber the switch or N to cancel the procedure Caution This command causes the switch to reset The switch does not forward network traffic while it initializes its ...

Page 412: ...Chapter 22 Stacking Commands 412 This example assigns the stack ID number 0 to a switch that currently has the ID number 4 awplus enable awplus configure terminal awplus config stack 4 renumber 0 ...

Page 413: ... Member Switch on page 420 Managing the Member Switches of an Enhanced Stack on page 422 Changing the Enhanced Stacking Mode on page 424 Uploading Boot Configuration Files from the Command Switch to Member Switches on page 426 Uploading the Management Software from the Command Switch to Member Switches on page 433 Disabling Enhanced Stacking on page 435 ...

Page 414: ...int to the other switches in a stack To manage the switches of a stack you start a local or remote management session on the command switch and then redirect the session as needed to the other switches The other switches in the stack are known as member switches They can be managed either through the command switch with enhanced stacking or from local or remote management sessions Common VLAN The ...

Page 415: ...ommon VLAN to the command switch There are not any distance limitations between the command switch and the member switches of a stack other than those dictated by the Ethernet cabling standards The command switch is not required to be assigned a management IP address The member switches also do not require IP addresses The enhanced stacking feature on the AT 8100 Switch is not compatible with the ...

Page 416: ... is not necessary if you are using the Default_VLAN VID 1 as the common VLAN 5 Optionally assign the command switch a management IP address in the common VLAN 6 If you plan to remotely manage the stack from management workstations that are not members of the same subnet as the switch assign the command switch a default gateway that defines the first hop to reaching the subnet of the workstations S...

Page 417: ...same subnet as the command switch 1 This step creates the common VLAN awplus enable Enter the Privileged Exec mode from the User Exec mode awplus configure terminal Enter the Global Configuration mode awplus config vlan database From the Global Configuration mode enter the VLAN Interface mode awplus config vlan vlan 12 name Tech_Support Create the Tech_Support VLAN and assign it the VID 12 awplus ...

Page 418: ...ort VLAN awplus config if ip address 149 22 88 5 24 Assign the VLAN the management IP address 149 22 88 5 and the subnet mask 255 255 255 0 awplus config if exit Return to the Global Configuration mode awplus config ip route 0 0 0 0 0 149 22 88 27 Assign the switch the default gateway 149 22 88 27 awplus config exit Return to the Privileged Exec mode awplus show ip interface Confirm the IP address...

Page 419: ...AT 8100 Switch Command Line User s Guide 419 awplus write Save the configuration ...

Page 420: ...use that is the default setting awplus enable Enter the Privileged Executive mode from the User Executive mode awplus configure terminal Enter the Global Configuration mode awplus config vlan database Enter the VLAN Interface mode awplus config vlan vlan 12 name Tech_Support Create the Tech_Support VLAN and assign it the VID 12 awplus config vlan exit Return to the Global Configuration mode awplus...

Page 421: ...he Privileged Executive mode 4 Connect the switches together using ports of the common VLAN awplus config estack run Activate enhanced stacking on the switch awplus config exit Return to the Privileged Exec mode awplus show estack Confirm the stack mode of the switch awplus write Save the configuration ...

Page 422: ...mple is shown here Figure 96 SHOW ESTACK REMOTELIST Command 3 Use the RCOMMAND command in the Global Configuration mode to redirect the management session from the command switch to one of the member switches in the list The format of the command is shown here rcommand switch_id For example to manage the dutB switch in the list you would enter this command awplus configure terminal awplus config r...

Page 423: ...e User Exec mode or Privileged Exec mode to return the management session to the command switch 7 To manage another member switch in the enhanced stack repeat this procedure starting with Step 2 8 To end the management session return to the User Exec mode or Privileged Exec mode on the command switch and enter the EXIT command ...

Page 424: ...to change its mode to the command mode if it is part of an active stack The easiest way to determine whether the switch is part of an active stack is to use the SHOW ESTACK command An example of the command is shown here Figure 97 SHOW ESTACK Command If the brackets following Member are empty the switch is not part of a stack and you can use the ESTACK COMMMAND SWITCH command in the Global Configu...

Page 425: ...mmand with the ESTACK COMMAND SWITCH command 3 On the original command switch restart enhanced stacking with the ESTACK RUN command and if desired reestablish its command mode with the ESTACK COMMAND SWITCH command Disabling enhanced stacking changes the mode on a command switch from command to member ...

Page 426: ... store the file on the command switch To restore the configuration of a member switch you could download this file to it from the command switch and afterwards manually configure whatever other settings are needed for that specific member switch If the switches have different configurations a generic configuration file may not be that useful Instead you could store each switch s unique configurati...

Page 427: ...rk in which multiple switches have the same IP address A member switch has to be configured for enhanced stacking before the command switch can upload a configuration file to it This means you have to activate enhanced stacking on it and if the common VLAN of the enhanced stack is not the Default VLAN you have to create the common VLAN on the switch When a member switch receives a boot configurati...

Page 428: ...erminal Enter the Global Configuration mode awplus config upload config remotelist Enter the UPLOAD CONFIG REMOTELIST command to begin the file transfer Enter the configuration file name Eng12c cfg At the prompt enter the name of the configuration file the command switch is to upload to the member switch The filename in this example is Eng12c cfg Enter the list of switches 3 At the prompt enter th...

Page 429: ...e on the new switch is to be actSalesE4 cfg The first step is to create the common VLAN on the new switch This is necessary because the enhanced stack is not using the Default VLAN as the common VLAN of the stack To create the common VLAN and to activate enhanced stacking perform these steps 1 Start a local or remote management session on the new switch 2 Create the common VLAN on the new switch w...

Page 430: ...from the command switch with these steps 1 Start a local or remote management session on the command switch of the enhanced stack 2 Transfer the SalesE4 cfg configuration file from the command switch to the new member switch by performing these commands awplus config if end Return to the Privileged Exec mode awplus show vlan 12 Verify the new VLAN awplus configure terminal Enter the Global Configu...

Page 431: ...o confirm that it has the configuration file you want to upload to the member switch In this example the filename is Eng12c cfg file awplus configure terminal Enter the Global Configuration mode awplus config upload config remotelist Enter the UPLOAD CONFIG REMOTELIST command to begin the file transfer Enter the configuration file name SalesE4 cfg At the prompt enter the name of the configuration ...

Page 432: ...itch awplus enable Enter the Privileged Exec mode awplus config move boot cfg actSalesE4 cfg Rename the boot cfg configuration file to actSalesE4 cfg awplus config boot config file actSalesE4 cfg Designate the actSalesE4 file as the active boot configuration file on the switch awplus config exit Return to the Privileged Exec mode awplus exit End your management session of the replacement member sw...

Page 433: ... see this prompt enter the enhanced stacking ID numbers of the member switches to receive the management software from the command switch The numbers are viewed with the SHOW ESTACK REMOTELIST command in the Privileged Exec mode You may update the management software on more than one member switch at a time To specify more than one switch separate the numbers with commas To update all of the switc...

Page 434: ...alled on the command switch awplus enable Enter the Privileged Exec mode from the User Exec mode awplus show estack remotelist Display the enhanced stacking ID numbers of the member switches in the stack You should perform this command even if you intend to update all of the member switches to ensure that the command switch is aware of all of the member switches that comprise the stack awplus conf...

Page 435: ...the command when you are managing a switch directly from a local management session or a remote Telnet SSH or web browser session When you disable enhanced stacking on a command switch you may not use the switch to manage the member switches of an enhanced stack It should be noted that disabling enhanced stacking on a command switch returns the mode to the member switch mode So if you reactivate e...

Page 436: ...Chapter 23 Enhanced Stacking 436 ...

Page 437: ... Configuration Redirects the management session to a different switch in the enhanced stack REBOOT ESTACK MEMBER on page 444 Global Configuration Reboots member switches of an enhanced stack from the command switch SHOW ESTACK on page 446 Privileged Exec Displays whether the switch is a command or member switch and whether enhanced stacking is enabled or disabled SHOW ESTACK COMMAND SWITCH on page...

Page 438: ... Commands 438 UPLOAD IMAGE REMOTELIST on page 452 Global Configuration Uploads the management software on the command switch of an enhanced stack to the member switches Table 41 Enhanced Stacking Commands Command Mode Description ...

Page 439: ...0 A switch that is a member of an active enhanced stack cannot be changed to the command mode You must first disable enhanced stacking on the current command switch in the stack You cannot use this command on a switch accessed through enhanced stacking This command can only be used from a local or remote management session of the switch Confirmation Command SHOW ESTACK on page 446 Example This exa...

Page 440: ... Mode Global Configuration mode Description Use this command to activate enhanced stacking on the switch Confirmation Command SHOW ESTACK on page 446 Example The following example activates enhanced stacking on the switch awplus enable awplus configure terminal awplus config estack run ...

Page 441: ... command mode and now want to return it to member mode Enhanced stacking must be activated on the switch for you to use the command To activate enhanced stacking refer to ESTACK RUN on page 440 You cannot use this command on a switch accessed through enhanced stacking This command can only be used from a local or remote management session of the switch To configure the switch as a command switch r...

Page 442: ...able enhanced stacking on the command switch its mode is reset to member mode Consequently you must set it back again to the command mode if you reactivate enhanced stacking Note You should only use this command from a local or remote management session of the switch You should not issue this command on a member switch that you accessed through enhanced stacking Otherwise your management session w...

Page 443: ...ber switch in the enhanced stack The member switch is identified by its ID number displayed with SHOW ESTACK REMOTELIST on page 449 You can manage only one member switch at a time Note You must perform this command from the command switch of the stack This command will not work on a member switch Note You should perform the SHOW ESTACK REMOTELIST command before this command When you are finished m...

Page 444: ...ividual member switches or all of the member switches of a stack You must perform SHOW ESTACK REMOTELIST on page 449 prior to this command to determine the ID numbers of the switches Caution A switch does not forward network traffic when it reboots and initializes its management software Some network traffic may be lost The reset can take from 10 seconds to two minutes depending on the number and ...

Page 445: ...oots a member switch that has the ID number 3 awplus enable awplus configure terminal awplus config reboot estack member 3 This example reboots all of the member switches of the enhanced stack awplus enable awplus configure terminal awplus config reboot estack member all ...

Page 446: ...f the information the command displays Figure 98 SHOW ESTACK Command The fields are described in Table 42 on page 446 Table 42 SHOW ESTACK Command Parameter Description Enhanced Stacking mode The status of enhanced stacking on the switch and the mode of the switch The possible modes are Command Enhanced stacking is enabled on the switch and the switch is set to the command mode Enhanced Stacking m...

Page 447: ...mmand switch on the common VLAN of the enhanced stack The number is the switch s stack ID number If the brackets are empty the switch did not detect a command switch on the common VLAN and so does not consider itself part of an enhanced stack Disabled Enhanced stacking is disabled on the switch MAC address The switch s MAC address Model Type The model name of the switch Version Number The name and...

Page 448: ...lent to issuing the SHOW ESTACK command on the command switch Figure 99 is an example of the information the command displays Figure 99 SHOW ESTACK COMMAND SWITCH Command The fields are described in Table 42 on page 446 Example The following example displays the enhanced stacking information about the command switch awplus enable awplus show estack command switch Enhanced Stacking mode Member 1 Ma...

Page 449: ...e or model series The default is MAC address An example is shown in Figure 100 Figure 100 SHOW ESTACK REMOTELIST Command The list does not include the command switch on which you entered the command Note This command only works on the command switch of the stack It does not work on member switches Examples This example displays the member switches of an enhanced stack by MAC address awplus enable ...

Page 450: ...ample sorts the switches by host name awplus enable awplus configure terminal awplus config show estack remotelist name This example sorts the switches by model series awplus enable awplus configure terminal awplus config show estack remotelist series ...

Page 451: ...witch to the member switches You may specify only one filename and the name must include the extension cfg The second prompt is shown here Enter the list of switches At this prompt enter the enhanced stack numbers of the member switches to receive the file If you are uploading a file to more than one switch separate the numbers with commas The numbers are viewed with the SHOW ESTACK REMOTELIST com...

Page 452: ...mmas To update all of the switches in the enhanced stack enter ALL The numbers are viewed with the SHOW ESTACK REMOTELIST command in the Privileged Exec mode Here are the steps of the file transfer between the command switch and a member switch 1 The command switch sends its management software to the member switch over the Ethernet link of the common VLAN that connects the switches of the enhance...

Page 453: ...ot power off the member switches while they are writing the software to their flash memory Example This example uploads the management software on the command switch to two member switches that have the ID numbers 1 and 5 awplus enable awplus configure terminal awplus config upload image remotelist Remote switches will reboot after load is complete Enter the list of switches 1 5 Uploading 13316011...

Page 454: ...Chapter 24 Enhanced Stacking Commands 454 ...

Page 455: ...455 Chapter 25 Link flap Protection This chapter explains link flap protection The sections in this chapter include Overview on page 456 Guidelines on page 457 Configuring the Feature on page 458 ...

Page 456: ...p events by entering messages in the event logs and transmitting SNMP traps You define the rate and duration that constitute link flap events These values are set at the switch level The rate defines the number of link changes that have to occur to signal a link flap event A link change is defined as any time a port loses a link or establishes a link to an end node When a port establishes a link t...

Page 457: ...e performance of the switch is not affected if you enable it on all of the ports This feature is supported on the base ports and the SFP and XFP modules in the switches Ports that have been disabled by the switch because of link flap events do not forward traffic again until you enable them with the NO SHUTDOWN command or the LINK FLAP PROTECTION command ...

Page 458: ...that link flap events are defined as seven link changes in three minutes and they activate the feature on ports 11 to 20 To configure this example enter awplus enable awplus configure terminal awplus config link flap rate 7 awplus config link flap duration 180 awplus config interface 1 11 1 20 awplus config if link flap protection awplus config if end awplus show link flap ...

Page 459: ... for link flap events LINK FLAP PROTECTION on page 461 Port Interface Activates link flap protection on the ports LINK FLAP RATE on page 462 Global Configuration Specifies the number of link state changes that constitute link flap events NO LINK FLAP PROTECTION on page 463 Port Interface Disables link flap protection on the ports SHOW LINK FLAP on page 464 User Exec and Privileged Exec Displays th...

Page 460: ...od the switch uses to determine whether a port has experienced a link flap event A link flap event occurs on a port when its link state changes a defined number of times in a defined period of time The number of link state changes referred to as the rate is set with LINK FLAP RATE on page 462 The duration is set with this command Confirmation Command SHOW LINK FLAP on page 464 Example This example...

Page 461: ...re more than one port at a time Mode Port Interface mode Description Use this command to activate link flap protection on the ports Confirmation Command SHOW LINK FLAP on page 464 Example This example activates link flap protection on ports 11 to 15 awplus enable awplus configure terminal awplus config interface port1 0 11 port1 0 15 awplus config if link flap protection ...

Page 462: ... Description Use this command to specify the number of link changes that constitute a link flap event on a port A link change is defined as any time a port loses a link to an end node or establishes a link You may want to use this command in conjunction with LINK FLAP DURATION on page 460 Confirmation Command SHOW LINK FLAP on page 464 Example This example defines a link flap event as eight link c...

Page 463: ...o disable link flap protection on the ports Link flap protection is disabled on the switch if it is disabled on all of the ports Confirmation Command SHOW LINK FLAP on page 464 Example This example disables link flap protection on ports 18 and 24 awplus enable awplus configure terminal awplus config interface port1 0 18 port1 0 24 awplus config if no link flap protection ...

Page 464: ...nd to display the status and settings of link flap protection on the switch Here is an example of the information this command displays Figure 101 SHOW LINK FLAP Command Example This example displays the status and settings of link flap protection awplus enable awplus show link flap Link Flap Protection On Link Flap Member s port1 0 1 port1 0 17 Duration 60 Rate 8 ...

Page 465: ...wing topics Overview on page 466 Creating the Port Mirror or Adding New Source Ports on page 467 Removing Source Ports or Deleting the Port Mirror on page 468 Combining the Port Mirror with Access Control Lists on page 469 Displaying the Port Mirror on page 471 ...

Page 466: ...source ports are the ports whose packets are to be mirrored and monitored The destination port is the port where the packets from the source ports are copied and where the network analyzer is connected There can be only one destination port on the switch Here are the guidelines for the port mirror The switch supports only one port mirror The port mirror can have just one destination port The port ...

Page 467: ...ure terminal awplus config interface port1 0 5 awplus config if mirror interface port1 0 3 direction receive The switch immediately begins to copy the monitored traffic from the source ports to the destination port as soon as you create the port mirror To add new source ports to the port mirror return to the Port Interface mode of the destination port and enter the same command For example to moni...

Page 468: ...g interface port1 0 11 awplus config if no mirror interface port1 0 2 To stop port mirroring and return the destination port to normal network operations remove all of the source ports from the port mirror For example if the source ports of the port mirror were ports 1 to 4 and the destination port was 18 you would enter these commands to stop the port mirror and reestablish normal network operati...

Page 469: ...en have to create the access control list and assign it to the port whose packets you want to monitor When you create the access control list you have to specify the copy to mirror action Here is an example of the feature It assumes you want to monitor ports 14 and 15 for ingress packets that have the IP address 149 83 124 95 as their destination address The traffic is to be copied to port 18 the ...

Page 470: ...tination port of the port mirror awplus show access list Use the SHOW ACCESS LIST command to confirm the configuration of the access control list awplus show interface port1 0 14 port1 0 15 access group Use the SHOW INTERFACE ACCESS GROUP command to confirm that the access control list is assigned to ports 14 and 15 Mirror To Port Name Port1 0 18 Hardware IP access list 3008 copy to mirror ip any ...

Page 471: ...rror with access control lists to copy subsets of ingress packets on source ports the SHOW MIRROR command displays only the destination port of the copied traffic Here is an example Figure 103 SHOW MIRROR Command and Access Control Lists To view the access control lists and their port assignments use SHOW ACCESS LIST on page 1641 and SHOW INTERFACE ACCESS GROUP on page 1643 respectively Mirror Tes...

Page 472: ...Chapter 27 Port Mirror 472 ...

Page 473: ...ination port for access control lists that use the copy to mirror action MIRROR INTERFACE on page 475 Port Interface Creates the port mirror and adds ports to the port mirror NO MIRROR INTERFACE on page 477 Port Interface Removes source ports from the port mirror and deletes the port mirror SHOW MIRROR on page 478 Privileged Exec Displays the destination port and source ports of the port mirror ...

Page 474: ...the copy to mirror action in access control lists You can designate only one destination port Confirmation Command SHOW MIRROR on page 478 Example This example designates port 21 as the destination port for packets from the copy to mirror action of access control lists awplus enable awplus configure terminal awplus config interface port1 0 5 awplus config if mirror ...

Page 475: ...the destination port The options are receive Copies the ingress packets on a source port transmit Copies the egress packets on a source port both Copies both the ingress and egress packets on a source port Mode Port Interface mode Description Use this command to create the port mirror or to add ports to the port mirror You must issue this command from the Port Interface mode of the destination por...

Page 476: ...3 and 4 the source ports to port 5 the destination port If port 5 is already acting as the destination port of the port mirror the commands add ports 3 and 4 to the port mirror awplus enable awplus configure terminal awplus config interface port1 0 5 awplus config if mirror interface port1 0 3 port1 0 4 direction receive ...

Page 477: ...rt Interface mode of the destination port of the port mirror To delete the port mirror and return the destination port to normal operations remove all of the source ports from the port mirror Confirmation Command SHOW MIRROR on page 478 Example These commands remove ports 7 and 8 from the port mirror If these are the only source ports of the port mirror the port mirror is deleted and the destinati...

Page 478: ...Mirror Test Port Name port1 0 22 Mirror option Enabled Mirror direction both Monitored Port Name port1 0 1 Mirror Test Port Name port1 0 22 Mirror option Enabled Mirror direction receive Monitored Port Name port1 0 4 Destination Port Source Port Destination Port Source Port Table 45 SHOW MIRROR Command Parameter Description Mirror Test Port Name The destination port of the port mirror The switch c...

Page 479: ...1643 respectively Example The following example displays the source and destination ports of the port mirror on the switch awplus show mirror Mirror direction The packets to be mirrored to the destination port The states are listed here Receive The ingress packets of the source port are mirrored to the destination port Transmit The egress packets of the source port are mirrored to the destination ...

Page 480: ...Chapter 28 Port Mirror Commands 480 ...

Page 481: ...481 Chapter 29 DHCP Relay Overview Overview on page 482 Configuring the DHCP Relay Agent on page 486 ...

Page 482: ...cal subnets on the switch in the IPv4 packet routing feature Each routing interface functions as the DHCP relay agent for the clients in its subnet forwarding BOOTP requests from the clients and responses from the servers If you will be using the IPv4 packet routing feature on all the local subnets then by default all of the clients will have access to a DHCP relay agent because each subnet will h...

Page 483: ... agent on the switch is disabled To view the status of the agent and the IP addresses of the servers use the SHOW BOOTP RELAY command These guidelines apply to the DHCP relay agent You can specify up to five DHCP or BOOTP servers on the switch Because both BOOTP and DHCP use BOOTP messages the DHCP relay agents can relay both their packets The relay agent supports IPv4 address interfaces but not I...

Page 484: ...HCP server To configure the switch to check for the presence of option 82 information in incoming DHCP requests configure DHCP relay agent option checking with the command in interface mode use IP DHCP RELAY AGENT OPTION CHECKING on page 497 By default this will cause the switch to act as follows If the incoming DHCP request has a null IP address 0 0 0 0 in the giaddr field and contains option 82 ...

Page 485: ...eives a request packet from a DHCP client it appends the option 82 component data and forwards the packet to the DHCP server The DHCP client sometimes issues packets containing pad option fields that can be overwritten with option 82 data Where there are insufficient pad option fields to contain all the option 82 data the DHCP relay increases the packet size to accommodate the option 82 data If th...

Page 486: ...pecify the IP addresses of the DHCP servers on your network with the IP DHCP RELAY SERVER ADDRESS command in the Global Configuration mode You can specify up to five addresses This example of the command adds the two DHCP server addresses 149 23 22 143 and 149 23 104 23 to the relay agent awplus enable Enter the Privileged Exec mode from the User Executive mode awplus configure terminal Enter the ...

Page 487: ...er is a decimal number that represents the number of bits from left to right that constitute the network portion of the address Here are a couple of basic examples The decimal mask 16 is equivalent to the mask 255 255 0 0 The decimal mask 24 is equivalent to the mask 255 255 255 0 After assigning the VLAN an IP address interface you may add the DHCP relay agent to it with the IP DHCP RELAY command...

Page 488: ...ace with the IP ADDRESS command awplus config if ip dhcp relay Add the DHCP relay agent to the VLAN awplus config if end Return to the Privileged Exec mode awplus show ip interface Confirm the IP address in the VLAN with the SHOW IP INTERFACE command awplus show ip dhcp relay interface vlan28 Confirm the addition of the relay agent to the VLAN with the SHOW IP DHCP RELAY command and the INTERFACE ...

Page 489: ...ays to the DHCP servers IP DHCP RELAY AGENT OPTION Stop the DHCP relay agent from inserting its option 82 information into the client request packets it relays to the DHCP servers This is the default setting NO IP DHCP RELAY AGENT OPTION Configure the DHCP relay agent to discard DHCP requests that have option 82 information and a null IP address 0 0 0 0 in the giaddr fields IP DHCP RELAY AGENT OPT...

Page 490: ...keep The relay agent forwards the packet without altering the option 82 field replace The relay agent replaces the existing relay agent details in the option 82 field with its own details before forwarding the packet This is the default setting Specify the maximum length of the client requests when the policy of the DHCP relay agent is set to the append policy IP DHCP RELAY MAX MESSAGE LENGTH leng...

Page 491: ...t exceed the threshold To set the maximum hop count use the IP DHCP RELAY MAXHOPS command in the Global Configuration mode shown here ip dhcp relay maxhops maxhops The MAXHOPS parameter specifies the maximum hop count for DHCP requests The range is 1 to 255 and the default is 10 This example sets the hop count to 25 awplus enable awplus configure terminal awplus config ip dhcp relay maxhops 25 Act...

Page 492: ...Chapter 29 DHCP Relay Overview 492 ...

Page 493: ...lds IP DHCP RELAY INFORMATION POLICY on page 498 Global Configuration Sets the response of the DHCP relay agent to client packets containing option 82 information IP DHCP RELAY MAX MESSAGE LENGTH on page 500 Global Configuration Sets the maximum permitted length in bytes of DHCP client requests IP DHCP RELAY MAXHOPS on page 501 Global Configuration Sets the hop count for DHCP requests IP DHCP RELA...

Page 494: ...lobal Configuration Deletes the IP addresses of DHCP servers from the relay agent NO SERVICE DHCP RELAY on page 507 Global Configuration Disables the DHCP relay agent on the switch to stop the VLANs from forwarding any further DHCP requests SERVICE DHCP RELAY on page 508 Global Configuration Activates the DHCP relay agent on the switch SHOW IP DHCP RELAY on page 509 Privileged Exec Displays the se...

Page 495: ...Ns must be assigned IP addresses Confirmation Command SHOW IP DHCP RELAY on page 509 Examples This example activates the DHCP relay agent on the Default VLAN which has the VID 1 awplus enable awplus configure terminal awplus config interface vlan1 awplus config if ip dhcp relay This example activates DHCP relay on a VLAN with the VID 12 awplus enable awplus configure terminal awplus config interfa...

Page 496: ... its option 82 information into the client request packets it relays to the DHCP servers This command must be used with IP DHCP RELAY INFORMATION POLICY on page 498 Confirmation Command SHOW IP DHCP RELAY on page 509 Example This example configures the DHCP relay agent to insert its option 82 information in the client request packets awplus enable awplus configure terminal awplus config ip dhcp re...

Page 497: ...t have option 82 information and a null IP address 0 0 0 0 in the giaddr fields You may use this feature to protect the network from fake or suspicious DHCP requests Confirmation Command SHOW IP DHCP RELAY on page 509 Example This example configures the DHCP relay agent to discard DHCP requests with option 82 information and a null IP address 0 0 0 0 in the giaddr fields awplus enable awplus confi...

Page 498: ...e option 82 field with its own details before forwarding the packet This is the default setting Mode Global Configuration mode Description Use this command to set the response of the DHCP relay agent to client packets containing option 82 information This command has to be used in combination with IP DHCP RELAY AGENT OPTION on page 496 If you select the append policy the relay agent overwrites any...

Page 499: ...ure terminal awplus config ip dhcp relay information policy append This example selects the keep policy so that the DHCP relay agent does not modify the option 82 fields in the packets awplus enable awplus configure terminal awplus config ip dhcp relay information policy keep This example returns the policy to the replace policy awplus enable awplus configure terminal awplus config ip dhcp relay i...

Page 500: ...cy adds the switch s option 82 information to the option 82 information the clients requests already contain If adding the option 82 information creates a request with a length greater than that specified with this command the switch deletes the packet To return the parameter to its default setting of 1400 bytes use the NO form of this command Confirmation Command SHOW IP DHCP RELAY on page 509 Ex...

Page 501: ...y agent discards DHCP requests that have hop counts that exceed the threshold To return the parameter to its default setting of 10 hop counts use the NO form of this command Confirmation Command SHOW IP DHCP RELAY on page 509 Examples This example sets the maximum hop count to 25 awplus enable awplus configure terminal awplus config ip dhcp relay maxhops 25 This example returns the maximum hop cou...

Page 502: ...al Configuration mode Description Use this command to add the IP addresses of DHCP servers to the relay agent The agent can have up to five addresses but you may add only one address at a time with this command Confirmation Command SHOW IP DHCP RELAY on page 509 Example This example adds the IP address 149 22 12 56 of a DHCP server to the relay agent awplus enable awplus configure terminal awplus ...

Page 503: ...her DHCP requests Confirmation Command SHOW IP DHCP RELAY on page 509 Examples This example removes the DHCP relay agent from the Default VLAN which has the VID 1 awplus enable awplus configure terminal awplus config interface vlan1 awplus config if no ip dhcp relay This example removes the DHCP relay agent from a VLAN with the VID 23 awplus enable awplus configure terminal awplus config interface...

Page 504: ...stop the DHCP relay agent from inserting its option 82 information into the client request packets it relays to the DHCP servers Confirmation Command SHOW IP DHCP RELAY on page 509 Example This example stops the DHCP relay agent from inserting its option 82 information in the client request packets awplus enable awplus configure terminal awplus config no ip dhcp relay agent option ...

Page 505: ...DHCP relay agent to forward DHCP requests that have option 82 information and a null IP address 0 0 0 0 in the giaddr fields Confirmation Command SHOW IP DHCP RELAY on page 509 Example This example configures the DHCP relay agent to forward DHCP requests with option 82 information and a null IP address 0 0 0 0 in the giaddr fields awplus enable awplus configure terminal awplus config no ip dhcp re...

Page 506: ...Use this command to delete the IP addresses of the DHCP servers from the relay agent You may delete only one address at a time with this command To display the IP addresses refer to SHOW IP DHCP RELAY on page 509 Confirmation Command SHOW IP DHCP RELAY on page 509 Example This example deletes the IP address 214 154 35 78 of a DHCP server from the relay agent awplus enable awplus configure terminal...

Page 507: ...figuration mode Description Use this command to disable the DHCP relay agent on the switch to stop the VLANs from forwarding any further DHCP requests Confirmation Command SHOW IP DHCP RELAY on page 509 Example This example disables the DHCP relay agent awplus enable awplus configure terminal awplus config no service dhcp relay ...

Page 508: ...s None Mode Global Configuration mode Description Use this command to activate the DHCP relay agent on the switch Confirmation Command SHOW IP DHCP RELAY on page 509 Example This example activates the DHCP relay agent awplus enable awplus configure terminal awplus config service dhcp relay ...

Page 509: ...mand Field Definition DHCP Relay Service The enabled or disabled status of the agent The status is controlled with SERVICE DHCP RELAY on page 508 and NO SERVICE DHCP RELAY on page 507 Maximum hop count The hop count for discarding DHCP request messages from clients The parameter is controlled with IP DHCP RELAY MAXHOPS on page 501 DHCP Relay Service is enabled List of Interfaces Maximum hop count ...

Page 510: ...ion The status of adding the switch s option 82 information into the client DHCP requests This parameter is configured with IP DHCP RELAY AGENT OPTION on page 496 and NO IP DHCP RELAY AGENT OPTION on page 504 Checking if Relay Agent Option The status of whether or not the switch discards DHCP requests that have option 82 information and a null IP address 0 0 0 0 in the giaddr fields This is config...

Page 511: ...511 Chapter 31 Group Link Control This chapter provides the following sections Overview on page 512 Guidelines on page 520 Configuration Examples on page 521 ...

Page 512: ...hat leads to a network core while the downstream port is connected to a different device at or towards the edge of a network But in other cases this might not be true because the ports are connected to the same device Instead it might be better to think of the upstream port of a group as the control port because it determines the possible link states of the downstream port The switch allows the do...

Page 513: ...tect it directly and would respond by automatically transferring the traffic to the redundant network interface and the secondary path which leads to switch 4 Figure 107 Group Link Control Example 1 But if the failure occurs further upstream between switches 1 and 3 as shown in Figure 108 on page 514 the server unaware of the problem loses connectivity to the network It continues to transmit packe...

Page 514: ...to the server Assume that switch 3 is connected to switch 1 with port 17 and to the server with port 24 as shown in Figure 109 on page 515 If you group the two ports with group link control such that port 17 is the upstream or control port of the group and port 24 is the downstream port a loss of the link on port 17 causes the switch to disable port 24 dropping the connection to the server The ser...

Page 515: ...ontrol group can have more than one upstream or downstream port This enables it to support static port trunks and LACP trunks When a group has two or more upstream ports all of the upstream ports must lose connectivity before the switch disables the downstream ports This is illustrated in Figure 110 on page 516 where a link control group on switch 3 has two upstream ports ports 17 and 20 and two d...

Page 516: ... ports 17 and 20 the downstream ports 24 and 25 are disabled Figure 111 Group Link Control Example 5 In the previous examples the ports of the groups on the switch are connected to different devices making it possible for downstream devices to know whether or not there are links to upstream devices Another ...

Page 517: ...ated in this figure Switch 1 and switch 3 are connected with a static or LACP trunk of three links A backup trunk from switch 2 to switch 3 is placed in the blocking state by the spanning tree protocol to prevent a network loop Figure 112 Group Link Control Example 6 Let s assume you want switch 3 to shut down the primary trunk to switch 1 if the active trunk loses one link For this you would crea...

Page 518: ...down the primary trunk if two links are lost you create six groups to cover all of the possible combinations The groups are listed in Table 50 on page 519 As mentioned previously only one of the groups has to be true for the switch to disable the remaining ports in the trunk For instance a loss of connectivity on ports 8 and 10 makes group 5 true causing the switch to disable ports 7 and 9 which s...

Page 519: ... Switch Command Line User s Guide 519 Table 50 Link Control Groups on Switch 3 in Example 7 Link Control Group Upstream Ports Downstream Ports 1 7 8 9 10 2 8 9 7 10 3 9 10 7 8 4 7 9 8 10 5 8 10 7 9 6 7 10 8 9 ...

Page 520: ...ntrol passes the link states of the upstream ports to the downstream ports but not the reverse Changes to the states of the downstream ports are not transferred to the upstream ports A group is active as soon as you create it The downstream ports of a new group immediately stop forwarding traffic if the upstream ports do not have links When a downstream port is disabled by group link control it re...

Page 521: ... Add downstream ports GROUP LINK CONTROL DOWNSTREAM group_id 1 to 8 Remove upstream ports NO GROUP LINK CONTROL UPSTREAM group_id 1 to 8 Remove downstream ports NO GROUP LINK CONTROL DOWNSTREAM group_id 1 to 8 Display the groups SHOW GROUP LINK CONTROL group_id 1 to 8 awplus enable Enter the Privileged Executive mode from the User Executive mode awplus configure terminal Enter the Global Configura...

Page 522: ...oup link control 3 Create the three groups with the GROUP LINK CONTROL command awplus config interface port1 0 7 Move to the Port Interface mode for port 7 awplus config if group link control upstream 1 awplus config if group link control downstream 2 awplus config if group link control downstream 3 Add port 7 as an upstream port to group 1 and a downstream port to groups 2 and 3 awplus config if ...

Page 523: ... their configurations ID 1 Status Down Downstream Link Ports s port1 0 8 port1 0 9 Upstream Member Ports s port1 0 7 ID 2 Status Down Downstream Link Ports s port1 0 7 port1 0 9 Upstream Member Ports s port1 0 8 ID 3 Status Down Downstream Link Ports s port1 0 7 port1 0 8 Upstream Member Ports s port1 0 9 ...

Page 524: ...Chapter 31 Group Link Control 524 ...

Page 525: ...K CONTROL DOWNSTREAM on page 527 Port Interface Adds downstream ports to groups GROUP LINK CONTROL UPSTREAM on page 529 Port Interface Adds upstream ports to groups NO GROUP LINK CONTROL on page 530 Global Configuration Deletes groups NO GROUP LINK CONTROL DOWNSTREAM on page 531 Port Interface Removes downstream ports from groups NO GROUP LINK CONTROL UPSTREAM on page 532 Port Interface Removes up...

Page 526: ...iguration mode Description Use this command to create new groups for group link control To add ports to groups refer to GROUP LINK CONTROL DOWNSTREAM on page 527 and GROUP LINK CONTROL UPSTREAM on page 529 Use the NO form of this command to delete groups Confirmation Command SHOW GROUP LINK CONTROL on page 533 Example This example creates a group with the ID 1 awplus enable awplus configure termin...

Page 527: ...age 526 Note When creating a group on an active switch you should add the upstream ports first to prevent group link control from disabling the downstream ports If you add downstream ports to a group that does not have any upstream ports or whose upstream ports do not have links to network devices group link control immediately disables the downstream ports Use the NO form of this command to remov...

Page 528: ...Control Commands 528 This example adds ports 15 and 16 as downstream ports to group ID 3 awplus enable awplus configure terminal awplus config interface port1 0 15 port1 0 16 awplus config if group link control downstream 3 ...

Page 529: ...s on how to create groups refer to GROUP LINK CONTROL on page 526 Use the NO form of this command NO GROUP LINK CONTROL UPSTREAM to remove upstream ports from groups Confirmation Command SHOW RUNNING CONFIG on page 170 Examples This example adds port 5 as an upstream port to group ID 4 awplus enable awplus configure terminal awplus config interface port1 0 5 awplus config if group link control ups...

Page 530: ...his command to delete groups from group link control Note Downstream ports that group link control has disabled remain disabled even after a group is deleted To manually activate them use the NO SHUTDOWN command For instructions refer to Enabling or Disabling Ports on page 188 or NO SHUTDOWN on page 224 Confirmation Command SHOW GROUP LINK CONTROL on page 533 Example This example deletes the group...

Page 531: ...as disabled remain disabled when removed from a group To manually activate the ports use the NO SHUTDOWN command For instructions refer to Enabling or Disabling Ports on page 188 or NO SHUTDOWN on page 224 Confirmation Command SHOW GROUP LINK CONTROL on page 533 Examples This example removes downstream port 3 from group ID 5 awplus enable awplus configure terminal awplus config interface port1 0 3...

Page 532: ... the upstream ports from a group disables the downstream ports Confirmation Command SHOW GROUP LINK CONTROL on page 533 Examples This example removes upstream port 15 from group ID 3 awplus enable awplus configure terminal awplus config interface port1 0 15 awplus config if no group link control upstream 3 This example removes upstream ports 12 and 13 from group ID 8 awplus enable awplus configure...

Page 533: ...Figure 114 is an example of the information Figure 114 SHOW GROUP LINK CONTROL Command The fields are defined in Table 53 ID 1 Status Up Downstream Link Port s port1 0 22 port1 0 24 Upstream Member Port s port1 0 20 port1 0 22 ID 2 Status Up Downstream Link Port s port1 0 7 Upstream Member Port s port1 0 9 ID 3 Status Down Downstream Link Port s port1 0 11 port1 0 14 Upstream Member Port s port1 0...

Page 534: ... ports or has either upstream or downstream ports but not both Down The group has upstream and downstream ports but they do not have links to network devices In the case of downstream ports it may be because group link control disabled them because the upstream ports do not have links to network devices Up The upstream and downstream ports have links to network devices Downstream Link Port s The d...

Page 535: ...rt Interface Resumes forwarding egress multicast packets on ports NO SWITCHPORT BLOCK INGRESS MULTICAST on page 537 Port Interface Resumes forwarding ingress multicast packets on ports SWITCHPORT BLOCK EGRESS MULTICAST on page 538 Port Interface Blocks egress multicast packets on ports SWITCHPORT BLOCK INGRESS MULTICAST on page 539 Port Interface Blocks ingress multicast packets on ports ...

Page 536: ...to resume forwarding of egress multicast packets on ports By default this is the default setting on all of the ports on the switch Confirmation Command SHOW INTERFACE on page 234 Example This example resumes forwarding of egress multicast packets on port 19 awplus enable awplus configure terminal awplus config interface port1 0 19 awplus config if no switchport block egress multicast ...

Page 537: ...mode Description Use this command to resume forwarding of ingress multicast packets on ports Confirmation Command SHOW INTERFACE on page 234 Example This example resumes forwarding of ingress multicast packets on ports 2 and 8 awplus enable awplus configure terminal awplus config interface port1 0 2 port1 0 8 awplus config if no switchport block ingress multicast ...

Page 538: ... range of 01 80 C2 00 00 00 to 01 80 C2 00 00 0F Note If IGMP snooping is disabled on the switch all reports are suppressed on a port even if you enable this command By default IGMP snooping is disabled on the switch For more information about this feature see Chapter 40 Internet Group Management Protocol IGMP Snooping on page 599 Confirmation Command SHOW INTERFACE on page 234 Example This exampl...

Page 539: ...to 01 80 C2 00 00 0F Note If IGMP snooping is disabled on the switch all reports are suppressed on a port even if you enable this command By default IGMP snooping is disabled on the switch For more information about this feature see Chapter 40 Internet Group Management Protocol IGMP Snooping on page 599 Confirmation Command SHOW INTERFACE on page 234 Example This example blocks ingress multicast p...

Page 540: ...Chapter 33 Multicast Commands 540 ...

Page 541: ...ters Chapter 34 File System on page 543 Chapter 35 File System Commands on page 551 Chapter 36 Boot Configuration Files on page 559 Chapter 37 Boot Configuration File Commands on page 565 Chapter 38 File Transfer on page 577 Chapter 39 File Transfer Commands on page 589 ...

Page 542: ...542 ...

Page 543: ...cs Overview on page 544 Copying Boot Configuration Files on page 545 Renaming Boot Configuration Files on page 546 Deleting Boot Configuration Files on page 547 Displaying the Specifications of the File System on page 548 Listing the Files in the File System on page 549 ...

Page 544: ...tion key pairs The file system has a flat directory structure All the files are stored in the root directory The file system does not support subdirectories Table 55 File Extensions and File Types Extension File Type cfg Configuration file cer Certificate file pem Certificate enrollment request key Public encryption key log Event log ...

Page 545: ... specifies the name of the boot configuration file you want to copy The DESTINATIONFILE parameter specifies the name of the new copy The name can be up to 16 alphanumeric characters and must include the extension cfg Spaces are not allowed This command creates a copy of the configuration file unit12 cfg in the switch s file system and names the copy unit24 cfg awplus copy unit12 cfg unit24 cfg Not...

Page 546: ...is example renames the Sales2sw cfg boot configuration file to unit12a cfg awplus enable awplus move Sales2sw cfg unit12a cfg Note If you rename the active boot configuration file you will have to designate another active boot configuration file before the switch will allow you to save new parameter settings For instructions on how to designate the active boot configuration file refer to Specifyin...

Page 547: ...the configuration file unit2a cfg awplus delete unit2a cfg Note If you delete the active boot configuration file you will have to designate another active boot configuration file before the switch will allow you to save new parameter settings If you delete the active boot configuration file and reset the switch the switch returns to its default settings For instructions on how to designate the act...

Page 548: ...nd the amount of space used by the files currently stored in the file system It is the SHOW FILE SYSTEMS command Here is an example of the information Figure 115 SHOW FILE SYSTEMS Command The fields in the table are described in Table 57 on page 557 Here is the command from the Privileged Exec mode awplus show file systems Size b Free b Type Flags Prefixes S D V Lcl Ntwk Avail 2 0M 1 4M flash rw c...

Page 549: ...nd Line User s Guide 549 Listing the Files in the File System To view the names of the files in the file system of the switch use the DIR command in the Privileged Exec mode awplus dir The command does not accept wildcards ...

Page 550: ...Chapter 34 File System 550 ...

Page 551: ...s DELETE on page 553 Privileged Exec Deletes boot configuration files from the file system DELETE FORCE on page 554 Privileged Exec Deletes boot configuration files from the file system DIR on page 555 Privileged Exec Lists the files in the file system MOVE on page 556 Privileged Exec Renames files SHOW FILE SYSTEMS on page 557 Privileged Exec Displays the amount of free and used memory in the fil...

Page 552: ...this command to create copies of boot configuration files in the file system of the switch Creating copies of the active boot configuration file is an easy way to maintain a history of the configurations of the switch To display the name of the active boot configuration file refer to SHOW BOOT on page 572 If the destination filename is the same as the name of an existing file in the file system th...

Page 553: ...witch This command is equivalent to DELETE FORCE on page 554 Note If you delete the active configuration file the switch recreates it the next time you issue the WRITE command or the COPY RUNNING CONFIG STARTUP CONFIG command To view the name of the active boot configuration file on the switch refer to SHOW BOOT on page 572 To view a list of the files in the file system refer to DIR on page 555 Ex...

Page 554: ...s command is equivalent to DELETE on page 553 Note If you delete the active configuration file the switch recreates it the next time you issue the WRITE command or the COPY RUNNING CONFIG STARTUP CONFIG command To view the name of the active boot configuration file on the switch refer to SHOW BOOT on page 572 To view a list of the files in the file system refer to DIR on page 555 Examples This com...

Page 555: ...5 DIR Syntax dir Parameter None Mode Privileged Exec mode Description Use this command to list the names of the files stored in the file system on the switch Example The following command lists the file names stored in the file system awplus dir ...

Page 556: ...ode Description Use this command to rename boot configuration files in the switch s file system Note If you rename the active boot configuration file the switch recreates it the next time you issue the WRITE command or the COPY RUNNING CONFIG STARTUP CONFIG command Note If you rename the active boot configuration file and reset the switch without specifying a new active boot configuration file or ...

Page 557: ... b Type Flags Prefixes S D V Lcl Ntwk Avail 2 0M 1 4M flash rw cfg static local Y Table 57 SHOW FILE SYSTEMS Command Parameter Description Size B The total amount of flash memory in the switch The amount is given in megabytes M or kilobytes k Free B The amount of unused flash memory in the switch The amount is given in megabytes M or kilobytes k Type The type of memory Flags The file setting optio...

Page 558: ...ays the specifications of the file system awplus show file systems Lcl Ntwk Whether the memory is located locally or via a network connection Y N Whether the memory is accessible Y yes N no not appropriate Table 57 SHOW FILE SYSTEMS Command Continued Parameter Description ...

Page 559: ...iles This chapter discusses the following topics Overview on page 560 Specifying the Active Boot Configuration File on page 561 Creating a New Boot Configuration File on page 563 Displaying the Active Boot Configuration File on page 564 ...

Page 560: ...ttings every time you power off or reset the unit The switch as part of its initialization process whenever it is powered on or reset automatically refers to this file to set its parameter settings You can store more than one boot configuration file in the file system on the switch but only one file can be the active file at a time The active boot configuration file is specified with the BOOT CONF...

Page 561: ...enter the WRITE command or the COPY RUNNING CONFIG STARTUP CONFIG command In fact you probably will not want to enter either of those commands after you specify a new active boot configuration file because that would cause the switch to overwrite the settings in the file with the current settings After you enter the command it does one of two things depending on whether the filename is of a new or...

Page 562: ... it as the active boot configuration file The file is now ready to store any new parameter settings you might make to the switch In this example the settings of the switch are configured using a different boot configuration file in the file system Perhaps it is an archive copy of an early configuration of the unit or perhaps a boot configuration file you downloaded from another switch In either ca...

Page 563: ...ncluding the extension cfg If you specify the name of an existing file the new file overwrites the existing file It is important to understand that this command does not change the switch s active boot configuration file That file remains unchanged All this command does is create a new boot configuration file of the current parameter settings in the file system If you want to change the active boo...

Page 564: ...nd awplus show boot Here is an example of the information Figure 117 SHOW BOOT Command The Current boot config field displays the name of the active boot configuration file which for the switch in the example is switch2 cfg The rest of the fields are defined in Table 59 on page 572 Current software v2 1 1 Current boot image v2 1 1 Backup boot image Not set Default boot config cfg boot cfg Current ...

Page 565: ...ivileged Exec Saves the switch s current configuration to the active boot configuration file ERASE STARTUP CONFIG on page 570 Privileged Exec Returns the switch to its default settings NO BOOT CONFIG FILE on page 571 Global Configuration Designates the default BOOT CFG file as the active boot configuration file on the switch SHOW BOOT on page 572 Privileged Exec Displays the names of the active co...

Page 566: ...onfiguration file enter a new filename in the command The command automatically creates the file updates it with the current settings of the switch and designates it as the active boot configuration file To specify an existing boot configuration file as the new active file on the switch include the file s name in the command The switch marks it as the active boot configuration file Afterwards do o...

Page 567: ... as the switch s active configuration file The example assumes that the file already exists in the file system of the switch and that you want to reconfigure the switch according to the settings in the file awplus enable awplus configure terminal awplus config boot config file sw12a cfg awplus config exit awplus reboot This example designates the file bldg4 cfg as the active configuration file on ...

Page 568: ...tored in the file system on the switch the files contain the current settings of the switch You might use this command to create a backup copy of the switch s current configuration This command does not change the active boot configuration file To designate a different file as the active boot configuration file on the switch refer to BOOT CONFIG FILE on page 566 Confirmation Command DIR on page 55...

Page 569: ...eter settings into the active boot configuration file The switch saves only those parameters that have been changed from their default settings Note Parameter changes that are not saved in the active boot configuration file are discarded when the switch is powered off or reset To view the name of the active boot configuration file see SHOW BOOT on page 572 This command is equivalent to WRITE on pa...

Page 570: ...guration file To return the active configuration file to the default settings you must enter the WRITE or COPY RUNNING CONFIG STARTUP CONFIG command after the switch reboots and after you have established a local management session Otherwise the switch reverts to the previous configuration the next time it is reset To resume managing the switch you must use the Console port Remote management is no...

Page 571: ...uses the BOOT CFG file to configure its parameter settings To overwrite the settings in the active boot configuration file with the switch s current settings enter the WRITE or COPY RUNNING CONFIG STARTUP CONFIG command in the Privileged Exec mode This command does not return the switch to its default settings if at some earlier time you used the BOOT CFG file as the activate boot configuration fi...

Page 572: ...able 59 SHOW BOOT Command Field Description Current software The version number of the AlliedWare Plus Management Software on the switch Current boot image The version number of the bootloader Default boot config The name of the boot configuration file used by the switch to configure its parameters after NO BOOT CONFIG FILE on page 571 This parameter cannot be changed Current boot config The name ...

Page 573: ...T 8100 Switch Command Line User s Guide 573 Example This command displays the name of the active boot configuration file and the version numbers of the management software and bootloader awplus show boot ...

Page 574: ...tax show startup config Parameters None Mode Privileged Exec mode Description Use this command to display the contents of the active boot configuration file Example The following example displays the contents of the active boot configuration file awplus show startup config ...

Page 575: ...ot configuration file The switch saves only those parameters that have been changed from their default settings Note Parameter changes that are not saved in the active boot configuration file are discarded when the switch is powered off or reset To view the name of the active boot configuration file see SHOW BOOT on page 572 This command is equivalent to COPY RUNNING CONFIG STARTUP CONFIG on page ...

Page 576: ...Chapter 37 Boot Configuration File Commands 576 ...

Page 577: ...er This chapter discusses the following topics Overview on page 578 Uploading or Downloading Files with TFTP on page 579 Uploading or Downloading Files with Zmodem on page 583 Downloading Files with Enhanced Stacking on page 586 ...

Page 578: ...r private CA certificates Refer to Chapter 94 Secure HTTPS Web Browser Server on page 1451 You can upload following file types from the switch Boot configuration files CA certificate requests Technical support text files Refer to SHOW TECH SUPPORT on page 1918 You can use Zmodem or TFTP to transfer files You must use local management sessions of the switch to transfer files using Zmodem For TFTP y...

Page 579: ... New Management Software with TFTP To use TFTP to download new management software to the switch Caution This procedure causes the switch to reset The switch does not forward network traffic while it writes the new software to flash memory and initializes the software Some network traffic may be lost 1 Obtain the new management software from the Allied Telesis web site and store it on the TFTP ser...

Page 580: ...e switch to write the new management software to flash memory 6 To resume managing the switch start a new management session after the switch has reset 7 To confirm the new management software on the switch use the SHOW SYSTEM command in the User Exec mode or the SHOW SWITCH command in the Privileged Exec mode to check the version number of the management software on the switch Downloading Files t...

Page 581: ...tch s new active boot configuration file awplus configure terminal awplus config boot config file switch1a cfg 6 At this point do one of the following To configure the switch using the settings in the newly designated active boot configuration file reset the switch with the REBOOT command in the Privileged Exec mode Caution The switch does not forward packets while initializing the management soft...

Page 582: ...our network The FILENAME parameter is the name of the file to be uploaded from the switch to the TFTP server The filename can not contain spaces and must include the appropriate extension This example of the command uploads the boot configuration file sw_unit_12 cfg from the file system to a TFTP server that has the IP address 123 32 45 3 awplus copy flash tftp 123 32 45 3 sw_unit_12 cfg This exam...

Page 583: ...e switch For instructions refer to Starting a Local Management Session on page 76 3 Enter this command in the Privileged Exec mode awplus copy zmodem You will see this prompt Waiting to receive 4 Use your terminal or terminal emulator program to begin the download The download must be Zmodem After receiving the entire file the switch stores it in the file system 5 To confirm that the switch receiv...

Page 584: ...94 Secure HTTPS Web Browser Server on page 1451 Technical support text files Refer to SHOW TECH SUPPORT on page 1918 To upload a file from the switch using Zmodem 1 Start a local management session on the switch For instructions refer to Starting a Local Management Session on page 76 2 Use the DIR command in the Privileged Exec mode to confirm the name of the file you want to upload from the file ...

Page 585: ...command the switch displays this message Waiting to send 4 Use your terminal or terminal emulator program to begin the upload The upload must be Zmodem The upload should take only a few moments The upload is finished when the Privileged Exec prompt is displayed again ...

Page 586: ...pter 2 After you have updated the management software on the command switch start a new local or remote session on it Issue the SHOW ESTACK REMOTELIST command in the Privileged Exec mode to display all the switches in the enhanced stack except for the command switch Here is an example of the display Figure 119 SHOW ESTACK REMOTELIST 3 To have the command switch upload its management software to on...

Page 587: ...list of switches 1 2 The command switch starts the download process with the first switch After downloading its management software to that switch it repeats the process with the next switch and so on After a switch has received from the command switch the entire management software file it compares the version numbers of the new image file and its current management software If the new image file...

Page 588: ...Chapter 38 File Transfer 588 ...

Page 589: ...TP on page 591 Privileged Exec Uses TFTP to upload files from the switch COPY TFTP FLASH on page 592 Privileged Exec Uses TFTP to download new versions of the management software boot configuration files or CA certificates to the switch COPY ZMODEM on page 594 Privileged Exec Uses Zmodem to download new boot configuration files or CA certificates to the switch UPLOAD IMAGE REMOTELIST on page 595 G...

Page 590: ...dem utility to upload boot configuration files from the file system in the switch to your terminal or computer This command must be performed from a local management session For instructions on how to use this command refer to Uploading Files from the Switch with Zmodem on page 584 Example This example uploads the configuration file eng_sw cfg from the file system in the switch awplus enable awplu...

Page 591: ...ilename Mode Privileged Exec mode Description Use this command to upload configuration files from the file system in the switch to a TFTP server on your network You can perform the command from a local management session or a remote Telnet or SSH management session For instructions on how to use this command refer to Uploading Files from the Switch with TFTP on page 581 Example This example upload...

Page 592: ... mode Description Use this command to download new versions of the management software boot configuration files or CA certificates to the switch from a TFTP server on your network You may perform the command from a local management session or a remote Telnet or SSH management session For instructions on how to use this command refer to the following procedures Downloading New Management Software w...

Page 593: ... to the switch from a TFTP server that has the IP address 149 22 121 45 awplus enable awplus copy tftp flash 149 22 121 45 at8100_app img This example downloads the boot configuration file sw12a cfg to the switch from a TFTP server with the IP address 112 141 72 11 awplus enable awplus copy tftp flash 112 141 72 11 sw12a cfg ...

Page 594: ...or instructions on how to use this command refer to Downloading Files to the Switch with Zmodem on page 583 Note You may not use Zmodem to download new versions of the management software to the switch For that you must use TFTP Examples awplus enable awplus copy zmodem The source file is not specified when downloading files with Zmodem After you enter the command the management software displays ...

Page 595: ...413 For instructions on how to use this command refer to Uploading the Management Software from the Command Switch to Member Switches on page 433 Caution Downloading new management software causes the switch to reset The switch does not forward network traffic while it writes the new software to flash memory and initializes the software Do not interrupt the process by resetting or power cycling th...

Page 596: ...Chapter 39 File Transfer Commands 596 ...

Page 597: ...ers Chapter 40 Internet Group Management Protocol IGMP Snooping on page 599 Chapter 41 IGMP Snooping Commands on page 609 Chapter 42 IGMP Snooping Querier on page 623 Chapter 43 IGMP Snooping Querier Commands on page 633 Chapter 44 DHCP Snooping Commands on page 639 ...

Page 598: ...598 ...

Page 599: ...oping This chapter discusses the following topics Overview on page 600 Host Node Topology on page 602 Enabling IGMP Snooping on page 603 Configuring the IGMP Snooping Commands on page 604 Disabling IGMP Snooping on page 606 Displaying IGMP Snooping on page 607 ...

Page 600: ...es that want to be members of multicast groups the router does not send multicast packets out the port This improves network performance by restricting the multicast packets only to router ports where host nodes are located There are three versions of IGMP versions 1 2 and 3 One of the differences between the versions is how a host node signals that it no longer wants to be a member of a multicast...

Page 601: ...at all reports are suppressed on the specified ports except for reserved multicast addresses When you enable IGMP Snooping by executing the IP IGMP SNOOPING command all unknown multicast traffic is unsuppressed and floods the switch ports except for IPv4 reserved addresses 224 0 0 1 through 224 0 0 255 To enable the suppression of unknown multicast traffic see Enabling the Suppression of Unknown M...

Page 602: ... requests or have timed out The switch responds by immediately ceasing the transmission of additional multicast packets out the ports Multiple hosts Per Port The multiple hosts per port setting is appropriate when the ports are connected to more than one host node such as when ports are connected to other Ethernet switches where there are multiple host nodes With this setting selected the switch c...

Page 603: ... the IP IGMP SNOOPING command in the Global Configuration mode After you enter the command the switch begins to build its multicast table as queries from the multicast router and reports from the host nodes arrive on its ports To enable IGMP Snooping awplus enable awplus configure terminal awplus config ip igmp snooping ...

Page 604: ...ands To Use This Command Range Clear all IGMP group membership records CLEAR IP IGMP none Specify the maximum number of multicast groups the switch will support IP IGMP LIMIT multicastgroups 0 to 255 multicast addresses Specify the time period in seconds used by the switch to identify inactive host nodes and multicast routers IP IGMP QUERIER TIMEOUT timeout 1 to 65535 seconds default 255 Disable t...

Page 605: ... timeout 50 awplus config ip igmp snooping mrouter interface port1 0 4 For more information about these commands see IP IGMP QUERIER TIMEOUT on page 612 and IP IGMP SNOOPING MROUTER on page 616 This example disables the suppression of unknown multicast traffic awplus enable awplus configure terminal awplus config ip igmp snooping awplus config ip igmp snooping flood unknown mcast For more informat...

Page 606: ...P Snooping on the switch is the NO IP IGMP SNOOPING command in the Global Configuration mode To disable IGMP Snooping awplus enable awplus configure terminal awplus config no ip igmp snooping When IGMP Snooping is disabled the switch floods the multicast packets on all ports except on ports that receive the packets ...

Page 607: ...indow is described in Table 63 on page 621 IGMP Snooping Configuration IGMP Snooping Status Enabled Host Topology Single Host Port Host Router Timeout Interval 255 seconds Maximum IGMP Multicast Groups 64 Router Port s Auto Detect Router List VLAN ID Port Trunk ID RouterIP Exp Time 1 port1 0 31 10 0 0 254 110 Host List Number of IGMP Multicast Groups 2 MulticastGroup VLAN ID Port TrunkID HostIP IG...

Page 608: ...Chapter 40 Internet Group Management Protocol IGMP Snooping 608 ...

Page 609: ...outers IP IGMP SNOOPING on page 613 Global Configuration Enables IGMP snooping on the switch IP IGMP SNOOPING FLOOD UNKNOWN MCAST on page 614 Global Configuration Disables the automatic suppression of unknown multicast traffic IP IGMP SNOOPING MROUTER on page 616 Global Configuration Manually identifies the ports where multicast routers are connected IP IGMP STATUS on page 617 Global Configuration...

Page 610: ...ntax clear ip igmp Parameters None Mode Privileged Exec mode Description Use this command to clear all IGMP group membership records on all VLANs Example This example clears all IGMP group membership records on all VLANs awplus enable awplus clear ip igmp ...

Page 611: ...Global Configuration mode Description Use this command to specify the maximum number of multicast addresses the switch can learn If your network has a large number of multicast groups you can use this parameter to limit the number of multicast groups the switch supports Confirmation Command SHOW IP IGMP SNOOPING on page 620 Example This example sets the maximum number of multicast groups on the sw...

Page 612: ...t for the duration of the timer The switch stops transmitting multicast packets from a port of an inactive host node if there are no additional host nodes A multicast router is deemed inactive if the switch does not receive any queries from it for the duration of the timer The actual timeout may be 10 seconds less that the specified value For example a setting of 25 seconds can result in the switc...

Page 613: ...LOOD UNKNOWN MCAST command is enabled by default when IGMP Snooping is activated This may cause a slow down of network data If you want to disable flooding of unknown multicast packets you must enter the NO IP IGMP SNOOPING FLOOD UNKNOWN MCAST command Confirmation Command SHOW IP IGMP SNOOPING on page 620 Example This example enables IGMP Snooping on the switch awplus enable awplus configure termi...

Page 614: ...oin message Once a join message occurs for a particular multicast destination it is no longer unknown and therefore no longer floods Use the no version of this command NO IP IGMP SNOOPING FLOOD UNKNOWN MCAST to enable the automatic suppression of unknown multicast traffic on the switch Caution The IP IGMP SNOOPING FLOOD UNKNOWN MCAST command is enabled by default when IGMP Snooping is activated Th...

Page 615: ...e terminal awplus config ip igmp snooping awplus config ip igmp snooping flood unknown mcast This example enables the automatic suppression of unknown multicast traffic on the switch awplus enable awplus configure terminal awplus config no ip igmp snooping flood unknown mcast ...

Page 616: ...fy ports that are connected to multicast routers Manually specifying multicast router ports deactivates auto detect To reactivate auto detect remove all static multicast router ports For instructions refer to NO IP IGMP SNOOPING MROUTER on page 619 Confirmation Command SHOW IP IGMP SNOOPING on page 620 Example This example identifies ports 14 and 15 as multicast router ports awplus enable awplus c...

Page 617: ...de Mode Global Configuration mode Description Use this command to specify the IGMP host node topology For background information refer to Host Node Topology on page 602 Confirmation Command SHOW IP IGMP SNOOPING on page 620 Examples This example sets the host node topology to the single host per port setting awplus enable awplus configure terminal awplus config ip igmp status single This example s...

Page 618: ...de Description Use this command to deactivate IGMP snooping on the switch When IGMP snooping is disabled the switch floods multicast packets on all ports except on ports that receive the packets Confirmation Command SHOW IP IGMP SNOOPING on page 620 Example awplus enable awplus configure terminal awplus config no ip igmp snooping ...

Page 619: ...de Global Configuration mode Description Use this command to remove static multicast router ports Removing all multicast router ports activates auto detect Confirmation Command SHOW IP IGMP SNOOPING on page 620 Examples This example removes port 3 as multicast router ports awplus enable awplus configure terminal awplus config no ip igmp snooping mrouter interface port1 0 3 ...

Page 620: ...nfiguration IGMP Snooping Status Enabled Host Topology Single Host Port Host Router Timeout Interval 255 seconds Maximum IGMP Multicast Groups 64 Router Port s Auto Detect Router List VLAN ID Port Trunk ID RouterIP Exp Time 1 port1 0 31 10 0 0 254 110 Host List Number of IGMP Multicast Groups 2 MulticastGroup VLAN ID Port TrunkID HostIP IGMP Ver Exp Time 0100 5e7f ffff 1 port1 0 1 192 169 20 50 v3...

Page 621: ...setting multihost This is the multiple host per port topology This topology is appropriate when there is more than one host node per port on the switch To set this parameter refer to IP IGMP STATUS on page 617 Host Router Timeout Interval The amount of time the switch uses to time out inactive host nodes and multicast routers To set this parameter refer to IP IGMP QUERIER TIMEOUT on page 612 Maxim...

Page 622: ...queries from it Host List Number of IGMP Multicast Groups The number of IGMP multicast groups that have active host nodes on the switch Multicast Group The multicast addresses of the groups ID The ID numbers of the VLANs of the host nodes Port Trunk ID The ports of the host nodes If the host nodes are on port trunks this field displays the trunk ID numbers instead of the port numbers HostIP The IP...

Page 623: ...623 Chapter 42 IGMP Snooping Querier This chapter covers the following topics Overview on page 624 Guidelines on page 628 Configuring the Feature on page 629 ...

Page 624: ...y the IP address to the VLAN where it sends its queries to enable IGMP snooping querier on the VLAN Allied Telesis recommends using the Default VLAN which has a VID of 1 IGMP snooping querier must be used in conjunction with IGMP snooping Activate IGMP snooping on all of the switches in the LAN including the switches running the IGMP snooping querier The switches use IGMP snooping to monitor the r...

Page 625: ...ssign multiple queriers to a LAN the software must decide which is the active querier and which is the standby querier This task falls to a switch in the network that has IGMP snooping enabled but IGMP snooping querier disabled Consequently a LAN with multiple queriers requires this extra switch For example to assign two queriers to a network you need three switches First enable IGMP snooping on a...

Page 626: ...that switch 1 has the lowest IP routing address and forwards all multicast packets to switch 1 making switch 1 the active querier Switch 3 becomes the standby querier in case switch 1 stops transmitting query packets Note Switches 1 and 3 are only sending queriers Neither switch detects nor displays an opposing querier Figure 123 IGMP Snooping Querier with Two Queriers Table 65 lists the switch se...

Page 627: ...e User s Guide 627 2 149 123 48 3 Enabled Disabled None 3 149 123 48 4 Enabled Enabled Standby Table 65 IGMP Snooping Querier with Two Queriers Continued Switch Routing Address IGMP Snooping IGMP Snooping Querier Querier Status ...

Page 628: ...tch in the network that has IGMP snooping enabled and IGMP snooping querier disabled This switch assigns the active querier by determining which of the IGMP snooping querier enabled switches has the lowest IP address If you want to add or remove ports from the VLAN after activating IGMP snooping querier you must disable IGMP snooping querier modify the VLAN and then enable it again The switch supp...

Page 629: ...ctivate IGMP snooping querier NO IP IGMP SNOOPING QUERIER none Set the interval at which IGMP general query messages are transmitted IP IGMP QUERY INTERVAL interval 2 to 18000 seconds Display the status of IGMP snooping querier SHOW IP IGMP INTERFACE vlanid none Table 67 Configuring One Querier Command Description awplus enable Enter the Privileged Executive mode from the User Executive mode awplu...

Page 630: ...efined in Table 70 on page 637 Table 67 Configuring One Querier Continued Command Description Table 68 Configuring Multiple Queriers Command Description Logon to switch 1 awplus enable Enter the Privileged Executive mode from the User Executive mode of switch 1 awplus configure terminal Enter the Global Configuration mode awplus config ip igmp snooping Activate IGMP snooping on the switch The defa...

Page 631: ...figuration mode awplus config exit Exit the User Executive mode awplus exit Exit the Privileged Executive mode and log out of switch 2 Log on to switch 3 awplus enable Enter the Privileged Executive mode from the User Executive mode of switch 3 awplus configure terminal Enter the Global Configuration mode awplus config ip igmp snooping Activate IGMP snooping on the switch awplus config interface v...

Page 632: ...Chapter 42 IGMP Snooping Querier 632 ...

Page 633: ...634 VLAN Interface Sets the time interval at which the VLANs send out IGMP General Query messages IP IGMP SNOOPING QUERIER on page 635 VLAN Interface Activates IGMP snooping querier on the VLANs NO IP IGMP SNOOPING QUERIER on page 636 VLAN Interface Deactivates IGMP snooping querier on the VLANs SHOW IP IGMP INTERFACE on page 637 Privileged Exec Displays the status of IGMP snooping querier in the ...

Page 634: ...out IGMP general query messages Use the NO form of this command to return the parameter to the default setting of 125 seconds Confirmation Command SHOW IP IGMP INTERFACE on page 637 Examples This example sets the query interval timer to 400 seconds on the Default VLAN awplus enable awplus configure terminal awplus config interface vlan1 awplus config if ip igmp query interval 400 This example retu...

Page 635: ...rface must be a member of the same subnet as the multicast source Note You can create up to three queriers in your network The querier with the lowest IP address is the active querier The querier with the next lowest IP address is the standby querier The querier with the highest IP address is the second standby querier Confirmation Command SHOW IP IGMP INTERFACE on page 637 Example This example ac...

Page 636: ... mode Description Use this command to deactivate an IGMP snooping querier on the VLANs Confirmation Command SHOW IP IGMP INTERFACE on page 637 Example This example deactivates an IGMP snooping querier on the VLAN with an ID of 18 awplus enable awplus configure terminal awplus config interface vlan18 awplus config if no ip igmp snooping querier ...

Page 637: ...mand Note This command does not display information about multiple queriers The fields are defined in Table 70 Table 70 SHOW IP IGMP INTERFACE Command Field Definition Interface The ID number of the selected VLAN IGMP The status of the IGMP agent The agent is automatically enabled when IGMP snooping querier is activated IGMP query interval The time interval in seconds at which IGMP General Query m...

Page 638: ... IGMP snooping on the switch The commands for enabling and disabling this feature are IP IGMP SNOOPING on page 613 and NO IP IGMP SNOOPING on page 618 IGMP snooping querier The status of IGMP snooping querier in the VLAN The commands for enabling and disabling the feature are IP IGMP SNOOPING QUERIER on page 635 and NO IP IGMP SNOOPING QUERIER on page 636 respectively Table 70 SHOW IP IGMP INTERFA...

Page 639: ...Executive mode Clears DHCP snooping statistics from the specified ports IP DHCP SNOOPING on page 648 Global Configuration mode Enables DHCP snooping on VLANs IP DHCP SNOOPING AGENT OPTION on page 649 Global Configuration mode Enables DHCP Option 82 data insertion on the switch IP DHCP SNOOPING AGENT OPTION ALLOW UNTRUSTED on page 650 Global Configuration mode Enables the switch to forward DHCP Opt...

Page 640: ...snooping database SERVICE DHCP SNOOPING on page 666 Global Configuration mode Enables the DHCP snooping service on the switch globally SHOW ARP SECURITY on page 668 Privilege Exec mode Displays security configuration on the switch SHOW ARP SECURITY INTERFACE on page 670 Privilege Exec mode Displays ARP security configuration for the ports specified SHOW ARP SECURITY STATISTICS on page 672 Privileg...

Page 641: ...ITY command is enabled the port only responds to and forwards ARP packets with recognized IP and MAC Source addresses Use the no version of this command NO ARP SECURITY command to disable ARP security on a port Confirmation Command SHOW RUNNING CONFIG on page 170 Example This example enables ARP security on port 9 awplus enable awplus configure terminal awplus config interface port1 0 9 awplus con...

Page 642: ...p To make this parameter active configure SNMP and enable DHCP snooping notifications with the SNMP SERVER ENABLE TRAP command See SNMP SERVER ENABLE TRAP on page 1172 Notifications are limited to one per second and to one per source MAC and violation Mode Port Interface mode Description Use this command to set the an action if an ARP security violation occurs on a port Use the no version of this ...

Page 643: ...3 Example This example generates a log message if port 17 experiences an ARP security violation awplus enable awplus configure terminal awplus config interface port1 0 17 awplus config if arp security awplus config if arp security violation log ...

Page 644: ...rom the specified ports For information about defining ARP security violations see ARP SECURITY VIOLATION on page 642 For instructions about how to specify ports see Port Numbers in Commands on page 69 Confirmation Command SHOW RUNNING CONFIG on page 170 Example This example clears the ARP security violations on ports 20 24 awplus enable awplus configure terminal awplus config interface port1 0 20...

Page 645: ...s command to remove one or more dynamic entries from the DHCP snooping binding database If you do not specify any of the parameters all dynamic entries are removed from the database Dynamic entries can also be deleted with the NO IP SOURCE BINDING command See IP SOURCE BINDING on page 664 For instructions about how to specify ports see Port Numbers in Commands on page 69 Caution If you remove entr...

Page 646: ...ping Commands 646 Example This example removes all of the dynamic lease entries from the DHCP snooping database for a client with an IP address of 192 168 1 2 awplus enable awplus clear ip dhcp snooping binding 192 168 1 2 ...

Page 647: ...d Executive mode Description Use this command to clear DHCP snooping statistics from the ports specified For instructions about how to specify ports see Port Numbers in Commands on page 69 Confirmation Command SHOW RUNNING CONFIG on page 170 Example This example clears the DHCP statistics from the ports 12 through 16 awplus enable awplus clear ip dhcp snooping statistics port1 0 12 port1 0 16 ...

Page 648: ...nable DHCP snooping on the VLAN interfaces specified Use the no version of the command NO IP DHCP SNOOPING command to disable DHCP snooping in the VLAN interfaces specified Confirmation Command SHOW RUNNING CONFIG on page 170 Example This example enables DHCP snooping on VLAN interface 25 awplus enable awplus configure terminal awplus config ip dhcp snooping ...

Page 649: ...HCP Option 82 from DHCP packets that it sends to untrusted ports To use this command you must enable DHCP snooping on the switch with the SERVICE DHCP SNOOPING command and on the VLANs with the IP DHCP SNOOPING command See SERVICE DHCP SNOOPING on page 666 and IP DHCP SNOOPING on page 648 Use the no version of the command NO IP DHCP SNOOPING AGENT OPTION command to disable DHCP Option 82 on the sw...

Page 650: ...ets through the untrusted ports by using the IP DHCP SNOOPINFG AGENT OPTION ALLOW UNTRUSTED command When this command is disabled the switch treats incoming DHCP packets on untrusted ports that contain DHCP Option 82 as DHCP snooping violations The switch drops the packets and applies the violation action specified by the IP DHCP SNOOPING VIOLATION command See IP DHCP SNOOPING VIOLATION on page 66...

Page 651: ... the entry The range is 5 to 21473647 seconds Mode Privileged Exec mode Description Use this command to manually add a dynamic like entry with an expiry time to the DHCP snooping database After it is added to the database this entry is treated as dynamic entry and is stored in the DHCP snooping database backup file This command is not stored in the switch s running configuration Caution If you rem...

Page 652: ...te all dynamic entries from the database Confirmation Command SHOW RUNNING CONFIG on page 170 Example This example restores an entry in the DHCP snooping database for a DHCP client with the IP address of 193 167 1 2 a MAC address of 0001 0002 0003 on port1 0 6 of VLAN 6 with an expiry time of 1 hour awplus enable awplus ip dhcp snooping binding 193 167 1 2 0001 0002 0003 vlan 6 interface port1 0 6...

Page 653: ...nts send a release message when they no longer wish to use the IP address they have been allocated by a DHCP server Use this command to enable DHCP snooping to use the information in these messages to remove entries from its database immediately Use the no version of the command the NO DHCP SNOOPING DELETE BY CLIENT command to ignore the release messages Lease entries corresponding to ignored DHCP...

Page 654: ...er are removed There is one exception If this command is enabled in a stack and the master switch goes down and is replaced by a new master switch entries in the database for ports on the master are not removed if they are part of link aggregators that are still up By default this command is disabled With this setting the DHCP snooping bindings are not deleted when an interface goes down Use the n...

Page 655: ...hile there are DHCP snooping Access Control Lists ACL associated with the port Before using this command remove any DHCP snooping ACLs associated with the ports In general the default value of 1 works well on an edge port with a single directly connected DHCP client If the port is on an aggregated switch with multiple DHCP clients connected through it then use this command to increase the number o...

Page 656: ...le sets the maximum number of bindings that can be stored in the DHCP snooping database to 10 per port for ports 15 to 19 awplus enable awplus configure terminal awplus config interface port1 0 15 port1 0 19 awplus config if ip dhcp snooping max bindings 10 ...

Page 657: ... included in the DHCP Option 82 field of client DHCP packets that are forwarded from a port if all the following conditions are met A subscriber ID is specified for the port using the IP DHCP SNOOPING SUBSCRIBER ID command DHCP Snooping Option 82 is enabled using IP DHCP SNOOPING AGENT OPTION on page 649 This command is enabled by default DHCP Snooping is enabled on the switch with the SERVICE DHC...

Page 658: ...bscriber id room_534 This example assigns port 17 a subscriber ID of Campus A Building 3 awplus enable awplus configure terminal awplus config interface port1 0 17 awplus config if ip dhcp snooping subscriber id Campus A Building 3 This example assigns removes a subscriber ID from port 21 awplus enable awplus configure terminal awplus config interface port1 0 21 awplus config if no ip dhcp snoopin...

Page 659: ...ecting untrusted network elements are set as untrusted Configure ports connected to DHCP servers as trusted ports By default all switch ports are untrusted Use the no version of this command NO IP DHCP SNOOPING TRUST to return a port to its default untrusted state Confirmation Command SHOW RUNNING CONFIG on page 170 SHOW IP DHCP SNOOPING INTERFACE on page 678 Example This example assigns ports 1 a...

Page 660: ...ing violations It drops them and applies any other violation action specified by the IP DHCP SNOOPING VIOLATION command See IP DHCP SNOOPING VIOLATION on page 662 Note To bring the port up after any issues have been resolved use the NO SHUTDOWN command See NO SHUTDOWN on page 224 Use the no version of the command NO IP DHCP SNOOPNG VERIFY MAC ADDRESS command to disable source MAC address verificat...

Page 661: ...AT 8100 Switch Command Line User s Guide 661 This example disables MAC address verification on the switch awplus enable awplus configure terminal awplus config no ip dhcp verify mac address ...

Page 662: ...the port Mode Port Interface mode Description Use this command to specify the action the switch takes when it detects an DHCP snooping violation by an DHCP packet on a port or ports You can set a switch to respond with more than one action By default DHCP packets that violate DHCP snooping are dropped but no other violation action is taken If a port has been shut down in response to a violation to...

Page 663: ...ample sets the switch to send an SNMP notification and sets the link status to link down if it detects an DHCP snooping violation on switch ports 1 through 4 awplus enable awplus configure terminal awplus config snmp server enable trap dhcpsnooping awplus config interface port1 0 1 port1 0 4 awplus config ip dhcp snooping violation trap link down ...

Page 664: ...d to Mode Global Configuration mode Description Use this command to add or replace a static entry in the DHCP snooping database In addition you can use this command to delete all of the static entries in the DHCP snooping database Use the no version of the command NO IP SOURCE BINDING command to delete the specified static entry or all static entries from the database To remove dynamic entries fro...

Page 665: ...lus configure terminal awplus config ip source binding 192 168 1 2 0001 0002 0003 vlan 7 interface port1 0 6 This example removes the static entry for IP address 192 168 1 2 from the DHCP snooping database awplus enable awplus configure terminal awplus config no ip source binding 192 168 1 2 This example removes all static entries from the DHCP snooping database awplus enable awplus configure term...

Page 666: ... VLAN it must Be enabled globally on the switch with this command Be enabled on the specified VLAN with the IP DHCP SNOOPING command see IP DHCP SNOOPING on page 648 Have at least one port connected to a DHCP server that is configured as a trusted port using the IP DHCP SNOOPING TRUST command see IP DHCP SNOOPING TRUST on page 659 If you disable the DHCP snooping service by using the NO SERVICE DH...

Page 667: ...you disable DHCP snooping on the switch using this command you must also remove any DHCP snooping ACLs from the ports to maintain connectivity using the NO ACCESS GROUP command See NO ACCESS GROUP on page 1635 Use the no version of the NO SERVICE DHCP SNOOPING command to disable the DHCP snooping service on the switch This command removes all of the DHCP snooping configuration from the running con...

Page 668: ...on the switch awplus enable awplus show arp security See Figure 125 for a sample display See Table 72 on page 669 for an explanation of the parameters in this display Figure 125 SHOW ARP SECURITY Command awplus show arp security Arp Security Information Total VLANs enabled 2 Total VLANs disabled 10 vlan1 Disabled vlan2 Disabled vlan3 Disabled vlan4 Disabled vlan5 Disabled vlan100 Disabled vlan101 ...

Page 669: ...e 669 Table 72 Parameters in SHOW ARP SECURITY Command Parameter Description Total VLANs enabled Specifies the number of VLANs that have ARP security enabled Total VLANs disabled Specifies the number of VLANs that have ARP security disabled ...

Page 670: ...example displays ARP security configuration for ports 1 through 7 awplus enable awplus show arp security interface port1 0 1 port1 0 7 See Figure 126 for a sample display See Table 73 on page 671 for an explanation of the parameters in this display Figure 126 SHOW ARP SECURITY INTERFACE Command awplus show arp security interface port1 0 1 port1 0 5 Arp Security Port Status and Configuration Port P...

Page 671: ...RITY INTERFACE Command Parameter Description Action Indicates the action the switch takes when it detects an ARP security violation on the port Port Specifies the port name LG Log Generates a log message TR Trap Generates an SNMP notification or trap LD Link down Shuts down the link ...

Page 672: ...rity statistics for the specified ports or all ports Example This example displays the brief statistics about ARP security awplus enable awplus show arp security statistics See Figure 127 for a sample display See Table 74 on page 673 for an explanation of the parameters in this display Figure 127 SHOW ARP SECURITY STATISTICS Command awplus show arp security statistics DHCP Snooping ARP Security St...

Page 673: ...ts that are processed by DHCP Snooping ARP Security In Discards Specifies the total number of ARP packets that are dropped by DHCP Snooping ARP Security awplus show arp security statistics detail DHCP Snooping ARP Security Statistics Interface port1 0 3 In Packets 20 In Discards 20 No Lease 20 Bad Vlan 0 Bad Port 0 Source IP Not Allocated 0 Interface port1 0 4 In Packets 30 In Discards 30 No Lease...

Page 674: ... Parameters None Mode Privilege Exec mode Description Use this command to display global DHCP snooping configuration on the switch Example This example displays entries in the DHCP snooping database awplus enable awplus show ip dhcp snooping See Figure 129 on page 675 for a sample display ...

Page 675: ...wed Binding delete by client Disabled Binding delete by link down Disabled Verify MAC address Disabled SNMP DHCP Snooping trap Disabled DHCP Snooping database Database location nvs Number of entries in database 2 DHCP Snooping VLANs Total VLANs enabled 1 Total VLANs disabled 9 vlan1 Enabled vlan2 Disabled vlan3 Disabled vlan4 Disabled vlan5 Disabled vlan100 Disabled vlan101 Disabled vlan105 Disabl...

Page 676: ...re 130 for a sample display of this command SeeTable 75 on page 677 for an explanation of the parameters in this display Figure 130 SHOW IP DHCP SNOOPING BINDING Command awplus show ip dhcp snooping binding DHCP Snooping Bindings Client MAC Server Expires IP Address Address IP Address VLAN Port sec Type 1 2 3 4 aaaa bbbb cccc 7 1 0 10 Infinite Stat 1 2 3 6 any 4077 1 0 10 Infinite Stat 1 3 4 5 any...

Page 677: ...LAN associated with this entry Port The port the client is connected to Expires sec The time in seconds until the lease expires Type The source of the entry is either Dyna dynamically entered by snooping DHCP traffic configured with the IP DHCP SNOOPING BINDING command or loaded from the database backup file Stat added statistically by the IP SOURCE BINDING command Total number of bindings in data...

Page 678: ...tion and leases for a port or a list of ports Confirmation Command SHOW RUNNING CONFIG on page 170 Examples This example displays DHCP snooping binding information for all of the ports awplus enable awplus show ip dhcp snooping interface This example displays DHCP snooping interface information for ports 1 through 6 awplus enable awplus show ip dhcp snooping interface port1 0 1 port1 0 6 See Figur...

Page 679: ...50 LG Building 1 Level 2 port1 0 5 Trusted 0 1 LD Building 2 Level 1 port1 0 6 Trusted 0 1 LG Table 76 Parameters in SHOW IP DHCP SNOOPING INTERFACE Command Parameter Description Port Specifies the port interface name Status Indicates the port status as either untrusted default or trusted Full Leases Indicates the number of entries in the DHCP snooping database for the port Max Leases Indicates th...

Page 680: ...nd See IP SOURCE BINDING on page 664 Example This example displays static entries in the DHCP snooping database awplus enable awplus show ip source binding See Figure 132 for a sample of this display See Table 77 on page 681 for an explanation of the parameters in this display Figure 132 SHOW IP DHCP SOURCE BINDING Command awplus show ip dhcp source binding IP Source Bindings Client MAC Expires IP...

Page 681: ...ss Specifies the MAC address of the DHCP client VLAN Indicates the VLAN ID the packet is received on Port Specifies Layer 2 port name the packet is received on Expires sec Indicates the time in seconds until the lease expires The time is always infinite for static bindings or when the leave time in the DHCP message is 0xfffffffff infinite Type Indicates the DHCP snooping binding type is static ...

Page 682: ...Chapter 44 DHCP Snooping Commands 682 ...

Page 683: ...vent Messages This section contains the following chapters Chapter 45 Event Log on page 685 Chapter 46 Event Log Commands on page 689 Chapter 47 Syslog Client on page 713 Chapter 48 Syslog Client Commands on page 721 ...

Page 684: ...684 ...

Page 685: ...685 Chapter 45 Event Log This chapter covers the following topics Overview on page 686 Displaying the Event Log on page 687 Clearing the Event Log on page 688 ...

Page 686: ...n of the switch can be monitored by viewing the event messages generated by the device These events and the vital information about system activity that they provide can help you identify and solve system problems The event messages are stored or sent in or to the following types of outputs The buffered log The permanent log Email addresses Consoles The event messages include the following informa...

Page 687: ...are displayed one screen at a time To cancel the log type q for quit Here is an example of the log Figure 133 SHOW LOG Command The columns are described in Table 80 on page 704 If you happen to be interested in the newer messages use the SHOW LOG REVERSE command instead You will see the same messages but the newest are displayed first date time facility severity program pid message 2010 Jan 15 14 ...

Page 688: ...Chapter 45 Event Log 688 Clearing the Event Log To clear all the messages from the event log use the CLEAR LOG BUFFERED command in the Privileged Exec mode Here is the command awplus clear log buffered ...

Page 689: ...sent to the console LOG PERMANENT on page 698 Global Configuration Specifies the types of event messages to be stored in the permanent log NO LOG BUFFERED on page 699 Global Configuration Cancels the settings set by the LOG BUFFERED command NO LOG CONSOLE on page 701 Global Config ration Cancels the settings set by the LOG CONSOLE command NO LOG PERMANENT on page 702 Global Configuration Cancels t...

Page 690: ...age 711 Privileged Exec Displays the event messages in the buffered log from newest to oldest SHOW LOG TAIL on page 712 Privileged Exec Displays a limited number of the event messages in the buffered log Table 78 Event Log Commands Command Mode Description ...

Page 691: ... Exec mode Description Use this command to delete the event messages in the buffered and permanent logs Confirmation Commands SHOW LOG on page 704 and SHOW LOG PERMANENT on page 709 Example The following example deletes the event messages in the buffered and permanent logs awplus enable awplus clear log ...

Page 692: ... Parameters None Mode Privileged Exec mode Description Use this command to delete the event messages in the buffered log Confirmation Command SHOW LOG on page 704 Example The following example deletes the event messages in the buffered log awplus enable awplus clear log buffered ...

Page 693: ... Parameters None Mode Privileged Exec mode Description Use this command to delete the event messages in the permanent log Confirmation Command SHOW LOG PERMANENT on page 709 Example The following example deletes the event messages in the permanent log awplus enable awplus clear log permanent ...

Page 694: ...re listed in Table 81 on page 705 To specify more than one module separate the modules with commas msgtext Specifies a text string in the event messages This string is case sensitive The text may not contain spaces or special characters and must not be enclosed in quotation marks To use this parameter you have to include the LEVEL and PROGRAM parameters in the command and it has to be the last par...

Page 695: ...enerated by IGMP snooping IGMPSNOOP LACP and port configuration PCFG awplus enable awplus configure terminal awplus config log buffered program igmpsnooping lacp pconfig This example configures the buffered log to save those event messages that have a severity level of 0 or 4 that are generated by 802 1x port based network access control PACCESS and 802 1q GARP and that have the text port in the m...

Page 696: ...msgtext Specifies a text string with double quotations around to match the event messages This string is case sensitive and must be the last text on the command line Mode Global Configuration mode Description Use this command to specify the types of event messages to be sent to the console You can filter the messages by specifying severity level management software module a text string within the ...

Page 697: ... to the console only those event messages that are generated by IGMP snooping IGMPSNOOP and LACP awplus enable awplus configure terminal awplus config log console program igmpsnoop lacp This example configures the switch to send to the console only those event messages that have a minimum severity level of 4 and that are generated by 802 1x port based network access control PACCESS and 802 1q GARP...

Page 698: ...n Table 81 on page 705 To specify more than one module separate the modules with commas msgtext Specifies a text string with double quotations around to match the event messages This string is case sensitive and must be the last text on the command line Mode Global Configuration mode Description Use this command to specify the types of event messages to be stored in the permanent log You can speci...

Page 699: ...he settings set by the log buffered command You can cancel a setting individually by specifying a parameter If you do not specify any parameters the command cancels all the settings and restores the default settings for the buffered log Confirmation Command SHOW LOG CONFIG on page 707 Example This example cancels the settings and restores the default settings for the buffered log awplus no log buf...

Page 700: ...Chapter 46 Event Log Commands 700 awplus configure terminal awplus config no log buffered Program mac OUtputID Type Status Details 1 Temporary Enabled Wrap on Full Filter Level 4 program MAC IP ...

Page 701: ...tion mode Description Use this command to cancel the settings set by the LOG CONSOLE command You can cancel a setting individually by specifying a parameter If you do not specify any parameters the command cancels all the settings and restores the default settings Confirmation Command SHOW LOG CONFIG on page 707 Examples This example cancels the settings and restores the default settings for the c...

Page 702: ...ings set by the LOG PERMANENT command You can cancel a setting individually by specifying a parameter If you do not specify any parameters the command cancels all the settings and restores the default settings for the permanent log Confirmation Command SHOW LOG CONFIG on page 707 Example This example cancels the settings and restores the default settings for the permanent log awplus no log permane...

Page 703: ... 8100 Switch Command Line User s Guide 703 awplus configure terminal awplus config no log permanent Program mac OUtputID Type Status Details 1 Temporary Enabled Wrap on Full Filter Level 4 program MAC IP ...

Page 704: ...ime facility severity program pid message 2010 Jan 15 14 39 04 user information awplus stp Set Configuration succeeded 2010 Jan 15 14 39 04 user information awplus stp Set Configuration succeeded 2010 Jan 15 14 39 04 user information awplus stp Disabled Spanning Tree 2010 Jan 15 14 39 04 user information awplus stp Active protocol changed to STP Table 80 SHOW LOG Command Parameter Description Date...

Page 705: ...e 81 Management Software Modules Module Name Description ALL All management software modules ACL Port access control list CFG Switch configuration CLASSIFIER Classifiers used by ACL and QoS CLI Command line interface commands ENCO Encryption keys ESTACK Enhanced stacking EVTLOG Event log FILE File system GARP GARP GVRP HTTP Web server IGMPSNOOP IGMP snooping IP System IP configuration LACP Link Ag...

Page 706: ...DIUS RADIUS authentication protocol RTC Real time clock SNMP SNMP SSH Secure Shell protocol SSL Secure Sockets Layer protocol STP Spanning Tree and Rapid Spanning protocols SYSTEM Hardware status manager and operator log in and log off events TACACS TACACS authentication protocol TELNET Telnet TFTP TFTP TIME System time and SNTP VLAN Port based tagged and MAC address based VLANs WAT Watchdog timer...

Page 707: ...HOW LOG CONFIG Command The fields in the display are described here Table 82 SHOW LOG CONFIG Command Field Description Level The severity levels of the messages to be stored in the log The default is level 6 Informational and higher The levels are defined in Table 79 on page 694 Permanent log Status Enable Filter Level Informational Program All Message Text Buffered log Status Enable Filter Level ...

Page 708: ... Client Commands on page 721 Example The following command displays the configuration of the event log awplus show log config Program The software module messages to be stored in the log The modules are listed in Table 81 on page 705 The default is all modules Message Text Text that identifies the messages to be stored in the log Table 82 SHOW LOG CONFIG Command Field Description ...

Page 709: ...RMANENT Command Table 80 on page 704 describes the columns in the log and Table 81 on page 705 lists the modules and their abbreviations Example The following example displays the messages in the permanent log awplus show log permanent date time facility severity program pid message 2010 Jan 15 14 39 04 user information awplus stp Set Configuration succeeded 2010 Jan 15 14 39 04 user information a...

Page 710: ... recent event messages in the permanent event log The NUMBER parameter is used to specify the number of messages to display The messages are displayed from oldest to newest For an example and description of the log refer to Figure 136 on page 709 and Table 80 on page 704 Examples This example displays the most recent 10 log messages in the permanent log awplus show log permanent tail This example ...

Page 711: ...e SHOW LOG command display the same messages but in different order The SHOW LOG command displays the messages from oldest to newest To cancel the display type q for quit You cannot filter the log for specific types of messages For an example and description of the log refer to Figure 134 on page 704 and Table 80 on page 704 Example This command displays the event messages in the buffered log from...

Page 712: ...messages in the buffered event log The NUMBER parameter is used to specify the number of messages to display The messages are displayed from oldest to newest For an example and description of the log refer to Figure 134 on page 704 and Table 80 on page 704 Examples This example displays the 10 most resent event messages in the buffered log The messages are displayed from oldest to newest awplus sh...

Page 713: ...log Client This chapter covers the following topics Overview on page 714 Creating Syslog Server Definitions on page 715 Deleting Syslog Server Definitions on page 718 Displaying the Syslog Server Definitions on page 719 ...

Page 714: ...ment IP Address on page 82 or Chapter 13 IPv4 and IPv6 Management Addresses on page 299 The syslog servers must be members of the same subnet as the management IP address of the switch or must be able to access the subnet through routers or other Layer 3 devices If the syslog servers are not members of the same subnet as the management IP address of the switch the switch must have a default gatewa...

Page 715: ...e server For example specifying level 4 for a syslog server definition causes the switch to transmit levels 0 and 4 messages If you omit this parameter messages of all severity levels are sent The PROGRAM parameter is used to restrict the transmitted messages to just those that are generated by particular programs on the switch You designate the programs by entering their abbreviations listed in T...

Page 716: ...PCFG Port configuration PKI Public Key Infrastructure PMIRR Port mirroring PSEC MAC address based port security PTRUNK Static port trunking QOS Quality of Service RADIUS RADIUS authentication protocol RRP RRP snooping RTC Real time clock SFLOW sFlow client SNMP SNMP SSH Secure Shell protocol SSL Secure Sockets Layer protocol STP Spanning Tree Rapid Spanning and Multiple Spanning Tree protocols SYS...

Page 717: ...ion that sends messages from the RADIUS spanning tree protocols and static port trunks to a syslog server that has the IP address 156 74 134 76 awplus enable awplus configure terminal awplus config log host 156 74 134 76 program radius stp ptrunk This example creates a syslog definition that sends messages with severity levels 0 4 and 6 from access control lists and MAC address based port security...

Page 718: ...ss To view the IP addresses of the syslog servers of the definitions use the SHOW LOG CONFIG command You can delete just one definition at a time with this command The switch stops sending event messages to a syslog server as soon as you delete a definition This example deletes a syslog server definition for the server IP address 124 145 112 61 awplus enable awplus configure terminal awplus config...

Page 719: ...er Entries The syslog server entries are marked with Host followed by the server IP addresses The example display has two syslog server entries that have the IP addresses 149 132 45 75 and 149 132 101 128 Permanent log Status Enable Filter Level Informational Program All Message Text Host 149 132 45 75 Filter Level Informational Program All Message Text Host 149 132 101 128 Filter Level Informatio...

Page 720: ...Chapter 47 Syslog Client 720 ...

Page 721: ...l within the chapter Table 85 Syslog Client Commands Command Mode Description LOG HOST on page 722 Global Configuration Creates syslog server definitions NO LOG HOST on page 724 Global Configuration Deletes syslog server definitions SHOW LOG CONFIG on page 725 Privileged Exec Displays the syslog server definitions ...

Page 722: ...o the syslog server The modules are listed in Table 81 on page 705 You can specify more than one feature Separate multiple features with commas Omit this parameter to send messages from all features Mode Global Configuration mode Description Use this command to create syslog server definitions The switch uses the definitions to send event messages to syslog servers on your network There can be up ...

Page 723: ... that has the IP address 149 152 122 143 The definition sends only those messages that have a minimum severity level of 4 and that are generated by the RADIUS client RADIUS and static port trunks PTRUNK awplus enable awplus configure terminal awplus config log host 149 152 122 143 level 4 program radius ptrunk ...

Page 724: ...ver Mode Global Configuration mode Description Use this command to delete syslog server definitions from the switch Confirmation Command SHOW LOG CONFIG on page 725 Example This example deletes a syslog server definition with the server IP address 149 122 45 78 awplus enable awplus configure terminal awplus config no log host 149 122 45 78 ...

Page 725: ...Command with Syslog Server Entries The syslog server entries are marked with Host followed by the server IP addresses The example display has two syslog server entries that have the IP addresses 149 132 45 75 and 149 132 101 128 Permanent log Status Enable Filter Level Informational Program All Message Text Host 149 132 45 75 Filter Level Informational Program All Message Text Host 149 132 101 128...

Page 726: ...Chapter 48 Syslog Client Commands 726 Example This example displays the configurations of the syslog server entries awplus show log config ...

Page 727: ...s section contains the following chapters Chapter 49 Static Port Trunks on page 729 Chapter 50 Static Port Trunk Commands on page 739 Chapter 51 Link Aggregation Control Protocol LACP on page 747 Chapter 52 LACP Commands on page 759 ...

Page 728: ...728 ...

Page 729: ...topics Overview on page 730 Creating New Static Port Trunks or Adding Ports To Existing Trunks on page 734 Specifying the Load Distribution Method on page 735 Removing Ports from Static Port Trunks or Deleting Trunks on page 736 Displaying Static Port Trunks on page 737 ...

Page 730: ...P on page 747 static port trunks do not permit standby ports If a link is lost on a port in a static port trunk the trunk s total bandwidth is reduced Although the traffic carried by a lost link is shifted to one of the remaining ports in the trunk the bandwidth remains reduced until a lost link is reestablished or another port is manually added to the trunk Load Distribution Methods This section ...

Page 731: ...port trunk or an LACP trunk of Ports 7 through 14 on the switch The table below shows the mappings of the switch ports to the possible values of the last three bits of a MAC or IP address Assume you selected source MAC address as the load distribution method and that the switch needed to transmit over the trunk a packet with a source MAC address that ended in 9 The binary equivalent of 9 is 1001 m...

Page 732: ...methods assume that the final three bits of the source and or destination addresses of the packets from the network nodes are varied enough to support efficient distribution of the packets over the trunk ports A lack of variation can result in one or more ports in a trunk being used more than others with the potential loss of a trunk s efficiency and performance Guidelines Here are the guidelines ...

Page 733: ...thout also changing the other ports A port can belong to only one static trunk at a time A port cannot be a member of a static trunk and an LACP trunk at the same time The ports of a static trunk must be untagged members of the same VLAN A trunk cannot consist of untagged ports from different VLANs The switch selects the lowest numbered port in the trunk to handle broadcast packets and packets of ...

Page 734: ...eates a new trunk of ports 22 to 23 and the ID number 1 awplus enable awplus configure terminal awplus config interface port1 0 22 port1 0 23 awplus config if static channel group 1 If a static port trunk of that ID number already exists the commands add ports 22 and 23 to it Caution To prevent the formation of loops in your network topology do not connect the network cables to the member ports of...

Page 735: ...MAC address src ip Specifies source IP address dst ip Specifies destination IP address src dst ip Specifies source address destination IP address To enter the Static Port Trunk Interface mode you use the INTERFACE TRUNK command You enter the INTERFACE keyword followed by the name of the trunk The name of the trunk consists of the prefix sa for static trunk and the trunk s ID number If you do not k...

Page 736: ... port1 0 4 port1 0 5 awplus config if no static channel group To delete a static port trunk remove all its member ports This example deletes a trunk that consists of member ports 15 to 17 and 21 awplus enable awplus configure terminal awplus config interface port1 0 15 port1 0 17 port1 0 21 awplus config if no static channel group Caution To prevent the formation of loops in your network topology ...

Page 737: ...vileged Exec mode awplus show static channel group Here is an example of the information Figure 140 SHOW STATIC CHANNEL GROUP Command To view the load distribution methods of static port trunks display the running configuration with SHOW RUNNING CONFIG on page 170 Static Aggregator sa1 Member port1 0 5 port1 0 6 port1 0 7 Static Aggregator sa2 Member port1 0 19 port1 0 20 port1 0 21 port1 0 22 ...

Page 738: ...Chapter 49 Static Port Trunks 738 ...

Page 739: ... Removes ports from existing static port trunks and deletes trunks from the switch PORT CHANNEL LOAD BALANCE on page 741 Static Port Trunk Interface Sets the load distribution methods of static port trunks SHOW STATIC CHANNEL GROUP on page 743 User Exec and Privileged Exec Displays the specifications of the static port trunks STATIC CHANNEL GROUP on page 744 Port Interface Creates a new static por...

Page 740: ...ove ports from a static port trunk without first disconnecting their network cable Network loops can result in broadcast storms that can adversely affect network performance Note You cannot leave a trunk with just one port There must be a minimum of two ports in a trunk Example These commands remove ports 22 and 23 from a static port trunk If these are the only ports in the trunk the trunk is dele...

Page 741: ...pecifies source address destination IP address Mode Static Port Trunk Interface mode Description Use this command to specify the load distribution methods of static port trunks The load distribution methods determine the manner in which the switch distributes packets among the ports of a trunk This command is found in the Static Port Trunk Interface mode To enter the mode use the INTERFACE TRUNK c...

Page 742: ...s 742 Example This example sets the load distribution method to destination MAC address for a trunk with an ID number 4 awplus enable awplus configure terminal awplus config interface sa4 awplus config if port channel load balance dst mac ...

Page 743: ... An example of the command is shown in Figure 141 Figure 141 SHOW STATIC CHANNEL GROUP Command To view the load distribution methods of static port trunks display the running configuration with SHOW RUNNING CONFIG on page 170 Example This example displays the member ports of a static port trunk awplus show static channel group Static Aggregator sa1 Member port1 0 5 port1 0 6 port1 0 7 Static Aggre...

Page 744: ...y resulting in a broadcast storm and poor network performance To create a new static port trunk you have to assign it an ID number in the range of 1 to 32 This number is used by the switch to identify trunks and to assign trunk names A name of a trunk consists of the prefix sa followed by an ID number For instance if you assign a new trunk the ID number 5 its name will be sa5 You should review the...

Page 745: ...n the trunk Consequently you check to see if its settings are appropriate prior to adding it to the trunk If the port will not be the lowest numbered port its settings are changed to match the settings of the existing ports in the trunk If the port to be added to a trunk is already a member of another static trunk you must first remove it from its current trunk assignment To remove ports from a tr...

Page 746: ...Chapter 50 Static Port Trunk Commands 746 ...

Page 747: ...e following topics Overview on page 748 Creating New Aggregators on page 751 Setting the Load Distribution Method on page 752 Adding Ports to Aggregators on page 753 Removing Ports from Aggregators on page 754 Deleting Aggregators on page 755 Displaying Aggregators on page 756 ...

Page 748: ...y occur if there is a difference in their LACP implementations For example the two devices might not support the same number of active ports in an aggregate trunk If a conflict does occur the two devices must resolve the problem and decide whose LACP settings take precedence This is accomplished with the system LACP priority value A hexadecimal value of from 1 to FFFF this parameter is used whenev...

Page 749: ...f ports The switch supports up to eight active ports in an aggregate trunk at a time The switch can support up to a total of 32 static and LACP aggregate trunks at a time An LACP trunk is countered against the maximum number of trunks only when it is active The ports of an aggregate trunk must be the same medium type all twisted pair ports or all fiber optic ports The ports of a trunk can be conse...

Page 750: ... broadcast packets and packets with an unknown destination Prior to creating an aggregate trunk between an Allied Telesis device and another vendor s device refer to the vendor s documentation to determine the maximum number of active ports the device supports If the number is less than eight the maximum number for the AT 8100 Series switch you should assign the vendor s device a higher system LAC...

Page 751: ...orts of a new aggregator are already members of other aggregators the switch automatically removes them from their current assignments before adding them to the new aggregator Caution To avoid creating a loop in your network topology do not connect the network cables to the ports until after you have created the aggregator with the CHANNEL GROUP command These commands create a new aggregator of po...

Page 752: ...r the mode use the INTERFACE PO command from the Global Configuration mode in this format interface poid_number You specify the intended aggregator by adding its ID number as a suffix to PO Here is the format of the PORT CHANNEL LOAD BALANCE command port channel load balance src mac dst mac src dst mac src ip dst ip src dst ip In this example an aggregator with the ID number 5 is assigned the sour...

Page 753: ...y the ID number of the existing aggregator to which the new ports are to be assigned If you do not know the ID number use the SHOW ETHERCHANNEL DETAIL command If the new ports of an aggregator are already members of other aggregators you do not have to remove them from their current assignments before adding them to a different aggregator The management software does that automatically Caution To ...

Page 754: ... disconnecting the network cable Leaving the network cable connected may result in a network loop which can cause a broadcast storm Note You cannot remove the base port of an aggregator The base port is the lowest numbered port of an aggregator For example you cannot delete port 7 from an aggregator consisting of ports 7 to 12 Removing the base port requires deleting and recreating the aggregator ...

Page 755: ...ot delete an aggregator without first disconnecting the network cables from its ports Leaving the network cables connected may result in a network loop which can cause a broadcast storm These commands delete an aggregator consisting of ports 17 22 and 23 awplus enable awplus configure terminal awplus config interface port1 0 17 port1 0 22 port1 0 23 awplus config if no channel group ...

Page 756: ...NNEL DETAIL The only information the SHOW ETHERCHANNEL DETAIL command does not include is the LACP system priority value That value can been seen with the SHOW LACP SYS ID command also in the Privileged Exec mode Here is the command awplus show lacp sys id Aggregator 1 po1 Mac address 00 15 77 d8 43 60 0000 Admin Key 0xff01 Oper Key 0x0101 Receive link count 4 Transmit link count 4 Individual 0 Re...

Page 757: ...information Figure 143 SHOW LACP SYS ID Command It should be mentioned that while the system priority value is set as an integer with the LACP SYSTEM PRIORITY command this command displays it in hexadecimal format System Priority 0x0080 32768 Mac Address EC CD 6D 1E 52 28 ...

Page 758: ...Chapter 51 Link Aggregation Control Protocol LACP 758 ...

Page 759: ... ports from aggregators and deletes aggregators PORT CHANNEL LOAD BALANCE on page 764 LACP Port Trunk Interface Sets the load distribution method SHOW ETHERCHANNEL on page 766 Privileged Exec Displays the ports of the aggregators on the switch SHOW ETHERCHANNEL DETAIL on page 767 Privileged Exec Displays the states of the ports of the aggregators SHOW ETHERCHANNEL SUMMARY on page 769 Privileged Ex...

Page 760: ...gator you cannot add ports that are below the base port For example you cannot add ports 1 to 6 to an existing aggregator that consists of ports 7 to 12 You have to delete and recreate an aggregator to change its base port To review the guidelines to creating or modifying aggregators refer to Guidelines on page 749 Caution To prevent creating a loop in your network topology do not connect the netw...

Page 761: ...umber of the aggregator is 2 awplus enable awplus configure terminal awplus config interface port1 0 11 port1 0 16 awplus config if channel group 2 This example adds port 15 to an existing aggregator that has the ID number 4 awplus enable awplus configure terminal awplus config interface port1 0 15 awplus config if channel group 4 ...

Page 762: ...LACP priority of the switch The switch uses the LACP priority to resolve conflicts with other network devices when it creates aggregate trunks Confirmation Command SHOW LACP SYS ID on page 770 Note The value is set as an integer with this command and displayed in hexadecimal format by the SHOW LACP SYS ID command Example This example assigns the system priority 200 to the switch awplus enable awpl...

Page 763: ... recreating the aggregator Caution To prevent creating a loop in your network topology you should not remove ports from an aggregator without first disconnecting their network cables Network loops can cause broadcast storms that can lead to poor network performance Confirmation Command SHOW ETHERCHANNEL on page 766 Example These commands delete ports 11 and 12 from an aggregator The aggregator is ...

Page 764: ...address destination IP address Mode LACP Port Trunk Interface mode Description Use this command to set the load distribution methods of aggregators An aggregator can have only one load distribution method The load distribution methods are the same as those for static port trunks described in Load Distribution Methods on page 730 To enter the LACP Port Trunk Interface mode from the Global Configura...

Page 765: ...ETHERCHANNEL DETAIL on page 767 Example This example sets the load distribution method to source MAC address for the LACP trunk that has the ID number 22 awplus enable awplus configure terminal awplus config interface po22 awplus config if port channel load balance src mac ...

Page 766: ...mand to display the ports of specific aggregators on the switch Figure 144 illustrates the information Figure 144 SHOW ETHERCHANNEL Command Example This example displays the ports of the aggregator with the ID number 22 awplus show etherchannel 22 Aggregator 2 po2 Admin Key 0xff01 Oper Key 0x0101 Link Port1 0 2 sync Link Port1 0 3 sync Link Port1 0 4 sync Link Port1 0 5 sync Link Port1 0 6 sync ...

Page 767: ... 77 d8 43 60 0000 Admin Key 0xff01 Oper Key 0x0101 Receive link count 4 Transmit link count 4 Individual 0 Ready 0 Distribution Mode MACBoth Partner LAG 0080 00 a0 d2 00 94 24 F601 Link Port 1 0 1 sync Link Port 1 0 2 sync Link Port 1 0 3 sync Link Port 1 0 4 sync Aggregator 22 po22 Mac address 00 15 77 d8 43 60 0000 Admin Key 0xff16 Oper Key 0x1616 Receive link count 0 Transmit link count 0 Indiv...

Page 768: ...Chapter 52 LACP Commands 768 Example This example displays detailed information about aggregators awplus show etherchannel detail ...

Page 769: ...igure 146 SHOW ETHERCHANNEL SUMMARY Command Example This example displays the states of the aggregator s member ports awplus show etherchannel summary Aggregator 2 po2 Admin Key 0xff01 Oper Key 0x0101 Link Port1 0 2 sync Link Port1 0 3 sync Link Port1 0 4 sync Link Port1 0 5 sync Link Port1 0 6 sync Aggregator 21 po21 Admin Key 0xff16 Oper Key 0x1616 Link Port1 0 21 disabled Link Port1 0 22 disabl...

Page 770: ...ss of the switch Figure 147 provides an example of the display Figure 147 SHOW LACP SYS ID Command Note The LACP priority value is set as an integer with LACP SYSTEM PRIORITY on page 762 and displayed in hexadecimal format by this command Example This example displays the LACP priority value and MAC address awplus show lacp sys id System Priority 0x0080 32768 Mac Address EC CD 6D 1E 52 28 ...

Page 771: ...EL Command Example This example displays the LACP port information for port 5 awplus show port etherchannel port1 0 5 Link port 1 0 5 Aggregator 2 Receive machine state Defaulted Periodic Transmission machine state Slow periodic Mux machine state Detached ACTOR PARTNER Actor Port 05 Partner Port 00 Selected UNSELECTED Partner System 00 00 00 00 00 00 Oper Key 0x0001 Oper Key 0x0000 Oper Port Prior...

Page 772: ...Chapter 52 LACP Commands 772 ...

Page 773: ...otocols on page 775 Chapter 54 Spanning Tree Protocol STP Procedures on page 795 Chapter 55 STP Commands on page 803 Chapter 56 Rapid Spanning Tree Protocol RSTP Procedures on page 819 Chapter 57 RSTP Commands on page 831 Chapter 58 Multiple Spanning Tree Protocol MSTP on page 855 Chapter 59 MSTP Commands on page 875 ...

Page 774: ...774 ...

Page 775: ...ts on page 778 Port Priority on page 779 Forwarding Delay and Topology Changes on page 780 Hello Time and Bridge Protocol Data Units BPDU on page 781 Point to Point and Edge Ports on page 782 Mixed STP and RSTP Networks on page 785 Spanning Tree and VLANs on page 786 RSTP and MSTP BPDU Guard on page 787 STP RSTP MSTP Loop Guard on page 789 STP and RSTP Root Guard on page 794 ...

Page 776: ...s convergence When a change is made to the network topology such as the addition of a new bridge a spanning tree protocol must determine whether there are redundant paths that must be blocked to prevent data loops or activated to maintain communications between the various network segments This is the process of convergence With STP convergence can take up to a minute to complete in a large networ...

Page 777: ...f two or more bridges have the same bridge priority number of those bridges the one with the lowest MAC address is designated as the root bridge You can change the bridge priority number on the switch You can designate which switch on your network you want as the root bridge by giving it the lowest bridge priority number You might also consider which bridge should function as the backup root bridg...

Page 778: ...h will be the primary active path and which path s will be placed in the standby blocking mode This is accomplished by a determination of path costs The path offering the lowest cost to the root bridge becomes the primary path and the redundant paths are placed in the blocking state Path cost is determined by evaluating port costs Every port on a bridge participating in STP and RSTP has a cost ass...

Page 779: ...eferred path In some instances this can involve the use of the port priority parameter This parameter is used as a tie breaker when two paths have the same cost The port priority has a range from 0 to 240 in increments of 16 The priority values can be set only in increments of 16 The default value is 128 which is increment 8 ...

Page 780: ...g to forwarding passes through two additional states listening and learning before beginning to forward frames The amount of time a port spends in these states is set by the forwarding delay value This value states the amount of time that a port spends in the listening and learning states prior to changing to the forwarding state The forwarding delay value is adjustable on the switch The appropria...

Page 781: ... already been selected in the network and if not whether it has the lowest bridge priority number of all the bridges and should therefore become the root bridge The root bridge periodically transmits a BPDU to determine whether there have been any changes to the network topology and to inform other bridges of topology changes The frequency with which the root bridge sends out a BPDU is called the ...

Page 782: ...erating in full duplex mode is functioning as a point to point port Figure 149 illustrates two switches that are connected with one data link With the link operating in full duplex the ports are point to point ports Figure 149 Point to Point Ports If a port is operating in half duplex mode and is not connected to any further bridges that are participating in spanning tree then the port is an edge ...

Page 783: ... A port can be both a point to point and an edge port at the same time It operates in full duplex and has no spanning tree devices connected to it Figure 151 illustrates a port functioning as both a point to point and edge port Figure 151 Point to Point and Edge Port ...

Page 784: ...Determining whether a bridge port is point to point edge or both can be a bit confusing For that reason do not change the default values for this RSTP feature unless you have a good grasp of the concept In most cases the default values work well ...

Page 785: ...gether to create a single spanning tree domain Given this if you decide to activate spanning tree on the switch there is no reason not to use RSTP even if the other switches are running STP The switch combines its RSTP with the STP on the other switches by monitoring the traffic on the ports for BPDU packets Ports that receive RSTP BPDU packets operate in RSTP mode while ports receiving STP BPDU p...

Page 786: ... issue is illustrated in Figure 152 Two VLANs Sales and Production span two switches Two links consisting of untagged ports connect the separate parts of each VLAN If STP or RSTP is activated on the switches one of the links is disabled because the links form a loop In the example the port on the top switch that links the two parts of the Production VLAN is changed to the block state This leaves t...

Page 787: ...ork such as workstations and printers The advantages of edge ports are that they typically do not participate in the convergence process and that they immediately transition to the forwarding state skipping the intermediate listening and learning states Edge ports however can leave a spanning tree domain vulnerable to unwanted topology changes This can happen if someone connects an RSTP or MSTP de...

Page 788: ...ting is disabled This feature is supported on the base ports of the switch and any fiber optic transceivers installed in the unit Note A port disabled by the BPDU guard feature remains in that state until you enable it with the management software If a port is still receiving BPDUs you should disconnect the network cable before enabling it to prevent the feature from disabling the port again ...

Page 789: ...r more ports in the spanning tree domain causing a network loop The loop guard feature protects against this type of failure by monitoring the ports on the switch for BPDUs from the other RSTP devices If a port stops receiving BPDUs without a change to its link state that is the link on a port stays up the switch assumes that there is a problem with RSTP on the other device and takes action depend...

Page 790: ...illustrate this feature The first figure shows spanning tree under normal operations in a network of three switches that have been connected to form a loop To block the loop switch 3 designates port 14 as an alternate port and places it in the blocking or discarding state Figure 153 Loop Guard Example 1 If port 17 on switch 2 stops transmitting BPDUs port 14 on switch 3 transitions from the blocki...

Page 791: ...de 791 Figure 154 Loop Guard Example 2 But if loop guard is enabled on port 14 on switch 3 the port instead of changing to the forwarding state stays in the blocking state preventing the formation of the loop Figure 155 Loop Guard Example 3 ...

Page 792: ...uard it continues to forward traffic on port 4 But since no BPDUs are received on the port it assumes that the device connected to the port is not an RSTP device Since switch 2 becomes the new root bridge port 14 on switch 3 transitions to the forwarding state from the blocking state to become the new root port for the switch The result is a network loop Figure 156 Loop Guard Example 4 But if loop...

Page 793: ...AT 8100 Switch Command Line User s Guide 793 Figure 157 Loop Guard Example 5 ...

Page 794: ...t bridge are connected If the bridge receives a superior BPDU on a root designated port the Root Guard feature changes the state of the port to a root inconsistent STP state This state varies depending on the spanning tree designation For STP this is a listening state For RSTP and MSTP this is a discarding state For more information about this command see SPANNING TREE GUARD ROOT on page 843 in th...

Page 795: ...procedures Designating STP as the Active Spanning Tree Protocol on page 796 Enabling the Spanning Tree Protocol on page 797 Setting the Switch Parameters on page 798 Setting the Port Parameters on page 800 Disabling the Spanning Tree Protocol on page 801 Displaying STP Settings on page 802 ...

Page 796: ...r spanning tree protocols in addition to STP but only one of them can be active at a time on the device To designate STP as the active spanning tree protocol on the switch use the SPANNING TREE MODE STP command in the Global Configuration mode Here is the command awplus enable awplus configure terminal awplus config spanning tree mode stp After you enter the command you can configure the STP param...

Page 797: ...STP on the switch use the SPANNING TREE STP ENABLE command in the Global Configuration mode Here is the command awplus enable awplus configure terminal awplus config spanning tree stp enable The switch immediately begins to send BPDUs from its ports to participate in the spanning tree domain ...

Page 798: ...s config spanning tree max age 20 If you want the switch to be the root bridge of the spanning tree domain assign it a low priority number with the SPANNING TREE PRIORITY command The bridge priority has a range 0 to 61 440 in increments of 4 096 The default value is 32 768 Table 88 STP Switch Parameter Commands To Use This Command Range Specify how long the ports remain in the listening and learni...

Page 799: ...AT 8100 Switch Command Line User s Guide 799 This example of the command sets the switch s priority value to 8 192 awplus enable awplus configure terminal awplus config spanning tree priority 8192 ...

Page 800: ...rt1 0 4 port1 0 18 awplus config if spanning tree path cost 40 This example of the SPANNING TREE PRIORITY command assigns a priority value of 32 awplus enable awplus configure terminal awplus config interface port1 0 5 awplus config if spanning tree priority 32 Table 89 STP Port Parameter Commands To Use This Command Range Specify the cost of a port to the root bridge SPANNING TREE PATH COST path ...

Page 801: ...fig no spanning tree stp enable Note Before disabling the spanning tree protocol on the switch display the STP states of the ports and disconnect the network cables from any ports that are in the discarding state Ports that are in the discarding state begin to forward traffic again when STP is disabled Leaving the cables connected may result in broadcast storms from network loops To view the state...

Page 802: ...e1 Default Bridge Id 8000 00153355ede1 Default portfast bpdu guard disabled Default portfast bpdu filter disabled Default portfast errdisable timeout disabled Default portfast errdisable timeout interval 300 sec port1 0 1 Port Id 8001 Role Disabled State Disabled port1 0 1 Designated Path Cost 0 port1 0 1 Configured Path Cost 2000000 Add type Explicit ref count 1 port1 0 1 Designated Port Id 8001 ...

Page 803: ... 809 Port Interface Enables the Root Guard feature on a port SPANNING TREE HELLO TIME on page 810 Global Configuration Sets the hello time which defines how frequently the switch sends spanning tree configuration information when it is the root bridge or is trying to become the root bridge SPANNING TREE MAX AGE on page 811 Global Configuration Sets the maximum age parameter which defines how long ...

Page 804: ...if they receive BPDUs SPANNING TREE PRIORITY Bridge Priority on page 816 Global Configuration Assigns the switch a priority number SPANNING TREE Priority Port Priority on page 817 Port Interface Assigns a priority value to a port SPANNING TREE STP ENABLE on page 818 Global Configuration Enables STP on the switch Table 90 Spanning Tree Protocol Commands Continued Command Mode Description ...

Page 805: ...tch display the STP states of the ports and disconnect the network cables from any ports that are in the discarding state Ports that are in the discarding state begin to forward traffic again when STP is disabled Leaving the cables connected may result in broadcast storms from network loops To view the states of the ports refer to SHOW SPANNING TREE on page 806 Confirmation Command SHOW RUNNING CO...

Page 806: ...Default Bridge Id 8000 00153355ede1 Default portfast bpdu guard disabled Default portfast bpdu filter disabled Default portfast errdisable timeout disabled Default portfast errdisable timeout interval 300 sec port1 0 1 Port Id 8001 Role Disabled State Disabled port1 0 1 Designated Path Cost 0 port1 0 1 Configured Path Cost 2000000 Add type Explicit ref count 1 port1 0 1 Designated Port Id 8001 Pri...

Page 807: ...ine User s Guide 807 Examples This command displays the STP settings for all the ports awplus show spanning tree This command displays the STP settings for ports 1 and 4 awplus show spanning tree interface port1 0 1 port1 0 4 ...

Page 808: ...tch is acting as the root bridge of the spanning tree domain Switches that are not acting as the root bridge use a dynamic value supplied by the root bridge The forward time max age and hello time parameters should be set according to the following formulas as specified in IEEE Standard 802 1d max age 2 x forward time 1 0 second max age 2 x hello time 1 0 second Use the no version of this command ...

Page 809: ...nt state For STP this state is a listening state Use the no version of this command NO SPANNING TREE GUARD ROOT to disable the Root Guard feature on the specified port To display the current setting for this parameter refer to SHOW SPANNING TREE on page 806 Confirmation Command SHOW SPANNING TREE on page 806 Examples This example enables the Root Guard feature on port 7 awplus enable awplus config...

Page 810: ...ecome the root bridge The forward time max age and hello time parameters should be set according to the following formulas as specified in IEEE Standard 802 1d max age 2 x forward time 1 0 second max age 2 x hello time 1 0 second To view the current setting for this parameter refer to SHOW SPANNING TREE on page 806 Use the no version of this command NO SPANNING TREE HELLO TIME to set the command t...

Page 811: ...Us are stored by the switch before they are deleted The forward time max age and hello time parameters should be set according to the following formulas as specified in IEEE Standard 802 1d max age 2 x forward time 1 0 second max age 2 x hello time 1 0 second Use the no form of this command NO SPANNING TREE MAX AGE to set the command to its default value of 20 seconds Confirmation Command SHOW SPA...

Page 812: ... on the switch You must select STP as the active spanning tree protocol before you can enable it or configure its parameters Only one spanning tree protocol can be active on the switch at a time Confirmation Command SHOW RUNNING CONFIG on page 170 Example This example designates STP as the active spanning tree protocol on the switch awplus enable awplus configure terminal awplus config spanning tr...

Page 813: ...the cost of a port to the root bridge This cost is combined with the costs of the other ports in the path to the root bridge to determine the total path cost The lower the numeric value the higher the priority of the path The range is 1 to 200000000 Confirmation Command SHOW SPANNING TREE on page 806 Example This example assigns port 2 a port cost of 15 awplus enable awplus configure terminal awpl...

Page 814: ... spanning tree devices As a consequence edge ports do not receive BPDUs If an edge port starts to receive BPDUs it is no longer considered to be an edge port This command is used in conjunction with the SPANNING TREE PORTFAST BPDU GUARD command Confirmation Command SHOW SPANNING TREE on page 806 Example This example configures port 17 as an edge port awplus enable awplus configure terminal awplus ...

Page 815: ...s and disables them if they receive BPDU packets To disable an edge port that was disabled by the BPDU guard feature use the NO SPANNING TREE PORTFAST BPDU GUARD command See NO SPANNING TREE PORTFAST BPDU GUARD on page 836 Confirmation Command SHOW SPANNING TREE on page 806 Example This example enables the BPDU guard feature on port 4 awplus enable awplus configure terminal awplus config interface...

Page 816: ... two or more devices have the same priority value the device with the numerically lowest MAC address becomes the root bridge The range is 0 to 61 440 in increments of 4 096 The priority values can be set only in increments of 4 096 The default value is 32 768 Use the no form of this command NO SPANNING TREE PRIORITY to reset the command to its default value of 32 768 Confirmation Command SHOW SPAN...

Page 817: ...breaker when two or more ports have equal costs to the root bridge The range is 0 to 240 in increments of 16 The priority values can be set only in increments of 16 The default is 128 Use the no form of this command NO SPANNING TREE PRIORITY to reset the command to its default value of 128 Confirmation Command SHOW SPANNING TREE on page 806 Example This example assigns ports 16 and 17 a port prior...

Page 818: ...ust designate STP as the active spanning tree protocol on the switch before you can enable it or configure its parameters For instructions refer to SPANNING TREE MODE STP on page 812 Confirmation Command SHOW RUNNING CONFIG on page 170 or SHOW SPANNING TREE on page 806 Example This example enables STP on the switch awplus enable awplus configure terminal awplus config spanning tree stp enable ...

Page 819: ...res Designating RSTP as the Active Spanning Tree Protocol on page 820 Enabling the Rapid Spanning Tree Protocol on page 821 Configuring the Switch Parameters on page 822 Configuring the Port Parameters on page 825 Disabling the Rapid Spanning Tree Protocol on page 829 Displaying RSTP Settings on page 830 ...

Page 820: ...ccomplished with the SPANNING TREE MODE RSTP command in the Global Configuration mode Afterwards you can configure its settings and enable the protocol Here is the command awplus enable awplus configure terminal awplus config spanning tree mode rstp Because RSTP is the default active spanning tree protocol on the switch you only need to use this command if you activated STP and now want to change ...

Page 821: ... Configuration mode Here is the command awplus enable awplus configure terminal awplus config spanning tree rstp enable After you enter the command the switch immediately begins to participate in the spanning tree domain It sends BPDUs from its ports and disables ports if it determines along with the other STP and RSTP devices that there are loops in the network topology ...

Page 822: ...max age 10 Table 91 RSTP Switch Parameters To Use This Command Range Specify how long the ports remain in the listening and learning states before they transition to the forwarding state SPANNING TREE FORWARD TIME forwardtime 4 to 30 seconds Configure how frequently the switch sends spanning tree configuration information if it is the root bridge or is trying to become the root bridge SPANNING TRE...

Page 823: ...ameter is 0 to 61 440 in increments of 4 096 The priority values can be set only in increments of 4 096 This example assigns the switch the low priority number 4 096 to increase the likelihood of it becoming the root bridge of the spanning tree domain awplus enable awplus configure terminal awplus config spanning tree priority 4096 For reference information refer to SPANNING TREE PRIORITY Bridge P...

Page 824: ...ocedures 824 To disable the BPDU guard feature on the switch use the NO SPANNING TREE BPDU GUARD command in the Global Configuration mode Here is the command awplus enable awplus configure terminal awplus config no spanning tree portfast bpdu guard ...

Page 825: ...his Command Range Specify port costs SPANNING TREE PATH COST path cost 1 to 200000000 Assign a priority value to be used as a tie breaker when two or more paths have equal costs to the root bridge SPANNING TREE PRIORITY priority 0 to 240 in increments of 16 Designate edge ports SPANNING TREE PORTFAST Remove the edge port designation from ports NO SPANNING TREE Designate ports as point to point or ...

Page 826: ...xample designates ports 11 to 23 as point to point ports awplus enable awplus configure terminal awplus config interface port1 0 11 port1 0 23 awplus config if spanning tree link type point to point This example designates ports 26 and 27 as shared ports awplus enable awplus configure terminal awplus config interface port1 0 26 port1 0 27 awplus config if spanning tree link type shared Designating...

Page 827: ...anning tree loop guard A port disabled by this feature remains disabled until it starts to receive BPDU packets again or the switch is reset To disable the loop guard feature use the NO SPANNING TREE LOOP GUARD command This example disables the feature on port 3 awplus enable awplus configure terminal awplus config interface port1 0 3 awplus config if no spanning tree loop guard Note Ports disable...

Page 828: ...eactivates disabled ports after the specified period of time This example activates the timer and sets it to 1000 seconds awplus enable awplus configure terminal awplus config spanning tree errdisable timeout enable awplus config spanning tree errdisable timeout interval 1000 To disable BPDU guard on the switch use the NO SPANNING TREE PORTFAST BPDU GUARD command shown in this example awplus enabl...

Page 829: ...ew the current status of RSTP refer to Displaying RSTP Settings on page 830 Note Before disabling the spanning tree protocol on the switch display the RSTP states of the ports and disconnect the network cables from any ports that are in the discarding state Ports that are in the discarding state begin to forward traffic again when RSTP is disabled Leaving the cables connected may result in broadca...

Page 830: ...5bf9 Default Bridge Id 8000 eccd6d4d5bf9 Default portfast bpdu guard disabled Default portfast bpdu filter disabled Default portfast errdisable timeout disabled Default portfast errdisable timeout interval 300 sec port1 0 1 Port Id 8101 Role Disabled State Forwarding port1 0 1 Designated Path Cost 0 port1 0 1 Configured Path Cost 2000000 Add type Explicit ref count 1 port1 0 1 Designated Port Id 8...

Page 831: ... RSTP on the switch SHOW SPANNING TREE on page 838 User Exec and Privileged Exec Displays the RSTP settings on the switch SPANNING TREE ERRDISABLE TIMEOUT ENABLE on page 840 Global Configuration Activates the RSTP BPDU guard timer SPANNING TREE ERRDISABLE TIMEOUT INTERVAL on page 841 Global Configuration Specifies the duration the RSTP BPDU guard timer SPANNING TREEFORWARD TIME on page 842 Global ...

Page 832: ...ve spanning tree protocol on the switch SPANNING TREE PATH COST on page 849 Port Interface Specifies the costs of the ports to the root bridge SPANNING TREE PORTFAST on page 850 Port Interface Designates the ports as edge ports SPANNING TREE PORTFAST BPDU GUARD on page 851 Port Interface Enables the BPDU guard feature on a port SPANNING TREE PRIORITY Bridge Priority on page 852 Global Configuratio...

Page 833: ...Mode Port Interface mode Description Use this command to remove ports as edge ports on the switch Confirmation Command SHOW RUNNING CONFIG on page 170 Example This example removes port 21 as an edge port awplus enable awplus configure terminal awplus config interface port1 0 21 awplus config if no spanning tree portfast ...

Page 834: ...e RSTP BPDU guard feature When the timer is deactivated ports that the feature disables because they receive BPDU packets remain disabled until you manually activate them again with the NO SHUTDOWN command Confirmation Command SHOW RUNNING CONFIG on page 170 Example This example deactivates the time for the RSTP BPDU guard feature awplus enable awplus configure terminal awplus config no spanning t...

Page 835: ...is disabled Note Ports that are disabled by the loop guard feature do not forward traffic again when you disable the feature They only forward traffic if they start to receive BPDUs again or you reset the switch Confirmation Command SHOW RUNNING CONFIG on page 170 Example This example disables the BPDU loop guard feature on port 3 awplus enable awplus configure terminal awplus config interface por...

Page 836: ...on a port Note Edge ports disabled by the BPDU guard feature remain disabled until you enable them with the management software For instructions refer to NO SHUTDOWN on page 224 Confirmation Command SHOW RUNNING CONFIG on page 170 Example This example disables the guard feature on port 4 awplus enable awplus configure terminal awplus config interface port1 0 4 awplus config if no spanning tree por...

Page 837: ...orts and disconnect the network cables from any ports that are in the discarding state Ports that are in the discarding state begin to forward traffic again when RSTP is disabled Leaving the cables connected may result in broadcast storms from network loops To view the states of the ports refer to SHOW SPANNING TREE on page 838 Confirmation Command SHOW SPANNING TREE on page 838 Example This examp...

Page 838: ...t bpdu filter disabled Default portfast errdisable timeout disabled Default portfast errdisable timeout interval 300 sec port1 0 1 Port Id 8101 Role Disabled State Forwarding port1 0 1 Designated Path Cost 0 port1 0 1 Configured Path Cost 2000000 Add type Explicit ref count 1 port1 0 1 Designated Port Id 8101 Priority 128 port1 0 1 Root 8000 000000000000 port1 0 1 Designated Bridge 8000 0000000000...

Page 839: ...AT 8100 Switch Command Line User s Guide 839 Example This example displays the RSTP settings on the switch awplus show spanning tree ...

Page 840: ...ry RSTP domain convergences by disabling edge ports if they receive BPDUs When the timer is activated the switch will automatically reactivate disabled ports The time interval that ports remain disabled is set with SPANNING TREE ERRDISABLE TIMEOUT INTERVAL on page 841 Confirmation Command SHOW RUNNING CONFIG on page 170 Example This example activates the timer for the RSTP BPDU guard feature awplu...

Page 841: ...0 seconds Mode Global Configuration mode Description Use this command to specify the number of seconds that must elapse before the switch automatically enables ports that are disabled by the RSTP BPDU guard feature To activate the timer refer to SPANNING TREE ERRDISABLE TIMEOUT ENABLE on page 840 Confirmation Command SHOW RUNNING CONFIG on page 170 Example This example sets the time interval to 20...

Page 842: ...m the learning state to the forwarding state This parameter is active only if the switch is acting as the root bridge Switches that are not acting as the root bridge use a dynamic value supplied by the root bridge The forward time max age and hello time parameters should be set according to the following formulas as specified in IEEE Standard 802 1d max age 2 x forward time 1 0 second max age 2 x ...

Page 843: ...nt state For RSTP this state is a discarding state Use the no version of this command NO SPANNING TREE GUARD ROOT to disable the Root Guard feature on the specified port To view the current setting for this parameter refer to SHOW SPANNING TREE on page 838 Confirmation Command SHOW SPANNING TREE on page 838 Examples This example enables the Root Guard feature on port 7 awplus enable awplus configu...

Page 844: ...when it is the root bridge or is trying to become the root bridge The forward time max age and hello time parameters should be set according to the following formulas as specified in IEEE Standard 802 1d max age 2 x forward time 1 0 second max age 2 x hello time 1 0 second Use the no version of this command NO SPANNING TREE HELLO TIME to set the command to its default value of 2 seconds Confirmati...

Page 845: ...switches connected to it Mode Port Interface mode Description Use this command to designate point to point ports and shared ports Confirmation Command SHOW RUNNING CONFIG on page 170 Examples This example designates ports 11 to 23 as point to point ports awplus enable awplus configure terminal awplus config interface port1 0 11 port1 0 23 awplus config if spanning tree link type point to point Thi...

Page 846: ...tch automatically disables it A port that has been disabled by the feature remains in that state until it begins to receive BPDU packets again or the switch is reset The default setting for BPDU loop guard on the ports is disabled Confirmation Command SHOW RUNNING CONFIG on page 170 Example This example activates the BPDU loop guard feature on ports 5 and 11 awplus enable awplus configure terminal...

Page 847: ...bridge protocol data units BPDUs before it deletes them The forward time maximum age and hello time parameters should be set according to the following formulas as specified in IEEE Standard 802 1d max age 2 x forward time 1 0 second max age 2 x hello time 1 0 second Use the no form of this command NO SPANNING TREE MAX AGE to set the command to its default value of 20 seconds Confirmation Command ...

Page 848: ...ocol and set the switch or port parameters RSTP is active on the switch only after you have designated it as the active spanning tree with this command and enabled it with SPANNING TREE RSTP ENABLE on page 854 Only one spanning tree protocol STP or RSTP can be active on the switch at a time Confirmation Command SHOW SPANNING TREE on page 838 Example This example designates RSTP as the active spann...

Page 849: ...the cost of a port to the root bridge This cost is combined with the costs of the other ports in the path to the root bridge to determine the total path cost The lower the numeric value the higher the priority of a path The range is 1 to 200000000 Confirmation Command SHOW SPANNING TREE on page 838 Example This example assigns a port cost of 22 to port 2 awplus enable awplus configure terminal awp...

Page 850: ...ning tree devices or to LANs that have spanning tree devices As a consequence edge ports do not receive BPDUs If an edge port starts to receive BPDUs it is no longer considered an edge port by the switch Confirmation Command SHOW RUNNING CONFIG on page 170 Example This example configures port 17 as an edge port awplus enable awplus configure terminal awplus config interface port1 0 17 awplus confi...

Page 851: ... switch monitors edge ports and disables them if they receive BPDU packets To disable an edge port that was disabled by the BPDU guard feature use the NO SPANNING TREE PORTFAST BPDU GUARD command Confirmation Command SHOW RUNNING CONFIG on page 170 Example This example enables the BPDU guard feature on port 4 awplus enable awplus configure terminal awplus config interface port1 0 4 awplus config i...

Page 852: ...comes the root bridge If two or more devices have the same priority value the device with the numerically lowest MAC address becomes the root bridge The range is 0 to 61 440 in increments of 4 096 The priority value can be set only in increments of 4 096 The default value is 32 768 Use the no form of this command NO SPANNING TREE PRIORITY to reset the command to its default value of 32 768 Confirm...

Page 853: ...breaker when two or more ports have equal costs to the root bridge The range is 0 to 240 in increments of 16 The priority values can be set only in increments of 16 The default is 128 Use the no form of this command NO SPANNING TREE PRIORITY to reset the command to its default value of 128 Confirmation Command SHOW SPANNING TREE on page 838 Example This example assigns ports 20 and 21 a port prior...

Page 854: ... to enable the Rapid Spanning Tree Protocol on the switch You cannot enable RSTP until you have activated it with SPANNING TREE MODE RSTP on page 848 Confirmation Command SHOW RUNNING CONFIG on page 170 or SHOW SPANNING TREE on page 838 Example This example enables RSTP on the switch awplus enable awplus configure terminal awplus config spanning tree rstp enable ...

Page 855: ...cs Overview on page 856 Multiple Spanning Tree Instance MSTI on page 857 MSTI Guidelines on page 860 VLAN and MSTI Associations on page 861 Ports in Multiple MSTIs on page 862 Multiple Spanning Tree Regions on page 863 Summary of Guidelines on page 868 Associating VLANs to MSTIs on page 870 Connecting VLANs Across Different Regions on page 872 MSTP Root Guard on page 874 ...

Page 856: ... The drawback to this approach is that the link formed by the tagged ports can create a bottleneck to your Ethernet traffic resulting in reduced network performance Another approach is to use the Multiple Spanning Tree Protocol MSTP This spanning tree shares many of the same characteristics as RSTP It features rapid convergence and has many of the same parameters But the main difference is that wh...

Page 857: ... to define the scope of the MSTI by assigning one or more VLANs to it An instance can contain any number of VLANs but a VLAN can belong to only one MSTI at a time Following are several examples Figure 162 illustrates two AT 8100 Switches each containing the two VLANs Sales and Production The two parts of each VLAN are connected with a direct link using untagged ports on both switches If the switch...

Page 858: ...ances Now that they reside in different MSTIs both links remain active enabling the VLANs to forward traffic over their respective direct link Figure 163 MSTP Example of Two Spanning Tree Instances An MSTI can contain more than one VLAN This is illustrated in Figure 164 where there are two AT 8100 Switches with four VLANs There are two MSTIs each containing two VLANs MSTI 1 contains the Sales and ...

Page 859: ...AN the links between the VLAN parts are made with tagged not untagged ports so that they can carry traffic from more than one virtual LAN Referring again to Figure 164 the tagged link in MSTI 1 is carrying traffic for both the Presales and Sales VLANs while the tagged link in MSTI 2 is carrying traffic for the Design and Engineering VLANs ...

Page 860: ... switch port can belong to more than one spanning tree instance at a time by being an untagged and tagged member of VLANs belonging to different MSTIs This is possible because a port can be in different MSTP states for different MSTIs simultaneously For example a port can be in the MSTP blocking state for one MSTI and the forwarding state for another spanning tree instance For further information ...

Page 861: ...ons Part of the task to configuring MSTP involves assigning VLANs to spanning tree instances The mapping of VLANs to MSTIs is called associations A VLAN either port based or tagged can belong to only one instance at a time but an instance can contain any number of VLANs ...

Page 862: ...ferred to as generic parameters These are set just once on a port and apply to all the MSTIs where the port is a member One of these parameters is the external path cost which sets the operating cost of a port connected to a device outside its region A port even if it belongs to multiple MSTIs can have only one external path cost Other generic parameters designate the port as an edge port or a poi...

Page 863: ...tions of the nodes and bridges of the region Examples are Sales Region and Engineering Region The revision number is an arbitrary number assigned to a region This number can be used to keep track of the revision level of a region s configuration For example you might use this value to maintain the number of times you revise a particular MSTP region It is not important that you maintain this number...

Page 864: ...ce An MSTI s root bridge is called a regional root The MSTIs within a region may share the same regional root or they can have different regional roots A regional root for an MSTI must be within the region where the MSTI is located An MSTI cannot have a regional root that is outside its region A regional root is selected by a combination of the MSTI priority value and the bridge s MAC address The ...

Page 865: ...region can contain any number of VLANs All of the bridges in a region must have the same configuration name revision level VLANs and VLAN to MSTI associations An MSTI cannot span multiple regions Each MSTI must have a regional root for locating loops in the instance MSTIs can share the same regional root or have different roots A regional root is determined by the MSTI priority value and a bridge ...

Page 866: ...al boundaries while an MSTI cannot If a port is a boundary port that is if it is connected to another region that port automatically belongs solely to CIST even if it was assigned to an MSTI because only CIST is active outside of a region As mentioned earlier every MSTI must have a root bridge referred to as a regional root in order to locate loops that might exist within the instance CIST must al...

Page 867: ...n be considered as a virtual bridge The implication is that other MSTP regions and STP and RSTP single instance spanning trees cannot discern the topology or constitution of an MSTP region The only bridge they are aware of is the regional root of the CIST instance ...

Page 868: ...ing tree instance A router or Layer 3 network device is required to forward traffic between VLANs A network can contain any number of regions and a region can contain any number of AT 8100 Switches The AT 8100 Switch can belong to only one region at a time A region can contain any number of VLANs All of the bridges in a region must have the same configuration name revision level VLANs and VLAN to ...

Page 869: ...ne User s Guide 869 Note The AlliedWare Plus MSTP implementation complies fully with the new IEEE 802 1s standard Any other vendor s fully compliant 802 1s implementation is interoperable with the AlliedWare Plus implementation ...

Page 870: ...to MSTI ID 10 The BPDUs transmitted by port 8 to switch B would indicate that the port is a member of both CIST and MSTI 7 while the BPDUs from port 1 would indicate the port is a member of the CIST and MSTI 10 Figure 165 CIST and VLAN Guideline Example 1 At first glance it might appear that because both ports belong to CIST a loop exists between the switches and that MSTP blocks a port to stop th...

Page 871: ...in determining whether a loop exists The result would be that the switch detects a loop because the other port is also receiving BPDU packets from CIST 0 Switch B would block a port to cancel the loop To avoid this issue always assign all VLANs on a switch including the Default_VLAN to an MSTI This guarantees that all ports on the switch have an MSTI ID and that helps to ensure that loop detection...

Page 872: ...esult can be a physical loop which spanning tree disables by blocking ports This is illustrated in Figure 167 The example show two switches each residing in a different region Port 5 in switch A is a boundary port It is an untagged member of the Accounting VLAN which has been associated with MSTI 4 Port 16 is a tagged and untagged member of three different VLANs all associated with MSTI 12 If both...

Page 873: ...pport Product Management and Accounting You can group these three VLANs into the same MSTI in each region For instance for Region 1 you might group the three VLANs in MSTI 11 and in Region 2 you could group them into MSTI 6 After they are grouped you can connect the VLANs across the regions using a link of untagged tagged ports See Figure 168 Figure 168 Spanning Regions without Blocking Table 95 T...

Page 874: ...re all designated ports unless two or more ports of the root bridge are connected If the bridge receives a superior BPDU on a root designated port the Root Guard feature changes the state of the port to a root inconsistent STP state This state varies depending on the spanning tree designation For MSTP this is a discarding state For more information about this command see SPANNING TREE GUARD ROOT o...

Page 875: ...TP on the switch SHOW SPANNING TREE on page 883 User Exec and Privileged Exec Displays the MSTP settings on the switch SHOW SPANNING TREE MST CONFIG on page 884 Privileged Executive Displays the MSPT Configuration information for a bridge SHOW SPANNING TREE MST on page 885 Privileged Executive Displays the MST to VLAN port mapping SHOW SPANNING TREE MST INSTANCE on page 886 Privileged Executive Di...

Page 876: ...a port SPANNING TREE PATH COST on page 894 Port Interface Specifies the cost of a port to the root bridge SPANNING TREE PORTFAST on page 895 Port Interface Designates the ports as edge ports SPANNING TREE PORTFAST BPDU GUARD on page 896 Interface Configuration Enables the Root Guard feature REGION on page 897 MST Configuration Assigns a name to an MST region REVISION on page 898 MST Configuration ...

Page 877: ...he lowest value is considered to have the highest priority and is chosen as the root port over a port equivalent in all other aspects but with a higher priority value The default value is 32768 For information about MSTI see MSTI Guidelines on page 860 The range is 0 to 61 440 in increments of 4 096 The range is divided into the sixteen increments listed in Table 97 You specify the increment that ...

Page 878: ...3 a priority of 4096 to port 4 awplus enable awplus configure terminal awplus config spanning tree mode mstp awplus config spanning tree mstp enable awplus config spanning tree spanning tree mst configuration awplus config mst interface port 1 0 4 awplus config mst instance 3 priority 4096 7 28672 15 61440 Table 97 MSTP Bridge Priority Value Increments Continued Increment Bridge Priority Increment...

Page 879: ... about MSTI see MSTI Guidelines on page 860 After you use the INSTANCE MSTI ID VLAN command to create an instance and associate it with a VLAN use the SPANNING TREE MST INSTANCE command to associate ports with each instance See SPANNING TREE MST INSTANCE on page 893 Use the no command NO INSTANCE MSTI ID VLAN to delete an instance and its associated VLAN ID Confirmation Command SHOW RUNNING CONFIG...

Page 880: ...MSTP BPDU guard feature When the timer is deactivated ports that the feature disables because they receive BPDU packets remain disabled until you manually activate them again with the NO SHUTDOWN command Confirmation Command SHOW RUNNING CONFIG on page 170 Example This example deactivates the timer for the MSTP BPDU guard feature awplus enable awplus configure terminal awplus config no spanning tr...

Page 881: ...rt Interface mode Description Use this command to remove ports as edge ports on the switch This command is equivalent to NO SPANNING TREE PORTFAST on page 833 Example This example removes port 21 as an edge port awplus enable awplus configure terminal awplus config interface port1 0 21 awplus config if no spanning tree portfast ...

Page 882: ... disconnect the network cables from any ports that are in the discarding state Ports that are in the discarding state begin to forward traffic again when MSTP is disabled Leaving the cables connected may result in broadcast storms from network loops To view the states of the ports refer to SHOW SPANNING TREE on page 883 Confirmation Command SHOW SPANNING TREE on page 883 Example This example disab...

Page 883: ...settings on the switch awplus show spanning tree Default Bridge up Spanning Tree Enabled Default CIST Root Path Cost 0 CIST Root Port 0 CIST Bridge Priority 32768 Default Forward Delay 15 Hello Time 2 Max Age 20 Max hops 20 Default CIST Root Id 8000 eccd6d1e5228 Default CIST Reg Root Id 8000 eccd6d1e5228 Default CIST Bridge Id 8000 eccd6d1e5228 Default portfast bpdu filter disabled Default portfas...

Page 884: ...ay to check that the digest is the same on this device as for all other devices in the same region Example This example displays the MSTP configuration information for a bridge awplus enable awplus show spanning tree mst config An example of the display is shown in Figure 170 Figure 170 SHOW SPANNING TREE MST CONFIG Command MSTP Configuration Information for bridge 0 Format Id 0 Name Revision Leve...

Page 885: ...g tree mst An example of the display is shown in Figure 171 Figure 171 SHOW SPANNING TREE MST Command Default Bridge up Spanning Tree Enabled Default CIST Root Path Cost 200000 CIST Root Port 33033 CIST Bridge Priority 327 68 Default Forward Delay 15 Hello Time 2 Max Age 20 Max hops 0 Default CIST Root Id 00 30 84 fd 7a 55 Default CIST Reg Root ID 02 10 18 47 04 10 Default CIST Bridge ID 02 10 18 ...

Page 886: ...range is from 1 to 15 Mode Privileged Executive Mode Description Use this command to display detailed information for a particular instance and all switch ports associated with that instance Example This example displays detailed information for instance 4 and all the ports associated with that instance awplus enable awplus show spanning tree mst instance 4 ...

Page 887: ...f they receive BPDUs When the timer is activated the switch will automatically reactivate disabled ports The time interval that ports remain disabled is set with SPANNING TREE ERRDISABLE TIMEOUT INTERVAL on page 888 To disable the timer for the BPDU guard feature use the NO SPANNING TREE ERRDISABLE TIMEOUT INTERVAL command Confirmation Command SHOW RUNNING CONFIG on page 170 Example The following ...

Page 888: ...and to specify the number of seconds that must elapse before the switch automatically enables ports that are disabled by the BPDU guard feature To activate the timer refer to SPANNING TREE ERRDISABLE TIMEOUT ENABLE on page 887 To reset the timer to its default value of 300 seconds use the NO SPANNING TREE ERRDISABLE TIMEOUT INTERVAL command Confirmation Command SHOW RUNNING CONFIG on page 170 Exam...

Page 889: ...nt state For MSTP this state is a discarding state Use the no version of this command NO SPANNING TREE GUARD ROOT to disable the Root Guard feature on the specified port To view the current setting for this parameter refer to SHOW SPANNING TREE on page 883 Confirmation Command SHOW SPANNING TREE on page 883 Examples This example enables the Root Guard feature on port 7 awplus enable awplus configu...

Page 890: ...ode Global Configuration mode Description Use this command to set MSTP as the spanning tree protocol mode Confirmation Command SHOW RUNNING CONFIG on page 170 Example This example sets MSTP as the spanning tree protocol mode awplus enable awplus configure terminal awplus config spanning tree mode mstp ...

Page 891: ...sable the spanning tree protocol and set the switch or port parameters MSTP is active on the switch only after you have designated it as the active spanning tree with this command and enabled it with SPANNING TREE MST CONFIGURATION on page 892 Only one spanning tree protocol STP RSTP or MSTP can be active on the switch Confirmation Command SHOW SPANNING TREE on page 883 Example This example enable...

Page 892: ...Description Use this command to enter the MST mode Note Only one spanning tree protocol STP RSTP or MSTP can be active on the switch Confirmation Command SHOW SPANNING TREE on page 883 Example This example enters the MST mode awplus enable awplus configure terminal awplus config spanning tree mstp mode awplus config spanning tree mst configuration ...

Page 893: ... spanning tree information for the associated MSTI when you assign a VLAN to the MSTI using the INSTANCE MST ID VLAN command For information about this command see INSTANCE MSTI ID VLAN on page 879 To remove the association between an MST instance and a port use the NO SPANNING TREE MST INSTANCE command In addition to disable the automatic configuration of member ports of a VLAN to an associated M...

Page 894: ...to the root bridge to determine the total path cost For MSTP this command only applies to the path cost for CIST The lower the numeric value the higher the priority of a path The range is 1 to 200000000 The default depends on the port speed To return a port to the default value use the no version of this command NO SPANNING TREE PATH COST Confirmation Command SHOW SPANNING TREE on page 883 Example...

Page 895: ... to spanning tree devices or to LANs that have spanning tree devices As a consequence edge ports do not receive BPDUs If an edge port starts to receive BPDUs it is no longer considered an edge port by the switch Confirmation Command SHOW RUNNING CONFIG on page 170 Example This example configures port 17 as an edge port awplus enable awplus configure terminal awplus config interface port1 0 17 awpl...

Page 896: ...d feature on the switch which protects the switch from receiving superior BPDUs Use the no version of this command NO SPANNING TREE PORTFAST BPDU GUARD to disable the root guard feature on a switch Confirmation Command SHOW RUNNING CONFIG on page 170 Example This example enables the root guard feature on the switch awplus enable awplus configure terminal awplus config spanning tree portfast bpdu g...

Page 897: ...ion mode Description Use this command to name the MSTP Region Confirmation Command SHOW RUNNING CONFIG on page 170 or SHOW SPANNING TREE on page 883 Example This example names the MSTP region santa clara county awplus enable awplus configure terminal awplus config spanning tree mst enable awplus config spanning tree mst configuration awplus config mst region santa_clara_county ...

Page 898: ... This value is an arbitrary value that you assign to an MST region Use the revision number to track the number of times an MST configuration has been updated on the network Confirmation Command SHOW RUNNING CONFIG on page 170 SHOW SPANNING TREE on page 883 Example This example specifies the MST revision number as 4 awplus enable awplus configure terminal awplus config spanning tree mst enable awpl...

Page 899: ...s on page 925 Chapter 62 GARP VLAN Registration Protocol on page 945 Chapter 63 GARP VLAN Registration Protocol Commands on page 963 Chapter 64 MAC Address based VLANs on page 985 Chapter 65 MAC Address based VLAN Commands on page 1001 Chapter 66 Private Port VLANs on page 1015 Chapter 67 Private Port VLAN Commands on page 1023 Chapter 68 Voice VLAN Commands on page 1029 ...

Page 900: ...900 ...

Page 901: ...AN Overview on page 904 Tagged VLAN Overview on page 910 Creating VLANs on page 915 Adding Untagged Ports to VLANs on page 916 Adding Tagged Ports to VLANs on page 918 Removing Untagged Ports from VLANs on page 920 Removing Tagged Ports from VLANs on page 921 Deleting VLANs on page 922 Displaying the VLANs on page 923 ...

Page 902: ...fic stays within the VLANs The nodes of a VLAN receive traffic only from nodes of the same VLAN This reduces the need for nodes to handle traffic not destined for them and frees up bandwidth within all the logical workgroups In addition broadcast traffic remains within a VLAN because each VLAN constitutes a separate broadcast domain This too can improve overall network performance Increased securi...

Page 903: ...e switch This makes it possible to create VLANs of end nodes that are connected to switches located in different physical locations The switch supports the following types of VLANs you can create yourself Port based VLANs Tagged VLANs These VLANs are described in the following sections ...

Page 904: ...te The switch is pre configured with one port based VLAN called the Default_VLAN All ports on the switch are members of this VLAN The parts that make up a port based VLAN are VLAN name VLAN Identifier Untagged ports Port VLAN Identifier VLAN Name To create a port based VLAN you must give it a name The name should reflect the function of the network devices that are to be members of the VLAN Exampl...

Page 905: ...ate a port based VLAN on the switch and assign it a VID of 5 assign the PVID for each port in the VLAN to 5 Some switches and switch management programs require that you assign the PVID value for each port manually However the management software performs this task automatically The software automatically assigns a PVID to a port making it identical to the VID of the VLAN to which the port is a me...

Page 906: ...s untagged VLAN assignment After the VLAN assignment is made the port s role can be changed back again to authenticator or supplicant if desired You cannot delete the Default VLAN from the switch Deleting an untagged port from the Default VLAN without assigning it to another VLAN results in the port being an untagged member of no VLAN Drawbacks of Port based VLANs There are several drawbacks to po...

Page 907: ...rts have been assigned PVID values A port s PVID is assigned automatically by the switch when you create the VLANs The PVID of a port is the same as the VID in which the port is an untagged member In the example each VLAN has one port connected to the router The router interconnects the various VLANs and functions as a gateway to the WAN Port based Example 2 Figure 173 on page 908 illustrates more...

Page 908: ...Chapter 60 Port based and Tagged VLANs 908 Figure 173 Port based VLAN Example 2 ...

Page 909: ...ports 9 to 13 on the top switch and ports 16 18 to 20 and 22 on the bottom switch Because this VLAN spans multiple switches it needs a direct connection between its various parts to provide a communications path This is provided in the example with a direct connection from port 10 on the top switch to port 19 on the bottom switch This VLAN uses port 12 on the top switch as a connection to the rout...

Page 910: ...requirements and standards for tagging The device must be able to process the tagged information on received frames and add tagged information to transmitted frames The benefit of a tagged VLAN is that the tagged ports can belong to more than one VLAN at one time This can greatly simplify the task of adding shared devices to the network For example a server can be configured to accept and return p...

Page 911: ...VID of a port determines the VLAN where the port is an untagged member Because a tagged port determines VLAN membership by examining the tagged header within the frames that it receives and not the PVID you might conclude that there is no need for a PVID However the PVID is used if a tagged port receives an untagged frame a frame without any tagged information The port forwards the frame based on ...

Page 912: ...Chapter 60 Port based and Tagged VLANs 912 Tagged VLAN Example Figure 174 illustrates how tagged ports can be used to interconnect IEEE 802 1q based products Figure 174 Example of a Tagged VLAN ...

Page 913: ...ort Assignments Switch Sales VLAN VID 2 Engineering VLAN VID 3 Production VLAN VID 4 Untagged Ports Tagged Ports Untagged Ports Tagged Ports Untagged Ports Tagged Ports AT 8100 Switch top 1 3 to 5 PVID 2 2 10 9 11 to 13 PVID 3 2 10 17 19 to 21 PVID 4 2 AT 8100 Switch bottom 2 4 6 8 PVID 2 9 16 18 20 22 PVID 3 9 none none ...

Page 914: ...re used to simplify network design in the example They are port 10 on the top switch and port 9 on the lower switch These ports have been made tagged members of the Sales and Engineering VLANs so that they can carry traffic from both VLANs simultaneously These ports provide a common connection that enables different parts of the same VLAN to communicate with each other while maintaining data separ...

Page 915: ...n vid name name This example creates the Engineering VLAN and assigns it a VID of 5 awplus enable awplus configure terminal awplus config vlan database awplus config vlan vlan 5 name Engineering Note The VLAN name field is used only as a description in the SHOW VLAN command output It cannot be a substituted for the VID when specifying a specific VLAN in other commands This example creates four new...

Page 916: ...e you can use the SWITCHPORT ACCESS VLAN command which is also found in the Port Interface mode to assign it as an untagged member of a VLAN Here is the format of the command switchport access vlan vid The VID parameter is the VLAN to which you want to add the untagged port If you do not know the number use the SHOW VLAN ALL command in the User Exec mode or the Privileged Exec mode to view the VLA...

Page 917: ...tagged ports of a VLAN with the VID 4 The SWITCHPORT MODE ACCESS command is omitted because the example assumes the ports are already designated as untagged ports awplus enable awplus configure terminal awplus config interface port1 0 11 port1 0 18 awplus config if switchport access vlan 4 ...

Page 918: ...rmat shown here switchport mode trunk ingress filter enable disable For an explanation of the optional INGRESS FILTER parameter refer to SWITCHPORT MODE TRUNK on page 935 Once a port is labeled as a tagged port you can add it to VLANs as a tagged member with the SWITCHPORT TRUNK ALLOWED VLAN command The command has this format switchport trunk allowed vlan add vid The VID parameter is the ID numbe...

Page 919: ...lar VLAN A port can have only one native VLAN The command for setting the native VLAN of tagged ports is the SWITCHPORT TRUNK NATIVE VLAN command in the Port Interface mode Here is the command s format switchport trunk native vlan vid The VID parameter is the ID number of the VLAN that is to be the native VLAN of the untagged port You can specify just one VID because a tagged port can have just on...

Page 920: ...t_VLAN You can remove more than one port at a time from a VLAN and the same command can be used to remove untagged ports from different VLANs This example removes untagged port 5 from its current VLAN assignment and returns it to the Default_VLAN awplus enable awplus configure terminal awplus config interface port1 0 5 awplus config if no switchport access vlan This example removes untagged ports ...

Page 921: ...hich the port is to be removed This example removes tagged ports 18 and 19 from the VLAN with the VID 7 awplus enable awplus configure terminal awplus config interface port1 0 18 port1 0 19 awplus config if switchport trunk allowed vlan remove 7 If after removing a port from all its tagged VLAN assignments you do not want it to function as a tagged port on the switch use the NO SWITCHPORT TRUNK co...

Page 922: ...nfiguration mode You cannot delete the Default_VLAN The untagged ports of deleted VLANs are automatically returned back to the Default_VLAN Here is the format of the command no vlan vid This example deletes the VLAN with the VID 12 awplus enable awplus configure terminal awplus config vlan database awplus config vlan no vlan 12 ...

Page 923: ...nformation is shown in Figure 175 Figure 175 SHOW VLAN ALL Command The information is described in Table 100 on page 930 VLAN ID Name Type State Member ports u Untagged t Tagged 1 default STATIC ACTIVE 1 u 20 u 21 u 22 u 23 u 26 u 27 u 28 u 5 Sales STATIC ACTIVE 11 u 12 u 13 u 14 u 24 u 25 u 5 Engineering STATIC ACTIVE 2 u 3 u 4 u 5 u 6 u 7 u 8 u 15 u 16 u 17 u 25 t 18 Marketing STATIC ACTIVE 9 u ...

Page 924: ...Chapter 60 Port based and Tagged VLANs 924 ...

Page 925: ...he native VLAN of tagged ports NO VLAN on page 929 VLAN Configuration Deletes VLANs from the switch SHOW VLAN on page 930 User Exec and Privileged Exec Displays all the VLANs on the switch SWITCHPORT ACCESS VLAN on page 932 Port Interface Adds untagged ports to a VLAN SWITCHPORT MODE ACCESS on page 934 Port Interface Designates ports as untagged ports SWITCHPORT MODE TRUNK on page 935 Port Interfa...

Page 926: ...VLAN if they are set to the authenticator role for 802 1x port based network access control You must first remove the authenticator role For instructions refer to NO DOT1X PORT CONTROL on page 1129 Confirmation Command SHOW VLAN on page 930 Example This example removes untagged port 5 from its current VLAN assignment and returns it to the Default VLAN awplus enable awplus configure terminal awplus...

Page 927: ... the trunk mode has been removed Note You must first remove a port from all tagged VLAN assignments before you can remove its tagged designation For instructions refer to SWITCHPORT TRUNK ALLOWED VLAN on page 937 Confirmation Command SHOW RUNNING CONFIG on page 170 Example This example removes the trunk mode from ports 23 and 24 awplus enable awplus configure terminal awplus config interface port1...

Page 928: ...ss and egress untagged packets A tagged port can have only one native VLAN Note This command will not work if the tagged port is already a tagged member of the Default_VLAN because a port cannot be both a tagged and untagged member of the same VLAN Confirmation Command SHOW RUNNING CONFIG on page 170 Example This example reestablishes the Default_VLAN as the native VLAN for tagged ports 18 and 19 ...

Page 929: ...untagged ports Static addresses assigned to the ports of a deleted VLAN become obsolete and should be deleted from the MAC address table For instructions refer to NO MAC ADDRESS TABLE STATIC on page 392 To delete a VLAN that has authenticator or supplicant ports for 802 1x port based network access control you must first change the ports to the 802 1x none role For instructions refer to NO DOT1X P...

Page 930: ... 176 SHOW VLAN Command The columns in the table are described here VLAN ID Name Type State Member ports u Untagged t Tagged 1 default STATIC ACTIVE 1 u 20 u 21 u 22 u 23 u 26 u 27 u 28 u 5 Sales STATIC ACTIVE 11 u 12 u 13 u 14 u 24 u 25 u 5 Engineering STATIC ACTIVE 2 u 3 u 4 u 5 u 6 u 7 u 8 u 15 u 16 u 17 u 25 t 18 Marketing STATIC ACTIVE 9 u 10 u 18 u 19 u 25 t Table 100 SHOW VLAN Command Parame...

Page 931: ...LANs on the switch awplus show vlan State The states of the VLANs A VLAN has an Active state if it has at least one tagged or untagged port and an Inactive state if it does not have any ports Member Ports The untagged u and tagged t ports of the VLANs Table 100 SHOW VLAN Command Continued Parameter Description ...

Page 932: ...atically removes it from its current untagged VLAN assignment before moving it to its new assignment For example if you add port 4 as an untagged port to a VLAN the switch automatically removes the port from the VLAN in which it is currently an untagged member The PVID of an untagged port is automatically changed to match the VID number of the VLAN where it is added For instance if you add port 4 ...

Page 933: ... 0 5 port1 0 7 awplus config if switchport access vlan 12 This example returns port 15 as an untagged port to the Default_VLAN which has the VID 1 awplus enable awplus configure terminal awplus config interface port1 0 15 awplus config if switchport access vlan 1 Returning ports to the Default_VLAN can also be accomplished with the NO SWITCHPORT ACCESS VLAN See NO SWITCHPORT ACCESS VLAN on page 92...

Page 934: ...rts to VLANs The second command is SWITCHPORT ACCESS VLAN on page 932 The access mode is the default setting for all ports on the switch Consequently you only need to perform this command for ports that were changed to the trunk mode for tagged packets and now need to be returned to the access mode for untagged packets Confirmation Command SHOW RUNNING CONFIG on page 170 Example This example desig...

Page 935: ...ALLOWED VLAN on page 937 The INGRESS FILTER parameter controls whether the tagged port accepts or rejects tagged packets containing VIDs that do not match any of its tagged VIDs If ingress filtering is enabled any frame received on the port is only admitted if its VID matches one for which the port is tagged Any frame received on the port is discarded if its VID does not match one for which the po...

Page 936: ...his example designates port 18 as a tagged port and disables ingress filtering so that it accepts all tagged packets awplus enable awplus configure terminal awplus config interface port1 0 18 awplus config if switchport mode trunk ingress filter disable ...

Page 937: ...signated VLAN You can specify more than one VID except vid Adds the port as a tagged port to all the VLANs on the switch except for the designated VLAN You can specify more than one VID remove vid Removes the port as a tagged port from the designated VLAN You can specify more than one VID none Removes the port as a tagged port from all its tagged VLAN assignments Mode Port Interface mode Descripti...

Page 938: ...2 1x none role before they can be removed from a VLAN You can reassign their roles after you change their VLAN assignments Confirmation Command SHOW VLAN on page 930 Examples of Adding Tagged Ports to VLANs This example designates port 5 as a tagged port and adds it to the VLAN with a VID of 22 awplus enable awplus configure terminal awplus config interface port1 0 5 awplus config if switchport mo...

Page 939: ...wplus config if switchport trunk allowed vlan except 11 Examples of Removing Tagged Ports from VLANs This example removes tagged port 17 from the VLAN with a VID of 8 awplus enable awplus configure terminal awplus config interface port1 0 17 awplus config if switchport trunk allowed vlan remove 8 This example removes ports 19 and 22 from all their tagged VLAN assignments awplus enable awplus confi...

Page 940: ...e native VLANs for tagged ports The native VLAN of a tagged port specifies the appropriate VLAN for ingress untagged packets A tagged port can have only one native VLAN and the VLAN must already exist on the switch Note You cannot assign a native VLAN to a port that is already a tagged member of that VLAN because a port cannot be both a tagged and untagged member of the same VLAN Confirmation Comm...

Page 941: ...Guide 941 This example reestablishes the Default_VLAN as the native VLAN for tagged ports 18 and 20 awplus enable awplus configure terminal awplus config interface port1 0 18 port1 0 20 awplus config if switchport trunk native vlan none ...

Page 942: ...me VID value name Specifies a name for a new VLAN A name can be from 1 to 20 characters in length The first character must be a letter it cannot be a number VLANs will be easier to identify if their names reflect the functions of their subnetworks or workgroups for example Sales or Accounting A name cannot contain spaces or special characters such as asterisks or exclamation points A name cannot b...

Page 943: ...ering awplus enable awplus configure terminal awplus config vlan database awplus config vlan vlan 5 name Engineering This example creates a new VLAN with the VID 17 and the name Manufacturing awplus enable awplus configure terminal awplus config vlan database awplus config vlan vlan 17 name Manufacturing This example creates new VLANs with the VIDs 6 to 11 15 and 23 awplus enable awplus configure ...

Page 944: ...Chapter 61 Port based and Tagged VLAN Commands 944 ...

Page 945: ...n page 951 Enabling GVRP on the Switch on page 952 Enabling GIP on the Switch on page 953 Enabling GVRP on the Ports on page 954 Setting the GVRP Timers on page 955 Disabling GVRP Timers on the Switch on page 956 Disabling GVRP on the Ports on page 957 Disabling GIP on the Switch on page 958 Disabling GVRP on the Switch on page 959 Restoring the GVRP Default Settings on page 960 Displaying GVRP on...

Page 946: ...e device that sent it It then does the following If the PDU contains a VID of a VLAN that does not exist on the switch it creates the designated VLAN and adds the port that received the PDU as a tagged member of the VLAN A VLAN created by GVRP is called a dynamic GVRP VLAN If the PDU contains a VID of a VLAN that already exists on the switch but the port is not a member of it the switch adds the p...

Page 947: ...provides an example of how GVRP works Figure 177 GVRP Example The example consists of three switches Switches 1 and 3 have the Sales VLAN but switch 2 does not Consequently the end nodes of the two parts of the Sales VLANs cannot communicate with each other ...

Page 948: ...ts VID of 11 Note that port 3 is not yet a member of the VLAN Ports are added to VLANs when they receive PDUs from other network devices not when they transmit PDUs 4 Switch 3 receives the PDU on port 4 and after examining it notes that one of the VLANs on switch 2 has the VID 11 which matches the VID of an already existing VLAN on the switch So it does not create the VLAN because it already exist...

Page 949: ...c GVRP VLANs and dynamic GVRP port assignments The dynamic assignments are relearned by the switch as PDUs arrive on the ports from other switches GVRP has three timers Join Timer Leave Timer and Leave All Timer The values for these timers must be set the same on all switches running GVRP Timers with different values on different switches can result in GVRP compatibility problems You can convert d...

Page 950: ...a member of the VLANs giving the intruder access to restricted areas of your network Here are a couple of suggestions to protect against this type of network intrusion Activating GVRP only on those switch ports connected to other GVRP devices Do not activate GVRP on ports that are connected to GVRP inactive devices Converting all dynamic GVRP VLANs and dynamic GVRP ports to static assignments and ...

Page 951: ...eives from the GVRP active switches GVRP PDUs are management frames intended for the switch s CPU In all likelihood a GVRP inactive switch will discard the PDUs because it will not recognize them The second issue is that even if a GVRP inactive switch forwards GVRP PDUs it will not create the VLANs at least not automatically Consequently even if GVRP active switches receive the PDUs and create the...

Page 952: ...l Configuration mode It is the GVRP ENABLE command After the command is entered the switch immediately begins to transmit PDUs from those ports where GVRP is enabled and to learn dynamic GVRP VLANs Here is the command awplus enable awplus configure terminal awplus config gvrp enable For reference information refer to GVRP ENABLE on page 968 ...

Page 953: ... GVRP on the switch GIP must be enabled if the switch is using GVRP The command for activating GIP is the GVRP APPLICANT STATE ACTIVE command in the Global Configuration mode Here is the command awplus enable awplus configure terminal awplus config gvrp applicant state active For reference information refer to GVRP APPLICANT STATE ACTIVE on page 966 ...

Page 954: ...e default setting for GVRP on the ports is enabled you should only need to use this command if you want to enable GVRP after disabling it on a port This example of the command activates GVRP on ports 12 13 and 17 awplus enable awplus configure terminal awplus config interface port1 0 12 port1 0 13 port1 0 17 awplus config if gvrp registration normal For reference information refer to GVRP REGISTRA...

Page 955: ...in Timer 2 x Leave Timer The commands for setting the timers are in the Global Configuration mode They are gvrp timer join value gvrp timer leave value gvrp timer leaveall value The timers are set in one hundredths of a second This example sets the Join Timer to 0 2 seconds the Leave Timer to 0 8 seconds and the Leave All timer to 10 seconds awplus enable awplus configure terminal awplus config gv...

Page 956: ...hey are no gvrp timer join no gvrp timer leave no gvrp timer leaveall Use these commands to reset GVRP timers to the default values for each individual parameter The default values are GVRP timer join 20 GVRP timer leave 60 GVRP timer leave all 1000 For reference information refer to NO GVRP TIMER JOIN on page 974 NO GVRP TIMER LEAVE on page 975 and NO GVRP TIMER LEAVEALL on page 976 ...

Page 957: ...the GVRP REGISTRATION NONE command in the Port Interface mode This example of the command deactivates GVRP on ports 4 and 5 awplus enable awplus configure terminal awplus config interface port1 0 4 1 0 5 awplus config if gvrp registration none For reference information refer to GVRP REGISTRATION on page 969 ...

Page 958: ...ed if the switch is using GVRP There is never any reason to disable GIP Even if the switch is not performing GVRP you can still leave GIP enabled The command for disabling GIP is GVRP APPLICANT STATE NORMAL command Here is the command awplus enable awplus configure terminal awplus config gvrp applicant state normal For reference information refer to GVRP APPLICANT STATE NORMAL on page 967 ...

Page 959: ...P to stop the switch from learning any further dynamic VLANs or GVRP ports use the NO GVRP ENABLE command in the Global Configuration mode Here is the command awplus enable awplus configure terminal awplus config no gvrp enable For reference information refer to NO GVRP ENABLE on page 973 ...

Page 960: ... Default Settings To disable GVRP and to return the timers to their default settings use the PURGE GVRP command in the Global Configuration mode awplus enable awplus configure terminal awplus config purge gvrp For reference information refer to PURGE GVRP on page 977 ...

Page 961: ...nd the three timer settings Here is the command awplus show gvrp timer Here is an example of the information the command provides Figure 178 SHOW GVRP TIMER Command For reference information refer to SHOW GVRP APPLICANT on page 978 SHOW GVRP CONFIGURATION on page 979 SHOW GVRP MACHINE on page 980 SHOW GVRP STATISTICS on page 981 and SHOW GVRP TIMER on page 983 GVRP Status Disabled GVRP GIP Status ...

Page 962: ...Chapter 62 GARP VLAN Registration Protocol 962 ...

Page 963: ... Enables GVRP GVRP REGISTRATION on page 969 Port Interface Set a port s GVRP status GVRP TIMER JOIN on page 970 Global Configuration Sets the GARP Join Timer GVRP TIMER LEAVE on page 971 Global Configuration Sets the GARP Leave Timer GVRP TIMER LEAVEALL on page 972 Global Configuration Sets the GARP Leave All timer NO GVRP ENABLE on page 973 Global Configuration Disables GVRP on the switch NO GVRP...

Page 964: ...ameters for the internal database for the GARP application SHOW GVRP MACHINE on page 980 User Exec and Privileged Exec Displays parameters for the GID state machines for the GARP application SHOW GVRP STATISTICS on page 981 User Exec and Privileged Exec Displays GARP packet and message counters SHOW GVRP TIMER on page 983 User Exec and Privileged Exec Displays the GARP time values Table 101 GARP V...

Page 965: ...ommand to convert dynamic GVRP VLANs and dynamic GVRP port assignments to static VLANs and static port assignments Example This example converts dynamic GVRP VLANs and dynamic GVRP port assignments to static VLANs and static port assignments on the switch awplus enable awplus configure terminal awplus config vlan database awplus config vlan convert dynamic vlan ...

Page 966: ...licant state active Parameters None Mode Global Configuration mode Description Use this command to enable GIP on the switch GIP must be enabled for GVRP to operate properly Example This example enables GIP on the switch awplus enable awplus configure terminal awplus config gvrp applicant state active ...

Page 967: ... None Mode Global Configuration mode Description Use this command to disable GIP on the switch Note Do not disable GIP if the switch is running GVRP GIP is required for proper GVRP operation Example This example disables GIP on the switch awplus enable awplus configure terminal awplus config gvrp applicant state normal ...

Page 968: ...968 GVRP ENABLE Syntax gvrp enable Parameters None Mode Global Configuration mode Description Use this command to enable GVRP on the switch Example This example enables GVRP on the switch awplus enable awplus configure terminal awplus config gvrp enable ...

Page 969: ...e or disable GVRP on a port A port where GVRP is enabled transmits GVRP PDUs A port where GVRP is disabled does not send GVRP PDUs Examples This example enables GVRP on ports 5 and 6 awplus enable awplus configure terminal awplus config interface port1 0 5 port1 0 6 awplus config if gvrp registration normal This example disables GVRP on port 20 awplus enable awplus configure terminal awplus config...

Page 970: ...is 20 centiseconds Mode Global Configuration mode Description Use this command to set the GARP Join Timer This timer must be set in relation to the GVRP Leave Timer according to the following equation Join Timer 2 x GVRP Leave Timer Note The setting for this timer must be the same on all GVRP active network devices Example This command sets the Join Timer to 0 3 seconds awplus enable awplus config...

Page 971: ... a second The range is 30 to 180 centiseconds The default is 60 centiseconds Mode Global Configuration mode Description Use this command to set the GARP Leave Timer Note The setting for this timer must be the same on all GVRP active network devices Example This command sets the Leave Timer to 0 8 seconds awplus enable awplus configure terminal awplus config gvrp timer leave 80 ...

Page 972: ...nge is 500 to 3000 centiseconds The default is 1000 centiseconds Mode Global Configuration mode Description Use this command to set the GARP Leave All timer Note The settings for this timer must be the same on all GVRP active network devices Example This command sets the Leave All timer to 10 seconds awplus enable awplus configure terminal awplus config gvrp timer leaveall 1000 ...

Page 973: ... ENABLE Syntax no gvrp enable Parameters None Mode Global Configuration mode Description Use this command to disable GVRP on the switch Example This example disables GVRP on the switch awplus enable awplus configure terminal awplus config no gvrp enable ...

Page 974: ...gurations and return the GVRP Join Timer to its default value This timer must only be disabled in relation to the GVRP Leave Timer according to the following equation Join Timer 2 x GVRP Leave Timer Note The setting for this timer must be the same on all GVRP active network devices Example This command sets the Join Timer to 0 2 seconds awplus enable awplus configure terminal awplus config no gvrp...

Page 975: ...r and return the GVRP Leave Timer to its default value This timer must only be disabled in relation to the GVRP Join Timer according to the following equation Join Timer 2 x GVRP Leave Timer Note The setting for this timer must be the same on all GVRP active network devices Example This command sets the Leave Timer to 0 6 seconds awplus enable awplus configure terminal awplus config no gvrp timer ...

Page 976: ...n mode Description Use this command to disable the GARP Leave All timer and return the GVRP Leave All timer to its default value Note The settings for this timer must be the same on all GVRP active network devices Example This command sets the Leave All timer to 10 seconds awplus enable awplus configure terminal awplus config no gvrp timer leaveall ...

Page 977: ... Global Configuration mode Description Use this command to disable GVRP on the switch and to return the timers to their default values Example This example disables GVRP on the switch and returns the timers to their default values awplus enable awplus configure terminal awplus config purge gvrp ...

Page 978: ...applicant Parameter None Mode Privileged Exec mode Description Use this command to display the following parameters for the GIP connected ring for the GARP application GARP Application GIP contact STP ID Example This example displays the GIP connected ring parameters awplus show gvrp applicant ...

Page 979: ...scription Use this command to display the following parameters for the internal database for the GARP application Each attribute is represented by a GID index within the GARP application GARP Application GID Index Attribute Used Example The following example displays the values of the internal database parameters awplus show gvrp configuration ...

Page 980: ... Description Use this command to display the following parameters for the GID state machines for the GARP application The output is shown on a per GID index basis each attribute is represented by a GID index within the GARP application VLAN Port App Reg Example This example displays the GID state machine parameters awplus show gvrp machine ...

Page 981: ...ceive Discarded GARP Disabled Receive Discarded Port Not Listening Transmit Discarded Port Not Sending Receive Discarded Invalid Port Receive Discarded Invalid Protocol Receive Discarded Invalid Format Receive Discarded Database Full Receive GARP Messages LeaveAll Transmit GARP Messages LeaveAll Receive GARP Messages JoinEmpty Transmit GARP Messages JoinEmpty Receive GARP Messages JoinIn Transmit ...

Page 982: ...Commands 982 Receive GARP Messages Empty Transmit GARP Messages Empty Receive GARP Messages Bad Message Receive GARP Messages Bad Attribute Example This example displays the values of GARP packet and message counters awplus show gvrp statistics ...

Page 983: ...escription Use this command to display the current values for the following GARP application parameters GARP application protocol GVRP status GVRP GIP status GVRP Join Time GVRP Leave Time GVRP Leaveall Time Port information Mode Example This example displays the values of the GARP application parameters awplus show gvrp timer ...

Page 984: ...Chapter 63 GARP VLAN Registration Protocol Commands 984 ...

Page 985: ...elines on page 991 General Steps on page 992 Creating MAC Address based VLANs on page 993 Adding MAC Addresses to VLANs and Designating Egress Ports on page 994 Removing MAC Addresses on page 995 Deleting VLANs on page 996 Displaying VLANs on page 997 Example of Creating a MAC Address based VLAN on page 998 ...

Page 986: ...h the same resources regardless of the points at which they access the network If you employed port based or tagged VLANs for roaming users you might have to constantly reconfigure the VLANs moving ports to and from different virtual LANs so that the users always have access to the same network resources But with MAC address based VLANs the switch can assign network users to the same VLANs and net...

Page 987: ...LANs relieves you from having to map each address to its corresponding egress port Instead you only need to be sure that all the egress ports in a MAC address based VLAN are assigned to at least one address It is also important to note that a MAC address must be assigned at least one egress port to be considered a member of a MAC address based VLAN VLAN membership of packets from a source MAC addr...

Page 988: ...ll be flooded out port 4 This means that whatever device is connected to the port receives the flooded traffic form all three VLANs If security is a major concern for your network you might not want to assign ports as egress ports to more than one VLAN at a time when planning your MAC address based VLANs When a packet whose source MAC address is part of a MAC address based VLAN arrives on a port t...

Page 989: ...nodes on all the switches where the VLAN exists The same MAC address based VLAN on different switches must have the same list of MAC addresses Figure 179 illustrates an example of a MAC address based VLAN that spans two AT 8100 Switches The VLAN consists of three nodes on each switch Table 104 on page 990 lists the details of the VLAN on the switches Note that each VLAN contains the complete set o...

Page 990: ...there is a match the switch considers the packet as a member of the corresponding MAC address based VLAN and not the port based VLAN and forwards it out the egress ports defined for the corresponding MAC address based VLAN If there is no match the switch considers the packet as a member of the port based VLAN and forwards the packet according to the PVID assigned to the port For an explanation of ...

Page 991: ...at a time Broadcast packets cross VLAN boundaries when a port is an egress port of a MAC address based VLAN and an untagged member of a port based VLAN Given that there is no way for the switch to determine the VLAN to which the broadcast packet belongs it floods the packet on all ports of all affected VLANs Entering MAC addresses as part of a MAC address based VLAN does not add them into the MAC ...

Page 992: ...ation mode to assign a name and a VID to the new VLAN and to designate the VLAN as a MAC address based VLAN 2 Use the VLAN SET MACADDRESS command in the Global Configuration mode to assign the MAC addresses to the VLAN 3 Use the VLAN SET MACADDRESS command in the Port Interface mode to assign the MAC addresses to the egress ports The steps must be performed in this order ...

Page 993: ... of the VLAN must be unique from all other VLANs on the switch The name of a VLAN can be up to 20 characters It cannot contain any spaces and the first character must be a letter not a number This example of the command creates a new MAC address based VLAN with the VID 12 and the name QA awplus enable awplus configure terminal awplus config vlan database awplus config vlan vlan 12 name QA type mac...

Page 994: ...which the address is to be added and the MAC ADDRESS parameter is the address which has to be entered in this format xx xx xx xx xx xx or xxxx xxxx xxxx The MACADDRESS and DESTADDRESS keywords are equivalent You can use either one in the command In this example of the command the MAC address 2A 98 2C AC 18 A4 is added to port 6 in a MAC address based VLAN that has the VID 18 awplus enable Enter th...

Page 995: ...ig interface port1 0 6 port1 0 8 awplus config if no vlan 23 macaddress 11 8a 92 ce 76 28 Before MAC addresses can be completely removed from this type of VLAN you must first remove them from their egress ports as illustrated in the previous example Afterwards you can again use the NO VLAN MACADDRESS command but in the Global Configuration mode and delete them from the VLANs This example completel...

Page 996: ...the switch use the NO VLAN command in the VLAN Configuration mode You can delete only one VLAN at a time Here is the format of the command no vlan vid This example deletes the VLAN with the VID 23 awplus enable awplus configure terminal awplus config vlan database awplus config vlan no vlan 23 ...

Page 997: ... in Table 106 on page 1007 VLAN 5 MAC Associations Total number of associated MAC addresses 5 MAC Address Ports 5A 9E 84 31 23 85 port1 0 13 port1 0 18 1A 87 9B 52 36 D5 port1 0 18 26 72 9A CB 1A E4 port1 0 18 89 01 BC 64 95 12 port1 0 18 B2 89 10 02 1C AE port1 0 18 VLAN 11 MAC Associations Total number of associated MAC addresses 5 MAC Address Ports 78 3e 56 C8 AE 19 port1 0 8 port1 0 12 AE 4B 7...

Page 998: ...designate it as a MAC address based VLAN awplus config vlan exit Return to the Global Configuration mode Use the VLAN SET MACADDRESS command in the Global Configuration mode to assign the MAC addresses to the VLAN awplus config vlan set 21 macaddress 00 30 84 54 1a 45 awplus config vlan set 21 macaddress 00 30 84 c3 5a 11 awplus config vlan set 21 macaddress 00 30 84 22 67 17 awplus config vlan se...

Page 999: ...lus config if vlan set 21 macaddress 00 30 42 53 10 3a awplus config if end Return to the Privileged Exec mode awplus show vlan macaddress Confirm the configuration again with the SHOW VLAN MACADDRESS command awplus configure terminal Enter the Global Configuration mode awplus config interface port1 0 2 port1 0 6 Enter the Port Interface mode for ports 2 to 6 awplus config if vlan set 21 macaddres...

Page 1000: ...Chapter 64 MAC Address based VLANs 1000 ...

Page 1001: ...e 1003 Global Configuration Removes MAC addresses from VLANs NO VLAN MACADDRESS Port Interface Mode on page 1004 Port Interface Removes MAC addresses from egress ports SHOW VLAN MACADDRESS on page 1006 Privileged Exec Displays MAC address based VLANs VLAN MACADDRESS on page 1008 VLAN Configuration Assigns names and VIDs to new VLANs VLAN SET MACADDRESS Global Configuration Mode on page 1010 Global...

Page 1002: ... Configuration mode Description Use this command to delete MAC address based VLANs from the switch You can delete only one VLAN at a time with this command Confirmation Command SHOW VLAN MACADDRESS on page 1006 Example This example deletes a MAC address based VLAN with the VID 18 awplus enable awplus configure terminal awplus config vlan database awplus config vlan no vlan 18 ...

Page 1003: ...mode Description Use this command to remove MAC addresses from MAC address based VLANs You can remove only one address at a time with this command The command does not accept ranges or wildcards MAC addresses cannot be deleted if they are assigned to egress ports To remove MAC addresses from egress ports refer to NO VLAN MACADDRESS Port Interface Mode on page 1004 Confirmation Command SHOW VLAN MA...

Page 1004: ... xx xx xx xx xx xx Note The MACADDRESS and DESTADDRESS keywords are equivalent Mode Port Interface mode Description Use this command to remove MAC addresses from egress ports in MAC address based VLANs Confirmation Command SHOW VLAN MACADDRESS on page 1006 Examples This example removes the MAC address 00 30 84 32 8A 5D from egress ports 1 and 4 in a VLAN that has the VID 17 awplus enable awplus co...

Page 1005: ...his example removes the MAC address 00 30 84 75 11 B2 from the egress port 11 to 14 in a VLAN with the VID 24 awplus enable awplus configure terminal awplus config interface port1 0 11 port1 0 14 awplus config no vlan 24 macaddress 00 30 84 75 11 b2 ...

Page 1006: ...1 SHOW VLAN MACADDRESS Command VLAN 11 MAC Associations Total number of associated MAC addresses 5 MAC Address Ports 5A 9E 84 31 23 85 port1 0 4 port1 0 8 1A 87 9B 52 36 D5 port1 0 4 26 72 9A CB 1A E4 port1 0 4 89 01 BC 64 95 12 port1 0 4 B2 89 10 02 1C AE port1 0 4 VLAN 12 MAC Associations Total number of associated MAC addresses 5 MAC Address Ports 78 3e 56 C8 AE 19 port1 0 15 port1 0 22 AE 4B 7...

Page 1007: ...ress based VLANs on the switch awplus show vlan macaddress Table 106 SHOW VLAN MACADDRESS Command Parameter Description VLAN VID MAC Associations The VID of the MAC address based VLAN Total Number of Associate MAC Addresses Total number of MAC addresses that are assigned to the VLAN MAC Address The MAC addresses of the VLAN Ports The egress ports of the MAC addresses ...

Page 1008: ...cter of the name must be a letter it cannot be a number VLANs will be easier to identify if their names reflect the functions of their subnetworks or workgroups for example Sales or Accounting A name cannot contain spaces or special characters such as asterisks or exclamation points A name cannot be the same as a name of an existing VLAN on the switch A VLAN that spans multiple switches should hav...

Page 1009: ...User s Guide 1009 Example This example creates a MAC address based VLAN that has the name Sales and the VID 3 awplus enable awplus configure terminal awplus config vlan database awplus config vlan vlan 3 name Sales type macaddress ...

Page 1010: ...Use this command to add MAC addresses to MAC address based VLANs You can add only one address at a time with this command You cannot use ranges or wildcards The specified VLAN must already exist Refer to VLAN MACADDRESS on page 1008 for instructions on how to create MAC address based VLANs To add MAC addresses to egress ports use VLAN SET MACADDRESS Port Interface Mode on page 1012 Confirmation Co...

Page 1011: ...mmand Line User s Guide 1011 This example adds the MAC address 00 30 84 32 76 1A to a MAC address based VLAN with the VID 12 awplus enable awplus configure terminal awplus config vlan set 12 macaddress 00 30 84 32 76 1a ...

Page 1012: ...uivalent Mode Port Interface mode Description Use this command to assign MAC addresses to egress ports for MAC address based VLANs The specified MAC address must already be assigned to the VLAN For instructions refer to VLAN SET MACADDRESS Global Configuration Mode on page 1010 Confirmation Command SHOW VLAN MACADDRESS on page 1006 Examples This example assigns the MAC address 00 30 84 32 8A 5C to...

Page 1013: ...3 This example assigns the MAC address 00 30 84 75 11 B2 to ports 11 to 14 in a VLAN that has the VID 24 awplus enable awplus configure terminal awplus config interface port1 0 1 port1 0 4 awplus config if vlan set 24 macaddress 00 30 84 75 11 b2 ...

Page 1014: ...Chapter 65 MAC Address based VLAN Commands 1014 ...

Page 1015: ...s This chapter provides the following topics Overview on page 1016 Guidelines on page 1018 Creating Private VLANs on page 1019 Adding Host and Uplink Ports on page 1020 Deleting VLANs on page 1021 Displaying Private VLANs on page 1022 ...

Page 1016: ...cation for private VLANs is to simplify IP address assignments Ports can be isolated from each other while still belonging to the same subnet A private VLAN generally consists of one or more host ports and an uplink port Host Ports The host ports of a private VLAN can only forward traffic to and receive traffic from an uplink port and are prohibited from forwarding traffic to each other A private ...

Page 1017: ... communicate with uplink ports Can communicate with appropriately configured trunk ports Uplink ports Promiscuous ports Promiscuous ports act as untagged trunk ports A private VLAN can have more than one promiscuous port Trunk ports A private VLAN can be assigned to a trunk port as the native VLAN A private VLAN can be assigned to a trunk port as a tagged VLAN A trunk port that has been assigned a...

Page 1018: ... port can be an uplink port of just one private VLAN at a time however a private VLAN can have more than one uplink port The host ports of private VLANs are untagged ports and as such transmit only untagged traffic The switch can support private port based tagged and MAC address based VLANs at the same time Host ports cannot be members of both private VLANs and port based or tagged VLANs at the sa...

Page 1019: ...vate vlan vid The VID number has the range of 2 to 4094 The VID of a private VLAN must be unique from all other VLANs on the switch This example assigns the VID 26 to a new private VLAN awplus enable awplus configure terminal awplus config vlan database awplus config vlan private vlan 26 New private VLANs do not have any host or uplink ports To add ports refer to Adding Host and Uplink Ports on pa...

Page 1020: ...and adds ports 2 to 7 as host ports of a private VLAN that has the VID 15 awplus enable awplus configure terminal awplus config interface port1 0 2 port1 0 7 awplus config if switchport mode private vlan host 15 The promiscuous uplink port of a private VLAN is designated with the SWITCHPORT MODE PRIVATE VLAN PROMISCUOUS command in the Port Interface mode Here is its format switchport mode private ...

Page 1021: ... are automatically returned by the switch to the Default_VLAN Here is the format of the command no vlan vid The VID parameter is the VID of the private VLAN you want to delete The command lets you delete only one VLAN at a time You cannot delete the Default_VLAN This example deletes a VLAN that has the VID 23 awplus enable awplus configure terminal awplus config vlan database awplus config vlan no...

Page 1022: ...d in the Privileged Exec mode displays the private VLANs currently existing on the switch along with their host and uplink ports Here is the command awplus show vlan private vlan Here is an example of the display Figure 182 SHOW VLAN PRIVATE VLAN Command Private VLANs VID Ports 12 4 8 28 17 24 ...

Page 1023: ... VLAN Configuration Deletes VLANs from the switch PRIVATE VLAN on page 1025 VLAN Configuration Creates private port VLANs SHOW VLAN PRIVATE VLAN on page 1026 Privileged Exec Displays the private port VLANs on the switch SWITCHPORT MODE PRIVATE VLAN HOST on page 1027 Port Interface Adds host ports to private port VLANs SWITCHPORT MODE PRIVATE VLAN PROMISCUOUS on page 1028 Port Interface Adds uplink...

Page 1024: ...Mode VLAN Configuration mode Description Use this command to delete private port VLANs from the switch You can delete one VLAN at a time with this command Confirmation Command SHOW VLAN PRIVATE VLAN on page 1026 Example This example deletes a VLAN that has the VID 16 awplus enable awplus configure terminal awplus config vlan database awplus config vlan no vlan 16 ...

Page 1025: ...iguration mode Description Use this command to create new private port VLANs You can create just one VLAN at a time Refer to SWITCHPORT MODE PRIVATE VLAN HOST on page 1027 to add host ports to a new VLAN and to SWITCHPORT MODE PRIVATE VLAN PROMISCUOUS on page 1028 to designate an uplink port Confirmation Command SHOW VLAN PRIVATE VLAN on page 1026 Example This example creates a private port VLAN w...

Page 1026: ...ivileged Exec mode Description Use this command to display the private port VLANs on the switch Here is an example of the information Figure 183 SHOW VLAN PRIVATE VLAN Command Example The following example displays the private port VLANs on the switch awplus show vlan private vlan Private VLANs VID Ports 12 4 8 28 17 24 ...

Page 1027: ...terface mode Description Use this command to add host ports to private port VLANs Devices connected to host ports in a private port VLAN can only communicate with the uplink port Confirmation Command SHOW VLAN PRIVATE VLAN on page 1026 Example This example adds ports 15 to 18 as host ports of a private port VLAN with the VID 23 awplus enable awplus configure terminal awplus config interface port1 ...

Page 1028: ...erface mode Description Use this command to add a promiscuous uplink port to a private port VLAN A promiscuous port can be an uplink port of just one private VLAN at a time Confirmation Command SHOW VLAN PRIVATE VLAN on page 1026 Example This example adds port 14 as an uplink port to a private port VLAN with the VID 15 awplus enable awplus configure terminal awplus config interface port1 0 14 awpl...

Page 1029: ...ce VLAN Commands Command Mode Description NO SWITCHPORT VOICE VLAN on page 1030 Port Interface Removes ports from voice VLANs SWITCHPORT VOICE DSCP on page 1031 Port Interface Configures the Layer 3 DSCP value advertised when LLDP MED Network Policy TLVs are transmitted SWITCHPORT VOICE VLAN on page 1032 Port Interface Adds ports to voice VLANs ...

Page 1030: ...er This command removes LLDP MED network policy configuration for a voice device connected to these ports but does not change the spanning tree edge port status Confirmation Command SHOW VLAN on page 930 Example This example removes the voice VLAN assignment from port 1 0 24 and in turn disables the transmission of LLDP MED network policy information for voice devices on port 1 0 24 awplus enable ...

Page 1031: ...ce VLAN DSCP and CoS values Use the NO form of this command to remove a DSCP value from a port without replacing it with a new value A DSCP value of 0 will be advertised Confirmation Command SHOW RUNNING CONFIG on page 170 Examples This example assigns the DSCP value 61 to ports 1 0 18 and 1 0 19 awplus enable awplus configure terminal awplus config interface port1 0 18 port1 0 19 awplus config if...

Page 1032: ...hone should send tagged packets that will be assigned by RADIUS authentication Mode Port Interface mode Description Use this command to configure the Voice VLAN tagging advertised when the transmission of LLDP MED Network Policy TLVs for voice endpoint devices is enabled When LLDP MED capable IP phones receive this network policy information they transmit voice data with the specified tagging This...

Page 1033: ... feature is disabled Confirmation Command SHOW RUNNING CONFIG on page 170 SHOW LLDP LOCAL INFO INTERFACE on page 1305 Examples This example tells IP phones connected to port 1 0 5 to send voice data tagged for VLAN 10 awplus enable awplus configure terminal awplus config interface port1 0 5 awplus config if switchport voice vlan 10 This example assigns the CoS value 5 to ports 1 0 2 and 1 0 3 awpl...

Page 1034: ...Chapter 68 Voice VLAN Commands 1034 accept packet awplus enable awplus configure terminal awplus config interface port1 0 1 awplus config if switchport voice vlan dynamic ...

Page 1035: ...chapters Chapter 69 MAC Address based Port Security on page 1037 Chapter 70 MAC Address based Port Security Commands on page 1047 Chapter 71 802 1x Port based Network Access Control on page 1061 Chapter 72 802 1x Port based Network Access Control Commands on page 1091 ...

Page 1036: ...1036 ...

Page 1037: ...This chapter contains the following topics Overview on page 1038 Configuring Ports on page 1040 Enabling MAC Address based Security on Ports on page 1042 Disabling MAC Address based Security on Ports on page 1043 Displaying Port Settings on page 1044 ...

Page 1038: ... store the addresses as dynamic addresses can learn new addresses when addresses are timed out from the table by the switch The addresses are aged out according to the aging time of the MAC address table Note For background information on the aging time of the MAC address table refer to Overview on page 376 Intrusion Actions The intrusion actions define what the switch does when ports that have le...

Page 1039: ...AC address based port security and 802 1x port based access control on the same port To configure a port as an Authenticator or Supplicant in 802 1x port based access control you must remove MAC address based port security This type of port security is supported on optional SFP modules You can manually add static addresses to ports that are configured for this security The manually added addresses...

Page 1040: ...d to learn up to 25 source MAC addresses each and to store the addresses as static addresses in the MAC address table The intrusion action is set to protect so that the ports discard packets with unknown MAC addresses after they have learned the maximum number of addresses but the switch does not send SNMP traps Table 109 MAC Address based Port Security Commands and Descriptions To Use This Comman...

Page 1041: ...ig interface port1 0 16 awplus config if switchport port security maximum 45 awplus config if switchport port security aging awplus config if switchport port security violation restrict This example configures ports 8 and 20 to learn up to five MAC addresses each The addresses are stored as static addresses in the table so that they are never aged out even when the source nodes are inactive The in...

Page 1042: ...y to activate the feature on the ports This is accomplished with the SWITCHPORT PORT SECURITY command in the Port Interface mode This example of the command activates port security on ports 16 to 24 awplus enable awplus configure terminal awplus config interface port1 0 16 port1 0 24 awplus config if switchport port security To confirm the activation return to Displaying Port Settings on page 1044...

Page 1043: ... SWITCHPORT PORT SECURITY command in the Port Interface mode This example of the command removes port security from port 23 awplus enable awplus configure terminal awplus config interface port1 0 23 awplus config if no switchport port security Note To activate ports that were disabled by the shutdown intrusion action refer to NO SHUTDOWN on page 224 ...

Page 1044: ...is shown in Figure 184 Figure 184 SHOW PORT SECURITY INTERFACE Command The fields are defined in Table 111 on page 1050 If you are interested in viewing just the number of packets the ports have discarded because they had invalid source MAC addresses you can use the SHOW PORT SECURITY INTRUSTION INTERFACE command Here is the format of the command show port security intrusion interface port This ex...

Page 1045: ... 1045 Figure 185 is an example of the information Figure 185 Example of SHOW PORT SECURITY INTRUSION INTERFACE Command Port Security Intrusion List Last 256 Intrusions Interface Port 1 0 17 2 intrusion s detected 0015 77b1 8510 eccd 6d48 4488 ...

Page 1046: ...Chapter 69 MAC Address based Port Security 1046 ...

Page 1047: ... SECURITY INTERFACE on page 1050 Privileged Exec Displays the security mode settings of the ports SHOW PORT SECURITY INTRUSION INTERFACE on page 1053 Privileged Exec Displays the number of packets the ports have discarded SWITCHPORT PORT SECURITY on page 1055 Port Interface Activates MAC address based security on ports SWITCHPORT PORT SECURITY AGING on page 1056 Port Interface Configures ports to ...

Page 1048: ...MAC address based security from the ports Note To activate ports that were disabled by the shutdown intrusion action refer to NO SHUTDOWN on page 224 Confirmation Command SHOW PORT SECURITY INTERFACE on page 1050 Example This example removes MAC address based security from port 14 awplus enable awplus configure terminal awplus config interface port1 0 14 awplus config if no switchport port securit...

Page 1049: ...re never deleted from the table ports that learn their maximum numbers of source MAC addresses cannot learn new addresses even when the source nodes of the learned addresses are inactive Confirmation Command SHOW PORT SECURITY INTERFACE on page 1050 Example This example configures ports 6 and 10 to store the source MAC addresses as static addresses in the MAC address table awplus enable awplus con...

Page 1050: ...NTERFACE Command The fields are described in Table 111 Table 111 SHOW PORT SECURITY INTERFACE Command Field Description Port Port number Security Enabled The current status of MAC address based security on the port The security is active if the status is Yes and inactive if the status is No To activate or deactivate security on the port refer to SWITCHPORT PORT SECURITY on page 1055 or NO SWITCHPO...

Page 1051: ... Protect intrusion action Restrict Restrict intrusion action Shutdown Shut down intrusion action Aging The status of MAC address aging on the port If the aging status is No the MAC addresses that are learned on the port are added as static MAC addresses to the MAC address table so that they are retained even when the source nodes are inactive If the aging status is Yes the MAC addresses that are l...

Page 1052: ...port Lock Status Whether or not the port has learned its maximum number of MAC addresses The port will have a Locked status if it has learned its maximum number of MAC addresses and an Unlocked status if it has not learned its maximum number of MAC addresses Security Violation Count The number of ingress packets the port has discarded because they had unknown source MAC address The port does not d...

Page 1053: ...ource MAC addresses The ports begin to discard packets after learning their maximum number of source MAC addresses This information is also available with SHOW PORT SECURITY INTERFACE on page 1050 Figure 187 provides an example of the information Figure 187 SHOW PORT SECURITY INTRUSION INTERFACE Command Example This command displays the number of discarded packets on port 15 awplus show port secur...

Page 1054: ...RITY INTRUSION INTERFACE Command Port Security Intrusion List Port Security Intrusion List Last 10 Intrusions Interface Port 1 0 5 132 intrusion s detected 000 0900 127E 000 0900 127F 000 0900 027D 000 0900 027E 000 0900 027F 000 0900 1279 000 0900 127A 000 0900 127B 000 0900 127C 000 0900 127D ...

Page 1055: ...on Use this command to activate MAC address based security on ports Confirmation Command SHOW PORT SECURITY INTERFACE on page 1050 Example This example activates MAC address based security on port 3 and ports 16 to 18 awplus enable awplus configure terminal awplus config interface port1 0 3 port1 0 16 port1 0 18 awplus config if switchport port security ...

Page 1056: ...c MAC address in the MAC address table Ports that learn their maximum numbers of addresses can learn new addresses as inactive addresses are deleted from the table Confirmation Command SHOW PORT SECURITY INTERFACE on page 1050 Example This example sets port 2 to store its learned MAC addresses as dynamic addresses in the MAC address table awplus enable awplus configure terminal awplus config inter...

Page 1057: ... number of dynamic MAC addresses that ports can learn Ports that learn their maximum numbers of MAC addresses discard ingress packets with unknown MAC addresses Use the no form of this command NO SWITCHPORT PORT SECURITY MAXIMUM to set the command to its default value of 100 addresses Confirmation Command SHOW PORT SECURITY INTERFACE on page 1050 Example This example sets port 2 to learn up to 15 ...

Page 1058: ...e how the switch responds when ports that have learned their maximum number of MAC addresses receive ingress frames that have unknown source MAC addresses The no form of this command NO SWITCHPORT PORT SECURITY VIOLATION returns the value to protect which is the default setting Confirmation Command SHOW PORT SECURITY INTERFACE on page 1050 Examples This example sets the intrusion action for port 5...

Page 1059: ...terminal awplus config interface port1 0 22 port1 0 24 awplus config if switchport port security violation restrict This example sets the intrusion action on port 2 to shutdown The switch disables the port and sends an SNMP trap if the port learns its maximum number of MAC addresses and then receives an ingress packet with another unknown source MAC address awplus enable awplus configure terminal ...

Page 1060: ...Chapter 70 MAC Address based Port Security Commands 1060 ...

Page 1061: ...ts on page 1068 Supplicant and VLAN Associations on page 1072 Guest VLAN on page 1075 Guidelines on page 1076 Enabling 802 1x Port Based Network Access Control on the Switch on page 1078 Configuring Authenticator Ports on page 1079 Configuring Reauthentication on page 1082 Removing Ports from the Authenticator Role on page 1083 Configuring Supplicant Ports on page 1084 Disabling 802 1x Port Based ...

Page 1062: ...now that you can also use the RADIUS client software on the switch along with a RADIUS server on your network to create new remote manager accounts Note RADIUS with Extensible Authentication Protocol EAP extensions is the only supported authentication protocol for 802 1x port based network access control This feature is not supported with the TACACS authentication protocol Here are several terms t...

Page 1063: ...hich the authenticator responds with an EAP Request Identity packet The supplicant responds with an EAP Response Identity packet to the authentication server via the authenticator The authentication server responds with an EAP Request packet to the supplicant via the authenticator The supplicant responds with an EAP Response packet containing a username and password The authentication server sends...

Page 1064: ... Ports in this role do not forward network traffic to or from network devices until the supplicants are authenticated by a RADIUS server The authenticator role is appropriate when you want the switch to authenticate the supplicants of network devices before they can use the network Supplicant Role A switch port in the supplicant role acts as a supplicant It has to log on by providing a valid user ...

Page 1065: ...AT 8100 Switch Command Line User s Guide 1065 Figure 189 Example of the Supplicant Role ...

Page 1066: ...been assigned valid combinations Another advantage is that the authentication is not tied to any specific computer or node An end user can log on from any system and still be verified by the RADIUS server as a valid user of the switch and network This authentication method requires 802 1x client software on the supplicant nodes MAC address based authentication An alternative method is to use the s...

Page 1067: ...rver the port begins forwarding all traffic to and from the supplicant Force authorized Automatically places the port in the authorized state without any authentication exchange required The port transmits and receives normal traffic without authenticating the supplicant Force unauthorized Causes the port to remain in the unauthorized state ignoring all attempts by the supplicant to authenticate T...

Page 1068: ...rds the traffic of just that supplicant Figure 190 Single Host Mode Multi Host Mode This mode permits multiple supplicants on an authenticator port An authenticator host forwards packets from all supplicants once one supplicant has successfully logged on This mode is typically used in situations where you want to add 802 1x port based network access control to a switch port that is supporting mult...

Page 1069: ...ward the supplicant traffic until one of the supplicants logs on Afterwards it forwards the traffic of all the supplicants Figure 191 Multi Host Operating Mode If the port is configured as 802 1x Authenticator one supplicant must have 802 1x client firmware and must provide a username and password during authentication The other supplicants do not need 802 1x client firmware to forward traffic thr...

Page 1070: ...licant and you want all supplicants to be authenticated A switch can support up to a maximum of 208 supplicants If the authentication method is MAC address based the authenticator port uses the MAC addresses of the supplicants as the username and password combinations The port accepts and forwards traffic only from those supplicants whose MAC addresses have been entered on the RADIUS server and de...

Page 1071: ...AT 8100 Switch Command Line User s Guide 1071 Figure 192 Multi Supplicant Mode ...

Page 1072: ...ements and security levels The problem with a port based VLAN is that VLAN membership is determined by the port on the switch to which the device is connected If a different device that needs to belong to a different VLAN is connected to the port the port must be moved manually to the new VLAN using the management software With 802 1x port based network access control you can link a username and p...

Page 1073: ...rom the RADIUS server for example the VID of a nonexistent VLAN it leaves the port in the unauthorized state to deny access to the port Multi Supplicant Mode The initial authentication on an authenticator port running in the multi supplicant mode is handled in the same fashion as with the single host mode In multi supplicant mode how the switch handles subsequent authentications on the same port d...

Page 1074: ... is VLAN 13 Tunnel Medium Type The transport medium to be used for the tunnel specified by Tunnel Private Group Id The only supported value is 802 6 Tunnel Private Group ID The ID of the tunnel the authenticated user should use This must be the name of VID of the VLAN of the switch The following information must be entered as part of a supplicant s account on the RADIUS server when associating a s...

Page 1075: ...the switch receives 802 1x packets on the port signalling that a supplicant is logging on the authentication process continues normally If dynamic VLAN creation is enabled using AUTH DYNAMIC VLAN CREATION SINGLE the authenticator port will be moved to the VLAN assigned by the RADIUS Server If dynamic VLAN creation is disabled using NO AUTH DYNAMIC VLAN CREATION after successful authentication the ...

Page 1076: ...me username and password when working at different workstations After a supplicant has successfully logged on the MAC address of the end node is added to the switch s MAC address table as an authenticated address It remains in the table until the supplicant logs off the network or fails to reauthenticate at which point the address is removed The address is not timed out even if the node becomes in...

Page 1077: ...anually create the VLAN The switch does not create it automatically The switch supports EAP MD5 EAP TLS EAP TTLS and EAP PEAP authentication methods The switch must have a management IP address to communicate with the RADIUS server For background information refer to Chapter 13 IPv4 and IPv6 Management Addresses on page 299 Here are the guidelines to adding VLAN assignments to supplicant accounts ...

Page 1078: ...AA AUTHENTICATION DOT1X DEFAUT GROUP RADIUS command The command has no parameters Here is the command awplus enable awplus configure terminal awplus config aaa authentication dot1x default group radius Note You should configure the RADIUS client on the switch before activating port based access control For instructions refer to Chapter 96 RADIUS and TACACS Clients on page 1479 or Chapter 97 RADIUS...

Page 1079: ...ts network operations because the designated ports stop forwarding traffic until the supplicants log on Designating the Authentication Methods A port can be configured for either 802 1x authentication or MAC based authentication To enable 802 1x authentication use the DOTX PORT CONTROL AUTO command To configure a port to the MAC address authentication method use the AUTH MAC ENABLE command This ex...

Page 1080: ...t are connected to multiple nodes The ports forward all traffic after just one supplicant successfully logs on Multi supplicant mode For authenticator ports that are connected to multiple nodes The supplicants must log on individually before the ports forward their traffic The command for setting the operating mode is the AUTH HOST MODE command in the Port Interface mode The format of the command ...

Page 1081: ...g interface port1 0 8 awplus config if dot1x port control auto awplus config if auth host mode multi host This example configures ports 1 0 16 to 1 0 19 to use the MAC address authentication method and the multi supplicant mode so that the nodes are authenticated individually awplus enable awplus configure terminal awplus config interface port1 0 16 port1 0 19 awplus config if auth mac enable awpl...

Page 1082: ...uthenticate every 2 hours 7200 seconds awplus enable awplus configure terminal awplus config interface port1 0 21 port1 0 22 awplus config if dot1x port control auto awplus config if auth reauthentication awplus config if auth timeout reauth period 7200 This example deactivates reauthentication on port 1 0 21 awplus enable awplus configure terminal awplus config interface port1 0 21 awplus config ...

Page 1083: ...rward traffic without authenticating supplicants go to the Port Interface mode of the ports and enter the NO DOT1X PORT CONTROL command This example removes the authenticator role from ports 1 0 1 to 1 0 4 and 1 0 18 awplus enable awplus configure terminal awplus config interface port1 0 1 port1 0 4 port1 0 18 awplus config if no dot1x port control ...

Page 1084: ...pplicant Configuring Supplicant Ports Table 113 lists the commands for assigning usernames and passwords to supplicant ports Supplicant ports must have usernames and passwords to supply to the authenticator ports to which they are connected This example of the commands configures port 1 0 15 as a supplicant port and assigns it the username srv12a and password Art78 awplus enable awplus configure t...

Page 1085: ...icant params auth period 20 awplus config if dot1x supplicant params held period 120 awplus config if dot1x supplicant params max start 5 Table 114 Commands for Supplicant Port Parameters To Do This Task Use This Command Range Specify authentication timeout period which defines the time period in seconds that supplicant ports wait for replies from authenticators after sending EAP Response frames D...

Page 1086: ...and for removing ports from the supplicant role and returning them to the none role is the NO DOT1X PORT CONTROL SUPPLICANT command in the Port Interface mode This example of the command returns ports 1 0 4 and 1 0 5 to the none role from the supplicant role awplus enable awplus configure terminal awplus config interface port1 0 4 port1 0 5 awplus config if no dot1x port control supplicant Note Po...

Page 1087: ... enter the NO AAA AUTHENTICATION DOT1X DEFAULT GROUP RADIUS command Here is the command awplus enable awplus configure terminal awplus config no aaa authentication dot1x default group radius Note The switch retains the configuration settings of the authenticator and supplicant ports when 802 1x port based network access control is deactivated Authenticator ports will also not forward traffic of co...

Page 1088: ...2 Figure 193 is an example of what you will see Figure 193 SHOW DOT1X INTERFACE Command Authentication Info for interface port1 0 1 portEnabled Enabled portControl Auto portStatus DOWN reAuthenticate Disabled reAuthPeriod 3600 PAE quietPeriod 60 maxReauthReq 2 txPeriod 30 BE suppTimeout 30 serverTimeout 30 CD adminControlledDirections in criticalVlan Disabled guestVlan Disabled dynamicVlanCreation...

Page 1089: ...port 1 0 2 awplus enable awplus show dot1x statistics interface port1 0 2 Figure 194 SHOW DOT1X STATISTICS INTERFACE Command Authentication Statistics for interface port1 0 2 EAPOL Frames Rx 0 EAPOL Frames Tx 0 EAPOL Start Frames Rx 0 EAPOL Logoff Frames Rx 0 EAP Rsp Id Frames Rx 0 EAP Response Frames Rx 0 EAP Req Id Frames Tx 0 EAP Request Frames Tx 0 Invalid EAPOL Frames Rx 0 EAP Length Error Fr...

Page 1090: ...Chapter 71 802 1x Port based Network Access Control 1090 ...

Page 1091: ...ace Sets the operating modes on authenticator ports AUTH REAUTHENTICATION on page 1101 Port Interface Activates reauthentication on the authenticator ports AUTH TIMEOUT QUIET PERIOD on page 1102 Port Interface Sets the number of seconds that authenticator ports wait after a failed authentication before accepting authentication requests again AUTH TIMEOUT REAUTH PERIOD on page 1103 Port Interface S...

Page 1092: ...licants before timing out authentication sessions DOT1X PORT CONTROL AUTO on page 1114 Port Interface Sets ports to the authenticator role DOT1X PORT CONTROL FORCE AUTHORIZED on page 1115 Port Interface Configures ports to the 802 1x port based authenticator role in the forced authorized state DOT1X PORT CONTROL FORCE UNAUTHORIZED on page 1116 Port Interface Configures ports to the 802 1x port bas...

Page 1093: ...T VLAN on page 1126 Port Interface Disables the Guest VLAN feature on an authenticator port NO AUTH REAUTHENTICATION on page 1127 Port Interface Removes reauthentication from authenticator ports NO AUTH MAC ENABLE on page 1128 Port Interface Deactivates MAC address based authentication on authenticator ports NO DOT1X PORT CONTROL on page 1129 Port Interface Removes ports from the authenticator rol...

Page 1094: ...server SHOW DOT1X INTERFACE on page 1136 Privileged Exec Displays the parameter settings of authenticator ports SHOW DOT1X STATISTICS INTERFACE on page 1137 Privileged Exec Displays EAP packet statistics on authenticator ports SHOW DOT1X SUPPLICANT INTERFACE on page 1138 Privileged Exec Displays the supplicant state on authenticator ports Table 115 802 1x Port based Network Access Control Commands...

Page 1095: ...his feature is disabled Note You should activate and configure the RADIUS client software on the switch before activating port based access control For instructions refer to Chapter 96 RADIUS and TACACS Clients on page 1479 or Chapter 97 RADIUS and TACACS Client Commands on page 1495 Confirmation Command SHOW DOT1X on page 1135 Example This example activates 802 1x port based network access contro...

Page 1096: ...CREATION to disable this feature refer to NO AUTH DYNAMIC VLAN CREATION on page 1125 Confirmation Command SHOW AUTH MAC INTERFACE on page 1131 or SHOW DOT1X INTERFACE on page 1136 Examples This example activates single dynamic VLAN assignment on authenticator port 1 0 18 When the initial supplicant logs on the switch moves the port to the VLAN specified in the supplicant s account on the RADIUS se...

Page 1097: ...is example activates multiple dynamic VLAN assignment on authenticator port 1 0 4 awplus enable awplus configure terminal awplus config interface port1 0 4 awplus config if dot1x port control auto awplus config if auth dynamic vlan creation multiple ...

Page 1098: ...ogs on at which point it is moved to a configured VLAN or if the dynamic VLAN setting is enabled it will be moved to the VLAN specified in a supplicant s account on the RADIUS server A port must already be designated as an authenticator port before you can use this command To remove the VID of a guest VLAN from an authenticator port refer to NO AUTH GUEST VLAN on page 1126 Example This example des...

Page 1099: ...d to as piggy backing multi supplicant Specifies the multi supplicant operating mode An authenticator port set to this mode requires that all supplicants log on Mode Port Interface mode Description Use this command to set the operating modes on authenticator ports For background information refer to Operating Modes for Authenticator Ports on page 1068 Confirmation Command SHOW AUTH MAC INTERFACE o...

Page 1100: ...on awplus enable awplus configure terminal awplus config interface port1 0 8 awplus config if auth host mode multi host This example configures authenticator ports 1 0 12 and 1 0 13 to the multi supplicant operating mode which requires that all networks users on the ports log on awplus enable awplus configure terminal awplus config interface port1 0 12 port1 0 13 awplus config if auth host mode mu...

Page 1101: ... The supplicants must periodically reauthenticate according to the time interval set with AUTH TIMEOUT REAUTH PERIOD on page 1103 Confirmation Command SHOW AUTH MAC INTERFACE on page 1131 or SHOW DOT1X INTERFACE on page 1136 Example This example activates reauthentication on ports 1 0 21 and 1 0 22 awplus enable awplus configure terminal awplus config interface port1 0 21 port1 0 22 awplus config ...

Page 1102: ...fault value is 60 seconds Mode Port Interface mode Description Use this command to set the number of seconds that an authenticator port waits after a failed authentication with a supplicant before accepting authentication requests again Confirmation Command SHOW AUTH MAC INTERFACE on page 1131 or SHOW DOT1X INTERFACE on page 1136 Example This example sets the quiet period to 20 seconds on authenti...

Page 1103: ...reauthentication of supplicants on an authenticator port Reauthentication must be enabled on an authenticator port for the timer to work Reauthentication on a port is activated with AUTH REAUTHENTICATION on page 1101 Confirmation Command SHOW AUTH MAC INTERFACE on page 1131 or SHOW DOT1X INTERFACE on page 1136 Example This example activates reauthentication on port 1 0 16 and sets the reauthentica...

Page 1104: ...5 seconds The default value is 30 seconds Mode Port Interface mode Description Use this command to set the amount of time the switch waits for a response from a RADIUS authentication server Confirmation Command SHOW AUTH MAC INTERFACE on page 1131 or SHOW DOT1X INTERFACE on page 1136 Example This example sets the timer on port 1 0 21 to 15 seconds awplus enable awplus configure terminal awplus con...

Page 1105: ...Port Interface mode Description Use this command to set the retransmission time for EAP request frames from authenticator ports Confirmation Command SHOW AUTH MAC INTERFACE on page 1131 or SHOW DOT1X INTERFACE on page 1136 Example This example sets the retransmission time for EAP request frames on authenticator ports 1 0 3 and 1 0 4 to 120 seconds awplus enable awplus configure terminal awplus con...

Page 1106: ...ess from the initial frames from a supplicant and automatically sends it as the supplicant s username and password to the authentication server This authentication method does not require 802 1x client software on supplicant nodes Confirmation Command SHOW AUTH MAC INTERFACE on page 1131 SHOW DOT1X INTERFACE on page 1136 Example This example activates MAC address based authentication on ports 1 0 ...

Page 1107: ...d to set the MAC address of the supplicant client device to re learning for re authentication on the interface specified in the INTERFACE command Example This example sets the MAC address of the supplicant to re learning for re authentication on port 1 0 23 awplus enable awplus configure terminal awplus config interface port1 0 23 awplus config if auth mac reauth relearning ...

Page 1108: ...nd packets entering the specified port are discarded The in parameter discards the ingress packets received from the supplicant If the both parameter is specified with this command packets entering ingress and leaving egress the specified port are discarded The both parameter discards the packets received from the supplicant and sent to the supplicant Confirmation Command SHOW AUTH MAC INTERFACE o...

Page 1109: ...AT 8100 Switch Command Line User s Guide 1109 awplus enable awplus configure terminal awplus config interface port1 0 2 awplus config if dot1x control direction in ...

Page 1110: ...ts in the same VLAN as the ingress port forward vlan Forwards ingress EAP packets to tagged and untagged ports in the same VLAN as the ingress port Mode Global Configuration mode Description Use this command to control the action of the switch to EAP packets when 802 1x authentication is disabled on the switch Confirmation Command SHOW RUNNING CONFIG on page 170 Examples This example configures th...

Page 1111: ...hen 802 1x authentication is disabled awplus enable awplus configure terminal awplus config dot1x eap discard This example configures the switch to forward EAP packets only to untagged ports in the VLANs of the ingress ports awplus enable awplus configure terminal awplus config dot1x eap forward untagged vlan ...

Page 1112: ...n Use this command to force authenticator ports into the unauthorized state You might use this command to force supplicants on authenticator ports to reauthenticate themselves again by logging in with their usernames and passwords Example This example forces authenticator ports 1 0 16 and 1 0 22 into the unauthorized state so that the supplicants must log on again awplus enable awplus dot1x initia...

Page 1113: ...lt value is 2 Mode Port Interface mode Description Use this command to specify the maximum number of times the switch transmits EAP Request packets to a supplicant before it times out the authentication session Confirmation Command SHOW AUTH MAC INTERFACE on page 1131 or SHOW DOT1X INTERFACE on page 1136 Example This example sets the maximum number of requests on ports 1 0 7 and 1 0 22 to 4 awplus...

Page 1114: ...horized state forwarding only EAPOL frames until a supplicant has successfully logged on For background information refer to Operational Settings for Authenticator Ports on page 1067 Confirmation Command SHOW AUTH MAC INTERFACE on page 1131 or SHOW DOT1X INTERFACE on page 1136 Example This example sets ports 1 0 7 to 1 0 10 to the authenticator role awplus enable awplus configure terminal awplus c...

Page 1115: ...any authentication exchanges required The ports transmit and receive traffic normally without 802 1x based authentication of the supplicants For background information refer to Operational Settings for Authenticator Ports on page 1067 Confirmation Command SHOW AUTH MAC INTERFACE on page 1131 or SHOW DOT1X INTERFACE on page 1136 Example This example sets ports 1 0 1 and 1 0 4 to the authenticator r...

Page 1116: ... ports are in the authenticator role the switch blocks all traffic on the ports For background information refer to Operational Settings for Authenticator Ports on page 1067 Confirmation Command SHOW AUTH MAC INTERFACE on page 1131 or SHOW DOT1X INTERFACE on page 1136 Example This example sets ports 1 0 7 and 1 0 24 to the authenticator role in the force unauthorized state awplus enable awplus con...

Page 1117: ...ant role port based network access control must first be enabled on the switch using the AAA AUTHENTICATION DOT1X DEFAULT GROUP RADIUS command Refer to AAA AUTHENTICATION DOT1X DEFAULT GROUP RADIUS on page 1095 Confirmation Command SHOW RUNNING CONFIG INTERFACE on page 245 Example This example sets ports 1 0 11 1 0 15 and 1 0 19 to the supplicant role awplus enable awplus configure terminal awplus...

Page 1118: ...e mode Description Use this command to specify the time period in seconds that supplicant ports wait for replies from authenticators after sending EAP Response frames The range is 1 to 300 seconds Confirmation Command SHOW RUNNING CONFIG INTERFACE on page 245 Example This example sets the authentication timeout period on supplicant ports 1 0 4 and 1 0 5 to 80 seconds awplus enable awplus configure...

Page 1119: ...scription Specifies the amount of time in seconds a supplicant waits to re authenticate after an authentication attempt has failed A supplicant can attempt to log on again after the time period has expired Confirmation Command SHOW RUNNING CONFIG INTERFACE on page 245 Example This example sets the held timeout period on supplicant ports 1 0 7 and 1 0 8 to 90 seconds awplus enable awplus configure ...

Page 1120: ...t Interface mode Description Use this command to specify the maximum number of times a supplicant sends EAPOL Start frames before assuming that there is no authenticator present The range is 1 to 10 The default is 3 Confirmation Command SHOW RUNNING CONFIG INTERFACE on page 245 Example This example sets the maximum number of attempts on supplicant port 1 0 12 to 4 awplus enable awplus configure te...

Page 1121: ...ription Use this command to assign passwords to supplicant ports A supplicant port sends its password to an authenticator for verification when it logs on to the network You may assign the same password to more than one supplicant port The switch uses the EAP MD5 authentication method when a port is configured as a supplicant Confirmation Command SHOW RUNNING CONFIG INTERFACE on page 245 Example T...

Page 1122: ... mode Description Use this command to assign a username to a supplicant port A supplicant port sends its username to an authenticator for verification when it logs on to the network You may assign the same username to more than one supplicant port The switch uses the EAP MD5 authentication method when a port is configured as a supplicant Confirmation Command SHOW RUNNING CONFIG INTERFACE on page 2...

Page 1123: ... Interface mode Description Use this command to set the amount of time that an authenticator port on the switch waits for a reply from a supplicant to an EAP request identity frame If no reply is received it retransmits the frame Confirmation Command SHOW AUTH MAC INTERFACE on page 1131 or SHOW DOT1X INTERFACE on page 1136 Example This example sets the timeout period on authenticator ports 1 0 15 ...

Page 1124: ... mode Description Use this command to disable 802 1x port based network access control on the switch All ports forward packets without any authentication This is the default setting Confirmation Command SHOW DOT1X on page 1135 Example This example disables 802 1x port based network access control on the switch awplus enable awplus configure terminal awplus config no aaa authentication dot1x defaul...

Page 1125: ...ignments of authentication ports For background information refer to Supplicant and VLAN Associations on page 1072 Confirmation Command SHOW AUTH MAC INTERFACE on page 1131 SHOW DOT1X INTERFACE on page 1136 Example This example disables dynamic VLAN assignment of authenticator port 1 0 15 awplus enable awplus configure terminal awplus config interface port1 0 15 awplus config if no auth dynamic vl...

Page 1126: ...n Use this command to disable the Guest VLAN feature on an authenticator port Confirmation Command SHOW AUTH MAC INTERFACE on page 1131 SHOW DOT1X INTERFACE on page 1136 Example This example removes the guest VLAN from ports 1 0 23 and 1 0 24 awplus enable awplus configure terminal awplus config interface port1 0 23 port1 0 24 awplus config if no auth guest vlan ...

Page 1127: ...eauthenticate after the initial authentication Reauthentication is still required if there is a change to the status of the link between a supplicant and the switch or the switch is reset or power cycled Confirmation Command SHOW AUTH MAC INTERFACE on page 1131 SHOW DOT1X INTERFACE on page 1136 Example This example deactivates reauthentication on port 1 0 2 awplus enable awplus configure terminal ...

Page 1128: ...Description Use this command to deactivate MAC address based authentication on authenticator ports Confirmation Command SHOW DOT1X SUPPLICANT INTERFACE on page 1138 Example This example removes MAC address based authentication from port 1 0 23 awplus enable awplus configure terminal awplus config interface port1 0 23 awplus config if no auth mac enable ...

Page 1129: ... remove ports from the authenticator role so that they forward traffic without authentication Confirmation Command SHOW AUTH MAC INTERFACE on page 1131 or SHOW DOT1X INTERFACE on page 1136 Example This example removes port 1 0 14 from the authenticator role awplus enable awplus configure terminal awplus config interface port1 0 14 awplus config if no dot1x port control ...

Page 1130: ...face mode Description Use this command to remove ports from the 802 1x port based supplicant role Confirmation Command SHOW RUNNING CONFIG INTERFACE on page 245 Example This example removes ports 1 0 8 and 1 0 22 from the supplicant role awplus enable awplus configure terminal awplus config interface port1 0 8 port1 0 22 awplus config if no dot1x port control supplicant ...

Page 1131: ...igure 195 SHOW AUTH MAC INTERFACE Command Example This example displays the parameter settings of authenticator ports 1 0 1 through 1 0 4 awplus show auth mac interface port1 0 1 port1 0 4 Authentication Info for interface port1 0 2 portEnabled Enabled portControl Auto portStatus UP reAuthenticate Disabled reAuthPeriod 3600 PAE quietPeriod 60 maxReauthReq 2 txPeriod 30 BE suppTimeout 30 serverTime...

Page 1132: ...o display session statistics of the authenticator ports An example is shown in Figure 196 Figure 196 SHOW AUTH MAC SESSIONSTATISTICS INTERFACE Command Example This example displays the session statistics of the authenticator port 1 0 17 awplus show auth mac sessionstatistics interface port1 0 17 Authentication Session Statistics for interface port session user name manager session authentication m...

Page 1133: ...ge 1137 An example is shown in Figure 197 Figure 197 SHOW AUTH MAC STATISTICS INTERFACE Command Example This example displays the EAP packet statistics of authenticator port 1 0 7 awplus show auth mac statistics interface port1 0 7 Authentication Statistics for interface port1 0 2 EAPOL Frames Rx 0 EAPOL Frames Tx 0 EAPOL Start Frames Rx 0 EAPOL Logoff Frames Rx 0 EAP Rsp Id Frames Rx 0 EAP Respon...

Page 1134: ...nd is equivalent to SHOW DOT1X SUPPLICANT INTERFACE Command on page 1138 An example is shown in Figure 198 Figure 198 SHOW AUTH MAC SUPPLICANT INTERFACE Command Example This example displays the supplicant state of the authentication mode on ports 1 0 21 and 1 0 23 awplus show auth mac supplicant interface port1 0 21 port1 0 23 Interface port1 0 3 authenticationMethod dot1x totalSupplicantNum 0 au...

Page 1135: ...cess control is enabled or disabled on the switch and the IP addresses of the RADIUS servers An example is shown in Figure 199 Figure 199 SHOW DOT1X Command Example This example displays the status of the 802 1x port based network access control feature and the IP addresses of the RADIUS servers awplus show dot1x 802 1 Port Based Authentication Enabled RADIUS server address auth 149 32 146 78 ...

Page 1136: ...mple of the information Figure 200 SHOW DOT1X INTERFACE Command Example The example displays the authenticator parameter settings for ports 1 0 1 to 1 0 4 awplus enable awplus show dot1x interface port1 0 1 port1 0 4 Authentication Info for interface port1 0 2 portEnabled Enabled portControl Auto portStatus UP reAuthenticate Enabled reAuthPeriod 3600 PAE quietPeriod 60 maxReauthReq 2 txPeriod 30 B...

Page 1137: ... example is shown in Figure 201 Figure 201 SHOW DOT1X STATISTICS INTERFACE Command Example This example displays the EAP packet statistics for authenticator port 1 0 7 awplus enable awplus show dot1x statistics interface port1 0 7 Authentication Statistics for interface port1 0 2 EAPOL Frames Rx 0 EAPOL Frames Tx 0 EAPOL Start Frames Rx 0 EAPOL Logoff Frames Rx 0 EAP Rsp Id Frames Rx 0 EAP Respons...

Page 1138: ...is equivalent to SHOW AUTH MAC SUPPLICANT INTERFACE Command on page 1134 An example is shown in Figure 202 Figure 202 SHOW DOT1X SUPPLICANT INTERFACE Command Interface port1 0 3 authenticationMethod dot1x totalSupplicantNum 2 authorizedSupplicantNum 2 macBasedAuthenticationSupplicantNum 0 dot1xAuthenticationSupplicantNum 2 otherAuthenticationSupplicantNum 0 Supplicant name user2 Supplicant address...

Page 1139: ...tch Command Line User s Guide 1139 Example This example displays the supplicant state of the authentication mode on ports 1 0 21 to 1 0 23 awplus enable awplus show dot1x supplicant interface port1 0 21 port1 0 23 ...

Page 1140: ...Chapter 72 802 1x Port based Network Access Control Commands 1140 ...

Page 1141: ... Simple Network Management Protocols This section contains the following chapters Chapter 73 SNMPv1 and SNMPv2c on page 1143 Chapter 74 SNMPv1 and SNMPv2c Commands on page 1155 Chapter 75 SNMPv3 Commands on page 1179 ...

Page 1142: ...1142 ...

Page 1143: ...n page 1144 Enabling SNMPv1 and SNMPv2c on page 1146 Creating Community Strings on page 1147 Adding or Removing IP Addresses of Trap or Inform Receivers on page 1148 Deleting Community Strings on page 1150 Disabling SNMPv1 and SNMPv2c on page 1151 Displaying SNMPv1 and SNMPv2c on page 1152 ...

Page 1144: ...tch onto your SNMP management workstation The MIBs are available from the Allied Telesis web site at www alliedtelesis com A community string must be assigned an access level The levels are Read and Read Write A community string that has an access level of Read can be used to view but not change the MIB objects on the switch A community string that has a Read Write access level can be used to both...

Page 1145: ...o specify the format in which the switch should send the messages The format can be either SNMPv1 or SNMPv2c For inform messages the format is always SNMPv2c For instructions refer to Adding or Removing IP Addresses of Trap or Inform Receivers on page 1148 You can configure SNMPv1 and SNMPv2c with the SNMPv3 Table commands described in Chapter 75 SNMPv3 Commands on page 1179 However the SNMPv3 Tab...

Page 1146: ...o parameters The switch begins to send trap and inform messages to the receivers and permits remote management from SNMP workstations as soon as you enter the command This assumes of course you have already created the community strings and added the IP addresses of trap and inform receivers Here is the command awplus enable awplus configure terminal awplus config snmp server ...

Page 1147: ...name of the new string It can be up to 15 alphanumeric characters and special characters such as and is case sensitive Spaces are not allowed The RW and RO options define the access levels of new community strings RW is read write and RO is read only This example creates the community string plarnum with read write access awplus enable awplus configure terminal awplus config snmp server community ...

Page 1148: ... messages The switch can send trap messages in either SNMPv1 or SNMPv2c format Inform messages can only be sent in SNMPv2c format Note SNMP must be activated on the switch for you to add trap or inform receivers to community strings To activate SNMP use the SNMP SERVER command in the Global Configuration mode This example activates SNMP on the switch and assigns the IP address 121 12 142 8 as a tr...

Page 1149: ...le awplus configure terminal awplus config snmp server host 143 154 76 17 informs version 2c st_bldg2 To remove IP addresses of trap or inform receivers from community strings use the NO form of the command This example removes the IP address 121 12 142 8 of a trap receiver from the private community string awplus enable awplus configure terminal awplus config no snmp server host 121 12 142 8 trap...

Page 1150: ...t no snmp server community community You can delete only one community string at a time with the command which is found in the Global Configuration mode The COMMUNITY parameter is case sensitive This example deletes the ytnar12a community string from the switch awplus enable awplus configure terminal awplus config no snmp server community ytnar12a ...

Page 1151: ...itch use the NO SNMP SERVER command You cannot remotely manage the switch with an SNMP application when SNMP is disabled Furthermore the switch stops transmitting trap and inform messages to your SNMP applications Here is the command awplus enable awplus configure terminal awplus config no snmp server ...

Page 1152: ...The information that the command provides for each community string includes the community name and the access level of read write or read only There is also a view field which for community strings created through the SNMPv1 and SNMPv2c commands always has a value of None indicating that the strings give an SNMP application access to the entire MIB tree of the switch SNMPv1 and SNMPv2c community ...

Page 1153: ...205 SHOW RUNNING CONFIG SNMP Command snmp server no snmp server enable trap auth snmp server community sw12eng1 rw snmp server community sw12eng1limit rw snmp server community westplnm7 ro snmp server community site12pl4 ro snmp server host 149 198 74 143 traps version 2c sw12eng1 snmp server host 149 198 74 154 traps version 2c sw12eng1 snmp server host 149 198 121 17 traps version 2c sw12eng1lim...

Page 1154: ...Chapter 73 SNMPv1 and SNMPv2c 1154 ...

Page 1155: ...160 Global Configuration Disables the transmission of SNMP authentication traps NO SNMP SERVER HOST on page 1161 Global Configuration Removes the IP addresses of trap and inform receivers from the community strings NO SNMP SERVER VIEW on page 1163 Global Configuration Deletes SNMP views NO SNMP TRAP LINK STATUS on page 1164 Port Interface Disables the transmission of SNMP link status notifications...

Page 1156: ... status and authentication traps which are activated separately SNMP SERVER ENABLE TRAP AUTH on page 1173 Global Configuration Activates the transmission of SNMP authentication traps SNMP SERVER HOST on page 1174 Global Configuration Adds the IP addresses of trap and informs receivers to the community strings on the switch SNMP SERVER VIEW on page 1176 Global Configuration Creates SNMP views SNMP ...

Page 1157: ... SNMPv1 SNMPv2c and SNMPv3 on the switch The switch does not permit remote management from SNMP applications when SNMP is disabled It also does not send SNMP trap or inform messages Confirmation Command SHOW SNMP SERVER on page 1166 Example This example disables SNMPv1 SNMPv2c or SNMPv3 on the switch awplus enable awplus configure terminal awplus config no snmp server ...

Page 1158: ...ngs from the switch Deleting community strings with this command also deletes any IP addresses of SNMP trap or inform receivers assigned to the community strings You can delete only one community string at a time with this command Confirmation Command SHOW SNMP SERVER COMMUNITY on page 1167 Example This example deletes the pla178ta community string from the switch as well as any IP addresses of tr...

Page 1159: ...d to disable the transmission of SNMP traps except for the link status and authentication traps which are disabled separately Confirmation Command SHOW RUNNING CONFIG SNMP on page 1165 Example This example disables the transmission of all SNMP traps except for the link status and authentication traps awplus enable awplus configure terminal awplus config no snmp server enable trap ...

Page 1160: ...ameters None Mode Global Configuration mode Description Use this command to disable the transmission of SNMP traps Confirmation Command SHOW RUNNING CONFIG SNMP on page 1165 Example This example disables the transmission of SNMP traps awplus enable awplus configure terminal awplus config no snmp server enable trap auth ...

Page 1161: ...eceiver You can specify only 2c when you are deleting the IP address of an inform message receiver community_string Specifies the SNMP community string to which the IP address of the trap or inform receiver is assigned This parameter is case sensitive Mode Global Configuration mode Description Use this command to remove IP addresses of trap or inform receivers from the community strings on the swi...

Page 1162: ...rivate This example removes the IPv4 address 171 42 182 102 of a trap receiver from the community string station12a awplus enable awplus configure terminal awplus config no snmp server host 115 124 187 4 traps version 2c station12a This example removes the IPv6 address 124c 75 ae3 763 8b4 of an inform receiver from the community string wadt27 awplus enable awplus configure terminal awplus config n...

Page 1163: ...ecifies the OID of the view Mode Global Configuration mode Description Use this command to delete SNMP views You can delete just one view at a time with this command Confirmation Command SHOW SNMP SERVER VIEW on page 1169 Example This example deletes the view AlliedTelesis with the OID 1 3 6 1 4 1 207 awplus enable awplus configure terminal awplus config no snmp server view AlliedTelesis 1 3 6 1 4...

Page 1164: ...ission of SNMP link status notifications traps when ports establish links linkUp or lose links linkDown to network devices Confirmation Command SHOW INTERFACE on page 234 Example This example disables the transmission of link status notifications on ports 17 and 21 awplus enable awplus configure terminal awplus config interface port1 0 17 port1 0 21 awplus config if no snmp trap link status ...

Page 1165: ...example displays the SNMPv1 and SNMPv2c community strings and the IP addresses of trap and inform receivers awplus show running config snmp snmp server no snmp server enable trap auth snmp server community sw12eng1 rw snmp server community sw12eng1limit rw snmp server community westplnm7 ro snmp server community site12pl4 ro snmp server host 149 198 74 143 traps version 2c sw12eng1 snmp server hos...

Page 1166: ...itch You can remotely manage the switch with SNMPv1 or v2c when the server is enabled Remote management is not possible when the server is disabled To activate or deactivate SNMP refer to SNMP SERVER on page 1170 and NO SNMP SERVER on page 1157 respectively Figure 207 SHOW SNMP SERVER Command Example This example displays the current status of SNMP on the switch awplus show snmp server SNMP Server...

Page 1167: ...7 Table 117 SHOW SNMP SERVER COMMUNITY Command Parameter Description Community Name The community string Access The access level of the community string The possible access levels are Read Write and Read Only View The name of an SNMP view that defines a portion of the MIB tree that the community string is not permitted to access Community strings that are not assigned views have a value of None wh...

Page 1168: ...Chapter 74 SNMPv1 and SNMPv2c Commands 1168 Example This example displays the SNMPv1 and SNMPv2c community strings awplus show snmp server community ...

Page 1169: ...MP SERVER VIEW Command The fields in the entries are described in Table 118 Example This example displays the SNMPv1 and SNMPv2c views on the switch awplus show snmp server view Table 118 SHOW SNMP SERVER VIEW Command Parameter Description View Name The view name OID The OID to a section of the MIB tree Type The view type which is always excluded SNMP View information View Name system OID 1 3 6 12...

Page 1170: ...v1 SNMPv2c and SNMPv3 on the switch The switch permits remote management from SNMP applications when SNMP is enabled The switch also sends SNMP messages to trap and inform receivers Confirmation Command SHOW SNMP SERVER on page 1166 Example This example activates SNMPv1 SNMPv2c or SNMPv3 on the switch awplus enable awplus configure terminal awplus config snmp server ...

Page 1171: ...cifies the access level of a new community string of read write RW or read only RO Mode Global Configuration mode Description Use this command to create new SNMPv1 and SNMPv2c community strings on the switch The switch can have up to eight community strings Confirmation Command SHOW SNMP SERVER COMMUNITY on page 1167 Example This example creates the new community string stea2a with an access level...

Page 1172: ...he transmission of all SNMP traps except for power inline link status and authentication traps which are activated separately Confirmation Command SHOW RUNNING CONFIG SNMP on page 1165 Example This example activates the transmission of all SNMP traps except for power inline link status and authentication traps awplus enable awplus configure terminal awplus config snmp server enable trap ...

Page 1173: ...al Configuration mode Description Use this command to activate the transmission of SNMP authentication failure traps Confirmation Command SHOW RUNNING CONFIG on page 170 Example This example activates the transmission of SNMP authentication failure traps awplus enable awplus configure terminal awplus config snmp server enable trap auth ...

Page 1174: ...NMPv1 1 or SNMPv2c 2c For inform messages the format must be SNMPv2c 2c community Specifies an SNMP community string This parameter is case sensitive Mode Global Configuration mode Description Use this command to specify IP addresses of network devices to receive trap and inform messages from the switch A community string can have up to eight IP addresses of trap and inform receivers SNMP must be ...

Page 1175: ...igns the IPv4 address 152 34 32 18 as a trap receiver to the community string tlpaac78 The traps are sent in the SNMPv1 format awplus enable awplus configure terminal awplus config snmp server host 152 34 32 18 traps version 1 tlpaac78 This example assigns the IPv6 address 45ac be22 78 c45 8156 as an inform receiver to the community string anstat172 Inform messages must be sent in the SNMPv2c form...

Page 1176: ... the part of the MIB tree specified by the OID Mode Global Configuration mode Description Use this command to create SNMPv1 and SNMPv2c views on the switch Views are used to restrict the MIB objects that network managers can access through the community strings A view can have more than one OID but each OID must be entered in a separate command Confirmation Command SHOW SNMP SERVER VIEW on page 11...

Page 1177: ...e new view AlliedTelesis that limits the available MIB objects to those in the OID 1 3 6 1 4 1 207 awplus enable awplus configure terminal awplus config snmp server view AlliedTelesis 1 3 6 1 excluded awplus config snmp server view AlliedTelesis 1 3 6 1 4 1 207 included ...

Page 1178: ...s notifications traps when ports establish links linkUp or lose links linkDown to network devices Confirmation Command SHOW INTERFACE on page 234 Example This example configures the switch to transmit link status notifications whenever links are established or lost on ports 1 to 4 awplus enable awplus configure terminal awplus config interface port1 0 1 port1 0 4 awplus config if snmp trap link st...

Page 1179: ... SNMP SERVER USER on page 1186 Global Configuration Deletes SNMPv3 users from the switch NO SNMP SERVER VIEW on page 1187 Global Configuration Deletes SNMPv3 views from the switch SHOW SNMP SERVER on page 1188 Privileged Exec Displays the current status of SNMP on the switch SHOW SNMP SERVER GROUP on page 1189 Privileged Exec Displays the SNMPv3 groups SHOW SNMP SERVER HOST on page 1190 Privileged...

Page 1180: ...MPv3 groups SNMP SERVER HOST on page 1197 Global Configuration Creates SNMPv3 host entries SNMP SERVER USER on page 1199 Global Configuration Creates SNMPv3 users SNMP SERVER VIEW on page 1201 Global Configuration Creates SNMPv3 views Table 119 SNMPv3 Commands Continued Command Mode Description ...

Page 1181: ... SNMPv1 SNMPv2c and SNMPv3 on the switch The switch does not permit remote management from SNMP applications when SNMP is disabled It also does not send SNMP trap or inform messages Confirmation Command SHOW SNMP SERVER on page 1188 Example This example disables SNMPv1 SNMPv2c or SNMPv3 on the switch awplus enable awplus configure terminal awplus config no snmp server ...

Page 1182: ... Global Configuration mode Description Use this command to return the SNMP engine ID value to the default value Confirmation Command SHOW SNMP SERVER on page 1188 Example This example returns the SNMP engine ID value to the default value awplus enable awplus configure terminal awplus config no snmp server engineid local ...

Page 1183: ...o be deleted The options are auth Indicates authentication but no privacy noauth Indicates no authentication or privacy priv Indicates authentication and privacy Mode Global Configuration mode Description Use this command to delete SNMPv3 groups Confirmation Command SHOW SNMP SERVER GROUP on page 1189 Example This example deletes the SNMPv3 group campus1_mgmt with authentication and privacy securi...

Page 1184: ... The options are informs Sends inform messages trap Sends trap messages noauth auth priv Specifies the minimum security level of the user associated with this entry The options are noauth Indicates no authentication or privacy auth Indicates authentication but no privacy priv Indicates authentication and privacy username Specifies an SNMPv3 user name Mode Global Configuration mode Description Use ...

Page 1185: ...e 1185 Example This example deletes the host entry with the IPv4 address 187 87 165 12 The user name associated with this entry is jones awplus enable awplus configure terminal awplus config snmp server host 187 87 165 12 traps v3 auth jones ...

Page 1186: ...ch The name is case sensitive Mode Global Configuration mode Description Use this command to delete SNMPv3 users You can delete just one user at a time with this command Confirmation Command SHOW SNMP SERVER USER on page 1191 Example This example deletes the SNMPv3 user tedwards awplus enable awplus configure terminal awplus config no snmp server user tedwards ...

Page 1187: ...case sensitive OID Specifies the OID of the subtree of the view to be deleted Mode Global Configuration mode Description Use this command to delete SNMPv3 views from the switch Confirmation Command SHOW SNMP SERVER VIEW on page 1192 Example This example deletes the view All which has the OID 1 3 6 1 awplus enable awplus configure terminal awplus config snmp server view All subtree 1 3 6 1 ...

Page 1188: ...ou can remotely manage the switch with SNMPv1 or v2c when the server is enabled Remote management is not possible when the server is disabled To activate or deactivate SNMP refer to SNMP SERVER on page 1193 and NO SNMP SERVER on page 1181 respectively Figure 210 SHOW SNMP SERVER Command Example This example displays the current status of SNMP on the switch awplus show snmp server SNMP Server Enabl...

Page 1189: ...ide 1189 SHOW SNMP SERVER GROUP Syntax show snmp server group Parameters None Mode Privileged Exec mode Description Use this command to display the SNMPv3 groups Example This example displays the SNMPv3 groups awplus show snmp server group ...

Page 1190: ...W SNMP SERVER HOST Syntax show snmp server host Parameters None Mode Privileged Exec mode Description Use this command to display the SNMPv3 host entries Example This example displays the SNMPv3 host entries awplus show snmp server host ...

Page 1191: ...Guide 1191 SHOW SNMP SERVER USER Syntax show snmp server user Parameters None Mode Privileged Exec mode Description Use this command to display the SNMPv3 users Example This example displays the SNMPv3 users awplus show snmp server user ...

Page 1192: ... SERVER VIEW Syntax show snmp server view Parameter None Mode Privileged Exec mode Description Use this command to display the SNMPv3 views on the switch Example This example displays the SNMPv3 views on the switch awplus show snmp server view ...

Page 1193: ...NMPv2c and SNMPv3 on the switch The switch permits remote management from SNMP applications when SNMP is enabled The switch also sends SNMP messages to trap and inform receivers Confirmation Command SHOW SNMP SERVER on page 1188 Example The following example activates SNMPv1 SNMPv2c and SNMPv3 on the switch awplus enable awplus configure terminal awplus config snmp server ...

Page 1194: ...nfigure the SNMPv3 engine ID Note Changing the SNMPv3 engine ID from its default value is not recommended because the SNMP server on the switch may fail to operate properly Confirmation Command SHOW SNMP SERVER on page 1188 Examples This example sets the SNMPv3 engine ID to 89ab532d782 awplus enable awplus configure terminal awplus config snmp server engineid local 89ab532d782 This example returns...

Page 1195: ... privacy noauth Indicates no authentication or privacy priv Indicates authentication and privacy readview Specifies the name of an existing SNMPv3 view that specifies the MIB objects the members of the group can view If this parameter is omitted the members cannot view any MIB objects using the group The name is case sensitive writeview Specifies the name of an existing SNMPv3 view that specifies ...

Page 1196: ...es a group called swengineering with a minimum security level of authentication and privacy The group has the read view internet and the write view ATI awplus enable awplus configure terminal awplus config snmp server group swengineering priv read internet write ATI This example creates a group called hwengineering with a security level of no authentication or privacy The group has the read view i...

Page 1197: ...f message the switch sends The options are informs Sends inform messages traps Sends trap messages noauth auth priv Specifies the minimum security level of the user associated with this entry The options are noauth Indicates no authentication or privacy auth Indicates authentication but no privacy priv Indicates authentication and privacy username Specifies an SNMPv3 user name Mode Global Configur...

Page 1198: ...igures SNMPv3 to send trap messages to an end node with the IPv4 address 149 157 192 12 The user name associated with this entry is sthompson awplus enable awplus configure terminal awplus config snmp server host 149 157 192 12 traps version 3 auth sthompson ...

Page 1199: ...igest Algorithms authentication protocol sha The SHA Secure Hash Algorithms authentication protocol auth_password Specifies a password for authentication A password can have up to 40 alphanumeric and or special characters and is case sensitive Spaces are not allowed priv_password Specifies a password for privacy with the 3DES Data Encryption Standard A password can have up to 40 alphanumeric and o...

Page 1200: ...wplus enable awplus configure terminal awplus config snmp server user dcraig This example creates the user bjones The user is assigned authentication using SHA and the authentication password as11fir The account is not assigned privacy awplus enable awplus configure terminal awplus config snmp server user bjones auth sha as11fir This example creates a user with the name csmith The account is given...

Page 1201: ... MIB tree specified by the OID included Permits access to the part of the MIB tree specified by the OID Mode Global Configuration mode Description Use this command to create SNMPv3 views on the switch Views are used to restrict the MIB objects that network managers can access through SNMPv3 groups A view can have more than one OID but each OID must be added in a separate command Confirmation Comma...

Page 1202: ...iew AlliedTelesis that limits the available MIB objects to those in the OID 1 3 6 1 4 1 207 awplus enable awplus configure terminal awplus config snmp server view AlliedTelesis 1 3 6 1 excluded awplus config snmp server view AlliedTelesis 1 3 6 1 4 1 207 included ...

Page 1203: ...e 1229 Chapter 79 LLDP and LLDP MED Commands on page 1261 Chapter 80 Address Resolution Protocol ARP on page 1321 Chapter 81 Address Resolution Protocol ARP Commands on page 1327 Chapter 82 RMON on page 1335 Chapter 83 RMON Commands on page 1351 Chapter 98 Advanced Access Control Lists ACLs on page 1523 Chapter 99 ACL Commands on page 1561 Chapter 71 Quality of Service QOS Commands on page 1275 ...

Page 1204: ...1204 ...

Page 1205: ...wing topics Overview on page 1206 Configuring the sFlow Agent on page 1208 Configuring the Ports on page 1209 Enabling the sFlow Agent on page 1211 Disabling the sFlow Agent on page 1212 Displaying the sFlow Agent on page 1213 Configuration Example on page 1214 ...

Page 1206: ...e defines the average number of ingress packets from which the agent samples one packet For example a sampling rate of 1000 on a port prompts the agent to send one packet from an average of 1000 ingress packets to the designated sFlow collector Different ports can have different rates Packet Counters The agent can also gather and send data to a collector about overall information regarding the sta...

Page 1207: ...t depending on its internal dynamics may send the information to the collector before five minutes have actually elapsed Guidelines Here are the guidelines to the sFlow agent You can specify just one sFlow collector The switch must have a management IP address For instructions refer to Chapter 13 IPv4 and IPv6 Management Addresses on page 299 If the sFlow collector is not a member of the same subn...

Page 1208: ...ddress port udp_port The IPADDRESS parameter specifies the IP address of the collector and the UDP_PORT parameter its UDP port This example specifies the IP address of the sFlow collector as 154 122 11 24 and the UDP port as 6300 awplus enable awplus configure terminal awplus config sflow collector ip 154 122 11 24 port 6300 After configuring the agent go to the next section to configure the ports...

Page 1209: ... can have different rates The packet sampling rate is controlled with the SFLOW SAMPLING RATE command in the Port Interface mode Here is the format of the command sflow sampling rate value The VALUE parameter specifies the average number of ingress packets on a port from which one sample is taken by the agent and sent to the sFlow collector The permitted values are 0 and 256 to 16441700 packets Fo...

Page 1210: ...ust one polling rate but different ports can have different settings The command to set this value is the SFLOW POLLING INTERVAL command in the Port Interface mode Here is the format of the command sflow polling interval value This example of the command sets the polling interval to 100 seconds on ports 4 9 and 11 awplus enable awplus configure terminal awplus config interface port1 0 4 port1 0 9 ...

Page 1211: ... sflow enable This command assumes that you have already performed these steps Added the IP address of the collector to the sFlow agent with the SFLOW COLLECTOR IP command Used the SFLOW SAMPLING RATE and SFLOW POLLING INTERVAL IP commands to configure those ports from which performance data is to be gathered Assigned the switch a management IP address For instructions refer to Chapter 13 IPv4 and...

Page 1212: ...nt from collecting performance data on the ports on the switch and from sending the data to the collector on your network use the NO SFLOW ENABLE command in the Global Configuration mode Here is the command awplus enable awplus configure terminal awplus config no sflow enable ...

Page 1213: ...in the Global Configuration mode Here is the command awplus config show sflow Here is an example of the display Figure 211 SHOW SFLOW Command The fields are described in Table 121 on page 1227 Number of Collectors 1 Collector_address UDP_port 149 122 78 12 6343 Number of Samplers Pollers 4 Port Sample rate Polling interval 1 0 4 1000 60 1 0 12 1000 60 1 0 13 50000 2400 1 0 14 50000 2400 sFlow Stat...

Page 1214: ... the Privileged Executive mode from the User Executive mode awplus configure terminal Enter the Global Configuration mode awplus config sflow collector ip 152 232 56 11 port 6342 Use the SFLOW COLLECTOR IP command to add the IP address of the sFlow collector to the sFlow agent on the switch awplus config show sflow Use the SHOW SFLOW command to confirm the IP address awplus config interface port1 ...

Page 1215: ...nutes 1800 seconds before sending performance data for that particular port awplus config if sflow sampling rate 50000 Use the SFLOW SAMPLING RATE command to set the sampling rate of the ports to 1 packet for every 50000 packets awplus config if sflow polling interval 1800 Use the SFLOW POLLING INTERVAL command to set the polling rate of the statistics counters of the ports to 1800 seconds awplus ...

Page 1216: ...Chapter 76 sFlow Agent 1216 ...

Page 1217: ...w collectors on your network to the sFlow agent on the switch SFLOW ENABLE on page 1221 Global Configuration Activates the sFlow agent on the switch SFLOW POLLING INTERVAL on page 1222 Port Interface Sets the polling intervals that control the maximum amount of time permitted between successive pollings of the port packet counters by the sFlow agent SFLOW SAMPLING RATE on page 1224 Port Interface ...

Page 1218: ...lector Mode Global Configuration mode Description Use this command to delete the IP address of an sFlow collector from the switch Confirmation Command SHOW SFLOW on page 1226 Example This example deletes the IP address 152 42 175 22 as an sFlow collector from the switch awplus enable awplus configure terminal awplus config no sflow collector ip 152 42 175 22 ...

Page 1219: ...ion mode Description Use this command to disable the sFlow agent to stop the switch from transmitting sample and counter data to the sFlow collector on your network Confirmation Command SHOW SFLOW on page 1226 Example This example disables the sFlow agent awplus enable awplus configure terminal awplus config no sflow enable ...

Page 1220: ... sFlow collector on your network The packet sampling data and the packet counters from the ports are sent by the switch to the specified collector You can specify just one collector If the IP address of a collector has already been assigned to the switch and you want to change it you must first delete it using the NO version of this command Confirmation Command SHOW SFLOW on page 1226 Example This...

Page 1221: ...sFlow agent on the switch The switch uses the agent to gather packet sampling data and packet counters from the designated ports and to transmit the data to the sFlow collector on your network Confirmation Command SHOW SFLOW on page 1226 Example The following example actives the sFlow agent on the switch awplus enable awplus configure terminal awplus config sflow enable ...

Page 1222: ...ted between successive pollings of the packet counters on the ports by the sFlow agent The ports can have different polling intervals To remove sFlow monitoring from a port enter the NO form of this command NO SFLOW POLLING INTERVAL You must disable the sFlow agent to set or change the polling interval of a port For instructions refer to NO SFLOW ENABLE on page 1219 Confirmation Commands SHOW SFLO...

Page 1223: ... Line User s Guide 1223 This example removes sFlow monitoring on port 21 using the NO form of the command awplus enable awplus configure terminal awplus config interface port1 0 21 awplus config if no sflow polling interval ...

Page 1224: ... sFlow collector For example a sample rate of 700 on a port means that one sample packet is taken for every 700 ingress packets The ports can have different sampling rates To disable packet sampling on the ports enter the value 0 for the sampling rate or use the NO form of this command NO SFLOW SAMPLING RATE You must disable the sFlow agent to set or change the sampling rate of a port For instruct...

Page 1225: ...8100 Switch Command Line User s Guide 1225 This example disables packet sampling on port 7 awplus enable awplus configure terminal awplus config interface port1 0 7 awplus config if no sflow sampling rate ...

Page 1226: ... agent on the switch The command displays the same information with or without the DATABASE keyword Here is an example of the information Figure 212 SHOW SFLOW Command Number of Collectors 1 Collector_address UDP_port 149 122 78 12 6343 Number of Samplers Pollers 4 Port Sample rate Polling interval 1 0 4 1000 60 1 0 12 1000 60 1 0 13 50000 2400 1 0 14 50000 2400 sFlow Status Enable ...

Page 1227: ...igured to be sampled or polled Port The port number Sample rate The rate of ingress packet sampling on the port For example a rate of 500 means that one in every 500 packets is sent to the designated collector A value of 0 means the agent is not sampling packets on the port To set this value refer to SFLOW SAMPLING RATE on page 1224 Polling interval The maximum amount of time seconds permitted bet...

Page 1228: ...Chapter 77 sFlow Agent Commands 1228 Example This example displays the settings of the sFlow agent awplus enable awplus show sflow ...

Page 1229: ...ring Ports to Send LLDP MED Civic Location TLVs on page 1242 Configuring Ports to Send LLDP MED Coordinate Location TLVs on page 1245 Configuring Ports to Send LLDP MED ELIN Location TLVs on page 1249 Removing LLDP TLVs from Ports on page 1251 Removing LLDP MED TLVs from Ports on page 1252 Deleting LLDP MED Location Entries on page 1253 Disabling LLDP and LLDP MED on the Switch on page 1254 Displa...

Page 1230: ... transmitted in LLDP advertisements flows in one direction only from one device to its neighbors and the communication ends there Transmitted advertisements do not solicit responses and received advertisements do not solicit acknowledgements LLDP cannot solicit any information from other devices LLDP operates over physical ports only For example it can be configured on switch ports that belong to ...

Page 1231: ...t that transmitted the advertisements Time to Live TTL The length of time in seconds for which the information received in the advertisements remains valid If the value is greater than zero the information is stored in the switch s neighbor table If the value is zero the information is no longer valid and is removed from the table Table 123 Optional LLDP TLVs TLV Description Port description A por...

Page 1232: ...s The names of the VLANs in which the transmitting port is either an untagged or tagged member Protocol IDs List of protocols that are accessible through the port for instance 8100 Loopback 0026424203000000 STP RSTP or MSTP 888e01 802 1x AAAA03 EPSR 88090101 LACP 00540000e302 Loop protection 0800 IPv4 0806 ARP 86dd IPv6 MC PHY Configuration The speed and duplex mode of the port and whether the por...

Page 1233: ... is connected to a port Otherwise LLDP MED TLVs are not transmitted Note The switch is not an LLDP MED activated device The switch while capable of transmitting LLDP MED TLVs to other devices cannot provide LLDP MED information about itself The LLDP MED TLVs are listed in Table 124 Table 124 Optional LLDP MED TLVs TLV Description Capabilities The LLDP MED TLVs that are supported and enabled on the...

Page 1234: ... this switch this advertises the power that the port can supply over a maximum length cable based on its current configuration that is it takes into account power losses over the cable In TLVs received from Powered Device PD neighbors the power value is the power the neighbor requests Inventory management The current hardware platform and the software version identical on every port on the switch ...

Page 1235: ... transmit advertisements from those ports that are configured to send TLVs and begins to populate its neighbor information table as advertisements from the neighbors arrive on the ports The command does not support any parameters Here is the command awplus enable awplus configure terminal awplus config lldp run To deactivate LLDP and LLDP MED refer to Disabling LLDP and LLDP MED on the Switch on p...

Page 1236: ...e ports do not receive any advertisements from the switch because the ports do not send any TLVs awplus enable Enter the Privileged Executive mode from the User Executive mode awplus configure terminal Enter the Global Configuration mode awplus config interface port1 0 4 port1 0 18 Enter the Port Interface mode for ports 4 and 18 awplus config if lldp receive Configure the ports to accept TLVs fro...

Page 1237: ...m the User Executive mode awplus configure terminal Enter the Global Configuration mode awplus config interface port1 0 16 port1 0 20 Enter the Port Interface mode for ports 16 to 20 awplus config if lldp transmit receive Configure the ports to accept and send TLVs to their neighbors awplus config if no lldp tlv select all Remove all optional LLDP TLVs with the NO LLDP TLV SELECT command awplus co...

Page 1238: ...ory TLVs port description link aggregation mac phy config Table 125 Optional LLDP TLVs Summary TLV Designator Description port description Port description system name System name system description System description system capabilities System capabilities management address Management IP address port vlan Port VLAN port and protocol vlan Port and Protocol VLANs vlan names Names of VLANs in which...

Page 1239: ...awplus config if no lldp tlv select all Remove all optional LLDP TLVs from the ports with the NO LLDP TLV SELECT command awplus config if no lldp med tlv select all Remove all optional LLDP MED TLVs from the ports with the NO LLDP MED TLV SELECT command awplus config if lldp tlv select port description awplus config if lldp tlv select link aggregation awplus config if lldp tlv select mac phy confi...

Page 1240: ...rivileged Executive mode from the User Executive mode awplus configure terminal Enter the Global Configuration mode awplus config interface port1 0 3 port1 0 4 Enter the Port Interface mode for ports 3 and 4 awplus config if lldp transmit receive Configure the ports to accept and send TLVs to and from their neighbors awplus config if no lldp tlv select all Remove all optional LLDP TLVs from the po...

Page 1241: ...AT 8100 Switch Command Line User s Guide 1241 awplus show lldp interface port1 0 3 port1 0 4 Use the SHOW LLDP INTERFACE command to confirm the configuration ...

Page 1242: ...witch and then configure the ports to send it as their civic location TLV Here are the main steps to creating civic location TLVs 1 Starting in the Global Configuration mode use the LOCATION CIVIC LOCATION command to assign an ID number to the new Civic Location entry The command moves you to the Civic mode 2 Use the parameters in the Civic mode to configure the settings of the entry An abbreviate...

Page 1243: ...cation entry seat cube 411a state CA street suffix Blvd unit A11 Table 126 Abbreviated List of LLDP MED Civic Location Entry Parameters Continued Parameter Example awplus enable Enter the Privileged Executive mode from the User Executive mode awplus configure terminal Enter the Global Configuration mode awplus config location civic location identifier 8 Use the LOCATION CIVIC LOCATION command to a...

Page 1244: ...mode for port 14 awplus config if lldp transmit receive Configure the port to send and receive LLDP advertisements awplus config if lldp location civic location id 8 Use the LLDP LOCATION command to add the civic location entry ID number 8 to the port awplus config if lldp med tlv select location Use the LLDP MED TLV SELECT command to configure the port to send the location TLV in its advertisemen...

Page 1245: ...imal degrees The range is 90 0º to 90 0º The parameter accepts up to eight digits to the right of the decimal point lat resolution Latitude resolution as the number of valid bits The range is 0 to 34 longitude Longitude value in decimal degrees The range is 180 0º to 180 0º The parameter accepts up to eight digits to the right of the decimal point long resolution Longitude resolution as number of ...

Page 1246: ...ntry are ID number 16 Latitude 37 29153547 Longitude 121 91528320 Datum nad83 navd Altitude 10 25 meters The example is assigned to port 15 The first series of commands creates the coordinate location entry alt resolution Altitude resolution as number of valid bits The range is 0 to 30 bits datum nad83 mllw nad83 navd wgs84 The geodetic system or datum of the coordinates The selections are nad83 m...

Page 1247: ...e the parameter commands to define the entry awplus config_coord exit Return to the Global Configuration mode awplus config exit Return to the Privileged Exec mode awplus show location coord location identifier 16 Confirm the configuration of the new coordinate location entry with the SHOW LOCATION command awplus configure terminal Enter the Global Configuration mode awplus config interface port1 ...

Page 1248: ...us show lldp interface port1 0 15 Use the SHOW LLDP INTERFACE command to confirm the port is configured to send the location entry ID Element Type Element Value 16 Latitude Resolution 12 bits Latitude 37 29153547 degrees Longitude Resolution 33 bits Longitude 121 9152832 degrees Altitude Resolution 23 bits Altitude 10 25000000 meters Map Datum NAD83 NAVD ...

Page 1249: ... TLV SELECT command to configure the ports to send the TLV in their advertisements Here is an example of how to create an ELIN location entry and apply it to a port The specifications of the entry are ID number 3 ELIN 1234567890 The example is assigned to port 5 The first series of commands creates the coordinate location entry awplus enable Enter the Privileged Executive mode from the User Execut...

Page 1250: ...lus config if lldp location elin location id 3 Use the LLDP LOCATION command to add the ELIN location entry ID number 3 to the port awplus config if lldp med tlv select location Use the LLDP MED TLV SELECT command to configure the port to send the location entry in its advertisements awplus config if end Return to the Privileged Exec mode awplus show location elin location interface port1 0 5 Use ...

Page 1251: ...ps ports 4 and 5 from including the system capabilities and the management address TLVs in their advertisements awplus enable awplus configure terminal awplus config interface port1 0 4 port1 0 5 awplus config if no lldp tlv select system capabilities awplus config if no lldp tlv select management address This example stops port 8 from transmitting all optional LLDP TLVs awplus enable awplus confi...

Page 1252: ...d in the Port Interface mode This example stops ports 6 and 11 from sending the location and inventory management TLVs in their advertisements awplus enable awplus configure terminal awplus config interface port1 0 6 port1 0 11 awplus config if no lldp med tlv select location awplus config if no lldp med tlv select inventory management This example stops port 15 from transmitting all optional LLDP...

Page 1253: ...ly one entry at a time and must include both the type and the ID number of the location entry to be deleted This example deletes the civic location ID 22 awplus enable awplus configure terminal awplus config no location civic location id 22 This example deletes the coordinate location ID 8 awplus enable awplus configure terminal awplus config no location coord location id 8 This example deletes th...

Page 1254: ...e NO LLDP RUN command in the Global Configuration mode The command has no parameters After the protocols are disabled the switch neither sends advertisements to nor collects information from its neighbors The switch retains its LLDP settings Here is the command awplus enable awplus configure terminal awplus config no lldp run ...

Page 1255: ... is an example of the information Figure 213 SHOW LLDP Command The fields are defined in Table 132 on page 1301 LLDP Global Configuration Default Values LLDP Status Enabled Disabled Notification Interval 5 secs 5 Tx Timer Interval 30 secs 30 Hold time Multiplier 4 4 Computed TTL value 120 secs Reinitialization Delay 2 secs 2 Tx Delay 2 secs 2 Fast Start Count 3 3 LLDP Global Status Total Neighbor ...

Page 1256: ...ons RC LLDP Remote Tables Change TC LLDP MED Topology Change TLV Abbreviations Base Pd Port Description Sn System Name Sd System Description Sc System Capabilities Ma Management Address 802 1 Pv Port VLAN ID Pp Port And Protocol VLAN ID Vn VLAN Name Pi Protocol Identity 802 3 Mp MAC PHY Config Status Po Power Via MDI PoE La Link Aggregation Mf Maximum Frame Size MED Mc LLDP MED Capabilities Np Net...

Page 1257: ...he summary information The fields are defined in Table 134 on page 1312 To view all the neighbor information use the SHOW LLDP NEIGHBORS DETAIL command The command has this format show lldp neighbors detail interface port This example displays detailed information about all the neighbors awplus show lldp neighbors detail This example displays detailed information about the neighbor connected to po...

Page 1258: ...he information the switch has received from all the neighbors awplus enable awplus clear lldp table This example clears the information the switch has received from the neighbor connected to port 11 awplus enable awplus clear lldp table interface port1 0 11 ...

Page 1259: ...after you have configured the ports or if you believe that ports are not sending the correct information The command has this format show lldp local info interface port To view the TLVs on all the ports enter this command awplus show lldp local info This example displays the TLVs currently configured on port 2 awplus show lldp local info interface port1 0 2 Refer to Figure 218 on page 1305 and Fig...

Page 1260: ...tics for individual ports use this command show lldp statistics interface port You can view the statistics of more than one port at a time as demonstrated in this example which displays the LLDP statistics for ports 2 and 3 awplus show lldp statistics interface port1 0 2 port1 0 3 To clear the statistics on the ports use this command which as with the SHOW command is found in the Privileged Exec m...

Page 1261: ... the neighbors LLDP LOCATION on page 1267 Port Interface Adds LLDP MED location information to the ports on the switch LLDP MANAGEMENT ADDRESS on page 1269 Port Interface Replaces the default management IP address TLV on the ports LLDP MED NOTIFICATIONS on page 1271 Port Interface Configures the switch to send LLDP MED topology change notifications when devices are connected to or disconnected fro...

Page 1262: ... and or accept LLDP and LLDP MED advertisements from their neighbors LLDP TX DELAY on page 1284 Global Configuration Sets the value of the transmission delay timer which is the minimum time interval between transmissions of LLDP advertisements due to a change in LLDP local information LOCATION CIVIC LOCATION on page 1285 Global Configuration Creates new LLDP MED civic location entries and removes ...

Page 1263: ...CE on page 1303 Privileged Exec Displays the LLDP port settings SHOW LLDP LOCAL INFO INTERFACE on page 1305 Privileged Exec Displays the current configurations of the LLDP advertisements that the ports on the switch can transmit to LLDP compatible neighbors SHOW LLDP NEIGHBORS DETAIL on page 1307 Privileged Exec Displays detailed information the switch has collected from its LLDP compatible neighb...

Page 1264: ...specifies all the ports Mode Privileged Exec mode Description Use this command to clear the LLDP statistics packet and event counters on the ports You can delete the statistics from all ports or from selected ports Examples This example clears the statistics of all ports awplus enable awplus clear lldp statistics This example clears the statistics for ports 1 to 3 awplus enable awplus clear lldp s...

Page 1265: ...to clear the LLDP and LLDP MED information the switch has received from its neighbors You can delete all the information the switch has amassed or only the information from neighbors on selected ports Examples This example clears the information the switch has received from all neighbors awplus enable awplus clear lldp table This example clears the information the switch has received from the neig...

Page 1266: ...mode Description Use this command to set the holdtime multiplier value The transmit interval is multiplied by the holdtime multiplier to give the Time To Live TTL the switch advertises to the neighbors The transmit interval is set with LLDP TIMER on page 1279 Confirmation Command SHOW LLDP on page 1301 Example This example sets the holdtime multiplier to 7 awplus enable awplus configure terminal a...

Page 1267: ...de Port Interface mode Description Use this command to add LLDP MED location information to the ports on the switch The same command is used to add civic coordinate and ELIN locations The specified location entry must already exist To remove LLDP MED location information from the ports use the NO form of this command You do not have to specify ID numbers when removing location entries from the por...

Page 1268: ...lldp location coord location id 11 This example adds the ELIN location ID 27 to port 21 awplus enable awplus configure terminal awplus config interface port1 0 21 awplus config_if lldp location elin location id 27 This example removes the civic location from port 25 awplus enable awplus configure terminal awplus config interface port1 0 25 awplus config_if no lldp location civic location id ...

Page 1269: ...resent Here are the possible default values for a port A port that belongs to the same VLAN as the management IP address uses the address as its TLV default value A port that belongs to a VLAN that does not have a management IP address either because no address has been assigned to the switch or it is assigned to a different VLAN uses the MAC address of the switch as its default value for this TLV...

Page 1270: ...nt IP address TLV awplus enable awplus configure terminal awplus config interface port1 0 2 awplus config if lldp management address 149 122 54 2 This example returns the management IP address TLV on port 18 to its default value awplus enable awplus configure terminal awplus config interface 18 awplus config if no lldp management address ...

Page 1271: ...nected from the specified ports To prevent the switch from transmitting topology change notifications refer to NO LLDP NOTIFICATIONS on page 1295 Confirmation Command SHOW LLDP INTERFACE on page 1303 Example This example configures the switch to send LLDP MED topology change notifications whenever devices are connected to or removed from ports 11 and 17 awplus enable awplus configure terminal awpl...

Page 1272: ...pecifies the extended power via MDI TLV inventory management Specifies the inventory management TLV all Configures a port to send all LLDP MED TLVs Mode Port Interface mode Description Use this command to specify the LLDP MED TLVs the ports are to transmit to their neighbors The default setting is for the ports to send all the LLDP MED TLVs except for the inventory TLV You can specify only one TLV...

Page 1273: ...re terminal awplus config interface port1 0 3 port1 0 8 awplus config if lldp med tlv select inventory management This example configures port 2 to send the capabilities and the location TLVs to its neighbor awplus enable awplus configure terminal awplus config interface port1 0 2 awplus config if lldp med tlv select capabilities awplus config if lldp med tlv select location ...

Page 1274: ...the NO form of this command to configure the switch to accept only advertisements with TLVs that adhere to the correct order Advertisements in which the TLVs are not in the standard order are discarded by the switch Confirmation Command SHOW RUNNING CONFIG on page 170 Examples This example configures the switch to accept LLDP MED advertisements in which the TLVs are not in standard order awplus en...

Page 1275: ...nd LLDP SNMP notifications traps To prevent ports from transmitting LLDP SNMP notifications refer to NO LLDP NOTIFICATIONS on page 1295 Confirmation Command SHOW LLDP INTERFACE on page 1303 Example This example configures ports 2 and 3 to transmit SNMP notifications awplus enable awplus configure terminal awplus config interface port1 0 2 port1 0 3 awplus config if lldp notifications ...

Page 1276: ...ge is 5 to 3600 seconds Mode Global Configuration mode Description Use this command to set the notification interval This is the minimum interval between LLDP SNMP notifications traps Confirmation Command SHOW LLDP on page 1301 Example This example sets the notification interval to 35 seconds awplus enable awplus configure terminal awplus config lldp notification interval 35 ...

Page 1277: ...Global Configuration mode Description Use this command to set the re initialization delay This is the number of seconds that must elapse after LLDP is disabled on a port before it can be re initialized Confirmation Command SHOW LLDP on page 1301 Example This example set the re initialization delay to 8 seconds awplus enable awplus configure terminal awplus config lldp reinit 8 ...

Page 1278: ...ription Use this command to activate LLDP on the switch Once you have activated LLDP the switch begins to transmit and accept advertisements on its ports To deactivate LLDP refer to NO LLDP RUN on page 1296 Confirmation Command SHOW LLDP on page 1301 Example awplus enable awplus configure terminal awplus config lldp run ...

Page 1279: ...n Use this command to set the transmit interval This is the interval between regular transmissions of LLDP advertisements The transmit interval must be at least four times the transmission delay timer set with LLDP TX DELAY on page 1284 Confirmation Command SHOW LLDP on page 1301 Example This example sets the transmit interval to 60 seconds awplus enable awplus configure terminal awplus config lld...

Page 1280: ...o select all the TLVs use the ALL option The optional TLVs are listed in Table 129 Table 129 Optional TLVs TLV Description all Sends all optional TLVs link aggregation Advertises link aggregation values mac phy config Identifies MAC and PHY configuration status management address Sends the management IP address of the port To set this TLV refer to LLDP MANAGEMENT ADDRESS on page 1269 max frame siz...

Page 1281: ...port is an untagged member power management Transmits Power over Ethernet PoE information protocol ids Transmits the protocols that are accessible through the port system capabilities The device s functions and whether or not these functions are currently enabled system description Sends the model name of the switch system name Sends the name of the switch To assign a name to the switch refer to A...

Page 1282: ... port1 0 5 awplus config if lldp tlv select all This example configures ports 14 and 22 to transmit the optional LLDP port description port vlan and system description TLVs awplus enable awplus configure terminal awplus config interface port1 0 14 port1 0 22 awplus config if lldp tlv select port description awplus config if lldp tlv select port vlan awplus config if lldp tlv select system descript...

Page 1283: ...d any optional LLDP TLVs they have been configured to send Ports configured to receive LLDP advertisements accept all advertisements from their neighbors Confirmation Command SHOW LLDP INTERFACE on page 1303 Examples This example configures ports 14 and 22 to both transmit and receive LLDP advertisements awplus enable awplus configure terminal awplus config interface port1 0 14 port1 0 22 awplus c...

Page 1284: ... timer This is the minimum time interval between transmissions of LLDP advertisements due to a change in LLDP local information The transmission delay timer cannot be greater than a quarter of the transmit interface set with LLDP TIMER on page 1279 To view the current value refer to SHOW LLDP on page 1301 Confirmation Command SHOW LLDP on page 1301 Example This example sets the transmission delay ...

Page 1285: ...onfiguration mode Description Use this command to create or modify LLDP MED civic location entries on the switch This command moves you to the Civic Location mode which contains the parameters you use to define or modify an entry The parameters are listed in Table 130 Table 130 LLDP MED Civic Location Entry Parameters Parameter Example additional code 12345 additional information Updated Aug 2010 ...

Page 1286: ...e parameters in a single location entry To remove parameters from a location entry use the NO forms of the parameter commands for example NO UNIT leading street direction West name J Smith neighborhood Cliffside place type Business district post office box 102 postal code 95134 postal community name Lyton primary road name Eastwood road section North room 402 seat cube 411a state CA street group A...

Page 1287: ...fig location civic location identifier 5 awplus config_civic country US awplus config_civic city San Jose awplus config_civic state CA awplus config_civic building 100 awplus config_civic primary road name New Adams awplus config_civic street suffix Way awplus config_civic postal code 95134 awplus config_civic floor 2 awplus config_civic room 214 awplus config_civic exit awplus config This example...

Page 1288: ...mmand moves you to the Coordinate Location mode which contains the parameters you use to define the entries The parameters are listed in Table 131 Table 131 LLDP MED Coordinate Location Entry Parameters Parameter Value latitude Latitude value in decimal degrees The range is 90 0º to 90 0º The parameter accepts up to eight digits to the right of the decimal point lat resolution Latitude resolution ...

Page 1289: ...eter must be specified between the two keywords as shown here altitude n floors altitude meters Altitude in meters The range is 2097151 0 to 2097151 0 meters The parameter accepts up to eight digits to the right of the decimal point The value for this parameter must be specified between the two keywords as shown here altitude n meters alt resolution Altitude resolution as the number of valid bits ...

Page 1290: ...cation identifier 16 awplus config_coord latitude 37 29153547 awplus config_coord longitude 121 91528320 awplus config_coord datum nad83 navd awplus config_coord altitude 10 25 meters awplus config_coord exit This example removes the datum and altitude values without assigning new values from LLDP MED civic location ID 3 awplus enable awplus configure terminal awplus config location coord location...

Page 1291: ...one ID number Mode Global Configuration mode Description Use this command to create or modify LLDP MED ELIN location entries on the switch To create a new ELIN TLV specify an unused ID number To modify an existing ELIN TLV enter its ID number To assign ELIN location entries to ports on the switch use LLDP LOCATION on page 1267 To remove an ELIN location entry use NO LOCATION on page 1299 Confirmat...

Page 1292: ...opology change notifications when devices are connected to or disconnected from the specified ports Confirmation Command SHOW LLDP INTERFACE on page 1303 Example This example configures the switch not to send LLDP MED topology change notifications when devices are connected to or removed from port 19 awplus enable awplus configure terminal awplus config interface port1 0 19 awplus config if no lld...

Page 1293: ...s the location identification TLV power management ext Specifies the extended power via MDI TLV inventory management Specifies the inventory management TLV all Configures a port to stop sending all LLDP MED TLVs Mode Port Interface mode Description Use this command to stop ports from transmitting LLDP MED TLVs You can specify only one TLV per command The default setting is for ports to send all op...

Page 1294: ...onfig interface port1 0 8 awplus config if no lldp med tlv select all This example stops ports 2 and 16 from transmitting the LLDP MED capabilities and network policy TLVs awplus enable awplus configure terminal awplus config interface port1 0 2 port1 0 16 awplus config if no lldp med tlv select capabilities awplus config if no lldp med tlv select network policy ...

Page 1295: ...ode Description Use this command to prevent ports from sending LLDP SNMP notifications traps Confirmation Command SHOW LLDP INTERFACE on page 1303 Example This example prevents port 14 from transmitting SNMP notifications awplus enable awplus configure terminal awplus config interface port1 0 14 awplus config if no lldp notifications ...

Page 1296: ... and LLDP MED on the switch The switch when LLDP and LLDP MED are disabled neither sends advertisements to nor collects information from its neighbors The LLDP settings are retained by the switch Confirmation Command SHOW LLDP on page 1301 Example This example disables LLDP and LLDP MED on the switch awplus enable awplus configure terminal awplus config no lldp run ...

Page 1297: ...129 on page 1280 To stop ports from transmitting LLDP MED TLVs refer to NO LLDP MED TLV SELECT on page 1293 Confirmation Command SHOW LLDP INTERFACE on page 1303 Examples This example configures ports 21 and 22 to stop transmitting all optional LLDP TLVs awplus enable awplus configure terminal awplus config interface port1 0 21 port1 0 22 awplus config if no lldp tlv select all This example stops ...

Page 1298: ...ng and or accepting LLDP and LLDP MED advertisements to or from their neighbors Confirmation Command SHOW LLDP INTERFACE on page 1303 Examples This example stops port 12 from transmitting or receiving LLDP advertisements awplus enable awplus configure terminal awplus config interface port1 0 12 awplus config if no lldp transmit receive This example configures ports 3 and 4 to stop receiving LLDP a...

Page 1299: ... a time Mode Global Configuration mode Description Use this command to delete LLDP MED location entries from the switch The same command is used to remove civic locations coordinate locations and ELIN locations You can delete only one entry at a time Confirmation Command SHOW LOCATION on page 1318 Examples This example deletes the civic location ID 17 awplus enable awplus configure terminal awplus...

Page 1300: ...LLDP and LLDP MED Commands 1300 This example removes the ELIN location IDs 3 and 4 awplus enable awplus configure terminal awplus config no location elin location id 3 awplus config no location elin location id 4 ...

Page 1301: ... LLDP is enabled or disabled on the switch Notification Interval Minimum interval between LLDP notifications Tx Timer Interval Transmit interval between regular transmissions of LLDP advertisements LLDP Global Configuration Default Values LLDP Status Enabled Disabled Notification Interval 5 secs 5 Tx Timer Interval 30 secs 30 Hold time Multiplier 4 4 Computed TTL value 120 secs Reinitialization De...

Page 1302: ...elay The re initialization delay This is the minimum time that must elapse after LLDP has been disabled before it can be initialized again Tx Delay The transmission delay This is the minimum time interval between transmissions of advertisements due to changes in LLDP local information Total Neighbor Count Number of LLDP neighbors the switch has discovered on all its ports Neighbors table last upda...

Page 1303: ...y Change TLV Abbreviations Base Pd Port Description Sn System Name Sd System Description Sc System Capabilities Ma Management Address 802 1 Pv Port VLAN ID Pp Port And Protocol VLAN ID Vn VLAN Name Pi Protocol Identity 802 3 Mp MAC PHY Config Status Po Power Via MDI PoE La Link Aggregation Mf Maximum Frame Size MED Mc LLDP MED Capabilities Np Network Policy Lo Location Identification Pe Extended P...

Page 1304: ...nds 1304 Examples This example displays the LLDP settings for all the ports on the switch awplus show lldp interface This example displays the LLDP settings for ports 5 6 and 11 awplus show lldp interface port1 0 5 port1 0 6 port1 0 11 ...

Page 1305: ...ot established links with their LLDP counterparts cannot be displayed with this command See Figure 218 and Figure 219 on page 1306 Figure 218 SHOW LLDP LOCAL INFO INTERFACE Command LLDP Local Information Chassis ID Type MAC address Chassis ID 0015 77d8 4360 Port ID Type Port component Port ID 25 TTL 120 secs Port Description Port_25 System Name zero length System Description AT FS970M 24C System D...

Page 1306: ...pported Link Aggregation Supported Disabled Maximum Frame Size 1522 Octets LLDP MED Device Type Network Connectivity LLDP MED Capabilities LLDP MED Capabilities Network Policy Location Identification Inventory Network Policy 1 Application Type Voice Frame Format Untagged VLAN ID 1 Layer 2 Priority 0 DSCP Value 0 Location Identifier not advertised Extended Power Via MDI PoE Not Supported Inventory ...

Page 1307: ...ed Neighbor Information Neighbors table last updated 0 hrs 0 mins 20 secs ago Chassis ID Type MAC address Chassis ID 0015 77d8 4360 Port ID Type Port component Port ID port1 0 25 TTL 120 secs Port Description Port 25 System Name zero length System Description AT FS970M 24C System Description AT 8100S 24 System Description AT 9000 28SP System Capabilities Supported Bridge Router Enabled Bridge Rout...

Page 1308: ...oftware Revision v1 0 0 Serial Number A04161H09020007 Manufacturer Name ATI Model Name AT FS970M 24C Model Name AT 8100S 24 Model Name AT 9000 52 Asset ID not advertised Table 133 SHOW LLDP NEIGHBORS DETAIL Command Parameter Description Chassis ID Type Type of the chassis ID Chassis ID Chassis ID that uniquely identifies the neighbor Port ID Type Type of the port ID Port ID Port ID of the neighbor...

Page 1309: ... and duplex mode of the port and whether the port was configured with Auto Negotiation Advertised Capability The auto negotiation port capabilities including 1000BaseTDF 100BaseTXFD 100BaseTX 10BaseTFD 10BaseT Operational MAU Type The Operational MAU Medium Attachment Unit type is the attached device s medium speed such as twisted pair fiber or link speed Power via MDI PoE The power via MDI capabi...

Page 1310: ...rk ID VID Layer 2 Priority Layer 2 user priority is in the range of 0 to 7 DSCP Value Indicates a DSCP priority level The range is 0 to 63 A level of 0 is the lowest priority and a level of 63 is the highest priority Location Identifier Specifies an ID number for an LLDP MED civic location entry on the switch The range is 1 to 256 Extended Power via MDI PoE The extended power via MDI capabilities ...

Page 1311: ... This example displays the information from all of the neighbors that are connected to ports 1 and 4 awplus show lldp neighbors interface port1 0 1 port1 0 4 Manufacturer Name The name of the company that manufactured the device Model Name The model name Asset ID The asset ID number Table 133 SHOW LLDP NEIGHBORS DETAIL Command Continued Parameter Description ...

Page 1312: ...lained in Table 134 Total number of neighbors on these ports 1 System Capability Codes O Other P Repeater B Bridge W WLAN Access Point R Router T Telephone C DOCSIS Cable Device S Station Only LLDP MED Device Class and Power Source Codes 1 Class I 3 Class III PSE PoE Both PoE Local Prim Primary 2 Class II N Network Con Locl Local Unkn Unknown Back Backup Local Neighbor Neighbor Neighbor System MED...

Page 1313: ...ys a summary of the information from the neighbors connected to ports 1 and 4 awplus show lldp neighbors interface port1 0 1 port1 0 4 Neighbor Port Name The number of the neighbor s port that sent the information Neighbor System Name The neighbor s system name Neighbor Capability Capabilities that are supported and enabled on the neighbor Table 134 SHOW LLDP NEIGHBORS INTERFACE Command Parameter ...

Page 1314: ...ion the command displays is explained in Table 135 Table 135 SHOW LLDP STATISTICS Command Statistic Description Frame Out Number of LLDPDU frames transmitted Frame In Number of LLDPDU frames received Frame In Errored Number of invalid LLDPDU frames received Frame In Dropped Number of LLDPDU frames received and discarded Global LLDP Packet and Event counters Frames Out 345 In 423 In Errored 0 In Dr...

Page 1315: ...eighbors has been inserted into the neighbor table Neighbors Deleted Entries Number of times the information advertised by neighbors has been removed from the neighbor table Neighbors Dropped Entries Number of times the information advertised by neighbors could not be entered into the neighbor table because of insufficient resources Neighbors Entry Age outs Entries Number of times the information ...

Page 1316: ...re 224 SHOW LLDP STATISTICS INTERFACE Command The information the command displays is explained in Table 136 Table 136 SHOW LLDP STATISTICS INTERFACE Command Statistic Description Frame Out Number of LLDPDU frames transmitted by the port Frame In Number of LLDPDU frames received by the port Frame In Errored Number of invalid LLDPDU frames received by the port LLDP Packet and Event counters Port 2 ...

Page 1317: ...the port Neighbors New Entries Number of times the information advertised by the neighbor on the port has been inserted into the neighbor table Neighbors Deleted Entries Number of times the information advertised by the neighbor on the port has been removed from the neighbor table Neighbors Dropped Entries Number of times the information advertised by the neighbor on the port could not be entered ...

Page 1318: ...isplay the civic coordinate or ELIN location entries on the switch Here is an example of a civic location entry Figure 225 SHOW LOCATION Command for a Civic Location The information the command displays is explained in Table 137 Table 137 SHOW LLDP STATISTICS INTERFACE Command Column Description ID The ID number of the entry Element Type A parameter of the entry Element Value The current value of ...

Page 1319: ...he coordinate location entries awplus show location coord location The following example displays only coordinate location entry 16 awplus show location coord location identifier 16 The following example displays the coordinate location assigned to port 21 awplus show location coord location interface port1 0 21 The following example displays all the ELIN location entries awplus show location elin...

Page 1320: ...Chapter 79 LLDP and LLDP MED Commands 1320 ...

Page 1321: ...ess Resolution Protocol ARP This chapter contains the following topics Overview on page 1322 Adding Static ARP Entries on page 1323 Deleting Static and Dynamic ARP Entries on page 1324 Displaying the ARP Table on page 1325 ...

Page 1322: ...pulate the ARP table in the cache These are called dynamic ARP entries Dynamic ARP entries are updated in two ways During regular operations When a node receives frames from the media it records the source IP and MAC addresses Using ARP broadcast requests When a node creates a frame and does not find an entry of the destination IPv4 address in the ARP cache ARP broadcasts a request including the I...

Page 1323: ...utes statically you can reduce ARP broadcasting requests To add a static ARP entry use the ARP command in the Global Configuration mode Here is the format of the command arp ipaddress macaddress port_number You must include both the IP address and the MAC address of the destination node The MAC address must be entered in one of the following formats xx xx xx xx xx xx zzzz zzzz zzzz Note The switch...

Page 1324: ...t once The following example deletes all of the dynamic ARP entries in the ARP cache awplus enable awplus clear arp cache You can delete one static ARP entry with the NO ARP IP ADDRESS command The following example deletes the static ARP entry for the IP address 192 168 1 12 awplus enable awplus configure terminal awplus config no arp 192 168 1 12 Table 138 Deleting ARP Entries To Do This Task Use...

Page 1325: ...w arp An example is shown in Figure 226 Figure 226 SHOW ARP Command The fields are described in Table 140 on page 1332 IP ARP ARP Cache Timeout 300 seconds Total ARP Entries 215 IP Address MAC Address Interface Port Type 149 122 34 4 0006 5bb2 4421 vlan2 port1 0 2 Dynamic 149 122 34 12 00a0 d218 eea1 vlan2 port1 0 3 Dynamic 149 122 34 21 00a0 c357 3214 vlan2 port1 0 4 Dynamic 149 122 35 1 00a0 64b...

Page 1326: ...Chapter 80 Address Resolution Protocol ARP 1326 ...

Page 1327: ...P on page 1328 Global Configuration Adds static ARP entries to the ARP cache CLEAR ARP CACHE on page 1330 User Exec and Privileged Exec Deletes all dynamic ARP entries from the ARP cache NO ARP IP ADDRESS on page 1331 Global Configuration Deletes a static ARP entry from the ARP cache SHOW ARP on page 1332 User Exec and Privileged Exec Displays the static and dynamic ARP entries in the ARP cache ...

Page 1328: ...IP address Mode Global Configuration mode Description Use this command to add the static ARP entry of a host to the ARP cache The ARP entry must not already exist in the ARP cache The switch can support up to 1024 static ARP entries Note The switch must have a management IP address to support static ARP entries The IP addresses of the ARP entries must be members of the same subnet as the managemen...

Page 1329: ...ide 1329 Example The following example creates an ARP entry for the IP address 192 168 1 3 and the MAC address 7a 54 2b 11 65 72 on port 25 awplus enable awplus configure terminal awplus config arp 192 168 1 3 7a 54 2b 11 65 72 port1 0 25 ...

Page 1330: ...des User Exec mode and Privileged Exec mode Description Use this command to delete all dynamic ARP entries from the ARP cache on the switch Confirmation Command SHOW ARP on page 1332 Example The following example deletes all of the ARP entries dynamically added to the ARP cache awplus enable awplus clear arp cache ...

Page 1331: ...ption Use this command to delete a static ARP entry from the ARP cache Static ARP entries do not expire and you must remove them manually This command can delete only one ARP entry at a time Confirmation Command SHOW ARP on page 1332 Example The following example deletes the static ARP entry of the IP address 192 168 1 2 awplus enable awplus configure terminal awplus config no arp 192 168 1 2 ...

Page 1332: ...able are described in Table 140 IP ARP ARP Cache Timeout 300 seconds Total ARP Entries 2 IP Address MAC Address Interface Port Type 10 0 0 1 eccd 6d41 9e57 vlan1 port1 0 10 Dynamic 10 0 0 150 000c 2957 96db vlan1 port1 0 10 Dynamic 10 0 0 75 0000 1a2a f8bb vlan1 port1 0 1 Static Table 140 SHOW ARP Command Parameter Description IP Address Indicates the IP address of the host MAC Address Indicates t...

Page 1333: ...arp Type Indicates the type of entry The type is one of the following Static Static entry added with the ARP IP ADDRESS MAC ADDRESS command Dynamic Dynamic entry learned from ARP request reply exchanges Invalid Possible nonexistent entry Other Entry automatically generated by the system Table 140 SHOW ARP Command Continued Parameter Description ...

Page 1334: ...Chapter 81 Address Resolution Protocol ARP Commands 1334 ...

Page 1335: ...1335 Chapter 82 RMON This chapter contains the following topics Overview on page 1336 RMON Port Statistics on page 1337 RMON Histories on page 1339 RMON Alarms on page 1342 ...

Page 1336: ...to identify traffic trends or patterns For instructions refer to RMON Histories on page 1339 Alarm group This group is used to create alarms that trigger event log messages or SNMP traps when statistics thresholds are exceeded For instructions refer to RMON Alarms on page 1342 Event group This group is used with alarms to define the actions of the switch when packet statistic thresholds are crosse...

Page 1337: ...t Interface mode Here is the format of the command rmon collection stats stats_id owner owner The STATS_ID parameter is the ID number of the new group The range is 1 to 65535 The groups will be easier to identify if their ID numbers are the same as the port numbers For instance a group assigned to port 16 should be assigned the ID number 16 You will find this particularly useful when you view the ...

Page 1338: ...ilege Exec mode awplus show rmon statistics Here is an example of the information Figure 228 SHOW RMON STATISTICS Command The fields are described in Table 147 on page 1374 Deleting Statistics Groups To delete RMON statistics groups from the ports on the switch use the NO RMON COLLECTION STATS command in the Port Interface mode This example of the command removes the group from port 5 awplus enabl...

Page 1339: ...oups on page 1340 Deleting History Groups on page 1341 Adding History Groups The command for creating history groups is the RMON COLLECTION HISTORY command This command is in the Port Interface mode because history groups are applied on a per port basis Here is the format of the command rmon collection history history_id buckets buckets interval interval owner owner You can apply a history group t...

Page 1340: ...f three buckets the switch deletes the first bucket when it adds the fourth bucket To stop a history from gathering any more statistics you must delete it This example configures the switch to take a snapshot of the statistics of port 23 once every hour for fifteen hours awplus enable awplus configure terminal awplus config interface port1 0 23 awplus config if rmon collection history 23 buckets 1...

Page 1341: ... switch The switch stops collecting port statistic histories as soon as you enter the command This example of the command deletes the history group with the ID 2 on port 2 awplus enable awplus configure terminal awplus config interface port1 0 2 awplus config if no rmon collection history 2 History Index 7 Data source ifindex 7 Buckets requested 8 Buckets granted 8 Interval 1800 Owner Agent Histor...

Page 1342: ...m Here are the three components that comprise RMON alarms RMON statistics group A port must have an RMON statistics group if it is to have an alarm When you create an alarm you specify the port to which it is to be assigned not by the port number but rather by the ID number of the port s statistics group As explained in RMON Port Statistics on page 1337 statistics groups are also used to remotely ...

Page 1343: ...ner Here is the command to create events that send SNMP traps rmon event event_id trap community_string description description owner owner This command creates events that both send SNMP traps and enter messages in the event log rmon event event_id log trap community_string description description owner owner The EVENT_ID parameter is a value from 1 to 65535 that uniquely identifies the event The...

Page 1344: ... MIB object names and numbers for use in the OID portion of the variable For the complete list refer to Table 143 on page 1358 The second part of the OID STATS_ID variable is the ID number of the statistics group on the port the alarm is to monitor The port is specified indirectly in the command by the ID number of the statistics group For example if the alarm is to monitor port 4 use the STATS_ID...

Page 1345: ... 3 6 1 2 1 16 1 1 1 5 The alarm is assigned the ID number 1 and triggers event 3 which enters a message in the event log if the ingress traffic on the port exceeds 20000 packets per minute or falls below 1000 packets The first sequence of steps adds an RMON statistics group to port 22 The alarm will not work unless the switch is gathering statistics from the port to use with RMON You can skip this...

Page 1346: ...tistics group ID number 22 Interval 60 seconds Rising threshold 20000 packets Rising threshold event 3 Falling threshold 1000 packets Falling threshold event 3 awplus configure terminal Enter the Global Configuration mode awplus config rmon event 3 log description Enter_log_message Create the event with the RMON EVENT LOG command awplus config exit Return to the Privileged Exec mode awplus show rm...

Page 1347: ...ere are the steps to create the community string assign it the IP addresses of the host nodes and activate SNMP on the switch awplus configure terminal Enter the Global Configuration mode awplus config rmon alarm 1 1 3 6 1 2 1 16 1 1 1 5 22 interval 60 delta rising threshold 20000 event 3 falling threshold 1000 event 3 Create the alarm with the RMON ALARM command awplus config exit Return to the P...

Page 1348: ...with the SHOW SNMP SERVER command awplus show snmp server community Verify the new community string with the SHOW SNMP SERVER COMMUNITY command awplus show running config Verify the host IP addresses of the community string with the SHOW RUNNING CONFIG command awplus configure terminal Enter the Global Configuration mode awplus config interface port1 0 20 Enter the Port Interface mode for port 20 ...

Page 1349: ... the steps to creating the alarm awplus configure terminal Enter the Global Configuration mode awplus config rmon event 2 log trap Station12ap description trap_and_log_event Create the event with the RMON EVENT LOG TRAP command It is important to remember that the community string is case sensitive awplus config exit Return to the Privileged Exec mode awplus show rmon event Use the SHOW RMON EVENT...

Page 1350: ...Chapter 82 RMON 1350 awplus show rmon alarm Use the SHOW RMON ALARM command to verify the new alarm ...

Page 1351: ...age 1357 Global Configuration Creates alarms to monitor RMON statistics on the ports RMON COLLECTION HISTORY on page 1360 Port Interface Creates history groups on the ports RMON COLLECTION STATS on page 1362 Port Interface Creates statistics groups on the ports RMON EVENT LOG on page 1363 Global Configuration Creates alarm events that enter entries in the event log RMON EVENT LOG TRAP on page 1364...

Page 1352: ...rivileged Exec Displays the RMON history groups that are assigned to the ports on the switch SHOW RMON STATISTICS on page 1374 Privileged Exec Displays the statistics groups that are assigned to the ports Table 142 RMON Commands Continued Command Mode Description ...

Page 1353: ...m you want to delete You can delete only one alarm at a time The range is 1 to 65535 Mode Global Configuration mode Description Use this command to delete alarms from the switch Confirmation Command SHOW RMON ALARM on page 1368 Example This example deletes the alarm with ID 3 awplus enable awplus configure terminal awplus config no rmon event 3 ...

Page 1354: ...nly one group at a time The range is 1 to 65535 Mode Port Interface mode Description Use this command to delete history groups from ports on the switch Confirmation Command SHOW RMON HISTORY on page 1372 Example This example deletes the history group that has the ID number 17 from port 17 awplus enable awplus configure terminal awplus config interface port1 0 17 awplus config if no rmon collection...

Page 1355: ... to delete The range is 1 to 65535 Mode Port Interface mode Description Use this command to delete statistics groups from ports on the switch Confirmation Command SHOW RMON STATISTICS on page 1374 Example This example deletes the statistics group with ID 11 from port 11 awplus enable awplus configure terminal awplus config interface port1 0 11 awplus config if no rmon collection stats 11 ...

Page 1356: ...elete from the switch You can delete only one event at a time The range is 1 to 65535 Mode Global Configuration mode Description Use this command to delete events from the switch Confirmation Command SHOW RMON EVENT on page 1370 Example This example delete the event with ID 2 awplus enable awplus configure terminal awplus config no rmon event 2 ...

Page 1357: ...r more information on the OID and STATS_ID variables refer to Creating RMON Alarms on page 1344 interval Specifies the polling interval in seconds The range is 1 to 65535 seconds delta Specifies that the alarm is based on the difference between the current value and preceding value of the designated statistic absolute Specifies that the alarm is based on the current value of the designated RMON st...

Page 1358: ...COLLECTION STATS on page 1362 The port of an alarm is specified indirectly in the command You use the STATS_ID parameter to specify the ID number of the RMON statistics group you added to the port The command must include both rising and falling thresholds The rising and falling thresholds can have different events or the same event The events must already exist The OID parameter in the command sp...

Page 1359: ... refer to RMON Alarms on page 1342 etherStatsMulticastPkts 1 3 6 1 2 1 16 1 1 1 7 stats_id etherStatsCRCAlignErrors 1 3 6 1 2 1 16 1 1 1 8 stats_id etherStatsUndersizePkts 1 3 6 1 2 1 16 1 1 1 9 stats_id etherStatsOversizePkts 1 3 6 1 2 1 16 1 1 1 10 stats_id etherStatsFragments 1 3 6 1 2 1 16 1 1 1 11 stats_id etherStatsJabbers 1 3 6 1 2 1 16 1 1 1 12 stats_id etherStatsCollisions 1 3 6 1 2 1 16 ...

Page 1360: ...he switch to capture snapshots of the RMON statistics of the ports over time You can view the snapshots with an SNMP program to look for trends or patterns in the numbers or types of ingress packets on the ports A history group can be applied to just one port and the switch can support up to eight entries at a time Thus you can collect statistics histories on up to eight ports at a time The BUCKET...

Page 1361: ...res eight buckets because there are eight fifteen minute intervals in two hours The group is assigned the ID number 1 awplus enable awplus configure terminal awplus config interface port1 0 14 awplus config if rmon collection history 1 buckets 8 interval 900 This example creates a history group that takes a snapshot of the RMON statistics on port 7 every hour 3600 seconds for twelve hours The grou...

Page 1362: ...oups on the ports of the switch The groups are used to view RMON port statistics from SNMP workstations on your network and to create RMON alarms A port can have only one RMON statistics group and a group can be assigned to just one port at a time The switch supports up to eight groups allowing you to monitor up to eight ports at one time Confirmation Command SHOW RMON STATISTICS on page 1374 Exam...

Page 1363: ...r the event Spaces and special characters are not allowed Mode Global Configuration mode Description Use this command to create events for RMON alarms This type of event enters a message in the event log when a rising or falling threshold of an alarm is crossed The same event can be assigned to multiple alarms Confirmation Command SHOW RMON EVENT on page 1370 Example The following example creates ...

Page 1364: ...exist on the switch description Specifies a description of up to 20 alphanumeric characters for the event Spaces and special characters are not allowed owner Specifies an owner of up to 20 alphanumeric characters for the event Spaces and special characters are not allowed You must enter a description to include an owner Mode Global Configuration mode Description Use this command to create events f...

Page 1365: ...reates an event for RMON alarms with an ID of 2 a community string of station43a a description of broadcast_packets and an owner named jones awplus enable awplus configure terminal awplus config rmon event 2 log trap station43a description broadcast_packets owner jones ...

Page 1366: ...d must already exist on the switch description Specifies a description of up to 20 alphanumeric characters for the event Spaces and special characters are not allowed owner Specifies an owner of up to 20 alphanumeric characters for the event Spaces and special characters are not allowed You must enter a description to include an owner Mode Global Configuration mode Description Use this command to ...

Page 1367: ...e 1367 Example The following example creates an event with an ID of 4 a community string of st_west8 and a description of router_north awplus enable awplus configure terminal awplus config rmon event 4 trap st_west8 description router_north ...

Page 1368: ...of the information Figure 230 SHOW RMON ALARM Command Alarm Index 2 Variable etherStatsBroadcastPkts 2 Interval 80 Alarm Type rising and falling Rising Threshold 1000 Event Index 5 Falling Threshold 100 Event Index 5 Owner Agent Alarm Index 5 Variable etherStatsBroadcastPkts 4 Interval 5 Alarm Type rising and falling Rising Threshold 5000 Event Index 1 Falling Threshold 500 Event Index 1 Owner Age...

Page 1369: ...or the port and MIB object Interval The polling interval in seconds Alarm Type The alarm type This is always rising and falling meaning the alarm has both a rising threshold and a falling threshold Rising Threshold The rising threshold Event Index The ID number of the event the alarm performs if the rising threshold is crossed Falling threshold The falling threshold Event index The ID number of th...

Page 1370: ...145 Event index 2 Description broadcast_packets Event type log trap Event community name wkst12a Last Time Sent 0 Owner Agent Event index 3 Description port24_traffic Event type log Event community name Last Time Sent 0 Owner Wilson Table 145 SHOW RMON EVENT Command Parameter Description Event index The ID number of the event Description The description of the event Event type The event type The t...

Page 1371: ...a message in the event log and sends an SNMP trap Event community name The SNMP community string used to send SNMP traps Last Time Sent The number of seconds the switch had been operating when it last sent the event trap Owner The owner of the event The owner is Agent if no owner was specified when the event was created Table 145 SHOW RMON EVENT Command Continued Parameter Description ...

Page 1372: ...ON HISTORY Command The fields are described in Table 146 Table 146 SHOW RMON HISTORY Command Parameter Description History Index The ID number of the history group History Index 1 Data source ifindex 2 Buckets requested 50 Buckets granted 50 Interval 800 Owner William History Index 4 Data source ifindex 7 Buckets requested 25 Buckets granted 25 Interval 120 Owner Jones History Index 2 Data source ...

Page 1373: ...at created the history group Buckets granted The number of buckets allocated by the switch for the history group The value in this field will be less than the value in the buckets requested field if the switch did not have sufficient memory resources when you created the history group Interval The polling interval in seconds Owner The owner of the group The owner is Agent if no owner was specified...

Page 1374: ...TATISTICS Command The fields are described in Table 147 Example awplus show rmon statistics Table 147 SHOW RMON STATISTICS Command Parameter Description Stats Index The ID number of the port statistics group Data source ifindex The port number of the group Owner The owner of the group The owner is Agent if no owner was specified when the statistics group was created Stats Index 5 Data source ifind...

Page 1375: ...e 1409 Chapter 89 Telnet Client Commands on page 1413 Chapter 90 Secure Shell SSH Server on page 1417 Chapter 91 SSH Server Commands on page 1429 Chapter 92 Non secure HTTP Web Browser Server on page 1439 Chapter 93 Non secure HTTP Web Browser Server Commands on page 1445 Chapter 94 Secure HTTPS Web Browser Server on page 1451 Chapter 95 Secure HTTPS Web Browser Server Commands on page 1465 Chapte...

Page 1376: ...1376 ...

Page 1377: ... on page 1381 Deleting Local Manager Accounts on page 1383 Activating Command Mode Restriction and Creating the Special Password on page 1384 Deactivating Command Mode Restriction and Deleting the Special Password on page 1385 Activating or Deactivating Password Encryption on page 1386 Displaying the Local Manager Accounts on page 1387 ...

Page 1378: ...here in the command mode structure managers can go and consequently which commands they can access The privilege levels are 1 and 15 Manager accounts with a privilege level of 15 have access to the entire command mode structure and thus to all of the commands Managers should be assigned accounts with this level if they need to configure the parameter settings of the switch The default manager acco...

Page 1379: ...ryption When you create a new manager account you have to assign it a password You also have to create a new password if you activate command mode restrictions The commands for creating manager accounts and activating command mode restriction give you the choice of entering new passwords in either plaintext or encrypted form Passwords that are entered in plaintext are stored by the switch in eithe...

Page 1380: ...passwords of new manager accounts When you deactivate password encryption with the NO SERVICE PASSWORD ENCRYPTION command the switch searches the running configuration and decrypts passwords that were initially created in plaintext Decrypting passwords can pose a security risk because managers can issue the NO SERVICE PASSWORD ENCRYPTION command to see the passwords of the other accounts To perman...

Page 1381: ... password is case sensitive and can have up to 16 alphanumeric characters including punctuation and printable special characters Spaces are not permitted To enter an encrypted password precede it with the number 8 This example of the command creates an account for the user john The privilege level is 15 to give the manager access to the entire command mode structure The password is pmat762 awplus ...

Page 1382: ...r 84 Local Manager Accounts 1382 Passwords entered in encrypted form remain encrypted in the running configuration even if you disable password encryption by issuing the NO SERVICE PASSWORD ENCRYPTION command ...

Page 1383: ...ge the switch If you delete the account with which you logged on to the switch your current management session is not interrupted But you will not be able to use that account again to log in and configure the unit This example of the command deletes the manager account bjspring awplus enable awplus configure terminal awplus config no username bjspring Note You can delete the default manager accoun...

Page 1384: ...changing the password is the ENABLE PASSWORD command in the Global Configuration mode The switch can have only one special password Here is the format of the command enable password 8 password The PASSWORD parameter specifies the special password You can enter the password in plaintext or encrypted A plaintext password is case sensitive and can have up to 16 alphanumeric characters including speci...

Page 1385: ...l password is the NO ENABLE PASSWORD command in the Global Configuration mode When command mode restriction is deactivated manager accounts with a privilege level of 15 do not have to enter the special password when they enter the ENABLE command to move from the User Exec mode to the Privilege Exec mode Here is the command awplus enable awplus configure terminal awplus config no enable password ...

Page 1386: ...terminal awplus config service password encryption When password encryption is activated the switch searches the running configuration for plaintext passwords and encrypts them It also automatically encrypts the plaintext passwords of new manager accounts To disable password encryption use the NO SERVICE PASSWORD ENCRYPTION command awplus enable awplus configure terminal awplus config no service p...

Page 1387: ...play the running configuration Here is an example of several accounts Figure 236 Displaying the Local Manager Accounts in the Running Configuration username manager privilege 15 password WestWind11a username sjones privilege 15 password Lat76rose username smith privilege 1 password Positive89act username adams privilege 15 password 8 c1a23116461d5856f98ee072ea319bc9 ...

Page 1388: ...Chapter 84 Local Manager Accounts 1388 ...

Page 1389: ...ch and specifies the password NO ENABLE PASSWORD on page 1392 Global Configuration Deactivates command mode restriction on the switch NO SERVICE PASSWORD ENCRYPTION on page 1393 Global Configuration Disables password encryption NO USERNAME on page 1394 Global Configuration Deletes manager accounts from the switch SERVICE PASSWORD ENCRYPTION on page 1395 Global Configuration Encrypts all manager ac...

Page 1390: ...e managers with a privilege level of 1 must enter the password to move to the Privileged Exec mode from the User Exec mode Managers who do not know the password or have a privilege level of 1 are restricted to the User Exec mode Note Managers with a privilege level of 15 are only required to enter the ENABLE command to access the Privileged Exec mode and are not required to enter this password Con...

Page 1391: ...AT 8100 Switch Command Line User s Guide 1391 awplus enable awplus configure terminal awplus config enable password 8 1255bbf963118fcf750aca356d 35f6ab ...

Page 1392: ...eactivate command mode restriction on the switch to allow managers who have the privilege level 15 to access all of the command modes without having to enter the special password Confirmation Command SHOW RUNNING CONFIG on page 170 Example This example disables command mode restriction on the switch awplus enable awplus configure terminal awplus config no enable password ...

Page 1393: ...configuration file unless they are entered in their encrypted forms in the USERNAME command Also the switch decrypts all of the passwords of the current manager accounts in the running configuration file except for passwords that were entered in their encrypted forms when the manager accounts were created Confirmation Command SHOW RUNNING CONFIG on page 170 Example This example disables password e...

Page 1394: ... Note You can delete the default manager account from the switch Caution Do not delete all of the local manager accounts that have the privilege level 15 if the switch does not have any remote RADIUS or TACACS accounts Otherwise you will not be able to log in again as manager and will have to contact Allied Telesis for assistance Confirmation Command SHOW RUNNING CONFIG on page 170 Example This ex...

Page 1395: ...password encryption This feature encrypts all of the manager account passwords in the running configuration of the switch and the passwords of new manager accounts This is the default setting for password encryption Confirmation Command SHOW RUNNING CONFIG on page 170 Example This example enables password encryption awplus enable awplus configure terminal awplus config service password encryption ...

Page 1396: ...modes unless command mode restriction is activated Manager accounts with the privilege level 1 are restricted to the User Exec mode 8 Specifies that the password is encrypted password Specifies the password of the new manager account A non encrypted password is case sensitive and can have up to 16 alphanumeric characters including punctuation and printable special characters Spaces are not permitt...

Page 1397: ...he password is laf238pl awplus enable awplus configure terminal awplus config username allen privilege 15 password laf238pl This example creates a manager account for the user sjones The privilege level is 1 to restrict the manager to the User Exec mode The password is bluesky entered in its encrypted form awplus enable awplus configure terminal awplus config username sjones privilege 1 password 8...

Page 1398: ...Chapter 85 Local Manager Account Commands 1398 ...

Page 1399: ...pter 86 Telnet Server This chapter provides the following topics Overview on page 1400 Enabling the Telnet Server on page 1401 Disabling the Telnet Server on page 1402 Displaying the Telnet Server on page 1403 ...

Page 1400: ...ave access to it through routers or other Layer 3 devices If the Telnet clients are not members of the same subnet as the switch s management IP address the switch must have a default gateway This is the IP address of an interface on a router or other Layer 3 routing device that is the first hop to reaching the subnets of the Telnet clients For background information refer to Chapter 13 IPv4 and I...

Page 1401: ...e command awplus enable awplus configure terminal awplus config service telnet Once the server is started you can conduct remote management sessions over your network from Telnet clients provided that the switch has a management IP address For instructions on how to start a remote Telnet management session refer to Starting a Remote Telnet or SSH Management Session on page 78 ...

Page 1402: ...g no service telnet Note If you disable the server from a remote Telnet management session your session ends To resume managing the unit establish a local management session or remote web browser session If the maximum number of manager sessions on the switch is set to one you must wait for the console timer on the switch to expire before starting a new manager session The default setting for the ...

Page 1403: ... display the status of the Telnet server use the SHOW TELNET command in the User Exec mode or Privileged Exec mode Here is the command awplus show telnet Here is the information the command displays Figure 237 SHOW TELNET Command Telnet Server Configuration Telnet server Enabled ...

Page 1404: ...Chapter 86 Telnet Server 1404 ...

Page 1405: ... chapter Table 149 Telnet Server Commands Command Mode Description NO SERVICE TELNET on page 1406 Global Configuration Disables the Telnet server SERVICE TELNET on page 1407 Global Configuration Enables the Telnet server SHOW TELNET on page 1408 User Exec and Privileged Exec Displays the status of the Telnet server on the switch ...

Page 1406: ...agement session ends if you disable the server from a remote Telnet session To resume managing the unit establish a local management session or remote web browser session If the maximum number of manager sessions on the switch is set to one you must wait for the console timer on the switch to expire before starting a new management session The default setting for the console timer is 10 minutes Co...

Page 1407: ...itch with a Telnet application protocol The default setting for the Telnet server is enabled Note The switch must have a management IP address for remote Telnet management For background information refer to Chapter 13 IPv4 and IPv6 Management Addresses on page 299 Confirmation Command SHOW TELNET on page 1408 Example This example enables the Telnet server awplus enable awplus configure terminal a...

Page 1408: ...ption Use this command to display the status of the Telnet server on the switch The status of the server can be either enabled or disabled Here is the information Figure 238 SHOW TELNET Command Example This example displays the status of the Telnet server on the switch awplus show telnet Telnet Server Configuration Telnet server Enabled ...

Page 1409: ...1409 Chapter 88 Telnet Client This chapter provides the following topics Overview on page 1410 Starting a Remote Management Session with the Telnet Client on page 1411 ...

Page 1410: ...es that have IPv6 addresses For instructions refer to Chapter 13 IPv4 and IPv6 Management Addresses on page 299 The other network devices that you intend to manage with the Telnet client must be members of the same subnet as the IP address of the switch or have access to it through routers or other Layer 3 devices If the other devices are not members of the same subnet as the switch s IP address t...

Page 1411: ...e Telnet client The default is 23 For example if the IPv4 address of the remote device is 149 174 154 12 you enter awplus enable awplus telnet 149 174 154 12 You should now see the login prompts of the remote device 3 If the remote device to be managed has an IPv6 address move to the Privileged Exec mode and enter the TELNET IPV6 command which has this format telnet ipv6 ipv6_address port The IPV6...

Page 1412: ...Chapter 88 Telnet Client 1412 ...

Page 1413: ...etail within the chapter Table 150 Telnet Client Commands Command Mode Description TELNET on page 1414 Privileged Exec Starts Telnet management sessions on remote devices that have IPv4 addresses TELNET IPV6 on page 1415 Privileged Exec Starts Telnet management sessions on remote devices that have IPv6 addresses ...

Page 1414: ...ort number of the Telnet client The default value is 23 Mode Privileged Exec mode Description Use this command to start Telnet management sessions on network devices that have IPv4 addresses You can manage just one remote device at a time Note This command is available from local and Telnet management sessions Example This example starts a Telnet management session on a network device that has the...

Page 1415: ...net client The default value is 23 Mode Privileged Exec mode Description Use this command to start Telnet management sessions on network devices that have IPv6 addresses You can manage just one remote device at a time Note This command is available from local and Telnet management sessions but not from SSH management sessions Example This example starts a Telnet management session on a network dev...

Page 1416: ...Chapter 89 Telnet Client Commands 1416 ...

Page 1417: ...verview on page 1418 Support for SSH on page 1419 SSH and Enhanced Stacking on page 1421 Creating the Encryption Key Pair on page 1423 Enabling the SSH Server on page 1424 Disabling the SSH Server on page 1425 Deleting Encryption Keys on page 1426 Displaying the SSH Server on page 1427 ...

Page 1418: ...ment workstation exchange during management sessions are encrypted In contrast Telnet management sessions are unsecured and are vulnerable to snooping because the packets are sent in readable text The SSH server on the switch supports SSH protocol versions 1 3 1 5 and 2 0 Client software is available on the Internet Algorithms The SSH server on the switch encrypts the packets using an encryption k...

Page 1419: ...ult port The following SSH options and features are not supported IDEA or Blowfish encryption Non encrypted Secure Shell sessions Tunnelling of TCP IP traffic Guidelines Here are the guidelines to using SSH to manage the switch The switch must have a management IP address For background information refer to Chapter 13 IPv4 and IPv6 Management Addresses on page 299 The management workstations with ...

Page 1420: ...ure you activate and configure SSH server on the master switch not on the member switches Note If your switch is in a network that is protected by a firewall you may need to configure the firewall to permit SSH connections For instructions on how to start a remote management session refer to Starting a Remote Telnet or SSH Management Session on page 78 ...

Page 1421: ...from a member switch first pass through the master switch before reaching your management station Enhanced stacking uses a proprietary protocol different from Telnet and SSH protocols Consequently there is no encryption between a master switch and a member switch The result is that SSH encryption only occurs between your workstation and the master switch not between your workstation and a member s...

Page 1422: ... 1422 Because enhanced stacking does not allow for SSH encrypted management sessions between a management station and a member switch you configure SSH only on the master switch of a stack Activating SSH on a member switch has no effect ...

Page 1423: ...cause you can specify a length in bits by using the VALUE parameter in the command The other keys have a fixed key length of 1024 bits The range is 768 to 2048 bits Entering the length is optional This example creates an RSA key with a length of 768 bits awplus enable awplus configure terminal awplus config crypto key generate hostkey rsa 768 DSA and RSA1 keys take less than a minute to create An ...

Page 1424: ...edure The command that activates the server is the SERVICE SSH command in the Global Configuration mode Here is the command awplus enable awplus configure terminal awplus config service ssh After you enter the command the switch searches its database for an encryption key If it finds a key it immediately enables the server Otherwise it does not activate the server With the server activated you can...

Page 1425: ...er the following commands awplus enable awplus configure terminal awplus config no service ssh Note If you disable the server during a remote SSH management session your session ends To resume managing the unit with the same management account you must wait for the console timer on the switch to expire and then establish a local management session or remote Telnet or web browser session ...

Page 1426: ...SSH management session your session ends To resume managing the unit with the manager account you must wait for the console timer on the switch to expire and then establish a local management session or remote Telnet or web browser session This example deletes the DSA key awplus enable awplus configure terminal awplus config no service ssh awplus config crypto key destroy hostkey dsa This example ...

Page 1427: ...00 Switch Command Line User s Guide 1427 Displaying the SSH Server To display the current settings of the server enter this command in the Privileged Exec or Global Configuration mode awplus show ssh server ...

Page 1428: ...Chapter 90 Secure Shell SSH Server 1428 ...

Page 1429: ... CRYPTO KEY GENERATE HOSTKEY on page 1432 Global Configuration Creates encryption keys NO SERVICE SSH on page 1434 Global Configuration Disables the SSH server SERVICE SSH on page 1435 Global Configuration Activates the SSH server and specifies the host and server encryption keys SHOW CRYPTO KEY HOSTKEY on page 1436 Privileged and Global Configuration Displays the encryption keys SHOW SSH SERVER o...

Page 1430: ...ryption keys are permanently removed by the switch when you enter this command You do not have to enter the WRITE command or the COPY RUNNING CONFIG STARTUP CONFIG command to save your changes on the switch Confirmation Command SHOW CRYPTO KEY HOSTKEY on page 1436 Examples This example deletes the DSA key awplus enable awplus configure terminal awplus config crypto key destroy hostkey dsa This exa...

Page 1431: ...AT 8100 Switch Command Line User s Guide 1431 This example deletes the RSA1 key awplus enable awplus configure terminal awplus config crypto key destroy hostkey rsa1 ...

Page 1432: ...Description Use this command to create the encryption key for the Secure Shell server You must create the key before activating the server The switch can have one key of each type at the same time If you create a new key when the switch already has a key of that type the new key overwrites the old key For example if you create a new RSA key when the switch already has an RSA key the new key replac...

Page 1433: ...nwanted switch behavior create a key during periods of low network activity Examples This example creates a DSA key awplus enable awplus configure terminal awplus config crypto key generate hostkey dsa This example creates an RSA key with a length of 1280 bits awplus enable awplus configure terminal awplus config crypto key generate hostkey rsa 1280 This example creates an RSA1 key awplus enable a...

Page 1434: ...session of the switch ends if you disable the server from a remote SSH management session To resume managing the switch from a local management session or a remote Telnet or web browser session you must wait for the console timer to expire if the switch is configured to support one manager session at a time The default setting for the console timer is 10 minutes Confirmation Command SHOW SSH SERVE...

Page 1435: ... enable the Secure Shell server on the switch You must create an encryption key before enabling the server For instructions refer to CRYPTO KEY GENERATE HOSTKEY on page 1432 Confirmation Command SHOW SSH SERVER on page 1437 Example This example enables the Secure Shell server on the switch awplus enable awplus configure terminal awplus config service ssh ...

Page 1436: ...onfiguration mode Description Use this command to display the encryption keys Here is an example of the information for an RSA key Figure 240 SHOW CRYPTO KEY HOSTKEY Command Examples This example displays all of the keys awplus show crypto key hostkey This example displays the RSA1 key only awplus show crypto key hostkey rsa1 Type Bits Fingerprint RSA 1280 60 59 ff 78 e7 4e 58 24 e6 57 bc c9 d1 c9...

Page 1437: ...mand to display the current status of the SSH server Versions supported Server Status Server Port Example This example displays the status of the SSH server awplus show ssh server An example of the information the command displays is shown in Figure 241 Figure 241 SHOW SSH SERVER Command Secure Shell Server Configuration Versions Supported 2 1 SSH Server Enabled Server Port 22 ...

Page 1438: ...Chapter 91 SSH Server Commands 1438 ...

Page 1439: ...r This chapter describes the following topics Overview on page 1440 Enabling the Web Browser Server on page 1441 Setting the Protocol Port Number on page 1442 Disabling the Web Browser Server on page 1443 Displaying the Web Browser Server on page 1444 ...

Page 1440: ...tures the management packet that contains your user name and password he or she could use that information to access the switch and make unauthorized changes to its configuration settings Here are the guidelines to using the web browser server in the non secure HTTP mode The switch must have a management IP address For instructions refer to Chapter 13 IPv4 and IPv6 Management Addresses on page 299...

Page 1441: ... address For instructions refer to Chapter 13 IPv4 and IPv6 Management Addresses on page 299 If the web browser server is already configured for secure HTTPS and you are changing it back to non secure HTTP operation you must first deactivate the HTTPS server with the NO SERVICE HTTPS command also in the Global Configuration mode Now that the server is activated for HTTP operation you can begin to ...

Page 1442: ... port 80 for the protocol port of the HTTP web server can be adjusted with the IP HTTP PORT command in the Global Configuration mode This example of the command changes the protocol port to 100 awplus enable awplus configure terminal awplus config ip http port 100 The range of the port number is 0 to 65535 ...

Page 1443: ...HTTP command in the Global Configuration mode awplus enable awplus configure terminal awplus config no service http No further web browser management sessions are permitted by the switch after the server is disabled Any web browser sessions that are in progress when the server is disabled are interrupted and are not allowed to continue ...

Page 1444: ...er is enabled or disabled on the switch issue the SHOW IP HTTP command in the Privileged Exec mode The command also displays the protocol port number if the server is enabled Here is the command awplus enable awplus show ip http Here is an example of the display Figure 242 SHOW IP HTTP Command HTTP server enabled Port 80 ...

Page 1445: ...cure HTTP Web Browser Server Commands Command Mode Description SERVICE HTTP on page 1446 Global Configuration Enables the HTTP web browser server IP HTTP PORT on page 1447 Global Configuration Sets the protocol port number of the server NO SERVICE HTTP on page 1448 Global Configuration Disables the web browser server SHOW IP HTTP on page 1449 Privileged Exec Displays the settings of the server ...

Page 1446: ...Use this command to activate the HTTP web browser server on the switch The switch supports non secure HTTP web browser management sessions when the server is activated Confirmation Command SHOW IP HTTP on page 1449 Example This example activates the HTTP web browser server on the switch awplus enable awplus configure terminal awplus config service http ...

Page 1447: ...TP web server listens on The range is 0 to 65535 Mode Global Configuration mode Description Use this command to set the TCP port for the web browser server Confirmation Command SHOW IP HTTP on page 1449 Example This examples sets the TCP port for the HTTP server to 74 awplus enable awplus configure terminal awplus config ip http port 74 ...

Page 1448: ...agement with a web browser Any active web browser management session are interrupted and are not allowed to continue You might disable the server to prevent remote web browser management sessions of the switch or in prelude to activating the secure HTTPS web browser server Confirmation Command SHOW IP HTTP on page 1449 Example This example disables the HTTP web browser server on the switch awplus ...

Page 1449: ...de Privileged Exec mode Description Use this command to display the status of the HTTP server on the switch Here is an example of the information Figure 243 SHOW IP HTTP Command Example This example display the status of the HTTP server on the switch awplus show ip http HTTP server enabled Port 80 ...

Page 1450: ...Chapter 93 Non secure HTTP Web Browser Server Commands 1450 ...

Page 1451: ...ics Overview on page 1452 Creating a Self signed Certificate on page 1455 Configuring the HTTPS Web Server for a Certificate Issued by a CA on page 1458 Enabling the Web Browser Server on page 1462 Disabling the Web Browser Server on page 1463 Displaying the Web Browser Server on page 1464 ...

Page 1452: ... distinguished name that identifies the owner of the certificate which in the case of a certificate for your switch is the switch itself and your company The switch does not come with a certificate You have to create it along with the encryption key and distinguished name as part of the HTTPS configuration process There are two ways to create the certificate The quickest and easiest way is to have...

Page 1453: ...company The name of the owner is entered in the form of a distinguished name which has six parts Common name cn This is the IP address or name of the switch Organizational unit ou This is the name of the department such as Network Support or IT that the switch is serving Organization o This is the name of your company Location The location of the switch or company such as the city State st The sta...

Page 1454: ...ons must be members of the same network as the management IP address of the switch or they must have access to it through routers or other Layer 3 devices The web browser server cannot operate in both HTTP mode and HTTPS mode at the same time A certificate can have only one encryption key The switch can use only certificates containing keys that it generated The switch can have up to eight certifi...

Page 1455: ...f 4 to 20 alphanumeric characters that are used to export the certificate in PKCS12 file format Although the switch does not allow you to export certificates you are still required to include a value for this parameter in the command The COMMON_NAME ORGANIZATIONAL_UNIT ORGANIZATION LOCATION STATE and COUNTRY parameters make up the distinguished name of the certificate All of these parameters with ...

Page 1456: ...on Jones_Industries Location San_Jose State California Country US Duration 365 days awplus enable Enter the Privileged Exec mode from the User Exec mode awplus configure terminal Enter the Global Configuration mode awplus config crypto certificate 2 generate 1280 trailtree 167 214 121 45 Sales Jones_Industries San_Jose California US 365 Create the self signed certificate with CRYPTO CERTIFICATE GE...

Page 1457: ...ver with SERVICE HTTPS on page 1473 awplus config exit Return to the Privileged Exec mode awplus show ip https Confirm the confirmation with SHOW IP HTTPS on page 1477 HTTPS server enabled Port 443 Certificate 2 is active Issued by self signed Valid from 1 1 2000 to 12 31 2000 Subject C US ST California L San_Jose O Jones_Industries OU Sales CN 167 214 121 45 Finger print FBFBAA5F 2673E463 E784F1C...

Page 1458: ...n state country The values of the parameters in this command must be exactly the same as the corresponding values from the CRYPTO CERTIFICATE GENERATE command used to create the self signed certificate This includes the ID_NUMBER parameter Any differences including differences in capitalizations will cause the switch to reject the CA certificate when you import it into the switch s certificate dat...

Page 1459: ... a public or private CA The certificate is assigned these specifications ID number 1 Key length 512 Passphrase hazeltime Common name 124 201 76 54 This is the IP address of the switch Organizational unit Production Organization ABC_Industries Location San_Jose State California Country US Duration 365 days awplus enable Enter the Privileged Exec mode from the User Exec mode awplus configure termina...

Page 1460: ...config crypto certificate 1 import Import the new certificate into the certificate database with CRYPTO CERTIFICATE IMPORT on page 1470 awplus config ip https certificate 1 Designate the new certificate as the active certificate on the switch with IP HTTPS CERTIFICATE on page 1474 BEGIN CERTIFICATE REQUEST MIIBuzCCASQCAQAwezELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEx ETAPBgNVBAcUCFNhbl9Kb3NlMRc...

Page 1461: ...owser server is enabled on the unit disabled it with NO SERVICE HTTP on page 1448 awplus config service https Enable the HTTPS server with SERVICE HTTPS on page 1473 awplus config exit Return to the Privileged Exec mode awplus show ip https Confirm the confirmation with SHOW IP HTTPS on page 1477 HTTPS server enabled Port 443 Certificate 1 active Issued by ABC_Industries_IT Valid from 1 1 2000 to ...

Page 1462: ...nstructions refer to Chapter 13 IPv4 and IPv6 Management Addresses on page 299 The switch should have a HTTPS certificate If the HTTP mode is enabled you must disable it with the NO HTTP SERVER command before activating the HTTPS mode The command is in the Global Configuration mode Now that the server is activated for HTTPS operation you can begin to manage the switch remotely using a web browser ...

Page 1463: ...TTPS command in the Global Configuration mode awplus enable awplus configure terminal awplus config no service https No further web browser management sessions are permitted by the switch after the server is disabled Any web browser sessions that are in progress when the server is disabled are interrupted and are not allowed to continue ...

Page 1464: ...otocol port number if the server is enabled Here is the command awplus enable awplus show ip https Here is an example of the display Figure 244 SHOW IP HTTPS Command The fields are described in Table 154 on page 1477 HTTPS server enabled Port 443 Certificate 1 is active Issued by self signed Valid from 5 17 2010 to 5 16 2011 Subject C US ST California L San_Jose O ABC_Inc OU Production CN 169 254 ...

Page 1465: ...obal Configuration Imports certificates from public or private CAs into the certificate database on the switch CRYPTO CERTIFICATE REQUEST on page 1471 Global Configuration Creates certificate enrollment requests for submittal to public or private CAs SERVICE HTTPS on page 1473 Global Configuration Enables the HTTPS web server IP HTTPS CERTIFICATE on page 1474 Global Configuration Designates the ac...

Page 1466: ...ption Use this command to delete unused certificates from the switch You can delete just one certificate at a time with this command Entering the WRITE or COPY RUNNING CONFIG STARTUP CONFIG command after deleting a certificate is unnecessary because certificates are not stored in the active boot configuration file Confirmation Command SHOW IP HTTPS on page 1477 Example This example deletes the cer...

Page 1467: ...hough the switch does not permit the export of certificates a passphrase is still required in the command common_name Specifies a common name for the certificate This should be the IP address or fully qualified URL designation of the switch This parameter can have up to 64 characters Spaces and special characters are not allowed organizational_unit Specifies the name of a department such as Networ...

Page 1468: ...Use this command to create self signed certificates for secure HTTPS web browser management of the switch All the parameters in the command are required Entering the WRITE or COPY RUNNING CONFIG STARTUP CONFIG command after creating a self signed certificate is unnecessary because certificates are not stored in the active boot configuration file Note Generating a certificate is CPU intensive It sh...

Page 1469: ...t Sales Organization Jones_Industries Location San_Jose State California Country US Duration 365 days awplus enable awplus configure terminal awplus config crypto certificate 2 generate 1280 trailtree 167 214 121 45 Sales Jones_Industries San_Jose California US 365 ...

Page 1470: ...nto the certificate database of the switch A certificate has to be residing in the file system on the switch before you can import it into the certificate database Entering the WRITE or COPY RUNNING CONFIG STARTUP CONFIG command after importing a certificate is unnecessary because certificates are not stored in the active boot configuration file Confirmation Command SHOW IP HTTPS on page 1477 Exam...

Page 1471: ...s and special characters are not allowed organizational_unit Specifies the name of a department such as Network Support or IT This parameter can have up to 64 characters Spaces and special characters are not allowed organization Specifies the name of a company This parameter can have up to 64 characters Spaces and special characters are not allowed location Specifies the location of the switch Thi...

Page 1472: ...ave the same ID number and other information as its corresponding self signed certificate Confirmation Command DIR on page 555 Example This example creates a certificate enrollment request that has these specifications ID number 2 Common name 167 214 121 45 Organizational unit Sales Organization Jones_Industries Location San_Jose State California Country US awplus enable awplus configure terminal ...

Page 1473: ... is activated Here are the preconditions to activating the server The non secure HTTP server on the switch must be disabled For instructions refer to NO SERVICE HTTP on page 1448 The switch must have an HTTPS certificate that was designated as the active certificate with the IP HTTPS CERTIFICATE command Confirmation Command SHOW IP HTTPS on page 1477 Example This example activates the HTTPS web se...

Page 1474: ...ver The switch can have only one active certificate The certificate which must already exist on the switch can be a self signed certificate that the switch created itself or a certificate that was issued by a CA from a certificate request generated by the switch Confirmation Command SHOW IP HTTPS on page 1477 Example This example designates the certificate with the ID number 1 as the active certif...

Page 1475: ...server on the switch The switch rejects secure HTTPS web browser management sessions when the server is deactivated You might disable the server to prevent remote web browser management sessions of the switch or prior to activating the non secure HTTP web browser server Confirmation Command SHOW IP HTTPS on page 1477 Example awplus enable awplus configure terminal awplus config no service https ...

Page 1476: ...id_number Specifies a certificate ID number Mode Privileged Exec mode Description Use this command to display detailed information about the certificates on the switch You can display just one certificate at a time Example This example displays detailed information about the certificates on the switch awplus show crypto certificate 1 ...

Page 1477: ...ble 154 HTTPS server enabled Port 443 Certificate 1 is active Issued by self signed Valid from 5 17 2010 to 5 16 2011 Subject C US ST California L San_Jose O Jones_Industries OU Sales CN 167 214 121 45 Finger print 3FB9D543 72D8E6F8 2159F35E B634A738 Table 154 SHOW IP HTTPS Command Field Description HTTPS server enabled Indicates that the HTTPS server is activated on the switch This line is not di...

Page 1478: ...ctive Displays the status of the certificate An active status indicates that the certificate was designated with IP HTTPS CERTIFICATE on page 1474 as the active certificate for the HTTPS server The switch can have just one active certificate Valid from Displays the dates during which the certificate is valid Subject Displays certificate configuration information Table 154 SHOW IP HTTPS Command Con...

Page 1479: ...s chapter describes the following topics Overview on page 1480 Remote Manager Accounts on page 1481 Managing the RADIUS Client on page 1484 Managing the TACACS Client on page 1488 Configuring Remote Authentication of Manager Accounts on page 1491 ...

Page 1480: ... lets you add more manager accounts to the switch by transferring the task of authenticating the accounts from the switch to an authentication server on your network This feature is described in Remote Manager Accounts on page 1481 The RADIUS client supports both features but the TACACS client supports only the remote manager accounts feature Here are the guidelines Only one client can be active o...

Page 1481: ...hentication server when a manager logs on 1 The switch uses its RADIUS or TACACS client to transmit the user name and password to an authentication server on the network 2 The server checks to see if the user name and password are valid 3 If the combination is valid the authentication server notifies the switch which completes the login process allowing the manager access to its management softwar...

Page 1482: ... 0 to 15 however the AT 8100 switch provides only two settings of the Privilege attribute 0 or 15 If command mode restriction is active on the switch a manager account with a privilege level of 0 is restricted to the User Exec mode while an account with a privilege level of 15 has access to all the command modes Note If you enter a value other than 0 or 15 for the TACACS privilege level the switch...

Page 1483: ...ervers The switch must have a management IP address For instructions refer to Chapter 13 IPv4 and IPv6 Management Addresses on page 299 The authentication servers on your network must be members of the same subnet as the management IP address of the switch or have access to it through routers or other Layer 3 devices If the authentication servers are not members of the same subnet as the managemen...

Page 1484: ...he switch the IP addresses below it are moved up For example if you make the following assignments server one is 186 178 11 154 server two is 186 178 11 156 server three is 186 178 11 158 If you delete server one with an IP address of 186 178 11 154 server two remains the IP address of 186 178 11 156 and moves up to server one in the list and the IP address of 186 178 11 158 moves up to server two...

Page 1485: ...ATI Specifying a RADIUS Global Encryption Key If the RADIUS servers on your network use the same encryption key use the RADIUS SERVER KEY command in the Global Configuration mode to enter a global encryption key in the client The format of the command is radius server key secret This example specifies 4tea23 as the global encryption key of the RADIUS servers awplus enable awplus configure terminal...

Page 1486: ...eter disables accounting messages The GROUP parameter indicates the user server group Specify the RADIUS server The LOCAL parameter indicates that if the first attempt to authenticate a user with the RADIUS server fails the authentication process fails and the user is approved to access the switch with the local name and password This example configures RADIUS accounting for all login shell sessio...

Page 1487: ... of RADIUS servers awplus enable awplus configure terminal awplus config no radius server host 211 132 123 12 Displaying the RADIUS Client To display the settings of the RADIUS client use the SHOW RADIUS command in the User Exec mode or Privileged Exec mode awplus show radius Here is an example of the RADIUS client information Figure 246 SHOW RADIUS Command The information is described in Table 15...

Page 1488: ... addresses below it are moved up For example if you make the following assignments server one is 186 178 11 154 server two is 186 178 11 156 server three is 186 178 11 158 If you delete the IP address of 186 178 11 154 for server one in the list the server two IP address of 186 178 11 156 moves up to the server one position and the IP address of 186 178 11 158 moves up to the server two position A...

Page 1489: ...ccounting message is sent at the end of the session The STOP ONLY parameter indicates a stop accounting message is sent at the end of the session The NONE parameter disables accounting messages The GROUP parameter indicates the user server group Specify the TACACS server This example configures TACACS accounting for all login shell sessions to send a start accounting message at the beginning of a ...

Page 1490: ... 122 124 15 7 from the TACACS client awplus enable awplus configure terminal awplus config no tacacs server host 122 114 15 7 Displaying the TACACS Client To display the settings of the TACACS client use the SHOW TACACS command in the Privileged Exec mode awplus show tacacs Here is an example of the TACACS client information Figure 247 SHOW TACACS Command The fields are explained in Table 157 on p...

Page 1491: ...entication login tacacs After you activate the feature all future login attempts by managers are forwarded by the switch to the designated authentication servers for authentication To deactivate the feature use the NO versions of the commands The following example deactivates the feature if it is using RADIUS awplus enable awplus configure terminal awplus config no aaa authentication login radius ...

Page 1492: ...ig line no login authentication Now even though remote authentication is activated the switch uses its local manager accounts to authenticate the user name and password whenever someone logs on through the Console port If you change your mind and want to reactivate remote authentication for local management sessions enter the LOGIN AUTHENTICATION command again in the Console Line mode as shown her...

Page 1493: ...ine vty 0 awplus config line no login authentication Now the switch uses the local manager accounts instead of the remote accounts to authenticate the user name and password when an administrator establishes a Telnet or SSH management session on VTY line 0 The following example reactivates remote authentication on VTY line 0 awplus enable awplus configure terminal awplus config line vty 0 awplus c...

Page 1494: ...Chapter 96 RADIUS and TACACS Clients 1494 ...

Page 1495: ...ION on page 1505 Console Line and Virtual Terminal Line Activates remote authentication for local management sessions and remote Telnet and SSH sessions NO LOGIN AUTHENTICATION on page 1507 Console Line and Virtual Terminal Line Deactivates remote authentication for local management sessions and remote Telnet and SSH sessions NO RADIUS SERVER HOST on page 1508 Global Configuration Deletes IP addre...

Page 1496: ...leged Exec Displays the configuration settings of the TACACS client TACACS SERVER HOST on page 1518 Global Configuration Adds IP addresses of TACACS servers to the TACACS client in the switch TACACS SERVER KEY on page 1519 Global Configuration Specifies the global encryption key of the TACACS servers TACACS SERVER TIMEOUT on page 1520 Global Configuration Specifies the maximum amount of time the T...

Page 1497: ...ecify one of the following radius Uses all RADIUS servers tacacs Uses all TACACS servers Mode Global Configuration mode Description This command configures RADIUS or TACACS accounting for all login shell sessions This command creates a default method list that is applied to every console and vty line unless another accounting method list is applied on that line Use the no form of this command NO A...

Page 1498: ...gure terminal awplus config aaa accounting login default start stop group radius To reset the configuration of the default accounting list use the following commands awplus enable awplus configure terminal awplus config no aaa accounting login default To configure TACACS accounting for login shell sessions use the following commands awplus enable awplus configure terminal awplus config aaa account...

Page 1499: ...s command see ENABLE PASSWORD on page 1390 This is an optional parameter Mode Global Configuration mode Description Use this command to enable the TACACS password on the switch This password is used to verify the TACACS server thereby providing another layer of security By default the AAA AUTHENTICATION ENABLE command is disabled Note This command only applies to TACACS clients Use the no form of ...

Page 1500: ...e use the following commands awplus enable awplus configure terminal awplus config aaa authentication enable default group tacacs local To enable the TACACS password on the switch use the following commands awplus enable awplus configure terminal awplus config aaa authentication enable default group tacacs ...

Page 1501: ...n about this command see ENABLE PASSWORD on page 1390 This is an optional parameter Mode Global Configuration mode Description Use this command to enable RADIUS or TACACS on the switch globally This command creates an ordered list of methods used to authenticate a RADIUS or TACACS user login Specify the local parameter or the group parameter in the order that you want these parameters to be applie...

Page 1502: ...able RADIUS servers on the switch use the following commands awplus enable awplus configure terminal awplus config aaa authentication login default group radius local To enable TACACS servers on the switch use the following commands awplus enable awplus configure terminal awplus config aaa authentication login default group tacacs local ...

Page 1503: ...S client uses the specified IP address on every outgoing RADIUS packet Use the no version of this command NO IP RADIUS SOURCE INTERFACE to remove the RADIUS source lP address from the client Confirmation Command SHOW RUNNING CONFIG on page 170 Examples This example configures the RADIUS source IP address using a VLAN ID awplus enable awplus configure terminal awplus config ip radius source interfa...

Page 1504: ...apter 97 RADIUS and TACACS Client Commands 1504 This example removes the RADIUS source IP address from the RADIUS client awplus enable awplus configure terminal awplus config no ip radius source interface ...

Page 1505: ...while remote authentication for remote Telnet and SSH management sessions is activated in the Virtual Terminal Line mode Note If the switch is unable to communicate with the authentication servers when a manager logs on because either the servers are not responding or the RADIUS or TACACS client is configured incorrectly the switch automatically reactivates the local manager accounts so that you c...

Page 1506: ...ent Commands 1506 This example activates remote authentication for remote Telnet and SSH management sessions that use VTY line 0 awplus enable awplus configure terminal awplus config line vty 0 awplus config line login authentication ...

Page 1507: ...d SSH sessions Confirmation Command SHOW RUNNING CONFIG on page 170 Examples This example deactivates remote authentication for local management sessions awplus enable awplus configure terminal awplus config line console 0 awplus config line no login authentication This example deactivates remote authentication on VTY line 0 used by remote Telnet and SSH management sessions awplus enable awplus co...

Page 1508: ...al Configuration mode Description Use this command to delete IP addresses of RADIUS servers from the list of authentication servers on the switch You can delete only one IP address at a time with this command Confirmation Command SHOW RADIUS on page 1514 Example This example removes the IP address 122 34 122 47 from the list of RADIUS servers awplus enable awplus configure terminal awplus config n...

Page 1509: ... address at a time with this command Mode Global Configuration mode Description Use this command to delete IP addresses of TACACS servers from the client You can delete only one IP address at a time with this command Confirmation Command SHOW TACACS on page 1516 Example This example removes the IP address 152 112 12 7 from the TACACS client awplus enable awplus configure terminal awplus config no ...

Page 1510: ...uthentication requests If 0 is specified the server is not used for authentication The default UDP port for authentication is 1812 key Specifies the encryption key used by the designated RADIUS server The maximum length is 40 characters Mode Global Configuration mode Description Use this command to add IP addresses of RADIUS servers to the authentication server list on the switch Servers defined w...

Page 1511: ...ver host 149 245 22 22 auth port 1815 key tiger12 This example adds a RADIUS server with the IP address 176 225 15 23 to the switch The accounting port is 1811 and the UDP port is 1815 The encryption key is kieran7 awplus enable awplus configure terminal awplus config radius server host 176 225 15 23 acct port 1811 auth port 1815 key kieran7 This example adds the IP address 149 245 22 22 of a RADI...

Page 1512: ...e two or three servers that use different encryption keys do not enter a global encryption key with this command Instead define the individual keys when you add the IP addresses of the servers to the client with RADIUS SERVER HOST on page 1510 To remove an existing global key without specifying a new value use the NO form of this command NO RADIUS SERVER KEY Confirmation Command SHOW RADIUS on pag...

Page 1513: ...ver for an authentication request If the timeout expires without a response the client queries the next server in the list If there are no further servers in the list to query the switch defaults to the standard manager and operator accounts Use the no form of this command NO RADIUS SERVER TIMEOUT to set the RADIUS timeout to the default value of 5 seconds Confirmation Command SHOW RADIUS on page ...

Page 1514: ...ddress assigned to an interface on the switch that is the source of all outgoing RADIUS packets WIth hardware stacking this the source address of the master switch Timeout The length of the time in seconds that the switch waits for a response from a RADIUS server to an authentication request before querying the next server in the list Server Host The IP address of a RADIUS server on the network Au...

Page 1515: ...Example This example displays the configuration of the RADIUS client awplus show radius Accounting Port The accounting protocol port Encryption Keys The server encryption keys if defined Table 156 SHOW RADIUS Command Continued Parameter Description ...

Page 1516: ...able 157 SHOW TACACS Command Parameter Description Timeout The length of the time in seconds that the switch waits for a response from a TACACS server to an authentication request The default is 40 seconds If there is no response from any authentication servers the switch reactivates the local manager accounts This parameter cannot be changed Server Host The IP address of a TACACS server on your n...

Page 1517: ...tch awplus show tacacs Server Status Indicates the status of the server host One of the following options is displayed Alive Indicates the server is working correctly The sockets are successful Dead Indicates the server has timed out or the sockets are unsuccessful Table 157 SHOW TACACS Command Continued Parameter Description ...

Page 1518: ...escription Use this command to add IP addresses of TACACS servers to the TACACS client in the switch The list can have up to three TACACS authentication servers but you can add only one at a time with this command Confirmation Command SHOW TACACS on page 1516 Example This example adds the IP address 149 11 24 1 to the TACACS authentication server list The server has the key kenken16 awplus enable ...

Page 1519: ... two or three servers that use different encryption keys do not enter a global encryption key with this command Instead define the individual keys when you add the IP addresses of the servers to the client with TACACS SERVER HOST on page 1518 To remove an existing global key without specifying a new value use the NO form of this command NO TACACS SERVER KEY Confirmation Command SHOW TACACS on page...

Page 1520: ...erver for an authentication request If the timeout expires without a response the client queries the next server in the list If there are no further servers in the list to query the switch defaults to the standard manager and operator accounts Use the no form of this command NO TACACS SERVER TIMEOUT to set the TACACS timeout to the default value of 5 seconds Confirmation Command SHOW TACACS on pag...

Page 1521: ...ters Chapter 98 Advanced Access Control Lists ACLs on page 1523 Chapter 99 ACL Commands on page 1561 Chapter 100 Quality of Service QoS on page 1647 Chapter 101 QoS Commands on page 1697 Chapter 102 QoS Storm Control Protection on page 1787 Chapter 103 QSP Commands on page 1799 ...

Page 1522: ...1522 ...

Page 1523: ...escribes the following topics Overview on page 1524 Creating ACLs on page 1527 Assigning ACLs to Ports on page 1545 Removing ACLs from Ports on page 1549 Deleting ACLs from the Switch on page 1552 Setting ACL Time Ranges on page 1555 Displaying the ACLs on page 1557 ...

Page 1524: ...red MAC ACLs is 4000 to 4699 In addition Numbered IPv4 ACLs and Numbered MAC ACLs take effect immediately You cannot assign them a date or time to begin filtering Numbered IPv4 ACLs are only compatible with IPv4 addresses They are not compatible with IPv6 addresses Both Named IPv4 ACLs and Named IPv6 ACLs are identified by user specified names You can assign both of these types a date and time to ...

Page 1525: ...ACLs and forward all other traffic A port that has one ACL that specifies a particular source IP address for example discards all ingress packets with the specified source address and forwards all other traffic In situations where a port has more than one deny ACL packets are discarded at the first match Since ports forward all ingress packets unless they have deny ACLs permit ACLs are only necess...

Page 1526: ...esult you must apply ACLs to the ingress ports of the designated traffic flows ACLs for static port trunks or LACP trunks must be assigned to the individual ports of the trunks Because ports by default forward all ingress packets permit ACLs are only required in circumstances where you want ports to forward packets that are subsets of larger packet flows that are blocked by deny ACLs A port that h...

Page 1527: ...mbered IPv4 ACL with IP Packets Examples on page 1528 Numbered IPv4 ACL with ICMP Packets Example on page 1532 Numbered IPv4 ACL with Protocol Packets Example on page 1534 Numbered IPv4 ACL with TCP Port Packets Example on page 1535 Numbered IPv4 ACL with UDP Port Packets Example on page 1537 Table 159 ACCESS LIST Commands for Creating Numbered IPv4 ACLs To Do This Task Use This Command Create Num...

Page 1528: ...at match the ACL to the destination port of the mirror port This action must be used together with the port mirror feature explained in Chapter 27 Port Mirror on page 465 The SRC_IPADDRESS and DST_IPADDRESS parameters specify the source and destination IPv4 addresses Choose from the following options any Matches any IP address ipaddress mask Matches packets that have an IP address of a subnet or a...

Page 1529: ...red IPv4 ACLs that block all traffic with specified subnets 149 87 201 0 24 and 149 87 202 0 24 If you want a port to forward a subset of packets of a more specific traffic flow you have to create a permit ACL for the permitted packets and a Table 160 Blocking Ingress Packets Example Command Description awplus enable Enter the Privileged Executive mode from the User Executive mode awplus configure...

Page 1530: ...e specified network devices and discard all other ingress traffic The allowed traffic is specified with three permit ACLs Table 162 Creating a Permit ACL Followed by a Deny ACL Example Command Description awplus enable Enter the Privileged Executive mode from the User Executive mode awplus configure terminal Enter the Global Configuration mode awplus config access list 3015 permit ip 149 55 65 0 2...

Page 1531: ... 54 32 any Create the three permit ACLs with the ACCESS LIST command awplus config access list 3018 deny ip any any Create the deny ACL awplus config interface port1 0 21 port1 0 22 Move to the Port Interface mode for ports 21 and 22 awplus config_if access group 3021 awplus config_if access group 3022 awplus config_if access group 3023 awplus config_if access group 3018 Add the ACLs to the port w...

Page 1532: ...ltering criteria of the ACL Here are the possible actions permit Forwards all ingress packets that match the ACL Ports by default accept all ingress packets Consequently a permit ACL Table 164 ACL Filters Tagged IPv4 Packets Example Command Description awplus enable Enter the Privileged Executive mode from the User Executive mode awplus configure terminal Enter the Global Configuration mode awplus...

Page 1533: ... The IPv4 address and the mask are separated by a slash for example 149 11 11 0 24 host ipaddress Matches packets with a specified IPv4 address and is an alternative to the IPADRESS MASK variable for addresses of end nodes The HOST keyword indicates that the address is of a specific end node and that no mask is required The VLAN parameter determines if an ACL filters VLANs You use the parameter to...

Page 1534: ...on port of the mirror port This action must be used together with the port mirror feature explained in Chapter 27 Port Mirror on page 465 The protocol_number parameter specifies a protocol number You can specify one protocol number per command Refer to Table 191 Protocol Numbers on page 1581 for the list of protocol numbers The SRC_IPADDRESS and DST_IPADDRESS parameters specify the source and dest...

Page 1535: ...0 to 3699 Within this range you can number ACLs in any order The ACTION parameter specifies the action that the port performs on packets matching the filtering criteria of the ACL Here are the possible actions permit Forwards all ingress packets that match the ACL Ports by default accept all ingress packets Consequently a permit ACL is only necessary when you want a port to forward a subset of pac...

Page 1536: ...er specified by the SRC_TCP_PORT or DST_TCP_PORT parameter The lt parameter matches packets that are less than the TCP port number specified by the SRC_TCP_PORT or DST_TCP_PORT parameter The gt parameter matches packets that are greater than the TCP port number specified by the SRC_TCP_PORT or DST_TCP_PORT parameter The ne parameter matches packets that are not equal to the TCP port number specifi...

Page 1537: ...packets Consequently a permit ACL is only necessary when you want a port to forward a subset of packets that are otherwise discarded deny Discards all ingress packets that match the ACL copy to mirror Copies all ingress packets that match the ACL to the destination port of the mirror port This action must be used Table 167 Numbered IPv4 ACL with TCP Port Packets Example Command Description awplus ...

Page 1538: ...rd indicates that the IPv4 address is assigned to a specific end node and that no mask is required The eq parameter matches packets that are equal to the UDP port number specified by the SRC_UDP _PORT or DST_UDP _PORT parameter The lt parameter matches packets that are less than the UDP port number specified by the SRC_TCP_PORT or DST_TCP_PORT parameter The gt parameter matches packets that are gr...

Page 1539: ..._mask dst_mac_address ANY dst_mac_mask The id_number parameter specifies the ID number for the new ACL The range is 4000 to 4699 The ACTION parameter specifies the action that the port performs on packets matching the filtering criteria of the ACL Here are the possible actions permit Forwards all ingress packets that match the ACL Ports by default accept all ingress packets Consequently a permit A...

Page 1540: ...r 0 or F Use a 0 mask to indicate the parts of the MAC address the ACL is to filter Use an F mask for parts of the MAC address the ACL should ignore Note Do not include a mask if you specified ANY as the source MAC address The dst_mac_address parameter specifies the destination MAC address of the ingress packets Here are the possible options dst_mac_address Specifies the destination MAC address of...

Page 1541: ...us enable Enter the Privileged Executive mode from the User Executive mode awplus configure terminal Enter the Global Configuration mode awplus config access list 4102 deny any a4 54 86 12 00 00 00 00 00 00 ff ff Define ACL 4012 to deny any frame with the destination MAC address that starts with a4 54 86 12 awplus config interface port1 0 19 Access the Port Interface mode for port 19 awplus config...

Page 1542: ...e a Named IPv4 Address ACL that filters UDP packets based on source and destination IP addresses action udp scr_ipaddress gt lt ne range eq src_upd_port dest_ipaddress gt lt ne range eq dst_upd_port time range vlan vid Table 170 IP ACCESS LIST Commands for Creating Named IPv4 ACLs Continued To Do This Task Use this Command Table 171 Named IPv4 ACL ICMP Permit Example Command Description awplus ena...

Page 1543: ...ommands are listed in Table 173 awplus config ip access list tcpdeny Create a Named IPv4 ACL called tcpdeny and enter the IP ACL mode awplus config ip acl deny tcp 152 12 45 2 32 152 12 45 3 32 vlan 5 Allow the filter to deny TCP ingress packets from source IPv4 address 152 12 45 2 32 to destination IPv4 address 152 12 45 3 32 on VLAN 5 Table 172 Named IPv4 ACL TCP Deny Example Continued Command D...

Page 1544: ...on IPv6 addresses action udp scr_ip_address eq lt gt ne range dest_ipaddress eq lt gt ne range time range vlan vid Table 173 IPv6 ACCESS LIST Commands for Creating ACLs Continued To do this task Use this Command Table 174 Named IPv6 ACL Example Command Description awplus enable Enter the Privileged Executive mode from the User Executive mode awplus configure terminal Enter the Global Configuration...

Page 1545: ...CLs in the order in which they are added to the ports If you add the deny ACLs first the ports may block packets you want them to forward Note The Numbered IPv4 ACLs and the MAC Address Lists ACLs do not allow you to set a time range Ports immediately begin to filter traffic as soon as you assign an ACL However you can set time ranges for the Named IPv4 and Named IPv6 ACLs See Setting ACL Time Ran...

Page 1546: ...s starting with 45 2A B5 ACL 4055 denies all other MAC addresses Then assign both ACLs to port 7 Table 175 Assigning Numbered IPv4 ACLs Command Description awplus enable Enter the Privileged Executive mode from the User Executive mode awplus configure terminal Enter the Global Configuration mode awplus config access list 3075 deny ip any 149 107 22 0 24 Create the deny ACL awplus config interface ...

Page 1547: ...erface port1 0 7 Move to the Port Interface mode for port 7 awplus config_if mac access group 4025 Apply the ACL to the port with the ACCESS GROUP command awplus config_if mac access group 4055 Apply the ACL to the port with the ACCESS GROUP command Table 176 Assigning MAC Address ACLs Example Continued Command Description Table 177 Assigning Named IPv4 ACLs Example Command Description awplus enab...

Page 1548: ... icmppermit that permits ICMP packets from any IPv6 source address to any IPv6 destination address Then the IPV6 TRAFFIC FILTER command assigns icmppermit to port 18 Table 178 Assigning Named IPv6 ACLs Example Command Description awplus enable Enter the Privileged Executive mode from the User Executive mode awplus configure terminal Enter the Global Configuration mode awplus config ipv6 access lis...

Page 1549: ...bout this command see ACCESS GROUP on page 1568 With this command you can remove one ACL at a time See Table 179 The following example removes an ACL with an ID number of 3082 from port 15 Removing MAC Address ACLs To remove a MAC ACL from a port on the switch use the NO MAC ACCESS GROUP command in the Port Interface mode Here is the format of the command no mac access group id_number For more inf...

Page 1550: ... the command no ipv6 traffic filter ipv6_access_list For more information about this command see IPV6 TRAFFIC FILTER on page 1632 Table 180 Removing MAC Address ACLs Example Command Description awplus enable Enter the Privileged Executive mode from the User Executive mode awplus configure terminal Enter the Global Configuration mode awplus config interface port1 0 5 Enter the Port Interface mode f...

Page 1551: ... ACLs Example Command Description awplus enable Enter the Privileged Executive mode from the User Executive mode awplus configure terminal Enter the Global Configuration mode awplus config interface port1 0 17 Enter the Port Interface mode for port 17 awplus config_if no ipv6 traffic filter icmpdeny Remove a Named IPv6 ACL called icmpdeny from port 17 ...

Page 1552: ...AC Address ACLs from the switch It has the following format no access list id_number You can delete one ACL at a time with this command Before you can delete ACLs that are assigned to ports you must remove them from their port assignments For instructions see Removing Numbered IPv4 ACLs on page 1549 and Removing MAC Address ACLs on page 1549 The following example deletes Numbered IPv4 ACLs with ID...

Page 1553: ...al Configuration mode deletes Named IPv6 address ACLs from the switch It has the following format no ipv6 access list list_name You can delete one ACL at a time with this command Before you can delete ACLs that are assigned to ports you must remove them from their port assignments For instructions see Removing Named IPv6 ACLs on page 1550 Table 184 Deleting MAC ACL Example Command Description awpl...

Page 1554: ...nytcp from the switch Table 186 Deleting Named IPv6 ACLs Example Command Description awplus enable Enter the Privileged Executive mode from the User Executive mode awplus configure terminal Enter the Global Configuration mode awplus config no ipv6 access list denytcp Remove Named IPv6 ACL named denytcp from the switch ...

Page 1555: ...12 at 9 am and ends on February 28 2012 at 5 pm Table 187 Time Range Commands To do this task Use this Command Create a time range and enter the Time Range mode time range time range name Set beginning and ending time and dates for ACL filtering absolute start time date end time date Set reoccurring days of the week and time of day for filtering periodic day days of the week time hh mm ss to day d...

Page 1556: ...anges configured on the switch Table 188 Absolute Time Range Example Continued Command Description Table 189 Periodic Time Range Example Command Description awplus enable Enter the Privileged Executive mode from the User Executive mode awplus configure terminal Enter the Global Configuration mode awplus config time range t1 Create a time range called t1 awplus config time range periodic weekdays t...

Page 1557: ...ST command in the Privileged Exec mode Here is the command syntax followed by an example display awplus show access list Figure 250 SHOW ACCESS LIST Command As you can see from the example the SHOW ACCESS LIST command does not display which if any ports the ACLs are assigned to To display that information use the SHOW INTERFACE ACCESS GROUP command See Displaying IP ACL Port Assignments next Displ...

Page 1558: ...nd supports Named IPv4 and IPv6 ACLs Here is the format of the command awplus show time range See Figure 253 on page 1559 for an example of the SHOW TIME RANGE display This display shows that time range t1 has an absolute start time immediately effective start of 9 am on January 2 2012 and absolute end time immediately effective end on January 31 2012 at 10 am Time range t2 has an absolute start t...

Page 1559: ...and awplus show time range Time Range t1 absolute start 09 00 00 2 January 2012 to end 10 00 00 31 January 2012 Time Range t2 absolute start 12 00 00 2 January 2012 to end 16 00 00 29 February 2012 Time Range t3 absolute start 09 00 00 15 March 2012 to end 9 00 00 31 March 2012 ...

Page 1560: ...Chapter 98 Advanced Access Control Lists ACLs 1560 ...

Page 1561: ...ates ACLs that identify packets based on ICMP source and destination IP addresses ACCESS LIST IP on page 1576 Global Configuration Creates ACLs that filter packets based on source and destination IP addresses ACCESS LIST PROTO on page 1580 Global Configuration Creates ACLs that identify packets based on protocol numbers and source and destination IP addresses ACCESS LIST TCP on page 1585 Global Co...

Page 1562: ...ode IPV6 ACCESS LIST ICMP on page 1615 IPv6 ACL Defines an ACL that filters packets based on ICMP type and source and destination IPv6 addresses IPV6 ACCESS LIST IP on page 1618 IPv6 ACL Defines an ACL that filters traffic flows based on the IPv6 source and destination addresses of the packets IPV6 ACCESS LIST PROTO on page 1621 IPv6 ACL Defines an ACL that filters traffic flows based on protocol ...

Page 1563: ...ing PERIODIC DAILY on page 1639 Configuration Time Range Sets a daily weekdays or weekend time range for ACL filtering SHOW ACCESS LIST on page 1641 Privileged Exec Displays the ACLs on the switch SHOW INTERFACE ACCESS GROUP on page 1643 Privileged Exec Displays the port assignments of the ACLs SHOW IPV6 ACCESS LIST on page 1644 Privileged Exec Displays the contents of IPv6 ACLs SHOW TIME RANGE on...

Page 1564: ... hour clock and specified in hours minutes seconds as 00 00 00 with a colon separating each entry The date is expressed in month day and year in the 00 00 0000 format with a space separating each entry Mode Configuration Time Range mode Description Use this command to set the time and date that an associated permit or deny statement goes into effect and then the time and date it terminates For exa...

Page 1565: ...gure terminal awplus config time range February2012 awplus config time range absolute start 8 00 00 03 02 2012 end 20 00 00 15 02 2012 This example uses a time range called March2012 that enables the permit or deny statement to start at 9 am on March 1 2012 and end filtering at 5 pm on March 31 2012 awplus enable awplus configure terminal awplus config time range March2012 awplus config time range...

Page 1566: ...IPv6 Named ACL Mode Virtual Terminal Line mode Description Use this command to assign an Access Control List to a VTY This is done to restrict the remote access of the switch via Telnet Web SNMP or SSH access You can add one ACL to multiple VTY lines with this command Note Allied Telesis recommends specifying all ten of the VTY lines with the ACCESS LIST command because the switch assigns VTY line...

Page 1567: ...gh 9 Finally ACL 3025 is assigned to VTY lines 0 through 9 The result is that IP address 10 0 0 3 has full remote access to the switch All other IP addresses are denied remote access to the switch awplus enable awplus configure terminal awplus config interface vlan10 awplus config if ip address 10 0 0 20 24 awplus config if quit awplus config access list 3022 permit ip host 10 0 0 3 host 10 0 0 20...

Page 1568: ...ch Ports begin to filter packets as soon as they are assigned ACLs This command works for all ACLs except for MAC address ACLs which are added to ports with the MAC ACCESS GROUP command See MAC ACCESS GROUP on page 1633 Note If a port is to have both permit and deny ACLs you must add the permit ACLs first because ingress packets are compared against the ACLs in the order in which they are added to...

Page 1569: ...port 7 awplus enable awplus configure terminal awplus config interface port1 0 7 awplus config if no access group 3001 This example adds an IP ACL with a list name of protomirror to port 3 awplus enable awplus configure terminal awplus config interface port1 0 3 awplus config if access group protomirror This example adds the Named IP ACL called protodeny to port 7 awplus enable awplus configure te...

Page 1570: ...he port mirror feature explained in Chapter 27 Port Mirror on page 465 src_mac_address Specifies the source MAC address of the ingress packets Here are the possible options src_mac_address Specifies the source MAC address of the packets The address must be entered in hexadecimal in one of the following formats xx xx xx xx xx xx or xxxx xxxx xxxx any Matches any source MAC address src_mac_mask Spec...

Page 1571: ...MAC address the ACL is to filter Specify F for parts of the MAC address the ACL should ignore Mode Global Configuration mode Description Use this command to create ACLs that filter packets based on source and destination MAC addresses Confirmation Commands SHOW ACCESS LIST on page 1641 and SHOW INTERFACE ACCESS GROUP on page 1643 Examples This example configures port 3 to accept packets only from ...

Page 1572: ...figures port 7 to accept only those packets that have source MAC addresses starting with 45 2A B5 awplus enable awplus configure terminal awplus config access list 4025 permit 45 2a b5 00 00 00 00 00 00 ff ff ff any awplus config access list 4055 deny any any awplus config interface port1 0 7 awplus config_if mac access group 4025 awplus config_if mac access group 4055 awplus config_if end awplus ...

Page 1573: ...packets the access list should filter Here are the possible options any Matches any IP address ipaddress mask Matches packets that have a source IP address of a subnet or an end node The mask is a decimal number that represents the number of bits in the address from left to right that constitute the network portion of the address For example the subnet address 149 11 11 0 would have a mask of 24 f...

Page 1574: ... Use this command to create Numbered IPv4 ACLs that identify traffic flows based on ICMP and source and destination IP addresses Confirmation Commands SHOW ACCESS LIST on page 1641 and SHOW INTERFACE ACCESS GROUP on page 1643 Examples This example adds a deny access list to port 16 so that it discards all untagged ingress packets that are ICMP regardless of their source or destination address The ...

Page 1575: ... 115 201 313 0 24 subnets respectively The ACLs are assigned the ID numbers 3045 and 3046 awplus enable awplus configure terminal awplus config access list 3045 deny icmp 115 201 312 0 24 115 201 313 0 24 awplus config access list 3046 deny icmp 115 201 312 0 24 115 201 313 0 24 awplus config interface port1 0 11 awplus config_if access group 3045 awplus config_if access group 3046 awplus config_i...

Page 1576: ...ecifies the source IP address of the ingress packets the access list should filter Here are the possible options any Matches any IP address ipaddress mask Matches packets that have a source IP address of a subnet or an end node The mask is a decimal number that represents the number of bits in the address from left to right that constitute the network portion of the address For example the subnet ...

Page 1577: ...N if you want the ACL to filter untagged packets Specify a value between 1 and 4094 You can enter only one VID Mode Global Configuration mode Description Use this command to create ACLs that identify traffic flows based on the source and destination IP addresses of the packets Confirmation Commands SHOW ACCESS LIST on page 1641 and SHOW INTERFACE ACCESS GROUP on page 1643 Examples This example add...

Page 1578: ... 157 11 21 0 subnet and are going to an end node with the IP address 157 11 21 45 The VID of the tagged packets is 15 awplus enable awplus configure terminal awplus config access list 3202 deny ip 157 11 21 0 24 157 11 21 45 32 vlan 15 awplus config interface port1 0 24 awplus config_if access group 3202 awplus config_if end awplus show access list awplus show interface port1 0 24 access group Thi...

Page 1579: ...ce port1 0 22 port1 0 23 awplus config_if access group 3011 awplus config_if access group 3012 awplus config_if end awplus show access list awplus show interface port1 0 22 port1 0 23 access group This example configures ports 17 and 18 to accept untagged ingress packets from the 149 82 134 0 subnet and to discard all other packets As in the previous example both a permit access list and a deny ac...

Page 1580: ...y one protocol number Refer to Table 191 Protocol Numbers on page 1581 for the list of protocol numbers scr_ipaddress Specifies the source IP address of the ingress packets the access list should filter Choose one of the following any Matches any IP address ipaddress mask Matches packets that have a source IP address of a subnet or an end node The mask is a decimal number that represents the numbe...

Page 1581: ...want the ACL to filter tagged packets Omit a VLAN if you want the ACL to filter untagged packets Specify a value between 1 and 4094 You can enter only one VID Mode Global Configuration mode Confirmation Commands SHOW ACCESS LIST on page 1641 and SHOW INTERFACE ACCESS GROUP on page 1643 Description Use this command to create ACLs that identify traffic flows based on protocol numbers and source and ...

Page 1582: ...rotocol RFC4340 48 DSR Dynamic Source Routing Protocol RFC4728 50 ESP Encap Security Payload RFC2406 51 AH Authentication Header RFC2402 54 NARP NBMA Address Resolution Protocol RFC1735 58 ICMP for IPv6 RFC1883 59 No Next Header for IPv6 RFC1883 60 Destination Options for IPv6 RFC1883 88 EIGRP Enhanced Interior Gateway Routing Protocol 89 OSPFIGP RFC1583 97 Ethernet within IP Encapsulation RFC3378...

Page 1583: ...w access list awplus show interface port1 0 2 access group This example adds a deny access list to ports 5 and 6 so that they discard all tagged ingress packets that have the protocol 17 number and the VID 12 and are from the 152 12 45 0 subnet The access list is assigned the ID number 3011 awplus enable awplus configure terminal awplus config access list 3011 deny proto 17 152 12 45 0 24 any vlan...

Page 1584: ...he permit ACL is assigned the ID number 3014 and the deny ACL which blocks all protocol 54 packets is assigned the ID number 3025 awplus enable awplus configure terminal awplus config access list 3014 permit proto 54 167 75 89 0 24 any awplus config access list 3025 deny proto 54 any any awplus config interface port1 0 18 awplus config_if access group 3014 awplus config_if access group 3025 awplus...

Page 1585: ... address of the ingress packets the access list should filter Choose one of the following any Matches any IP address ipaddress mask Matches packets that have a source IP address of a subnet or an end node The mask is a decimal number that represents the number of bits in the address from left to right that constitute the network portion of the address For example the subnet address 149 11 11 0 wou...

Page 1586: ...range of TCP port numbers dst_ipaddress Specifies the destination IP address of the ingress packets the access list should filter Here are the possible options any Matches any IP address ipaddress mask Matches packets that have a destination IP address of a specific subnet or end node host ipaddress Matches packets with a destination IP address of a specific end node The HOST keyword indicates tha...

Page 1587: ...reates an ACL that discards all untagged ingress packets that have the source and destination TCP port number 165 The ACL is applied to port 1 and assigned the ID number 3078 awplus enable awplus configure terminal awplus config access list 3078 deny tcp any eq 165 any eq 165 awplus config interface port1 0 1 awplus config_if access group 3078 This example defines an ACL that causes port 18 to dis...

Page 1588: ...nfigures port 21 to forward untagged TCP port 67 to 87 packets only if they are from the 154 11 234 0 network and are going to the 154 11 235 0 network This example requires a permit ACL because the permitted traffic TCP packets with port numbers in the range of 67 to 87 is a subset of all TCP packets on the port awplus enable awplus configure terminal awplus config access list 3017 permit tcp 154...

Page 1589: ...address of the ingress packets the access list should filter Here are the possible options any Matches any IP address ipaddress mask Matches packets that have a source IP address of a subnet or an end node The mask is a decimal number that represents the number of bits in the address from left to right that constitute the network portion of the address For example the subnet address 149 11 11 0 wo...

Page 1590: ...range of UDP port numbers dst_ipaddress Specifies the destination IP address of the ingress packets the access list should filter Here are the possible options any Matches any IP address ipaddress mask Matches packets that have a destination IP address of a specific subnet or end node host ipaddress Matches packets with a destination IP address of a specific end node The HOST keyword indicates tha...

Page 1591: ...8 deny udp any range 0 65535 any range 0 65535 awplus config interface port1 0 18 port1 0 19 awplus config_if access group 3118 awplus config_if end awplus show access list awplus show interface port1 0 18 port1 0 19 access group This example creates an ACL that discards all tagged ingress packets that have the source and destination UDP port number 10 and the VID 29 The ACL is applied to port 17 ...

Page 1592: ...w access list awplus show interface port1 0 18 access group This example configures port 21 to forward tagged UDP port 67 to 87 packets only if they are from the 154 11 234 0 network and are going to the 154 11 235 0 network and have the VID 20 This example requires a permit ACL because the permitted traffic UDP packets with port numbers in the range of 67 to 87 is a subset of all UDP packets on t...

Page 1593: ...on Commands SHOW ACCESS LIST on page 1641 and SHOW INTERFACE ACCESS GROUP on page 1643 Examples This example creates a Named ICMP ACL called icmppermit and enters the IP ACL mode awplus enable awplus configure terminal awplus config ip access list icmppermit awplus config ip acl This example creates a Named ICMP ACL called icmpdeny and enters the IP ACL mode awplus enable awplus configure terminal...

Page 1594: ...ode The mask is a decimal number that represents the number of bits in the address from left to right that constitute the network portion of the address For example the subnet address 149 11 11 0 would have a mask of 24 for the twenty four bits of the network section of the address The IP address and the mask are separated by a slash for example 149 11 11 0 24 host ipaddress Matches packets with a...

Page 1595: ...6 vid Indicates a VLAN identifier Specify a VLAN if you want the ACL to filter tagged packets Omit a VLAN if you want the ACL to filter untagged packets Specify a value between 1 and 4094 You can enter only one VID Mode IP ACL mode Description Use this command to create Named IP ACLs that identify traffic flows based on ICMP packets and source and destination IP addresses Confirmation Commands SHO...

Page 1596: ... decimal mask of 16 to IP destination address 190 155 22 3 with a decimal mask of 24 Then the ACL is assigned to port 4 awplus enable awplus configure terminal awplus config ip access list icmpdeny awplus config ip acl deny icmp 190 155 22 1 16 190 155 22 3 24 awplus config ip acl exit awplus config interface port1 0 4 awplus config if access group icmpdeny ...

Page 1597: ...or an end node The mask is a decimal number that represents the number of bits in the address from left to right that constitute the network portion of the address For example the subnet address 149 11 11 0 would have a mask of 24 for the twenty four bits of the network section of the address The IP address and the mask are separated by a slash for example 149 11 11 0 24 host ipaddress Matches pac...

Page 1598: ...fier Specify a VLAN if you want the ACL to filter tagged packets Omit a VLAN if you want the ACL to filter untagged packets Specify a value between 1 and 4094 You can enter only one VID Mode IP ACL mode Description Use this command to create Named IP ACLs that identify traffic flows based on IP packets as well as source and destination IP addresses Confirmation Commands SHOW ACCESS LIST on page 16...

Page 1599: ...th a decimal mask of 16 to destination IP address 190 155 100 7 with a decimal mask of 16 Then the ACL is assigned to port 11 awplus enable awplus configure terminal awplus config ip access list ipdeny awplus config ip acl deny ip 190 168 100 5 16 190 168 100 7 16 awplus config ip acl exit awplus config interface port1 0 11 awplus config if access group ipdeny ...

Page 1600: ...lained in Chapter 27 Port Mirror on page 465 src_mac_address Specifies the source MAC address of the ingress packets Choose from the following options any Matches any source MAC address src_mac_address Specifies the source MAC address of the packets The address must be entered in hexadecimal in this format xx xx xx xx xx xx or xxxx xxxx xxxx src_mac_mask Specifies the source MAC address mask Enter...

Page 1601: ...x xx xx xx or xxxx xxxx xxxx Assign the x variable a value of either 0 or F Specify 0 to indicate the parts of the MAC address the ACL is to filter Specify F for parts of the MAC address the ACL should ignore vlan Indicates a VLAN identifier Specify a VLAN if you want the ACL to filter tagged packets Omit a VLAN if you want the ACL to filter untagged packets Specify a value between 1 and 4094 You ...

Page 1602: ...ip acl permit mac 12 a3 4b 89 10 98 00 00 00 00 00 00 awplus config ip acl exit awplus config interface port1 0 3 awplus config if access group permitmac This example creates an ACL called denymac that denies packets containing destination MAC addresses starting with a4 54 84 12 Then the ACL is assigned to port 12 awplus enable awplus configure terminal awplus config ip access list denymac awplus ...

Page 1603: ...1 Protocol Numbers on page 1581 for the protocol number src_ipaddress Specifies the source IP address of the ingress packets the access list should filter Choose from the following options any Matches any IP address ipaddress mask Matches packets that have a source IP address of a subnet or an end node The mask is a decimal number that represents the number of bits in the address from left to righ...

Page 1604: ...rnative to the IPADRESS MASK variable for addresses of specific end nodes The HOST keyword indicates that the address is of a specific end node and that no mask is required time range Specifies the name of a time range that is created with the TIME RANGE command You must create a time range before entering it as a parameter value See TIME RANGE on page 1646 vlan Indicates a VLAN identifier Specify...

Page 1605: ...or proto 8 152 12 45 2 16 152 12 45 3 16 awplus config ip acl exit awplus config interface port1 0 7 awplus config if access group permitproto8 This example creates a deny access list called denyproto2 that discards all tagged ingress UDP packets protocol 17 on VLAN 12 that are from the 152 12 45 0 16 subnet Then the ACL is assigned to port 27 awplus enable awplus configure terminal awplus config ...

Page 1606: ... from the following options any Matches any IP address ipaddress mask Matches packets that have a source IP address of a subnet or an end node The mask is a decimal number that represents the number of bits in the address from left to right that constitute the network portion of the address For example the subnet address 149 11 11 0 would have a mask of 24 for the twenty four bits of the network s...

Page 1607: ...that constitute the network portion of the address For example the subnet address 149 11 11 0 would have a mask of 24 for the twenty four bits of the network section of the address The IP address and the mask are separated by a slash for example 149 11 11 0 24 host ipaddress Matches packets with a destination IP address and is an alternative to the IPADRESS MASK variable for addresses of specific ...

Page 1608: ...d packets Specify a value between 1 and 4094 You can enter only one VID Mode IP ACL mode Description Use this command to create Named IP ACLs that identify traffic flows based on TCP packets as well as source and destination IP addresses Confirmation Commands SHOW ACCESS LIST on page 1641 and SHOW INTERFACE ACCESS GROUP on page 1643 Examples This example creates a Named IP ACL called permittcp tha...

Page 1609: ...y tcp 152 12 45 0 16 any awplus config ip acl exit awplus config interface port1 0 19 awplus config if access group denytcp This example creates an ACL that discards all untagged ingress packets that have the source and destination TCP port number 150 Then the ACL is assigned to port 6 awplus enable awplus configure terminal awplus config ip access list tcpdeny2 awplus config ip acl deny tcp any e...

Page 1610: ...rom the following options any Matches any IP address ipaddress mask Matches packets that have a source IP address of a subnet or an end node The mask is a decimal number that represents the number of bits in the address from left to right that constitute the network portion of the address For example the subnet address 149 11 11 0 would have a mask of 24 for the twenty four bits of the network sec...

Page 1611: ...that constitute the network portion of the address For example the subnet address 149 11 11 0 would have a mask of 24 for the twenty four bits of the network section of the address The IP address and the mask are separated by a slash for example 149 11 11 0 24 host ipaddress Matches packets with a destination IP address and is an alternative to the IPADRESS MASK variable for addresses of specific ...

Page 1612: ...tagged packets Specify a value between 1 and 4094 You can enter only one VID Mode IP ACL mode Description Use this command to create Named IP ACLs that identify traffic flows based on UDP packets as well as source and destination IP addresses Confirmation Commands SHOW ACCESS LIST on page 1641 and SHOW INTERFACE ACCESS GROUP on page 1643 Examples This example creates a Named IP ACL called denyudp ...

Page 1613: ...p 154 11 234 0 24 range 67 87 154 11 235 0 24 range 67 87 vlan 20 awplus config ip acl exit awplus config interface port1 0 8 awplus config if access group denyudp2 This example creates a deny access list called udpdeny that discards all tagged ingress UDP packets from the 152 12 45 0 16 subnet Then the ACL is assigned to port 1 awplus enable awplus configure terminal awplus config ip access list ...

Page 1614: ...T command before placing filtering conditions on the named IPv6 ACL Use the no version of this command NO IPV6 ACCESS LIST to delete the specified IPv6 ACL Confirmation Command SHOW INTERFACE ACCESS GROUP on page 1643 Examples This example creates an IPv6 ACL named tcp and enters the Configuration IPv6 Access mode awplus enable awplus configure terminal awplus config ipv6 access list tcp awplus co...

Page 1615: ...s the access list should filter Choose from the following options any Matches any IPv6 address ipaddress mask Matches packets that have a source IPv6 address of a subnet or an end node in the X X X X mask format The mask is a decimal number that represents the number of bits in the address from left to right that constitute the network portion of the address The IP address and the mask are separat...

Page 1616: ...rd indicates that the address is of a specific end node and that no mask is required time range Specifies the name of a time range that is created with the TIME RANGE command You must create a time range before entering it as a parameter value See TIME RANGE on page 1646 vid Indicates a VLAN identifier Specify a VLAN if you want the ACL to filter tagged packets Omit a VLAN if you want the ACL to f...

Page 1617: ...ss 2001 0db8 85a3 8a2e 0370 7340 64 Then the ACL icmpdeny2 is assigned to port 3 awplus enable awplus configure terminal awplus config ipv6 access list icmpdeny2 awplus config ipv6 acl deny icmp 2001 0db8 85a3 8a2e 0370 7335 64 2001 0db8 85a3 8a2e 0370 7340 64 awplus config ipv6 acl exit awplus config interface port1 0 3 awplus config_if ipv6 traffic filter icmpdeny2 This example creates an ICMP A...

Page 1618: ... address ipaddress mask Matches packets that have a source IPv6 address of a subnet or an end node in the X X X X mask format The mask is a decimal number that represents the number of bits in the address from left to right that constitute the network portion of the address The IP address and the mask are separated by a slash for example 2001 odb8 a2 64 host ipaddress Matches packets with a source...

Page 1619: ...LAN identifier Specify a VLAN if you want the ACL to filter tagged packets Omit a VLAN if you want the ACL to filter untagged packets Specify a value between 1 and 4094 You can enter only one VID Mode Configuration IPv6 ACL mode Description Use this command to modify an ACL that identify traffic flows based on the source and destination IPv6 addresses of the packets Confirmation Commands SHOW ACCE...

Page 1620: ...nation address fe80 202 b3ff fele 8330 64 on VLAN 3 Then the ACL is assigned to port 3 awplus enable awplus configure terminal awplus config ipv6 access list ipdeny2 awplus config ipv6 acl deny ip fe80 202 b3ff fele 8329 64 fe80 202 b3ff fele 8329 64 vlan 3 awplus config ipv6 acl exit awplus config interface port1 0 3 awplus config_if ipv6 traffic filter ipdeny2 ...

Page 1621: ...1 src_ipaddress Specifies the source IPv6 address of the ingress packets the access list should filter Choose from the following options any Matches any IPv6 address ipaddress mask Matches packets that have a source IPv6 address of a subnet or an end node in the X X X X mask format The mask is a decimal number that represents the number of bits in the address from left to right that constitute the...

Page 1622: ... range before entering it as a parameter value See TIME RANGE on page 1646 vid Indicates a VLAN identifier Specify a VLAN if you want the ACL to filter tagged packets Omit a VLAN if you want the ACL to filter untagged packets Specify a value between 1 and 4094 You can enter only one VID Mode Configuration IPv6 ACL mode Description Use this command to define an ACL that identifies traffic flows bas...

Page 1623: ...ny1 that copies EGP packets from source IPv6 address 2001 0db8 AC10 FE01 64 to IPv6 destination address 2001 0db8 AC10 FE02 64 Then the ACL is assigned to port 22 awplus enable awplus configure terminal awplus config ipv6 access list protodeny1 awplus config ipv6 acl deny proto 8 2001 0db8 AC10 FE01 64 2001 0db8 AC10 FE02 64 awplus config ipv6 acl exit awplus config interface port1 0 22 awplus con...

Page 1624: ...s packets the access list should filter Choose from the following options any Matches any IPv6 address ipaddress mask Matches packets that have a source IPv6 address of a subnet or an end node in the X X X X mask format The mask is a decimal number that represents the number of bits in the address from left to right that constitute the network portion of the address The IP address and the mask are...

Page 1625: ...cimal number that represents the number of bits in the address from left to right that constitute the network portion of the address The IP address and the mask are separated by a slash for example 2001 odb8 a2 64 host ipaddress Matches packets with a destination IPv6 address and is an alternative to the IPADRESS MASK variable for addresses of specific end nodes The HOST keyword indicates that the...

Page 1626: ...filter tagged packets Omit a VLAN if you want the ACL to filter untagged packets Specify a value between 1 and 4094 You can enter only one VID Mode Configuration IPv6 ACL mode Description Use this command to create IPv6 access control lists that filter ingress packets based on TCP port numbers Examples This example creates a TCP based IPv6 ACL list named tcpdeny that denies TCP packets on any sour...

Page 1627: ...ve the source and destination TCP port number 275 Then the ACL is assigned to port 5 awplus enable awplus configure terminal awplus config ipv6 access list tcpdeny2 awplus config ipv6 acl deny tcp any eq 275 any eq 275 awplus config ipv6 acl exit awplus config interface port1 0 5 awplus config_if ipv6 traffic filter tcpdeny2 ...

Page 1628: ...the access list should filter Choose from the following options any Matches any IPv6 address ipaddress mask Matches packets that have a source IPv6 address of a subnet or an end node in the X X X X mask format The mask is a decimal number that represents the number of bits in the address from left to right that constitute the network portion of the address The IP address and the mask are separated...

Page 1629: ...ss from left to right that constitute the network portion of the address The IP address and the mask are separated by a slash for example 2001 odb8 a2 64 host ipaddress Matches packets with a destination IPv6 address and is an alternative to the IPADRESS MASK variable for addresses of specific end nodes The HOST keyword indicates that the address is of a specific end node and that no mask is requi...

Page 1630: ...sed IPv6 ACL list that discards UDP packets from any source IP address and to any destination IP address Then the ACL is assigned to port 6 awplus enable awplus configure terminal awplus config ipv6 access list udpdeny awplus config ipv6 acl deny udp any any awplus config ipv6 acl exit awplus config interface port1 0 6 awplus config_if ipv6 traffic filter udpdeny This example creates a UDP based I...

Page 1631: ...nd are going to the 154 11 234 1 64 network Then the ACL is assigned to port 23 awplus enable awplus configure terminal awplus config ipv6 access list denyudp2 awplus config ip acl deny udp 154 11 234 0 64 range 67 87 154 11 234 1 64 range 67 87 awplus config ipv6 acl exit awplus config interface port1 0 23 awplus config_if ipv6 traffic filter denyudp2 ...

Page 1632: ... TRAFFIC FILTER command Use the no version of this command NO IPV6 TRAFFIC FILTER to remove an IPv6 ACL from a port Confirmation Command SHOW INTERFACE ACCESS GROUP on page 1643 Examples This example adds an IPv6 ACL named tcpdeny to port 20 awplus enable awplus configure terminal awplus config interface port1 0 20 awplus config if ipv6 traffic filter tcpdeny This example adds an IPv6 ACL named pr...

Page 1633: ...rsion of this command NO MAC ACCESS LIST to remove a MAC address ACL from a switch Note If a port is to have both permit and deny ACLs you must add the permit ACLs first because ingress packets are compared against the ACLs in the order in which they are added to a port If you add the deny ACLs before the permit ACLs a port is likely to block traffic you want it to forward Confirmation Command SHO...

Page 1634: ... Use this command to delete ACLs from the switch ACLs must first be removed from their port assignments before they can be deleted For instructions refer to NO ACCESS GROUP on page 1635 and NO MAC ACCESS GROUP on page 1636 Confirmation Command SHOW ACCESS LIST on page 1641 Example This example deletes the access list with the ID number 3015 from the switch awplus enable awplus configure terminal a...

Page 1635: ...se this command to remove ACLs from ports on the switch This command works for all ACLs except for MAC address ACLs which are removed with NO MAC ACCESS GROUP on page 1636 Confirmation Command SHOW INTERFACE ACCESS GROUP on page 1643 Example This example removes the ACL with the ID number 3121 from port 23 awplus enable awplus configure terminal awplus config interface port1 0 23 awplus config if ...

Page 1636: ...me with this command Mode Port Interface mode Description Use this command to remove MAC address ACLs from ports on the switch Confirmation Command SHOW INTERFACE ACCESS GROUP on page 1643 Example This example removes a MAC address ACL with the ID number 4014 from port 16 awplus enable awplus configure terminal awplus config interface port1 0 16 awplus config if no mac access group 4014 awplus con...

Page 1637: ...ending day Monday Tuesday Wednesday Thursday Friday time Indicates the time of day which is expressed in a 24 hour clock and specified in hours minutes seconds The first occurrence of this parameter specifies the starting time The second occurrence of this parameter specifies the ending time Mode Time Range mode Description Use this command to set the date and time range for Access Control List fi...

Page 1638: ...wplus configure terminal awplus config time range awplus config time range periodic Monday 00 00 01 to Thursday 16 00 00 This example sets the date and time range from Monday at 8 am to Wednesday at 7 00 pm awplus enable awplus configure terminal awplus config time range awplus config time range periodic Monday 08 00 00 to Wednesday 19 00 00 ...

Page 1639: ... expressed in a 24 hour clock and specified in hours minutes seconds Mode Time Range mode Description Use this command to set a daily weekday or weekend time range for ACL filtering To remove the date and time range use the NO PERIODIC command Confirmation Command SHOW INTERFACE ACCESS GROUP on page 1643 Examples This example sets the date and time range from 9 am Monday morning to 5 pm Friday eve...

Page 1640: ...awplus configure terminal awplus config time range awplus config time range periodic weekdays 09 00 00 to 17 00 00 This example sets the date and time range from 7 am Saturday morning to 6 pm Sunday evening awplus enable awplus configure terminal awplus config time range awplus config time range periodic weekend 07 00 00 to 18 00 00 ...

Page 1641: ...ed IP ACL Mode Privileged Exec mode Description Use this command to display the configurations of the Numbered IPv4 MAC and Named IPv4 ACLs on the switch If you do not specify an option all three ACL types are displayed To display the Named IPv6 ACLs use the SHOW IPV6 ACCESS LIST commands See SHOW IPV6 ACCESS LIST on page 1644 To display the port assignments of the ACLs refer to SHOW INTERFACE ACC...

Page 1642: ...list Figure 254 SHOW ACCESS LIST Command IP access list 3104 deny 149 87 201 1 mask 255 255 255 0 any MAC access list 4400 permit any any IP access list icmppermit ICMP permit an any time range daily IP access list denytcp TCP deny 149 55 65 0 mask 255 255 255 0 any time range NONE Total number of access lists 4 ...

Page 1643: ...vileged Exec mode Description Use this command to display the port assignments of the ACLs Here is an example of the information Figure 255 SHOW INTERFACE ACCESS GROUP Command Example This example displays the ID numbers of the ACLs assigned to ports 1 and 2 awplus show interface port1 0 1 port1 0 2 access group Interface port1 0 18 access group 3022 access group 3022 Interface port1 0 19 access g...

Page 1644: ...s control list Mode Privileged Exec mode Description Use this command to display the contents of the IPv6 ACLs See Figure 256 for an example of the information Figure 256 SHOW IPV6 ACCESS LIST Command Example This command displays the contents of the IPv6 access list called udp awplus show ipv6 access list udp IPv6 access list udp deny ip any any ...

Page 1645: ...e 1637 and PERIODIC DAILY on page 1639 See Figure 257 for an example of the SHOW TIME RANGE display This display shows that time range t1 has an absolute start immediately effective start time of 9 pm on June 5 2012 and time range t2 has an absolute end immediately effective end time of 3 pm on August 11 2012 Figure 257 SHOW TIME RANGE Command Example This command displays the time settings awplus...

Page 1646: ... are supported by both IP and IPv6 addresses Use the no form of this command NO TIME RANGE to remove a time range Examples This example enters the Configuration Time range mode with a time range called tcp awplus enable awplus configure terminal awplus config time range tcp awplus config time range This example exits the Configuration Time range mode with a time range called udp awplus enable awpl...

Page 1647: ...ap on page 1651 Creating a Policy Map on page 1658 Configuring Default Class Maps on page 1660 Prioritizing CoS and DSCP on page 1661 Creating Single rate and Twin rate Policers on page 1663 Creating an Aggregate Policer on page 1666 Configuring the Egress Queues on page 1669 Enabling Auto QoS Support on the Switch on page 1677 Displaying QoS Settings on page 1690 ...

Page 1648: ...ds once you have defined the traffic that you want to filter you decide what you want to do with that traffic There are three choices you can permit the specified traffic you can deny the specified traffic or you can monitor the specified traffic by copying it to a port mirror The classified traffic in a policy map is denied by default After you have added the desired class maps to a policy map yo...

Page 1649: ... allocated to each egress port By default all queues on all ports are serviced in strict priority order This means that the highest numbered priority queue queue 7 is emptied first When queue 7 is completely empty the next highest priority queue queue 6 is processed This process is continued until you reach queue 0 For a strict priority queue to be processed all higher priority queues must be empt...

Page 1650: ...re you attempt any QoS configuration To enable the QoS feature on the switch do the following Table 192 Enabling QoS on the Switch Command Description awplus enable Enter the Privileged Executive mode from the User Executive mode awplus configure terminal Enter the Global Configuration mode awplus config mls qos enable Enable the QoS feature on the switch ...

Page 1651: ... examples Filtering Incoming Traffic on page 1651 Filtering Procedures on page 1652 Filtering Incoming Traffic After you create a class map you want to filter incoming traffic by placing matching criteria on the class map All of the QoS filtering commands begin with MATCH There are ten commands that allow you to set matching criteria for a class map See Table 194 Table 193 Creating a Class Map Com...

Page 1652: ...ap on page 1656 Adding a TCP Flag to a Class Map on page 1657 Adding a VLAN to a Class Map on page 1657 Adding an Access Control List to a Class Map You can add an Access Control list to a class map by specifying an ACL group name or group number The MATCH ACCESS GROUP command with the group name parameter allows you to add an IPv4 ACL name to a class map The MATCH ACCESS GROUP command with the gr...

Page 1653: ...tive mode from the User Executive mode awplus configure terminal Enters the Global Configuration mode awplus config class map cmap3 Creates a class map cmap3 and enters the Class Map mode awplus config cmap match access group icmppermit Adds the ACL name icmppermit to class map cmap3 Table 196 Adding an ACL Group Number to a Class Map Command Description awplus enable Enters the Privileged Executi...

Page 1654: ... The following example creates a class map cmap7 which matches all traffic with a user priority level equal to 5 Table 197 CoS Traffic Mapping Guidelines User Priority Traffic Types 1 Background 2 Spare 0 Best Effort 3 Excellent Effort 4 Controlled Load 5 Video 100 latency and jitter 6 Voice 10 latency and jitter 7 Network Control Table 198 Adding a CoS Value to a Class Map Command Description awp...

Page 1655: ... cmap2 evaluates all IPv4 packets for a precedence value of 5 Table 199 Adding an DSCP Value to a Class Map Command Description awplus enable Enters the Privileged Executive mode from the User Executive mode awplus configure terminal Enters the Global Configuration mode awplus config class map cmap5 Creates a class map called cmap5 and enters the Class Map mode awplus config cmap match dscp 63 Add...

Page 1656: ...In this example a class map named cmap7 is set to match incoming 802 2 untagged packets and IP frames Table 201 Adding a MAC type to a Class Map Command Description awplus enable Enters the Privileged Executive mode from the User Executive mode awplus configure terminal Enters the Global Configuration mode awplus config class map cmap7 Creates a class map called cmap7 and enters the Class Map mode...

Page 1657: ...s enable Enters the Privileged Executive mode from the User Executive mode awplus configure terminal Enters the Global Configuration mode awplus config class map cmap7 Creates a class map called cmap7 and enters the Class Map mode awplus config cmap match tcp flags ack Add the Acknowledge flag to class map cmap7 awplus config cmap match tcp flags res Add the Reset flag to class map cmap7 Table 204...

Page 1658: ...ICY MAP command See SHOW POLICY MAP on page 1665 Another important aspect of a policy map is that you can assign it to a port You cannot assign a class map directly to a port When you assign a policy map to a port you apply all of the match criterion contained in the class maps to the port You can assign up to 5 class maps to one policy map with the POLICY MAP command For more information about th...

Page 1659: ...Associating a Class Map with a Policy Map Command Description awplus enable Enters the Privileged Executive mode from the User Executive mode awplus configure terminal Enters the Global Configuration mode awplus config policy map pmap1 Creates a policy map called pmap1 and enters the Policy Map Class Configuration mode awplus config pmap class cmap1 Creates a class map called cmap1 and enters the ...

Page 1660: ...llowing settings Permit unspecified traffic This is the default setting Deny unspecified traffic Copy unspecified traffic to the mirrored port You configure the default action of the default class map with the DEFAULT ACTION command For more information about this command see DEFAULT ACTION on page 1602 The following example sets the action of the default class map to deny packets of unclassified ...

Page 1661: ...eue on an egress port use the TRUST DSCP command which is located in the Class Map mode See Table 209 and Table 210 for the default mappings As you can see from the tables the highest egress queue is seven which is assigned the highest CoS or DSCP value Table 209 CoS Default Mapping Egress Queue CoS Value 2 0 0 1 1 2 3 3 4 4 5 5 6 6 7 7 Table 210 DSCP Default Mapping Egress Queue DSCP Value 0 0 7 ...

Page 1662: ...is passed downstream through the network Note If the frame is not set to egress as a tagged frame the CoS value is not an issue because in this case the entire VLAN tag is stripped off the frame The procedure to enable DSCP frames is provided below For more information about these commands see TRUST DSCP on page 1680 This example enables the DSCP queue map lookup for prioritization by setting TRUS...

Page 1663: ...rmation Rate PIR Peak Burst Size PBS If traffic does not conform to the conditions set in the command both the single rate and twin rate policer can either drop or remark traffic There are two commands that allow you create policers POLICE SINGLE RATE ACTION and POLICE TWIN RATE ACTION See Table 212 For more information about these commands see POLICE SINGLE RATE ACTION on page 1651 and POLICE TWI...

Page 1664: ...al Enters the Global Configuration mode awplus config policy map pmap2 Creates a policy map pmap2 and enters the Policy Map Configuration mode awplus config pmap class cmap3 Associates an existing class map cmap3 to the policy map and enters the Policy Map Class Configuration mode awplus config pmap c police single rate 10000 14000 20000 action drop red Configures a single rate meter measuring tra...

Page 1665: ... rate 10000 2000 30000 50000 action policed dscp transmit Configures a twin rate meter requiring traffic to conform to a CIR of 10 000 Kbps a PIR of 20 000 Kbps a CBS of 30 000 bytes and a PBS of 50 000 bytes Table 214 Configuring a Twin rate Policer Continued Command Description ...

Page 1666: ...bytes The action is set to policed dscp transmit which modifies packets using the policed dscp map and then sends the packets Then the aggregate policer name is associated with class maps cmap1 and cmap2 with the POLICE AGGREGATE command Table 215 Aggregate Policer Commands To Do this Task Use this Command Configures a single rate policer for a class map and create a police aggregator mls qos aggr...

Page 1667: ...map1 Creates a policy map pmap1 and enters the Policy Map Configuration mode awplus config pmap class cmap1 Associates an existing class map cmap1 to the policy map and enters the Policy Map Class Configuration mode awplus config pmap c exit Exits the Policy Map Class Configuration mode awplus config pmap class cmap2 Associates an existing class map cmap2 to the policy map and enters the Policy Ma...

Page 1668: ...100 Quality of Service QoS 1668 awplus config pmap c police aggregate policyagg1 Associates an aggregate name policyagg1 with class map cmap2 Table 216 Creating a Police Aggregator Continued Command Description ...

Page 1669: ...egress queues to the Weighted Round Robin WRR scheduling method With this method you define the number of packets transmitted from each queue before going on to the next queue so that each queue has the opportunity to transmit traffic In most instances you give a greater weight to the higher priority queues For example if you enable the WRR method and set the number of packets transmitted from eac...

Page 1670: ...ue 2 by default For more information about these commands see MLS QOS MAP COS QUEUE on page 1634 MLS QOS MAP DSCP QUEUE on page 1636 SET QUEUE on page 1661 Note You cannot set the SET QUEUE command and the SET COS command as policy map actions for the same class map Table 217 Egress Queue Commands To Do this Task Use this Command Maps the CoS value to port egress queues This method requires the TR...

Page 1671: ...plus config cmap exit Exits the Class Map mode awplus config policy map pmap1 Creates a policy map called pmap1 awplus config pmap class trustcos Adds class map trustcos to policy map pmap1 awplus config pmap c exit Exits the Policy Map Class mode awplus config pmap exit Exits the Policy Map mode awplus config interface port1 0 8 Enters the Port Interface mode for port 8 awplus config if service p...

Page 1672: ...enters the Class Map mode awplus config cmap exit Exits the Class Map mode awplus config policy map pmap1 Creates a policy map called pmap1 awplus config pmap class trustdscp Adds class map trustdscp to policy map pmap1 awplus config pmap c trust dscp Trusts DSCP value of ingress IP packets awplus config pmap c exit Exits the Policy Map Class mode awplus config pmap exit Exits the Policy Map mode ...

Page 1673: ...ays the DSCP mapping for port 5 See below Table 219 Setting Egress DSCP Queues Example Continued Command Description Interface port1 0 5 DSCP TO QUEUE MAP Queue 0 DSCP 0 4 6 7 Queue 1 DSCP 8 15 Queue 2 DSCP 16 23 Queue 3 DSCP 24 31 Queue 4 DSCP 32 39 Queue 5 DSCP 40 47 Queue 6 DSCP 48 55 Queue 7 DSCP 5 56 63 ...

Page 1674: ...on limit Table 220 Using the SET QUEUE Command Command Description awplus enable Enters the Privileged Executive mode from the User Executive mode awplus configure terminal Enters the Global Configuration mode awplus config mls qos enable Activates the QoS feature on the switch awplus config class map cmap4 Creates a class map called cmap4 and enters the Class Map mode awplus config cmap exit Exit...

Page 1675: ...imit on Kbits per second that are sent from the specified queue or queues wrr queue egress rate limit bandwidth queues 0 1 2 3 4 5 6 7 Sets the egress scheduling method on the ports to weighted round robin WRR In addition this command specifies the maximum number of packets a port transmits from a queue before moving to the next queue wrr queue weight 0 15 Table 222 Setting Egress Queue Shaping Co...

Page 1676: ...ption COS 0 Queue 2 Number of Egress queues 8 Egress Queue 0 Scheduler Weighted Round Robin Weight 15 Egress Queue 1 Scheduler Weighted Round Robin Weight 14 Egress Queue 2 Scheduler Weighted Round Robin Weight 13 Egress Queue 3 Scheduler Weighted Round Robin Weight 12 Egress Queue 4 Scheduler Weighted Round Robin Weight 11 Egress Queue 5 Scheduler Weighted Round Robin Weight 10 Egress Queue 6 Sch...

Page 1677: ... QoS macros For information about the voice VLAN commands see Chapter 68 Voice VLAN Commands on page 1029 However both Auto QoS configuration and manual QoS configuration can coexist on the switch as long as their settings do not conflict Note The term manual QoS configuration refers to entering the QoS commands individually at the command line See Table 223 for the list of the two commands that a...

Page 1678: ...mands but do not include all of the commands that allow you to go from one command mode to another The commands listed in the following example are executed in the background and may not be seen in the running configuration file Auto QoS Functionality and Voice VLAN Support In the following example VLAN 100 becomes the voice VLAN on port 1 awplus enable awplus configure terminal awplus config inte...

Page 1679: ... 5 awplus config mls qos map cos queue 5 to 7 Maps CoS priority 5 to egress queue 7 awplus config if wrr queue weight 3 3 1 1 2 0 0 0 Assigns a weight to the eight default CoS queues where weight specifies the number of packets a port transmits from a queue before going to the next queue By default the CoS queues start with queue 0 CoS queues 0 and 1 are assigned a weight of 3 CoS queues 2 and 3 a...

Page 1680: ...utoQos Creates a policy map called AutoQoS and enters the Policy Map Configuration mode awplus config pmap class trustdscp Enters the trustdscp class map awplus config if trust dscp Enables class map trustdscp to trust DSCP ingress IP packet header for prioritization awplus config if wrr queue weight 3 3 1 1 12 0 0 0 Assigns a weight to the eight default CoS queues where weight specifies the numbe...

Page 1681: ...icy map called AutoQoS and enters the Policy Map Configuration mode awplus config pmap class trustcos Enters the trustcos class map awplus config mls qos map cos queue 0 to 1 Maps CoS priority 0 to egress queue 1 awplus config mls qos map cos queue 1 to 1 Maps CoS priority 1 to egress queue 1 awplus config mls qos map cos queue 2 to 1 Maps CoS priority 2 to egress queue 1 awplus config mls qos map...

Page 1682: ...CoS queues 2 and 3 are assigned a weight of 1 CoS queue 4 is assigned a weight of 12 CoS queues 5 through 7 are assigned a weight of 0 awplus config if service policy input AutoQos Associates policy map AutoQoS with the given port which in this example is port 1 Table 226 Auto QoS with Trust CoS Functionality Example Continued Command Description Table 227 Auto QoS Trust DSCP Functionality Example...

Page 1683: ...traffic without assigning a voice VLAN to the switch With the AUTO QOS MED command you can create the following scenarios Auto QoS MED Functionality and Voice VLAN Support on page 1684 Auto QoS MED with Trust DSCP Functionality and Voice VLAN Support on page 1685 Auto QoS Functionality on page 1681 Auto QoS with Trust DSCP Functionality on page 1682 For more information about this command see AUTO...

Page 1684: ... 100 Creates a VLAN with a VID of 100 awplus config lldp run Activates LLDP on the switch which allows the switch to transmit and accept LLDP advertisements on its ports awplus config if switchport voice vlan 100 Sets port 1 as a tagged member of voice VLAN 100 awplus config if switchport voice dscp 46 Assigns the DSCP value of 46 to port 1 awplus config if switchport voice vlan priority 5 Assigns...

Page 1685: ...to egress queue 5 awplus config mls qos map cos queue 6 to 5 Maps CoS priority 6 to egress queue 5 awplus config mls qos map cos queue 7 to 5 Maps CoS priority 7 to egress queue 5 awplus config mls qos map cos queue 5 to 7 Maps CoS priority 5 to egress queue 7 awplus config if wrr queue weight 3 3 1 1 12 0 0 0 Assigns a weight to the eight default CoS queues where weight specifies the number of pa...

Page 1686: ...enable Enables the QoS feature on the switch awplus config class map trustdscp Creates a class map called trustdscp awplus config policy map AutoQos Creates a policy map called AutoQoS and enters the Policy Map Configuration mode awplus config pmap class trustdscp Enters the trustdscp class map awplus config pmap c trust dscp Enables class map trustdscp to trust DSCP ingress IP packet headers for ...

Page 1687: ...D network policy TLV to an IP phone which in turn sends its packets using this CoS value awplus config mls qos enable Activates the QoS feature on the switch awplus config class map trustcos Creates a class map called trustcos awplus config policy map AutoQos Creates a policy map called AutoQoS and enters the Policy Map Configuration mode awplus config pmap class trustcos Enters the trustcos class...

Page 1688: ...ugh 7 are assigned a weight of 0 awplus config if service policy input AutoQoS Associates policy map AutoQoS with the given port which in this example is port 1 Table 230 Auto QoS MED Traffic Example Continued Command Description Table 231 Auto QoS MED with Trust DSCP Functionality Example Command Description awplus config lldp run Activates LLDP on the switch which allows the switch to transmit a...

Page 1689: ...s where weight specifies the number of packets a port transmits from a queue before going to the next queue By default the DSCP queues start with queue 0 DSCP queues 0 and 1 are assigned a weight of 3 DSCP queues 2 and 3 are assigned a weight of 1 DSCP queue 4 is assigned a weight of 12 DSCP queues 5 through 7 are assigned a weight of 0 awplus config if service policy input AutoQoS Associates poli...

Page 1690: ... Note To display information about QoS Storm Control see Displaying Port Storm Status on page 1797 Table 232 QoS Display Commands To Do This Task Use This Command Displays the status of the QoS feature show mls qos Displays the contents of a class map when a class map name is specified Without a class map name it displays all class maps configured on the switch show class map class map name Displa...

Page 1691: ...mand in the Privileged Exec mode Here is the command syntax followed by an example display awplus show class map cmap2 See Figure 259 for an example of this command Figure 259 SHOW CLASS MAP Command Displays the mappings of CoS priority values to egress queues of a specified port show mls qos maps cos queue Displays the mappings of DSCP values to egress queues of a specified port show mls qos maps...

Page 1692: ...CER on page 1668 This example displays the contents of the aggregate policer called ap2 awplus show mls qos aggregate policer ap2 Figure 261 SHOW MLS QOS AGGREGATE POLICER Command Displaying QoS Scheduling Information To display the scheduling methods of a port use the SHOW MLS QOS INTERFACE command In addition the assignments of weights to egress queues for weighted round robin scheduling are dis...

Page 1693: ...S QOS MAPS COS QUEUE Command Default CoS 0 Default Queue 2 Number of egress queues 8 Egress Queue 0 Scheduler Strict Priority Weight N A Egress Queue 1 Scheduler Strict Priority Weight N A Egress Queue 2 Scheduler Strict Priority Weight N A Egress Queue 3 Scheduler Strict Priority Weight N A Egress Queue 4 Scheduler Strict Priority Weight N A Egress Queue 5 Scheduler Strict Priority Weight N A Egr...

Page 1694: ... a CoS value of 1 are placed in egress queue 0 and so on For more information about this command see SHOW MLS QOS MAPS COS QUEUE on page 1673 Displaying DSCP to Queue Mappings Use this command to display the mappings of DSCP values to egress queues The syntax of this command is show mls qos maps dscp queue See Figure 264 on page 1695 for an example of this information For more information about th...

Page 1695: ...nd the new DSCP value use the SHOW MLS QOS MAPS POLICED DSCP command You can configure this mapping with the MLS QOS MAPS POLICED DSCP command For more information about this command see MLS QOS MAP POLICED DSCP on page 1638 DSCP TO QUEUE MAP Queue 0 DSCP 0 7 Queue 1 DSCP 8 15 Queue 2 DSCP 16 23 Queue 3 DSCP 24 31 Queue 4 DSCP 32 39 Queue 5 DSCP 40 47 Queue 6 DSCP 48 55 Queue 7 DSCP 56 63 ...

Page 1696: ...ow mls qos maps policed dscp 0 63 See Figure 265 on page 1696 for an example display of the SHOW MLS QOS MAPS POLICED DSCP command For more information about this command see SHOW MLS QOS MAPS POLICED DSCP on page 1677 Figure 265 SHOW MLS QOS MAPS POLICED DSCP Command POLICED DSCP MAP DSCP 5 New DSCP 7 ...

Page 1697: ... page 1707 Global Configuration Creates a class map and enters the Configuration Class Map mode DEFAULT ACTION on page 1708 Policy Map Sets the action for the default class map belonging to a particular policy map DESCRIPTION Policy Map on page 1710 Policy Map Adds a description of the policy map MATCH ACCESS GROUP on page 1712 Class Map Defines a group name as a match criterion for a class map MA...

Page 1698: ...ress queues MLS QOS MAP DSCP QUEUE on page 1740 Global Configuration Maps DSCP priorities to egress queues MLS QOS MAP POLICED DSCP on page 1742 Global Configuration Maps an existing DSCP to a new DSCP value NO AUTO QOS VOICE TRUST DSCP on page 1744 Interface Configuration Disables Auto QoS support for a voice VLAN and specifies CoS or DSCP trusted traffic NO MATCH ACCESS GROUP on page 1746 Class ...

Page 1699: ...e 1767 User Exec and Privileged Exec Displays a Policy map SHOW MLS QOS on page 1769 Privileged Exec Displays the status of QoS SHOW MLS QOS AGGREGRATE POLICER on page 1770 Privileged Exec Displays the aggregate policers assigned on the switch SHOW MLS QOS INTERFACE on page 1772 Privileged Exec Displays the scheduling methods of the ports and for Weighted Round Robin WRR based scheduling the assig...

Page 1700: ...ce Configuration Sets a limit on the amount of traffic that can be transmitted from the specified queues WRR QUEUE WEIGHT on page 1784 Interface Configuration Configures WRR based scheduling on the specified ports Table 233 Quality of Service Commands Continued Command Mode Description ...

Page 1701: ...ress traffic on a port You can also use this command to support either a voice VLAN or specify to trust DSCP Use the no form of this command NO AUTO QOS VOICE TRUST DSCP to disable Auto QoS remove a voice VLAN ID and remove DSCP as trusted ingress traffic See NO AUTO QOS VOICE TRUST DSCP on page 1744 Confirmation Command SHOW RUNNING CONFIG on page 170 Examples In the following example VLAN 100 be...

Page 1702: ... 22 awplus config if auto qos voice 50 trust dscp In the following example VLAN 100 becomes the voice VLAN on port 1 0 15 awplus enable awplus configure terminal awplus config interface port1 0 15 awplus config if auto qos voice 100 In the following example DSCP is trusted on traffic ingressing onto port 1 0 30 awplus enable awplus configure terminal awplus config interface port1 0 30 awplus confi...

Page 1703: ...f CoS ingress traffic on a port You can also use this command to support either a voice VLAN or specify to trust DSCP Use the no form of this command NO AUTO QOS VOICE TRUST DSCP to disable Auto QoS remove a voice VLAN and remove trusted DSCP traffic See NO AUTO QOS VOICE TRUST DSCP on page 1744 Confirmation Command SHOW RUNNING CONFIG on page 170 Examples In the following example VLAN 100 becomes...

Page 1704: ...14 awplus config if auto qos med voice 50 trust dscp In the following example VLAN 100 becomes the voice VLAN on port 1 0 13 awplus enable awplus configure terminal awplus config interface port1 0 13 awplus config if auto qos med voice 100 In the following example DSCP is trusted on traffic ingressing on port 17 awplus enable awplus configure terminal awplus config interface port1 0 17 awplus conf...

Page 1705: ...e the class map To create a class map see CLASS MAP on page 1707 Use the no form of this command NO CLASS to delete an association between a policy map and a class map Confirmation Commands SHOW POLICY MAP on page 1767 SHOW RUNNING CONFIG on page 170 Examples The following example creates a policy map called pmap1 then associates a class map called cmap5 to policy map pmap1 and enters the Policy M...

Page 1706: ...mmands 1706 To delete an association between a class map called cmap5 and policy map called pmap1 do the following awplus enable awplus configure terminal awplus config policy map pmap1 awplus config pmap no class cmap5 ...

Page 1707: ...Map mode Use the no form of this command NO CLASS MAP to delete a class map Confirmation Command SHOW RUNNING CONFIG on page 170 Examples To create a class map called cmap1 and access the Configuration Class map mode do the following awplus enable awplus configure terminal awplus config class map cmap1 awplus config cmap To delete a class map called cmap1 do the following awplus enable awplus conf...

Page 1708: ...ault class map depends on the action configured in the policy map for that specific class map The default action is the action that is applied to any data that does not meet the criteria specified by the applied matching commands such as the commands that start with MATCH within the policy map Use the no form of the command NO DEFAULT ACTION to reset the default action to permit Confirmation Comma...

Page 1709: ...ch Command Line User s Guide 1709 To reset the action for the default class map to permit do the following awplus enable awplus configure terminal awplus config policy map pmap1 awplus config pmap no default action ...

Page 1710: ...ove a description from the specified policy map Confirmation Command SHOW RUNNING CONFIG on page 170 Examples To add a description of VOIP traffic to a policy map called pmap20 do the following awplus enable awplus configure terminal awplus config policy map pmap20 awplus config pmap description VOIP traffic To add a description of Video traffic to a policy map called pmap1 do the following awplus...

Page 1711: ...itch Command Line User s Guide 1711 To remove a description from a policy map called pmap1 do the following awplus enable awplus configure terminal awplus config policy map pmap1 awplus config pmap no description ...

Page 1712: ...ption Use this command to add an access list as a matching criteria to a class map using an ACL group name or group number Only IPv4 ACL access lists are supported by this command Note IPv6 group names are not supported by the MATCH ACCESS GROUP command Before you set the MATCH ACCESS GROUP command you must create an access group with either a group name or group number You may want to consult the...

Page 1713: ...plus config access list icmppermit awplus config ip acl permit icmp any any awplus config ip acl exit awplus config class map cmap1 awplus config cmap match access group icmppermit Table 234 ACCESS LIST Commands for Creating Numbered IPv4 ACLs To Do This Task Use This Command Create Numbered IPv4 ACLs for ICMP packets ACCESS LIST ICMP on page 1573 Create Numbered IPv4 ACLs for source and destinati...

Page 1714: ...s a class map named cmap1 creates a Numbered IPv4 ACL access list 3001 and matches cmap1 to the ACL group number awplus enable awplus configure terminal awplus config access list 3001 permit any any awplus config class map cmap1 awplus config cmap match access group 3001 The following example creates a numbered IPv4 MAC address ACL with a group number of 4025 a class map called cmap1 and matches t...

Page 1715: ...hing criteria to a class map See Table 235 for a summary of guidelines from the IEEE Standard 802 1d on applying priorities to the traffic types Use the no form of this command NO MATCH COS to remove the CoS value from a class map Table 235 CoS Traffic Mapping Guidelines User Priority Traffic Types 1 Background 2 Spare 0 Best Effort 3 Excellent Effort 4 Controlled Load 5 Video 100 latency and jitt...

Page 1716: ... called cmap1 and adds a CoS value of 4 as a matching criteria to the class map awplus enable awplus configure terminal awplus config class map cmap1 awplus config cmap match cos 4 The following example removes the CoS matching criteria from the cmap1 class map awplus enable awplus configure terminal awplus config class map cmap1 awplus config cmap no match cos ...

Page 1717: ...no form of this command NO MATCH DSCP to remove the DSCP value from a class map Confirmation Command SHOW CLASS MAP on page 1766 SHOW RUNNING CONFIG on page 170 Examples The following example creates a class map called cmap1 that matches ingress traffic with a DSCP value of 56 awplus enable awplus configure terminal awplus config class map cmap1 awplus config cmap match dscp 56 The following examp...

Page 1718: ...remove the IP precedence value from a class map Confirmation Commands SHOW CLASS MAP on page 1766 SHOW RUNNING CONFIG on page 170 Examples The following example configures a class map called cmap7 to evaluate all ingress IPv4 packets for a precedence value of 5 awplus enable awplus configure terminal awplus config class map cmap7 awplus config cmap match ip precedence 5 The following example remov...

Page 1719: ...o set the destination MAC type as a matching criteria for a class map Note All three parameters l2bcast l2mcast and l2uncast start with the letter l and the number 2 to represent Layer 2 Use the no form of this command NO MATCH MAC TYPE to remove a MAC type from a class map Confirmation Command SHOW CLASS MAP on page 1766 SHOW RUNNING CONFIG on page 170 Examples The following example sets the clas...

Page 1720: ...Chapter 101 QoS Commands 1720 The following example removes the MAC type from a class map awplus enable awplus configure terminal awplus config class map cmap1 awplus config cmap no match mac type ...

Page 1721: ...ss Map mode Description Use this command to set one Ethernet format and one protocol as a matching criteria for a class map You can also assign one Ethernet format or one protocol to a class map with this command See NO MATCH PROTOCOL on page 1748 for information about how to remove an Ethernet format and protocol from a class map Table 236 Layer Two Ethernet Formats Parameter Description 802dot2 ...

Page 1722: ...0BAD Enter the parameter name or its number bbn simnet Indicates protocol number 5208 Enter the parameter name or its number chaosnet Indicates protocol number 0804 Enter the parameter name or its number dec customer Indicates protocol number 6006 Enter the parameter name or its number dec decnet Indicates protocol number 6003 Enter the parameter name or its number dec diagnostic Indicates protoco...

Page 1723: ...m sna Indicates protocol number 80D5 Enter the parameter name or its number ip Indicates protocol number 0800 Enter the parameter name or its number ipv6 Indicates protocol number 86DD Enter the parameter name or its number ipx Indicates protocol number 8137 Enter the parameter name or its number ipx 802dot2 Indicates protocol number E0 Enter the parameter name or its number ipx 802dot3 Indicates ...

Page 1724: ...g cmap match eth format 802dot2 untagged proway Indicates protocol number 8E Enter the parameter name or its number proway lan Indicates protocol number 0E Enter the parameter name or its number rarp Indicates protocol number 8035 Enter the parameter name or its number sna path control Indicates protocol number 04 Enter the parameter name or its number snmp Indicates protocol number 814C Enter the...

Page 1725: ...Command Line User s Guide 1725 The following example creates a class map called cmap12 and assigns ARP to it awplus enable awplus configure terminal awplus config class map cmap12 awplus config cmap match protocol ar ...

Page 1726: ...ag is a control bit If a packet contains a TCP header it matches the criteria based on the FLAGS field within the header You can only add one TCP flag to a MATCH TCP FLAGS command However you can add multiple MATCH TCP FLAGS commands to the same class map each containing a different TCP flag Multiple commands that apply to the same class map are filtered with an AND operand For example the followi...

Page 1727: ...nfirmation Command SHOW CLASS MAP on page 1766 SHOW RUNNING CONFIG on page 170 Examples The following example sets the class map cmap1 to match packets that contain the Finish TCP flags awplus enable awplus configure terminal awplus config class map cmap1 awplus config cmap match tcp flags fin The following example removes the Urgent TCP flag from class map cmap1 awplus enable awplus configure ter...

Page 1728: ...ATCH VLAN to remove the VLAN ID from the class map Confirmation Command SHOW CLASS MAP on page 1766 SHOW RUNNING CONFIG on page 170 Examples The following example configures a class map called cmap3 to include traffic from VLAN 5 awplus enable awplus configure terminal awplus config class map cmap3 awplus config cmap match vlan 5 The following example disables the configured VLAN ID as a match cri...

Page 1729: ...7 216 bytes ebs Specifies the Excess Burst Size EBS of 0 to 16 777 216 bytes action Specifies the action taken if the rate is exceeded Choose from the following options drop red Drops the red packets policed dscp transmit Modifies the packets using the policed DSCP map and then sends the packets Mode Global Configuration mode Description Use this command to create a single rate aggregate policer f...

Page 1730: ...an select the policed dscp transmit option you must configure the MLS QOS MAP POLICED DSCP command See MLS QOS MAP POLICED DSCP on page 1742 The MLS QOS AGGREGATE POLICE SINGLE RATE command is very similar to the POLICE SINGLE RATE ACTION command However the POLICE SINGLE RATE ACTION command does not permit you to create a police aggregate See POLICE SINGLE RATE ACTION on page 1755 Use the NO MLS ...

Page 1731: ...LICE SINGLE RATE command In addition the CIR is set to 1000 Kbps the CBS is set to 12 000 bytes and the EBS is set to 16 000 bytes The action is set to drop red packets awplus enable awplus configure terminal awplus config mls qos enable awplus config mls qos aggregate police policeagg5 single rate 1000 12000 16000 action drop red awplus config policy map pmap1 awplus config pmap class cmap1 awplu...

Page 1732: ...16 777 216 bytes action Specifies the action taken if the rate is exceeded non conforming traffic Choose from the following options drop red Drops the red packets policed dscp transmit Modifies the packets using the policed DSCP map and then sends the packets Mode Global Configuration mode Description Use this command to configure a twin rate aggregate policer A policer meters the traffic classifi...

Page 1733: ...to create an aggregator which can be later applied to any number of classes with the POLICE AGGREGATE command See POLICE AGGREGATE on page 1753 Use the NO MLS QOS AGGREGATE POLICE command to remove the association between an police aggregator and a policy map See NO MLS QOS AGGREGATE POLICE on page 1750 Confirmation Command SHOW MLS QOS AGGREGRATE POLICER on page 1770 Examples The following exampl...

Page 1734: ...the CIR is set to 1000 Kbps the CBS is set to 12 000 bytes the PIR is 50 000 Kbps and the PBS is set to 17 000 bytes The action is set to drop red packets awplus enable awplus configure terminal awplus config mls qos enable awplus config mls qos aggregate police paggtwin twin rate 1000 12000 50000 17000 action drop red awplus config policy map pmaptwin2 awplus config pmap class cmaptwin7 awplus co...

Page 1735: ...a CoS value of 0 Use the no form of the command NO MLS QOS COS to return the interface to the default CoS setting for untagged frames entering the interface The 802 1p priority value on ingress tagged packets are ignored unless QoS is enabled and CoS is trusted This means by default a priority tagged packet will egress with the same tag value it was received with but the switch will ignore the val...

Page 1736: ...Chapter 101 QoS Commands 1736 The following example sets the CoS priority value to 4 on port 22 awplus enable awplus configure terminal awplus config interface port1 0 22 awplus config if mls qos cos 4 ...

Page 1737: ...l Configuration mode Description Use this command to activate the QoS feature on the switch By default the QoS feature is disabled Confirmation Command SHOW RUNNING CONFIG on page 170 Example This example enables the QoS feature on the switch awplus enable awplus configure terminal awplus config mls qos enable ...

Page 1738: ...rough 7 The lowest priority queue is 0 and the highest queue is 7 You can specify only one queue Mode Global Configuration mode Description Use this command to map CoS values to port egress queues An egress queue can have more than one priority mapped to it but you can assign only one priority at a time with this command For a list of the default mappings between the CoS Priority and Queue see Fig...

Page 1739: ...ble awplus config class map trustcos awplus config cmap exit awplus config policy map pmap1 awplus config pmap class trustcos awplus config pmap exit awplus config interface port1 0 13 awplus config if service policy input pmap1 awplus config if exit awplus config mls qos map cos queue 6 to 7 This example restores the default mappings of the CoS priorities to the egress queues on port 4 awplus ena...

Page 1740: ...e is 7 You can specify only one queue Mode Global Configuration mode Description Use this command to map DSCP values to port egress queues An egress queue can have more than one priority value mapped to it but you can assign only one priority at a time with this command Note QoS must be enabled on the switch and a port must be set to DSCP trust before you can use this command Refer to commands CLA...

Page 1741: ...config cmap exit awplus config policy map pmap1 awplus config pmap class trustdscp awplus config pmap c trust dscp awplus config pmap c exit awplus config pmap exit awplus config interface port1 0 24 awplus config if service policy input pmap1 awplus config if exit awplus config mls qos map dscp queue 46 to 7 This example restores the default mappings of the DSCP priorities to the egress queues on...

Page 1742: ... MLS QOS MAP DSCP QUEUE command to a new DSCP value The map created with this command is used when a policer action is set to policed dscp transmit with the POLICE SINGLE RATE ACTION or POLICE TWIN RATE ACTION commands To remove the new DSCP value use the NO MLS QOS MAP POLICED DSCP command Note This map will be used when a policer action is set to policed dscp transmit Confirmation Command SHOW M...

Page 1743: ...AT 8100 Switch Command Line User s Guide 1743 This example changes the DSCP value from 20 to 44 awplus enable awplus configure terminal awplus config mls qos map policed dscp 20 to 44 ...

Page 1744: ...CP as trusted ingress traffic Remove a voice VLAN ID and remove DSCP as trusted ingress traffic Confirmation Command SHOW RUNNING CONFIG on page 170 Examples In the following example VLAN 100 is removed as a voice VLAN and trust CoS is removed from port 1 0 1 awplus enable awplus configure terminal awplus config if interface port1 0 1 awplus config no auto qos voice 100 In the following example VL...

Page 1745: ...tch Command Line User s Guide 1745 In the following example DSCP is removed as the type of trust awplus enable awplus configure terminal awplus config if interface port1 0 1 awplus config if no auto qos trust dscp ...

Page 1746: ...3699 Specifies the ID number of an access control list for a numbered IPv4 ACL 4000 to 4699 Specifies the ID number of a numbered MAC address IPv4 ACL Mode Class Map mode Description Use this command to remove an ACL group name or group number from a class map Confirmation Command SHOW RUNNING CONFIG on page 170 Examples The following example removes an IPv4 ACL access list called icmppermit from ...

Page 1747: ...nd Line User s Guide 1747 The following example removes group number 4000 from a class map called cmap41 awplus enable awplus configure terminal awplus config class map cmap41 awplus config cmap no match access group 4000 ...

Page 1748: ...hernet protocol For a list of entries see Table 237 on page 1722 Mode Class Map mode Description Use this command to remove an Ethernet format and a protocol as a matching criteria for a class map You can also remove one Ethernet format or one protocol from a class map with this command Confirmation Command SHOW RUNNING CONFIG on page 170 Examples The following example removes an Ethernet format o...

Page 1749: ...ine User s Guide 1749 The following example removes 802 2 tagged packets from a class map called cmap8 awplus enable awplus configure terminal awplus config class map cmap8 awplus config cmap no match eth format 802dot2 tagged ...

Page 1750: ...mmand to remove the association between a class map and a police aggregator You can use this command to remove the association between a class map and a single rate or twin rate police aggregator Example This example remove the association between the class map and the twin rate police aggregator named policyaggtwin awplus enable awplus configure terminal awplus config no mls qos aggregate police ...

Page 1751: ...eters None Mode Global Configuration mode Description Use this command to disable the QoS feature on the switch When QoS is disabled all traffic is treated equally Example This example disables the QoS feature on the switch awplus enable awplus configure terminal awplus config no mls qos enable ...

Page 1752: ... remove the association between a either a single rate aggregate policer or a twin rate aggregate policer and a class map Example This example removes the association between a class map called classname1 and an aggregate policer called singlerate awplus enable awplus configure terminal awplus config policy map pmap2 awplus config pmap class classname1 awplus config pmap c no police singlerate ...

Page 1753: ...E TWIN RATE on page 1732 Use the no form of this command NO POLICE AGGREGATE to remove the association between an aggregate name and a class map See NO POLICE AGGREGATE on page 1752 Examples The following example creates an aggregate name policyagg1 with the MLS QOS AGGREGATE POLICE SINGLE RATE command Then the aggregate name is assigned to class maps cmap1 and cmap2 within policy map pmap1 awplus...

Page 1754: ...class maps cmap7 and cmap13 awplus enable awplus configure terminal awplus config mls qos enable awplus config policy map pmap1 awplus config pmap class cmap7 awplus config pmap c no police aggregate policyagg5 awplus config pmap c exit awplus config pmap class cmap13 awplus config pmap c no police aggregate policyagg5 ...

Page 1755: ... command to configure a single rate policer for a class map A policer can meter the traffic classified by the class map and as a result is given the bandwidth class A single rate policer is based on the average rate minimum burst and maximum burst If the traffic exceeds the average rate and the maximum burst the result is given the bandwidth class red non conforming The setting of the action param...

Page 1756: ...ffic to conform to a CIR of 10 000 Kbps with a CBS of 15 000 bytes that drops traffic bursting over 25 000 bytes awplus enable awplus configure terminal awplus config policy map pmap2 awplus config pmap class classname awplus config pmap c police single rate 10000 15000 25000 action drop red This example configures a single rate policer requiring traffic to conform to a CIR of 9000 Kbps a CBS of 1...

Page 1757: ... 777 216 bytes The suggested minimum is 15 000 bytes action Specifies the action taken if the rate is exceeded Choose from the following options drop red Drops the red packets policed dscp transmit Modifies the packets using the policed DSCP map and then sends the packets Mode Policy Map Class mode Description Use this command to configure a twin rate policer for a class map A policer meters the t...

Page 1758: ... the entire packet is marked red It is important to note that if you assign the action parameter to drop red then these packets are dropped To remove the associate between a twin rate policer and a class map use NO POLICE AGGREGATE on page 1752 Example This example configures a twin rate policer that requires traffic to conform to a CIR of 11 000 Kbps a CBS of 13 000 bytes a PIR of 20 000 Kbps and...

Page 1759: ...allows you to set actions on traffic that meet all of the match criterion contained in the class maps You can also assign a policy map to a port Use the no form of this command NO POLICY MAP to delete an existing policy map Confirmation Command SHOW MLS QOS INTERFACE on page 1772 Examples This example creates a policy map called pmap1 and enters the Policy Map Configuration mode awplus enable awpl...

Page 1760: ...e CoS value of the classified traffic specified Note You cannot use the SET QUEUE command and the SET COS command as policy map actions for the same class map Confirmation Command SHOW RUNNING CONFIG on page 170 Examples The following example creates a policy map called pmap1 then associates class map cmap5 to pmap1 and sets the action to a CoS value of 7 awplus enable awplus configure terminal aw...

Page 1761: ...761 The following example removes the policy map action for class map cmap25 by using the NO SET COS command awplus enable awplus configure terminal awplus config policy map pmap7 awplus config pmap class cmap25 awplus config pmap c no set cos ...

Page 1762: ...specified Confirmation Command SHOW RUNNING CONFIG on page 170 Examples The following example creates a policy map called pmap1 then associates class map cmap5 to pmap1 and sets the action to 46 awplus enable awplus configure terminal awplus config policy map pmap1 awplus config pmap class cmap5 awplus config pmap c set dscp 46 The following example removes the policy map action for class map cmap...

Page 1763: ...icy map Note You cannot use the SET QUEUE command and the SET COS command as policy map actions for the same class map Confirmation Command SHOW RUNNING CONFIG on page 170 Examples The following example sets the egress queue to 6 for traffic classified by class map cmap4 awplus enable awplus configure terminal awplus config mls qos enable awplus config class map cmap4 awplus config cmap exit awplu...

Page 1764: ...64 The following example removes the previously configured egress queue from class map cmap2 awplus enable awplus configure terminal awplus config policy map pmap2 awplus config pmap class cmap2 awplus config pmap c no set queue ...

Page 1765: ...ove the association between the specified policy map and an interface Examples The following example applies policy map pmap1 to port 5 awplus enable awplus configure terminal awplus config interface port1 0 5 awplus config if service policy input pmap1 The following example applies the policy map pmap2 to port 12 awplus enable awplus configure terminal awplus config interface port1 0 12 awplus co...

Page 1766: ...the name of the class map Modes User Exec and Privileged Exec Description Use this command to display a QoS class map See Figure 268 for an example of this command Figure 268 SHOW CLASS MAP Command Example This example displays the class map called cmap1 awplus show class map cmap1 CLASS MAP NAME cmap1 Match IP DSCP 46 ...

Page 1767: ...LICY MAP Command See Table 238 for an explanation of the fields POLICY MAP NAME pmap1 Description video traffic State attached Default class map action permit CLASS MAP NAME cmap1 Set Queue 6 CLASS MAP NAME default POLICY MAP NAME pmaptwin1 Description ip phones State detached Default class map action permit CLASS MAP NAME classmaptwin1 Trust CoS CLASS MAP NAME default Table 238 SHOW POLICY MAP Co...

Page 1768: ...ICY INPUT command to attach or detach a policy to a port See SERVICE POLICY INPUT on page 1765 Default class map action Indicates the action for traffic not matched by any of the class maps associated with a given policy map Set this value with the DEFAULT ACTION command There are three options permit deny and copy to mirror See DEFAULT ACTION on page 1708 CLASS MAP NAME Indicates the class maps t...

Page 1769: ... Exec mode Description Use this command to display the status of the QoS feature By default the QoS feature is disabled See Figure 270 for an example of this command when QoS is enabled Figure 270 SHOW MLS QOS Command Example This example displays the status of the QoS feature awplus show mls qos Qos is enabled ...

Page 1770: ...ays an example of the output of the SHOW MLS QOS AGGREGATE POLICER command Figure 271 SHOW MLS QOS AGGREGATE POLICER See Table 239 on page 1771 for a description of the field listed in Figure 271 Note The definitions for the single rate and twin rate policers are different AGGREGATE POLICER NAME ap1 Policer single rate action drop red average rate 125 kbps minimum burst 125 B maximum burst 1024B A...

Page 1771: ...16 bytes maximum burst Specifies the Excess Burst Size EBS of 0 to 16 777 216 bytes Policer twin rate Indicates the police aggregator is twin rate and was created with the MLS QOS AGGREGATE POLICE TWIN RATE command It contains the following definitions minimum rate Specifies the Committed Information Rate CIR of 1 to 16 000 000 Kbps maximum rate Specifies the Peak Information Rate PIR of 0 to 160 ...

Page 1772: ...weights to egress queues Together Figure 272 and Figure 273 on page 1773 provide an example of a port set to strict priority Figure 272 SHOW MLS QOS INTERFACE Command Strict Priority CoS 0 Queue 2 Number of egress queues 8 Egress Queue 0 Scheduler Strict Priority Weight N A Egress Queue 1 Scheduler Strict Priority Weight N A Egress Queue 2 Scheduler Strict Priority Weight N A Egress Queue 3 Schedu...

Page 1773: ... Strict Priority Weight N A CoS 0 Queue 2 Number of egress queues 8 Egress Queue 0 Scheduler Weighted Round Robin Weight 1 Egress Queue 1 Scheduler Weighted Round Robin Weight 1 Egress Queue 2 Scheduler Weighted Round Robin Weight 5 Egress Queue 3 Scheduler Weighted Round Robin Weight 5 Egress Queue 4 Scheduler Weighted Round Robin Weight 10 Egress Queue 5 Scheduler Weighted Round Robin Weight 10 ...

Page 1774: ...is for untagged frames Queue Specifies the default egress queue for packets that do not have a CoS value that is for untagged frames Number of egress queues Specifies the number of egress queues on the port Each port on the switch has eight queues Egress Queue Specifies the egress queue number Scheduler Specifies the packet scheduling method The possible settings are Strict Priority and Weighted R...

Page 1775: ...ault mapping Figure 275 SHOW MLS QOS MAPS COS QUEUE Command The CoS values in the first line are matched with the egress queue assignments in the second line For example in Figure 275 port 1 packets with CoS 0 are placed in egress queue 2 packets with CoS 1 are placed in egress queue 0 and so on The mappings of CoS priorities and egress queues are set with MLS QOS MAP COS QUEUE on page 1738 Exampl...

Page 1776: ...s qos maps dscp queue Parameters port Specifies the port You can display only one port at a time Mode Privileged Exec mode Description Use this command to display the mappings of DSCP values to port egress queues See Figure 276 on page 1777 for an example of this information ...

Page 1777: ...SCP QUEUE Command The mappings of DSCP value and egress queues are set with MLS QOS MAP DSCP QUEUE on page 1740 DSCP TO QUEUE MAP Queue 0 DSCP 0 7 Queue 1 DSCP 8 15 Queue 2 DSCP 16 23 Queue 3 DSCP 24 31 Queue 4 DSCP 32 39 Queue 5 DSCP 40 47 Queue 6 DSCP 48 55 Queue 7 DSCP 56 63 ...

Page 1778: ...Chapter 101 QoS Commands 1778 Example The following example displays the DSCP mappings awplus show mls qos maps dscp queue ...

Page 1779: ...alue This mapping is set with the MLS QOS MAPS POLICED DSCP command For more information about this command see MLS QOS MAP POLICED DSCP on page 1742 See Figure 277 for an example display of the SHOW MLS QOS MAPS POLICED DSCP command Figure 277 SHOW MLS QOS MAPS POLICED DSCP Command Example The following example displays the mappings between the existing DSCP with a value of 5 and the new DSCP val...

Page 1780: ...a port to trust DSCP frames the CoS value in the VLAN tag field is re marked For example using the default DSCP settings in Table 210 on page 1661 a trust DSCP value of 46 on the ingress port causes it to egress on queue 5 As a result the CoS frame will be re marked to 5 This switch behavior exists so a packet carries both Layer 2 CoS packets and Layer 3 DSCP frames as it is passes downstream thro...

Page 1781: ...plus config pmap class cmap1 awplus config pmap c trust dscp This example removes the DSCP queue map lookup for the prioritization of all traffic classified by a class map named cmap1 awplus enable awplus configure terminal awplus config policy map pmap6 awplus config pmap class cmap1 awplus config pmap c no trust dscp ...

Page 1782: ...o set a limit on the bandwidth on a per egress queue basis that is sent from the specified port queue or queues Each port has a total of eight queues Use the no form of this command NO WRR QUEUE EGRESS RATE LIMIT QUEUE to reset the queue to the default speed of the specified port Confirmation Command SHOW RUNNING CONFIG on page 170 Examples This example sets egress rate limiting on queues 1 2 and ...

Page 1783: ... User s Guide 1783 This example removes egress rate limiting from port 14 awplus enable awplus configure terminal awplus config mls qos enable awplus config if interface port1 0 14 awplus config if no wrr queue egress rate limit ...

Page 1784: ...its from a queue before moving to the next queue Each port has a total of eight queues You may enter multiple queues separated by commas without spaces By default WRR is disabled on a port Figure 278 displays the default WRR queue mapping for a port To display the WRR queue mapping of a specific port use the SHOW MLS QOS INTERFACE command Figure 278 Default Mapping of WRR Queues If you add multipl...

Page 1785: ... awplus config mls qos enable awplus config interface port1 0 3 awplus config if wrr queue weight 15 This example assigns weights in ascending order to queues 0 through 7 of port 12 to WRR with weights of 15 14 13 12 11 10 9 and 8 awplus enable awplus configure terminal awplus config mls qos enable awplus config interface port1 0 12 awplus config if wrr queue weight 15 14 13 12 11 10 9 8 This exam...

Page 1786: ...Chapter 101 QoS Commands 1786 ...

Page 1787: ...llowing topics Overview on page 1788 Enabling Policy Based QSP on page 1791 Setting the Storm Control Action on page 1792 Setting Storm Control Down Time on page 1795 Setting the Storm Control Speed and Sampling Frequency on page 1796 Displaying Port Storm Status on page 1797 ...

Page 1788: ...st traffic and assign it to a policy map before setting the storm control commands For instructions see Creating a Policy Map on page 1658 and Creating a Class Map on page 1651 One example of how the QSP commands work in conjunction with the QoS policies is the method of assigning a policy map to a port This association is accomplished with the SERVICE POLICY INPUT command See Assigning a Policy M...

Page 1789: ...er storm protection should be activated Rate Indicates the amount of traffic per second that must be exceeded before the switch takes the configured action Action Determines which action the switch takes when it detects a storm on a port Downtime Indicates the length of time the port remains disabled after a port has been disabled due to a packet storm Table 242 Policy Based QSP Commands To do thi...

Page 1790: ...nal that a port has been disabled with the SNMP TRAP LINK STATUS command See SNMP TRAP LINK STATUS on page 1178 Sets the frequency in milliseconds that traffic is measured to determine if storm protection is activated storm window 100 6000 Displays the QSP status for the specified port show mls qos interface port storm status Table 242 Policy Based QSP Commands Continued To do this Task Use this C...

Page 1791: ...olicy map called pmap2 Table 243 Enabling the Storm Protection Feature Command Description awplus enable Enters the Privileged Executive mode from the User Executive mode awplus configure terminal Enters the Global Configuration mode awplus config mls qos enable Activates the QoS feature on the switch awplus config policy map pmap2 Creates a policy map called pmap2 and enters the Policy Map mode a...

Page 1792: ...e traffic from the second VLAN The following storm control action examples are provided Disabling a VLAN on page 1792 Disabling a Port on page 1793 Shutting Down a Port on page 1794 For more information about this command see STORM ACTION on page 1802 Disabling a VLAN The following example sets the storm control action to remove port 7 from a VLAN with a VID of 2 when a packet storm occurs A polic...

Page 1793: ...ion Enables the QSP feature awplus config pmap c storm action vlandisable Sets the storm action to remove a port from VLAN 2 awplus config pmap c exit Exits the Policy Map Class mode and enters the Policy Map mode awplus config pmap exit Exits the Policy Map mode and enters the Global Configuration mode awplus config interface port1 0 7 Enters the Port Interface mode for port 7 awplus config if se...

Page 1794: ...n Disabling a Port Continued Command Description Table 246 Setting Storm Control Action Shutting Down a Port Command Description awplus enable Enters the Privileged Executive mode from the User Executive mode awplus configure terminal Enters the Global Configuration mode awplus config mls qos enable Activates the QoS feature on the switch awplus config policy map pmap1 Creates a policy map called ...

Page 1795: ...he Storm Down Time Command Description awplus enable Enters the Privileged Executive mode from the User Executive mode awplus configure terminal Enters the Global Configuration mode awplus config mls qos enable Activates the QoS feature on the switch awplus config policy map pmap7 Creates a policy map called pmap7 and enters the Policy Map mode awplus config pmap class cmap4 Associates an existing...

Page 1796: ...Storm Data Rate and Window Size Command Description awplus enable Enters the Privileged Executive mode from the User Executive mode awplus configure terminal Enters the Global Configuration mode awplus config mls qos enable Activates the QoS feature on the switch awplus config policy map pmap7 Creates a policy map called pmap7 and enters the Policy Map mode awplus config pmap class cmap4 Associate...

Page 1797: ...torm status See Figure 280 for an example of the information displayed by this command For more information about this command see SHOW MLS QOS INTERFACE STORM STATUS on page 1800 Figure 280 SHOW MLS QOS INTERFACE STORM STATUS Command Interface port1 0 12 Storm Protection Enabled Port status Enabled Storm Action vlandisable Storm Window 5000 ms Storm Downtime 15 s Timeout Remaining 0 s Last read d...

Page 1798: ...Chapter 102 QoS Storm Control Protection 1798 ...

Page 1799: ...ified port STORM ACTION on page 1802 Policy Map Class Sets the action to take when triggered by QoS Storm Protection QSP STORM DOWNTIME on page 1804 Policy Map Class Sets the number of seconds before the port is re enabled STORM PROTECTION on page 1805 Policy Map Class Enables the policy based QoS Storm Protection feature STORM RATE on page 1806 Policy Map Class Sets the data rate criteria for tri...

Page 1800: ...re 281 SHOW MLS QOS INTERFACE STORM STATUS Command For an explanation of the fields in Figure 281 see Table 250 Interface port1 0 5 Storm Protection Enabled Port status Enabled Storm Action vlandisable Storm Window 5000 ms Storm Downtime 15 s Timeout Remaining 0 s Last read data rate 0 kbps Storm Rate 1000 kbps Table 250 SHOW MLS QOS INTERFACE STORM STATUS Command Description Field Description Int...

Page 1801: ...ates the frequency that traffic is measured to determine if storm protection is activated The range is from 100 to 6 000 ms Storm Downtime Indicates the time in seconds the port is reenabled after being disabled by the QoS storm protection feature The range is from 1 to 86 400 seconds Timeout Remaining Indicates time in seconds Last read data rate Indicates the most recent data rate in kbps Storm ...

Page 1802: ... QoS Storm Protection QSP All three options disable a port in some way To determine the amount of time that the port is disabled use the STORM DOWNTIME command See STORM DOWNTIME on page 1804 Use the no form of the command NO STORM ACTION to disable the action set by the STORM ACTION command Confirmation Command SHOW MLS QOS INTERFACE STORM STATUS on page 1800 Examples The following example sets t...

Page 1803: ...amed pmap5 and the class map named cmap3 awplus enable awplus configure terminal awplus config mls qos enable awplus config policy map pmap5 awplus config pmap class cmap3 awplus config pmap c storm protection awplus config pmap c no storm action The following example sets the storm protection action to shut down the port assigned to the policy map named pmap5 and the class map named cmap2 awplus ...

Page 1804: ...TUS on page 1800 Examples The following example sets the downtime to 2 minutes awplus enable awplus configure terminal awplus config mls qos enable awplus config policy map pmap2 awplus config pmap class cmap1 awplus config pmap c storm action vlandisable awplus config pmap c storm protection awplus config pmap c storm downtime 120 The following example returns the default downtime to 10 seconds a...

Page 1805: ...US on page 1800 Examples The following example enables the Storm Protection feature on class map cmap1 awplus enable awplus configure terminal awplus config mls qos enable awplus config policy map pmap2 awplus config pmap class cmap1 awplus config pmap c storm action linkdown awplus config pmap c storm protection The following example disables the Storm Protection feature on class map cmap3 awplus...

Page 1806: ...that traffic is sampled As a result you need to set the STORM WINDOW command in conjunction with the STORM RATE command See STORM WINDOW on page 1808 Use the no form of this command NO STORM RATE to remove the data rate criteria Confirmation Command SHOW MLS QOS INTERFACE STORM STATUS on page 1800 Examples The following example sets the data rate to 2000 kbps awplus enable awplus configure termina...

Page 1807: ...es the storm rate setting awplus enable awplus configure terminal awplus config mls qos enable awplus config policy map pmap2 awplus config pmap class cmap1 awplus config pmap c storm action portdisable awplus config pmap c storm protection awplus config pmap c no storm rate ...

Page 1808: ...he STORM RATE command sets the amount of traffic per second before the configured action is taken As a result you need to set the STORM WINDOW command in conjunction with the STORM RATE command See STORM RATE on page 1806 Use the no form of this command NO STORM WINDOW command to disable the setting of the STORM WINDOW command Confirmation Command SHOW MLS QOS INTERFACE STORM STATUS on page 1800 E...

Page 1809: ...rm window setting on class map cmap5 awplus enable awplus configure terminal awplus config mls qos enable awplus config policy map pmap2 awplus config pmap class cmap5 awplus config pmap storm action portdisable awplus config pmap c storm protection awplus config pmap c no storm window ...

Page 1810: ...Chapter 103 QSP Commands 1810 ...

Page 1811: ...lowing chapters Chapter 104 Internet Protocol Version 4 Packet Routing on page 1813 Chapter 105 IPv4 Routing Commands on page 1833 Chapter 106 Routing Information Protocol RIP on page 1851 Chapter 107 Routing Information Protocol RIP Commands on page 1865 ...

Page 1812: ...1812 ...

Page 1813: ...s on page 1815 Static Routes on page 1816 Routing Information Protocol RIP on page 1817 Default Route on page 1819 Routing Table on page 1820 Address Resolution Protocol ARP Table on page 1821 Internet Control Message Protocol ICMP on page 1822 Routing Interfaces and Management Features on page 1824 Example of the Routing Commands on page 1825 ...

Page 1814: ...sion 1 and 2 This routing protocol allows the switch to dynamically learn routes to remote destinations The protocol makes it possible for the RIP routers of a network to dynamically share their routes by advertising their routing tables to each other The switch supports versions 1 and 2 of this routing protocol This feature is explained in Routing Information Protocol RIP on page 1817 This overvi...

Page 1815: ... RIP to pass IPv4 traffic on the switch The switch automatically begins to route IPv4 packets among its local networks in the different VLANs as soon as you have defined two or more routing interfaces Routing interfaces have two components VLAN ID VID IP address and subnet mask VLAN ID VID Routing interfaces are assigned to VLANs The VLANs are identified by their VLAN identification VID numbers or...

Page 1816: ...members of the same network For example if you want to add a static route that has as its next hop the IP address 149 122 35 77 and mask 255 255 255 0 the VLAN where the next hop is located would need a routing interface with an IP address in the 149 122 35 0 network Static routes are available to all of the routing interfaces and VLANs on the switch New static routes become functional immediately...

Page 1817: ...al level is active An active route has at least one active port in the VLAN RIP does not propagate an inactive route where there are no active ports in the VLAN RIP can be added to a maximum of 100 interfaces on the switch and the route table can store up to 1024 dynamic routes Since the interfaces on the switch can route packets among the local networks without the presence of RIP or static route...

Page 1818: ...th TIMERS BASIC on page 1903 The entire table is sent with the following exceptions Dynamic RIP routes that fall under the split horizon rule Inactive interface routes where there are no active ports in the VLAN Note The switch does not support the RIP holddown and flush timers The switch supports the following RIP functions Split horizon Split horizon with poison reverse Autosummarization of rout...

Page 1819: ... one default route The command to create the default route is the IP ROUTE command in the Global Configuration mode This command is also used to create static routes to remote destinations You may use either of the following commands to create the default route ip route 0 0 0 0 0 ipaddress ip route 0 0 0 0 0 0 0 0 ipaddress The IPADDRESS parameter is the IP address of the next hop of the default r...

Page 1820: ...e destination and no default route exists the switch discards the packet and sends an ICMP message to that effect back to the source The switch advertises its routing table every thirty seconds from those VLANs that have RIP The time interval is adjustable with TIMERS BASIC on page 1903 The switch also advertises its routing table and resets the timer to zero whenever there is a change to the tabl...

Page 1821: ...in its ARP table The switch does not send an ARP request if the source and destinations IP addresses are in the same network The switch after receiving the ARP response from the destination node adds the IP address and MAC address of the node to its ARP table and begins to route packets to the device It should be noted that the switch until it receives a response to its ARP request discards all ro...

Page 1822: ...se to an Echo request Destination unreachable 3 This message is sent when the switch drops a packet because it does not have a route to the destination Source Quench 4 The switch sends a Source Quench if it drops a packet due to insufficient internal resources This can happen if the source is sending data too fast to be forwarded Redirect 5 The switch issues a redirect packet to inform a local hos...

Page 1823: ...ceeded 11 The switch sends a Time to live exceeded packet if the value in a packet s TTL field the maximum number of permitted hops is zero This occurs when a route has too many hops for a packet Table 251 ICMP Messages Continued ICMP Packet Type Switch Response ...

Page 1824: ...f the management functions in Table 27 on page 300 but not the IPv4 routing feature assign the switch only one routing interface The switch does not route IPv4 packets if it has only one routing interface You should assign the routing interface to the VLAN from which the switch is to access the management network devices These devices may be members of the VLAN or accessed through routers or Layer...

Page 1825: ...uting interfaces The following series of commands creates a VLAN for the Sales department with the VID 4 and the appropriate ports Table 252 IPv4 Routing Example Company Group VLAN Name VID Network IP Address Subnet Mask IP Routing Interface Address Switch Ports1 Sales Sales 4 149 35 67 0 255 255 255 0 149 35 67 11 U 1 11 T 50 Production Production 5 149 35 68 0 255 255 255 0 149 35 68 24 U 12 20 ...

Page 1826: ...eriods The MASK parameter specifies the subnet mask for the address The mask is a decimal number that represents the number of bits from left to right that constitute the network portion of the address For example the awplus config if vlan 4 name Sales Create the Sales VLAN with the ID 4 awplus config if exit Return to the Global Configuration mode awplus config interface port1 0 1 port1 0 11 port...

Page 1827: ...ng interface 149 35 67 11 in the Sales VLAN awplus config if interface vlan5 Enter the VLAN Interface mode for the Production VLAN with the ID 5 awplus config if ip address 149 35 68 24 24 Create the IP routing interface 149 35 68 24 in the Production VLAN awplus config if interface vlan11 Enter the VLAN Interface mode for the Engineering VLAN with the ID 11 awplus config if ip address 149 35 69 2...

Page 1828: ...stitute the network portion of the address The mask may be entered in IP notation e g 255 255 255 0 or decimal notation e g 24 The IPADDRESS2 parameter specifies the IP address of the next hop to the remote destination network subnet or node This address must be a member of the same network as one of the existing routing interfaces on the switch The ADMIN parameter specifies the administrative dis...

Page 1829: ...e switch can have only one default route All you need to know to create the default route is the IP address of the next hop for the packets For this example assume that the IP address of the next hop is 149 35 68 12 placing the next hop in the Production VLAN ID 5 Here is the command for creating the default route awplus config ip route 0 0 0 0 0 149 35 68 12 ...

Page 1830: ... the format of the command passive network vlanid You identify the interface by its VID number Returning to the example in Table 252 on page 1825 assume that the Inventory VLAN has a RIP neighbor to which the switch is to transmit and receive RIP update packets To activate RIP on the VLAN so that it transmits and receives RIP packets and to include the Inventory network in the advertisements you u...

Page 1831: ...ddress in the RIP update packets awplus config router passive interface vlan4 Configure RIP in VLAN 4 not to send update packets awplus config router network vlan5 Activate RIP on VLAN 5 to include its network address in the RIP update packets awplus config router passive interface vlan5 Configure VLAN 5 not to send RIP update packets awplus config router network vlan11 Activate RIP on VLAN 11 to ...

Page 1832: ...Chapter 104 Internet Protocol Version 4 Packet Routing 1832 ...

Page 1833: ...cription IP ADDRESS on page 1835 VLAN Interface Creates IPv4 routing interfaces with static addresses IP ADDRESS DHCP on page 1837 VLAN Interface Creates IPv4 routing interfaces with dynamic addresses from a DHCP server IP ROUTE on page 1838 Global Configuration Creates static routes to remote destination networks and the default gateway address NO IP ADDRESS on page 1841 VLAN Interface Deletes ro...

Page 1834: ...port IPv6 packet routing but it does support one IPv6 management address For instructions on how to create an IPv6 management address refer to Chapter 13 IPv4 and IPv6 Management Addresses on page 299 and Chapter 14 IPv4 and IPv6 Management Address Commands on page 313 ...

Page 1835: ...t mask for the address The mask is a decimal number that represents the number of bits from left to right that constitute the network portion of the address For example the IPv4 decimal masks 16 and 24 are equivalent to masks 255 255 0 0 and 255 255 255 0 respectively Mode VLAN Interface mode Description Use this command to create IPv4 routing interfaces with static IP addresses You can create onl...

Page 1836: ...ubnet mask 255 255 255 0 awplus enable awplus configure terminal awplus config interface vlan1 awplus config if ip address 142 35 78 21 24 This example creates an IP routing interface with the IP address 116 152 173 45 and subnet mask 255 255 255 0 in a VLAN with the ID 14 awplus enable awplus configure terminal awplus config interface vlan14 awplus config if ip address 116 152 173 45 24 ...

Page 1837: ...command To create routing interfaces that have static addresses refer to IP ADDRESS on page 1835 Confirmation Commands SHOW IP INTERFACE on page 1847 Examples This example creates an IP routing interface in the Default VLAN which has the VID 1 The IP address of the interface is supplied by a DHCP server awplus enable awplus configure terminal awplus config interface vlan1 awplus config if ip addre...

Page 1838: ...ing interfaces on the switch admin Specifies the administrative distance of the route The switch uses the administrative distance to select a route when there is more than one route with the same destination address prefix The lower the administrative distance the higher the route preference The range is 1 to 255 The default for a static route is 1 Mode Global Configuration mode Description Use th...

Page 1839: ...5 255 255 0 to the routing table The next hop of the route is 149 67 87 3 The example specifies the mask in IP notation awplus enable awplus configure terminal awplus config ip route 149 67 101 0 255 255 255 0 149 67 87 3 This example adds the same route but the mask is specified in decimal notation awplus enable awplus configure terminal awplus config ip route 149 67 101 0 24 149 67 87 3 This exa...

Page 1840: ...5 The mask is specified in IP notation awplus enable awplus configure terminal awplus config ip route 0 0 0 0 0 0 0 0 143 87 132 45 This example creates the same default gateway address but the mask is specified in decimal notation awplus enable awplus configure terminal awplus config ip route 0 0 0 0 0 143 87 132 45 ...

Page 1841: ...ide Please review the following guidelines before deleting routing interfaces Deleting a routing interface from a VLAN that has static routes also deletes the static routes Deleting a routing interface from a VLAN that has RIP also deletes RIP from the VLAN If you are remotely managing the switch with Telnet or SSH and delete the routing interface through which you are managing the device your man...

Page 1842: ...IPv4 Routing Commands 1842 Example This example deletes the IPv4 routing interface from the VLAN with the VID 15 awplus enable awplus configure terminal awplus config interface vlan15 awplus config if no ip address ...

Page 1843: ...ase review the following guidelines before deleting routing interfaces Deleting a routing interface from a VLAN that has static routes also deletes the static routes Deleting a routing interface from a VLAN that has RIP also deletes RIP from the VLAN If you are remotely managing the switch with Telnet or SSH and delete the routing interface through which you are managing the device your management...

Page 1844: ...mmands 1844 Example This example deletes the IPv4 routing interface with a dynamic IP address from the VLAN with the VID 3 awplus enable awplus configure terminal awplus config interface vlan3 awplus config if no ip address dhcp ...

Page 1845: ...tation e g 24 ipaddress2 Specifies the IP address of the next hop of the route admin Specifies the administrative distance of the route This parameter is optional Mode Global Configuration mode Description Use this command to delete static routes and the default gateway from the routing table The command to delete the default gateway must include the IP address of the next hop Confirmation Command...

Page 1846: ...45 20 11 132 This example deletes the default route from the switch The mask is entered in IP notation and the next hop is 121 114 17 28 awplus enable awplus configure terminal awplus config no ip route 0 0 0 0 0 0 0 0 121 114 17 28 This example deletes the same default route but the mask is entered in decimal notation awplus enable awplus configure terminal awplus config no ip route 0 0 0 0 0 121...

Page 1847: ...e fields are described in Table 254 Table 254 SHOW IP INTERFACE Command Parameter Description Interface The VID of the VLAN to which the routing interface is assigned IP Address The IP address and mask in decimal notation of the routing interface Status Status of the routing interface Interface IP Address Status Protocol VLAN14 0 123 94 146 34 24 admin up running VLAN25 0 123 94 152 72 24 admin up...

Page 1848: ...Protocol The status of the ports in the VLAN of the routing interface The possible states are listed here Down The ports in the VLAN have not established links to network devices Running The VLAN has at least one port that has established a link to a network device Table 254 SHOW IP INTERFACE Command Continued Parameter Description ...

Page 1849: ...le are described in Table 255 Codes C connected S static R RIP candidate default Gateway of last resort is 149 101 23 28 to network 0 0 0 0 S 0 0 0 0 0 1 0 via 149 101 23 28 vlan28 R 149 101 152 0 24 120 2 via 149 101 23 28 vlan15 00 05 27 R 149 101 201 0 24 120 2 via 149 101 54 109 vlan23 01 38 09 S 149 101 32 0 24 1 0 via 149 101 23 28 vlan15 S 149 101 33 0 24 1 0 via 149 101 23 28 vlan15 S 149 ...

Page 1850: ...d RIP Route Elements in the SHOW IP ROUTE Command Example This example displays the routes on the switch awplus show ip route S Static route to a remote network C Local network of a routing interface Table 255 Route Codes in the SHOW IP ROUTE Command Continued Code Description 149 101 33 0 24 1 0 via 149 101 23 28 vlan15 00 05 27 R Next Hop Remote Network VLAN of Next Hop Administrative Distance M...

Page 1851: ...RIP Version on page 1855 Enabling Authentication on page 1856 Enabling and Disabling Automatic Route Summarization on page 1858 Enabling and Disabling Split Horizon on page 1860 Advertising the Default Route on page 1861 Displaying Routing Information with RIP on page 1862 Adjusting Timers on page 1863 Blocking Routing Updates on an Interface on page 1864 ...

Page 1852: ...col RIP is a distance vector routing protocol which uses hop counts as its metric RIP determines a best route to a remote destination based on the hop count the number of routers which the packet traverses Each hop in a path from source to destination is assigned a hop count value For instance a device that is directly connected to the switch has a hop count of zero The maximum number of hops allo...

Page 1853: ... Switch S2 because two devices do not belong to the same VLAN To connect different networks dynamically you can enable RIP on the switches Figure 285 Enabling RIP Example Table 256 lists the commands to enable RIP and associate a network with the RIP routing process so that a route to the network is advertised In the example when you enable RIP on Switch S1 and associate VLAN 50 interface to the R...

Page 1854: ...router network vlan10 S1 config router network vlan50 The following example enables RIP on Switch S2 so that VLAN interfaces 20 and 50 receive and send RIP packets and the networks that VLANs 20 and 50 belong to are advertised through RIP S2 enable S2 configure terminal S2 config router rip S2 config router network vlan20 S2 config router network vlan50 The following example displays routing infor...

Page 1855: ...on 1 You can specify a RIP version for routing updates to send or to receive using the IP RIP REVCEIVE VERSION and IP RIP SEND VERSION commands These commands override the RIP Version specified by the VERSION command The following example specifies RIP Version 2 for routing updates that VLAN 5 sends and RIP Version 2 for routing updates that VLAN 5 receives awplus enable awplus configure terminal ...

Page 1856: ...e routing interfaces in VLAN 50 are RIP enabled in both receiving and sending RIP Version 2 and VLANs 10 and 20 are associated with RIP using the NETWORK command Figure 286 Enabling Authentication Example To authenticate routing updates set the same password on corresponding routing interfaces When sending a routing update RIP adds the password in the packet When receiving a routing update the swi...

Page 1857: ...nal S1 config interface vlan50 S1 config if ip rip authentication mode md5 S1 config if ip rip authentication string axc222 The following example configures Switch S2 to specify MD5 as the authentication mode and axc222 as the password S2 enable S2 configure terminal S2 config interface vlan50 S2 config if ip rip authentication mode md5 S2 config if ip rip authentication string axc222 ...

Page 1858: ... 1 Assume that you have the networks shown in Figure 287 The routing interfaces in VLAN 50 are RIP enabled in both receiving and sending RIP Version 2 and the networks in VLANs 10 20 and 30 are associated with RIP using the NETWORK command Figure 287 Automatic Summarization Example RIP allows Switch S1 to summarize 10 10 10 0 24 and 10 10 30 0 24 into 10 10 0 0 16 route and advertises the summariz...

Page 1859: ...AT 8100 Switch Command Line User s Guide 1859 The following example enables automatic summarization S1 enable S1 configure terminal S1 config router rip S1 config if auto summary ...

Page 1860: ...bles split horizon awplus enable awplus configure terminal awplus config interface vlan10 awplus config if no ip rip split horizon The following example enables split horizon awplus enable awplus configure terminal awplus config interface vlan10 awplus config if ip rip split horizon The IP RIP SPLIT HORIZON command offers an option This command with the POISONED keyword advertises a route with a m...

Page 1861: ...you time in managing the switches To propagate a default route use the DEFAULT INFORMATION ORIGINATE command in the Routing Configuration mode The following example assigns the switch the default gateway address 192 168 1 1 and adds the route into the routing update to advertise it awplus enable awplus configure terminal awplus config ip route 0 0 0 0 0 0 0 0 192 168 1 1 awplus config router rip a...

Page 1862: ...ormation the command displays Figure 288 SHOW IP RIP Command The columns in Figure 288 are defined in Table 259 on page 1898 Codes R RIP Rc RIP connected Rs RIP static C Connected S Static Network Next hop Metric From If Time Rc 10 10 10 0 24 1 vlan10 Rc 10 10 50 0 24 1 vlan50 C 192 168 99 0 24 1 vlan1 R 192 168 20 0 24 10 10 10 32 10 10 10 3 vlan10 00 00 19 The R indicates that this network entry...

Page 1863: ...ists the parameters of the TIMERS BASIC command The following example sets the switch to transmit routing updates every 20 seconds declare a route invalid after 120 seconds have passed and no updates for the route are received and remove the route from the routing table after an additional 60 seconds have passed awplus enable awplus configure terminal awplus config router rip awplus config router ...

Page 1864: ...routing updates to an interface which does not need routing updates use the PASSIVE INTERFACE command on the interface This command still allows the network in the interface to be advertised to other routing devices The following example advertises the VLAN 20 but blocks the switch from sending routing updates to VLAN 20 awplus enable awplus configure terminal awplus config router rip awplus confi...

Page 1865: ...age 1871 VLAN Interface Specifies the MD5 or plain text authentication mode for an authentication key or password on a routing interface IP RIP RECEIVE PACKET on page 1872 VLAN Interface Enables the VLAN interface to receive routing updates IP RIP RECEIVE VERSION on page 1873 VLAN Interface Specifies the version of routing updates accepted on the VLAN interface IP RIP SEND PACKET on page 1875 VLAN...

Page 1866: ... SEND VERSION on page 1888 VLAN Interface Deletes the version of the routing updates that the routing interface sends out NO IP RIP SPLIT HORIZON on page 1889 VLAN Interface Disables split horizon or split horizon with poison reverse NO NETWORK on page 1890 Routing Configuration Stops the specified network or VLAN from sending and accepting routing updates NO PASSIVE INTERFACE on page 1891 Routing...

Page 1867: ...ge 1899 User Exec and Privileged Exec Displays counters for RIP packets on the switch SHOW IP RIP INTERFACE on page 1901 User Exec and Privileged Exec Displays RIP information about the specified VLAN routing interface TIMERS BASIC on page 1903 Routing Configuration Specifies the update timeout and garbage timers VERSION on page 1905 Routing Configuration Specifies a RIP Version 1 or 2 used by the...

Page 1868: ...date packets By default automatic summarization is enabled For RIP Version 1 automatic summarization is always used and cannot be disabled For RIP Version 2 you can enable and disable automatic summarization Confirmation Command SHOW IP RIP INTERFACE on page 1901 Example The following example enables automatic route summarization in RIP Version 2 awplus enable awplus configure terminal awplus conf...

Page 1869: ...e this command to configure the switch to send its default route to its neighboring routing devices Confirmation Command SHOW RUNNING CONFIG on page 170 Example The following example configures the switch to send its default route from its routing interfaces awplus enable awplus configure terminal awplus config router rip awplus config router default information originate ...

Page 1870: ... command to specify an authentication key or password that the routing interfaces use to authenticate the routing updates You may configure only one routing interface at a time In addition a routing interface must already exist before you can assign it a password Confirmation Command SHOW RUNNING CONFIG on page 170 Example The following example assigns add45wqy as the password to a new routing int...

Page 1871: ...e routing updates that the interfaces send and receive A routing interface and the neighboring routing device must use the same authentication mode and password to accept routing updates You may configure only one routing interface at a time The default is the plain text authentication mode Confirmation Command SHOW RUNNING CONFIG on page 170 Example The following example specifies MD5 authenticat...

Page 1872: ...rfaces to receive routing updates By default the receive packet is enabled You can configure only one routing interface at a time with this command Confirmation Command SHOW RUNNING CONFIG on page 170 Example The following example configures the routing interface in VLAN 3 to accept routing updates awplus enable awplus configure terminal awplus config interface vlan3 awplus config if ip rip receiv...

Page 1873: ...1 2 or both versions Different routing interfaces on the switch may accept different versions of the routing updates You may configure only one routing interface at a time with this command This command overrides the version setting configured with the VERSION command For the description of the VERSION command refer to VERSION on page 1905 Confirmation Command SHOW IP RIP INTERFACE on page 1901 Ex...

Page 1874: ... RIP Commands 1874 The following example configures the routing interface in VLAN 3 to receive both RIP Version 1 and 2 packets awplus enable awplus configure terminal awplus config interface vlan3 awplus config if ip rip receive version 1 2 ...

Page 1875: ...uting interfaces in VLANs to send routing updates You can configure only one routing interface at a time with this command Confirmation Command SHOW RUNNING CONFIG on page 170 Example The following example configures the routing interface in VLAN 3 to send routing updates awplus enable awplus configure terminal awplus config interface vlan3 awplus config if ip rip send packet ...

Page 1876: ...y configure different routing interfaces on the switch to send different versions of the routing updates You can configure only one routing interface at a time with this command This command overrides the version setting configured with the VERSION command For the description of the VERSION command refer to VERSION on page 1905 Confirmation Command SHOW IP RIP INTERFACE on page 1901 Example The fo...

Page 1877: ...P By default split horizon with poison reverse is activated You can configure only one interface at a time with this command Routing updates that are transmitted from a routing interface on which split horizon is activated do not contain any of the routes that were learned on that interface from its neighboring routing device Routing update packets that are transmitted from a routing interface on ...

Page 1878: ...hboring routing device awplus enable awplus configure terminal awplus config interface vlan5 awplus config if ip rip split horizon The following example activates split horizon with poison reverse on the routing interface in VLAN 7 Routes learned on that interface are assigned a hop count of infinity 16 in the routing updates awplus enable awplus configure terminal awplus config interface vlan7 aw...

Page 1879: ...number of a VLAN Mode Router Configuration mode Description Use this command to specify a network or VLAN to allow its interface to send and accept routing updates The connected routes corresponding to the specified network or VLAN are automatically advertised in routing updates By default the interface of a network or VLAN does not send or accept any routing updates Confirmation Command SHOW RUNN...

Page 1880: ...uting Information Protocol RIP Commands 1880 The following example allows VLAN 2 to send and accept routing updates awplus enable awplus configure terminal awplus config router rip awplus config router network vlan2 ...

Page 1881: ... When automatic summarization is disabled subnets are included in the routing updates Automatic summarization cannot be disabled for RIP Version 1 Confirmation Command SHOW IP RIP INTERFACE on page 1901 Example The following example disables automatic summarization for RIP Version 2 awplus enable awplus configure terminal awplus config router rip awplus config router version 2 awplus config router...

Page 1882: ... Router Configuration mode Description Use this command to stop advertising a default route to RIP enabled interfaces Confirmation Command SHOW RUNNING CONFIG on page 170 Example The following example stops advertising a default route awplus enable awplus configure terminal awplus config router rip awplus config router no default information originate ...

Page 1883: ...this command to restore the default value of plain text authentication mode Confirmation Command SHOW RUNNING CONFIG on page 170 Example The following example restores the default value of plain text authentication mode for the routing interface in VLAN 2 awplus enable awplus configure terminal awplus config interface vlan2 awplus config if no ip rip authentication mode ...

Page 1884: ...ode VLAN Interface mode Description Use this command to delete the specified authentication string from a routing interface Confirmation Command SHOW RUNNING CONFIG on page 170 Example The following example deletes the string Secret as the password from the routing interface in VLAN 2 awplus enable awplus configure terminal awplus config interface vlan2 awplus config if no ip rip authentication st...

Page 1885: ...routing interfaces from accepting routing updates By default a routing interface is enabled to receive routing updates Confirmation Command SHOW RUNNING CONFIG on page 170 Example The following example stops the routing interface in VLAN 3 from accepting routing updates awplus enable awplus configure terminal awplus config interface vlan3 awplus config if no ip rip receive packet ...

Page 1886: ...and to delete the version number of the routing updates that the routing interface accepts Confirmation Command SHOW IP RIP INTERFACE on page 1901 Example The following example deletes the version setting for the routing updates that the routing interface in VLAN 3 accepts awplus enable awplus configure terminal awplus config interface vlan3 awplus config if no ip rip receive version ...

Page 1887: ...scription Use this command to stop routing interfaces from sending routing updates Confirmation Command SHOW RUNNING CONFIG on page 170 Example The following example stops the routing interface in VLAN 5 from sending routing updates awplus enable awplus configure terminal awplus config interface vlan5 awplus config if no ip rip send packet ...

Page 1888: ...to delete the version number of the routing updates that the routing interface sends out Confirmation Command SHOW IP RIP INTERFACE on page 1901 Example The following example deletes the version setting for the routing updates that the routing interface in VLAN 4 sends out awplus enable awplus configure terminal awplus config interface vlan4 awplus config if no ip rip send version ...

Page 1889: ...ription Use this command to disable split horizon or split horizon with poison reverse Confirmation Command SHOW RUNNING CONFIG on page 170 SHOW IP RIP INTERFACE on page 1901 Example The following example disables split horizon on VLAN 5 awplus enable awplus configure terminal awplus config interface vlan5 awplus config if no ip rip split horizon ...

Page 1890: ...mple the switch gives an IP address of 10 0 0 0 to a prefix length of 8 vlanid Specifies the ID number of a VLAN Mode Router Configuration mode Description Use this command to remove the specified network or VLAN from the RIP routing process and stop the network or VLAN from sending and receiving routing updates Confirmation Command SHOW IP RIP on page 1897 Example The following example removes VL...

Page 1891: ...iption Use this command to allow the transmission of routing updates to the routing interface in the specified VLAN Confirmation Command SHOW IP RIP on page 1897 Example The following example allows the transmission of routing updates through the routing interface in VLAN 8 awplus enable awplus configure terminal awplus config router rip awplus config router no passive interface vlan8 ...

Page 1892: ... Global Configuration mode Description Use this command to stop the RIP process and erase all existing RIP configurations on the switch Confirmation Command SHOW IP RIP on page 1897 Example The following example exits the Router Configuration mode awplus enable awplus configure terminal awplus config no router rip ...

Page 1893: ...Timeout 180 seconds Garbage 120 seconds Confirmation Command SHOW RUNNING CONFIG on page 170 Example The following example resets the switch to transmit routing updates every 30 seconds declare a route invalid after 180 seconds have passed and no updates from the route are received and remove a route from the routing table after additional 120 seconds have passed awplus enable awplus configure ter...

Page 1894: ...uration mode Description Use this command to reset the RIP version to the default value of Version 2 Confirmation Command SHOW RUNNING CONFIG on page 170 Example The following example restores the default value of RIP Version 2 awplus enable awplus configure terminal awplus config router rip awplus config router no version ...

Page 1895: ...ough the routing interface in the specified VLAN The routing interface in the VLAN does not receive routing updates but the network that the specified VLAN belongs to is still advertised Confirmation Command SHOW IP RIP on page 1897 Example The following example blocks the transmission of routing updates through the routing interface in VLAN 8 awplus enable awplus configure terminal awplus config ...

Page 1896: ...ration mode Description Use this command to enter the Router Configuration mode You must be in the Router Configuration mode to configure RIP Example The following example uses the ROUTER RIP command to enter the Router Configuration mode awplus enable awplus configure terminal awplus config router rip awplus config router ...

Page 1897: ... management IP address and the default gateway on the switch Figure 289 provides an example of this information Figure 289 SHOW IP RIP Command Codes R RIP Rc RIP connected Rs RIP static C Connected S Static Network Next hop Metric From If Time Rc 10 10 10 0 24 1 vlan10 Rc 10 10 50 0 24 1 vlan50 C 192 168 99 0 24 1 vlan1 R 192 168 20 0 24 10 10 10 3 2 10 10 10 3 vlan10 00 00 19 ...

Page 1898: ... destination routing information is obtained R RIP Rc RIP connected Rs RIP static C Connected S Static Network Indicates the IP address and subnet mask of the destination Next Hop Indicates the management IP address of the next hop routing device Metric Indicates the number of routing devices a packet must travel through to reach the destination From Indicates the IP address of the source where th...

Page 1899: ...at the command displays Figure 290 SHOW IP RIP COUNTER Command The fields are described in Table 260 Table 260 SHOW IP RIP COUNTER Command Parameter Description Input Indicates that the counters are for incoming RIP packets inResponses Displays the number of response packets received inRequests Displays the number of request packets received IP RIP Counter Summary Input inResponses 5 inRequests 1 ...

Page 1900: ...ceived when receive is disabled or mismatched sequence number of a triggered acknowledgement Output Indicates that the counters are for outgoing RIP packets outResponses Displays the number of response packets transmitted outReqests Displays the number of request packets transmitted outTrigResposes Displays the number of triggered response packets transmitted outErrors Displays the number of packe...

Page 1901: ...interfaces on the switch Figure 291 provides an example of information that the command displays when you do not specify a parameter Figure 291 SHOW IP RIP INTERFACE Command The fields are described in Table 261 Interface Send Recv Auth Password PoisonReverse AutoSummary vlan2 0 RIP2 BOTH PASS On On vlan5 0 RIP1 BOTH NONE NOT SET Off On vlan8 0 RIP2 BOTH PASS On On Table 261 SHOW IP RIP INTERFACE ...

Page 1902: ...e VLAN routing interface The version value is one of the following RIP1 RIP2 Both Auth Indicates the authentication method The method is one of the following PASS Plain text password MD5 MD5 password NONE Password Indicates the status of the password The indication is one of the following A plain text or MD5 password is set NOT SET PoisonReverse Indicates the status of poison reserve on the VLAN r...

Page 1903: ...on timer in seconds After this interval has elapsed and no updates from a route are received the route is removed from the routing table The range is 5 to 2 147 483 647 seconds The default value is 120 seconds Mode Routing Configuration mode Description Use this command to adjust the timers that RIP uses to minimize disruptions to end users of the network in the situation where quick recovery is n...

Page 1904: ...tes every 20 seconds declare a route invalid after 120 seconds have passed and no updates from the route are received and remove a route from the routing table after additional 60 seconds have passed awplus enable awplus configure terminal awplus config router rip awplus config router timers basic update 20 timeout 120 garbage 60 ...

Page 1905: ...h IP RIP RECEIVE VERSION and IP RIP SEND VERSION commands override the value set by the VERSION command For more information about these commands see IP RIP RECEIVE VERSION on page 1873 and IP RIP SEND VERSION on page 1876 Confirmation Command SHOW RUNNING CONFIG on page 170 SHOW IP RIP INTERFACE on page 1901 Example The following example configures the switch to use RIP Version 1 for routing upda...

Page 1906: ...Chapter 107 Routing Information Protocol RIP Commands 1906 ...

Page 1907: ...es SHOW MEMORY ALLOCATION on page 1912 Privileged Exec Displays the memory allocations used by the processes SHOW MEMORY HISTORY on page 1913 Privileged Exec Displays a graph showing historical memory usage SHOW MEMORY POOLS on page 1914 Privileged Exec Displays a list of memory pools used by the processes SHOW PROCESS on page 1915 Privileged Exec Displays a summary of the current running processe...

Page 1908: ...e processes sleep Sorts the list by the average sleeping times thrds Sorts the list by the number of threads Mode Privileged Exec mode Description Use this command to display a list of running processes with their CPU utilizations Examples This example lists the running processes by ID numbers awplus show cpu This example lists the running processes by runtimes awplus show cpu sort runtime ...

Page 1909: ...Y Syntax show cpu history Parameters None Mode Privileged Exec mode Description Use this command to display graphs of historical CPU utilization on the switch Example This example displays graphs of historical CPU utilization on the switch awplus show cpu history ...

Page 1910: ...u user threads Parameters None Mode Privileged Exec mode Description Use this command to display a list of CPU utilization and the status of the user threads Example This example displays a list of CPU utilization and the status of the user threads awplus show cpu user threads ...

Page 1911: ...y the peak amounts of memory the processes are currently using stk Sorts the list by the stack sizes of the processes Mode Privileged Exec mode Description Use this command to display the memory consumption of each process Examples This example displays the memory consumptions of the processes by ID number awplus show memory This example displays the memory consumptions by size awplus show memory ...

Page 1912: ...ystem process Mode Privileged Exec mode Description Use this command to display the memory allocations used by the processes Examples This example displays the memory allocations used by all the processes awplus show memory allocation This example displays the memory allocation of the INIT process awplus show memory allocation init ...

Page 1913: ...RY HISTORY Syntax show memory history Parameters None Mode Privileged Exec mode Description Use this command to display a graph showing historical memory usage Example This example displays a graph showing historical memory usage awplus show memory history ...

Page 1914: ...OLS Syntax show memory pools Parameters None Mode Privileged Exec mode Description Use this command to display a list of memory pools used by the processes Example This example displays a list of memory pools used by the processes awplus show memory pools ...

Page 1915: ...ory utilization Mode Privileged Exec mode Description Use this command to display a summary of the current running processes Examples This example lists the running processes by ID number awplus show process This example sorts the list by percentage of CPU utilization awplus show process sort mem This example lists the running processes by percentage of memory utilization awplus show process sort ...

Page 1916: ...er Parameters None Modes User Exec mode and Privileged Exec mode Description Use this command to display the serial number of the switch The serial number is also displayed with SHOW SYSTEM on page 173 Example This example displays the serial number of the switch awplus show system serialnumber ...

Page 1917: ...None Mode Privileged Exec mode Description Use this command to display the number of interrupts for each Interrupt Request IRQ used to interrupt input lines on a Programmable Interrupt Controller PIC on the switch Example This example displays the number of interrupts for each IRQ awplus show system interrupts ...

Page 1918: ...he file name tech support followed by a string of numbers and the extension txt After performing the command upload the file from the switch using TFTP or Zmodem and email it to Allied Telesis technical support For instructions on how to upload files from the switch refer to Uploading Files from the Switch with TFTP on page 581 or Uploading Files from the Switch with Zmodem on page 584 Without the...

Page 1919: ...tional commands SHOW ARP SHOW INTERFACE SHOW IP INTERFACE SHOW IPV6 INTERFACE SHOW MAC ADDRESS TABLE Examples This example stores the system information in a file awplus show tech support This example performs the full set of technical support commands and stores the system information in a file awplus show tech support all ...

Page 1920: ...Chapter System Monitoring Commands 1920 ...

Page 1921: ...g Querier on page 1933 Link Layer Discovery Protocol LLDP and LLDP MED on page 1934 MAC Address based Port Security on page 1935 MAC Address Table on page 1936 Management IP Address on page 1937 Manager Account on page 1938 Port Settings on page 1939 RADIUS Client on page 1940 Remote Manager Account Authentication on page 1941 RMON on page 1942 Secure Shell Server on page 1943 sFlow Agent on page ...

Page 1922: ...Appendix B Management Software Default Settings 1922 VLANs on page 1952 Web Server on page 1953 ...

Page 1923: ...AT 8100 Switch Command Line User s Guide 1923 Boot Configuration File The following table lists the name of the default configuration file Boot Configuration File Default Switch boot cfg ...

Page 1924: ...ings 1924 Class of Service The following table lists the default mappings of the IEEE 802 1p priority levels to the egress port priority queues IEEE 802 1p Priority Level Port Priority Queue 0 Q2 1 Q0 lowest 2 Q1 3 Q3 4 Q4 5 Q5 6 Q6 7 Q7 highest ...

Page 1925: ... Console Port The following table lists the default settings for the Console port Note The baud rate is the only adjustable parameter on the port Console Port Setting Default Data Bits 8 Stop Bits 1 Parity None Flow Control None Baud Rate 9600 bps ...

Page 1926: ...r the DHCP relay feature DHCP Relay Setting Default DHCP Relay Status Disabled Insertion of Option 82 Information Disabled DHCP Requests with Option 82 Information and Null IP address in the giaddr Fields Forward Policy for Option 82 Information in Client Packets Replace Maximum Length of Client Requests 576 bytes ...

Page 1927: ...ork Access Control Settings Default Port Access Control Disabled Authentication Method RADIUS EAP Port Roles None Authentication Port 1812 Authenticator Port Setting Default Authentication Mode 802 1x Supplicant Mode Single Port Control Auto Quiet Period 60 seconds TX Period 30 seconds Reauth Enabled Enabled Reauth Period 3600 seconds Supplicant Timeout 30 seconds Server Timeout 30 seconds Max Req...

Page 1928: ...ult settings for RADIUS accounting The following table lists the default settings for supplicant ports RADIUS Accounting Settings Default Status Disabled Port 1813 Supplicant Port Settings Default Auth Period 30 seconds Held Period 60 seconds Max Start 3 User Name none User Password none ...

Page 1929: ...AT 8100 Switch Command Line User s Guide 1929 Enhanced Stacking The following table lists the enhanced stacking default setting Enhanced Stacking Setting Default Switch State Member ...

Page 1930: ...ware Default Settings 1930 GVRP This section provides the default settings for GVRP GVRP Setting Default Status Disabled GIP Status Enabled Join Timer 20 centiseconds Leave Timer 60 centiseconds Leave All Timer 1000 centiseconds ...

Page 1931: ...AT 8100 Switch Command Line User s Guide 1931 Hardware Stacking The following table lists the hardware stacking default setting Hardware Stacking Setting Default Switch ID Number 0 ...

Page 1932: ...llowing table lists the IGMP Snooping default settings IGMP Snooping Setting Default IGMP Snooping Status Disabled Multicast Host Topology Single Host Port Edge Host Router Timeout Interval 260 seconds Maximum IGMP Multicast Groups 64 Multicast Router Ports Mode Auto Detect ...

Page 1933: ...d Line User s Guide 1933 IGMP Snooping Querier The following table lists the IGMP snooping querier default settings IGMP Snooping Querier Setting Default IGMP Snooping Querier Status Disabled IGMP Query Interval 125 seconds ...

Page 1934: ... The following table lists the default settings for LLDP and LLDP MED LLDP an LLDP MED Default Status Disabled Notification Interval 5 seconds Transmit Interval 30 seconds Holdtime Multiplier 4 Reinitialization Delay 2 seconds Transmission Delay Timer 2 seconds Non strict MED TLV Order Check Disabled ...

Page 1935: ...ide 1935 MAC Address based Port Security The following table lists the MAC address based port security default settings MAC Address based Port Security Setting Default Status Disabled Intrusion Action Protect Maximum MAC Addresses No Limit ...

Page 1936: ...dix B Management Software Default Settings 1936 MAC Address Table The following table lists the default setting for the MAC address table MAC Address Table Setting Default MAC Address Aging Time 300 seconds ...

Page 1937: ...e User s Guide 1937 Management IP Address The following table lists the default settings for the management IP address Management IP Address Setting Default Management IP Address 0 0 0 0 Subnet Mask 0 0 0 0 DHCP Client Disabled ...

Page 1938: ... following table lists the manager account default settings Note Login names and passwords are case sensitive Manager Account Setting Default Manager Login Name manager Manager Password friend Console Disconnect Timer Interval 10 minutes Maximum Number of Manager Sessions 3 ...

Page 1939: ...ion MDI MDI X Auto MDI MDIX Threshold Limits for Ingress Packets Disabled Broadcast Multicast or Unknown Unicast Packet Filtering Storm control 33 554 431 packets per second Override Priority No override Head of Line Blocking Threshold 682 cells Backpressure Disabled Backpressure Threshold 7 935 cells Flow Control Send Disabled Flow Control Receive Disabled Flow Control Threshold 7 935 cells Maxim...

Page 1940: ...e RADIUS configuration default settings RADIUS Configuration Setting Default Global Encryption Key ATI Global Server Timeout Period 5 seconds RADIUS Server 1 Configuration 0 0 0 0 RADIUS Server 2 Configuration 0 0 0 0 RADIUS Server 3 Configuration 0 0 0 0 Auth Port 1812 Encryption Key Not Defined ...

Page 1941: ...ide 1941 Remote Manager Account Authentication The following table describes the remote manager account authentication default settings Authentication Setting Default Server based Authentication Disabled Active Authentication Method TACACS ...

Page 1942: ...e following table lists the default settings for RMON collection histories There are no default settings for alarms or events RMON Setting Default History Buckets 50 History Polling Interval 1800 seconds Owner Agent Statistics Groups None Events None Alarms None ...

Page 1943: ...erver The following table lists the SSH default settings Note The SSH port number is not adjustable SSH Setting Default Status Disabled Host Key ID Not Defined Server Key ID Not Defined Server Key Expiry Time 0 hours Login Timeout 180 seconds SSH Port Number 22 ...

Page 1944: ...Settings 1944 sFlow Agent The default settings for the sFlow agent are listed in this table sFlow Agent Setting Default sFlow Agent Status Disabled sFlow Collector IP Address 0 0 0 0 UDP Port 6343 Port Sampling Rate 0 Port Polling Interval 0 ...

Page 1945: ...945 Simple Network Management Protocol SNMPv1 SNMPv2c and SNMPv3 The following table describes the default settings for SNMPv1 SNMPv2c and SNMPv3 SNMP Communities Setting Default SNMP Status Disabled Authentication Failure Trap Status Disabled ...

Page 1946: ...Settings 1946 Simple Network Time Protocol The following table lists the SNTP default settings SNTP Setting Default System Time Sat 01 Jan 2000 00 00 00 SNTP Status Disabled SNTP Server 0 0 0 0 UTC Offset 0 Daylight Savings Time DST Enabled ...

Page 1947: ...tings Rapid Spanning Tree Protocol The following table describes the RSTP default settings Spanning Tree Setting Default Spanning Tree Status Enabled Active Protocol Version RSTP STP Setting Default Bridge Priority 32768 Bridge Hello Time 2 Bridge Forwarding 15 Bridge Max Age 20 Port Cost Automatic Update Port Priority 128 RSTP Setting Default Force Version RSTP Bridge Priority 32768 Bridge Hello ...

Page 1948: ...t Status Disabled BPDU Guard Timeout Interval 300 seconds RSTP Setting Default MSTP Setting Default Force Version MSTP Bridge Priority 32768 Bridge Hello Time 2 Bridge Forwarding 15 Bridge Max Age 20 Edge Port Yes Point to Point Auto Detect Port Cost Automatic Update Port Priority 128 Loop Guard Disabled BPDU Guard Disabled BPDU Guard Timeout Status Disabled BPDU Guard Timeout Interval 300 seconds...

Page 1949: ...AT 8100 Switch Command Line User s Guide 1949 System Name The default setting for the system name is listed in this table System Name Setting Default System Name awplus ...

Page 1950: ...s 1950 TACACS Client The following table lists the TACACS client configuration default settings TACACS Client Configuration Setting Default TAC Server 1 0 0 0 0 TAC Server 2 0 0 0 0 TAC Server 3 0 0 0 0 TAC Global Secret None TAC Timeout 5 seconds ...

Page 1951: ...Line User s Guide 1951 Telnet Server The default settings for the Telnet server are listed in this table Note The Telnet port number is not adjustable Telnet Server Setting Default Telnet Server Enabled Telnet Port Number 23 ...

Page 1952: ...ult Settings 1952 VLANs This section provides the VLAN default settings VLAN Setting Default Default VLAN Name Default_VLAN all ports Management VLAN ID 1 Default_VLAN VLAN Type Port based Member Ports All Ports Ingress Filtering Enabled ...

Page 1953: ...ommand Line User s Guide 1953 Web Server The following table lists the web server default settings Web Server Configuration Setting Default Status Disabled Operating Mode HTTP HTTP Port Number 80 HTTPS Port Number 443 ...

Page 1954: ...Appendix B Management Software Default Settings 1954 ...

Page 1955: ... BOOT CONFIG FILE command 561 BPLIMIT command 208 C CHANNEL GROUP command 760 CLASS command 63 CLASS MAP command 1707 CLASS MAP command 62 CLEAR ARP SECURITY STATISTICS command 644 CLEAR ARP CACHE command 1330 CLEAR IP DHCP SNOOPING BINDING command 645 CLEAR IP DHCP SNOOPING STATISTICS command 647 CLEAR IP IGMP command 610 CLEAR IPV6 NEIGHBORS command 315 CLEAR LLDP STATISTICS command 1264 CLEAR L...

Page 1956: ...NTERFACE PORT command 64 INTERFACE TRUNK command 64 65 INTERFACE VLAN command 65 IP ACCESS LIST IP command 1597 IP ACCESS LIST MAC command 1600 IP ACCESS LIST PROTO command 1603 IP ACCESS LIST TCP command 1606 IP ACCESS LIST UDP command 1610 IP ACCESS LIST command 1593 IP ADDRESS command 303 316 1835 IP ADDRESS DHCP command 318 1837 IP DHCP SNOOPING AGENT OPTION ALLOW UNTRUSTED command 650 IP DHCP...

Page 1957: ...IC command 378 390 MATCH ACCESS GROUP GROUP NAME command 1712 MATCH COS command 1715 MATCH DSCP command 1717 MATCH ETH FORMAT command 1721 MATCH IP PRECEDENCE command 1718 MATCH MAC TYPE command 1719 MATCH PROTOCOL command 1721 MATCH TCP FLAGS commands 1726 MATCH VLAN command 1728 MIRROR command 474 MIRROR INTERFACE command 475 MLS QOS AGGREGATE POLICE SINGLE RATE command 1729 MLS QOS AGGREGATE PO...

Page 1958: ... TLV SELECT command 1237 1239 1240 1249 1252 1293 NO LLDP NOTIFICATIONS command 1295 NO LLDP RUN command 1254 1296 NO LLDP TLV SELECT command 1237 1239 1240 1251 1297 NO LLDP TRANSMIT RECEIVE command 1236 1298 NO LOCATION command 1253 1299 NO LOG BUFFERED command 699 NO LOG CONSOLE command 701 NO LOG HOST command 718 724 NO LOG PERMANENT command 702 NO LOGIN AUTHENTICATION command 1492 1507 NO MAC...

Page 1959: ...TION command 1802 NO STORM CONTROL command 226 NO STORM DOWNTIME command 1804 NO STORM PROTECTION command 1805 NO STORM RATE command 1806 NO STORM WINDOW command 1808 NO SWITCHPORT ACCESS VLAN command 920 926 NO SWITCHPORT BLOCK EGRESS MULTICAST command 536 NO SWITCHPORT BLOCK INGRESS MULTICAST command 537 NO SWITCHPORT PORT SECURITY AGING command 1040 1049 1056 NO SWITCHPORT PORT SECURITY command...

Page 1960: ...ORY command 1909 SHOW CPU USER THREADS command 1910 SHOW CRYPTO CERTIFICATE command 1476 SHOW CRYPTO KEY HOSTKEY command 1436 SHOW DOT1X command 1135 SHOW DOT1X INTERFACE command 1088 1136 SHOW DOT1X STATISTICS INTERFACE command 1089 1137 SHOW DOT1X SUPPLICANT INTERFACE command 1138 SHOW ECOFRIENDLY command 118 SHOW ESTACK command 446 SHOW ESTACK COMMAND SWITCH command 448 SHOW ESTACK REMOTELIST c...

Page 1961: ...NMP SERVER GROUP command 1189 SHOW SNMP SERVER HOST command 1190 SHOW SNMP SERVER USER command 1191 SHOW SNMP SERVER VIEW command 1169 1192 SHOW SPANNING TREE command 802 806 830 838 883 SHOW SPANNING TREE MST command 885 SHOW SPANNING TREE MST CONFIG command 884 SHOW SPANNING TREE MST INSTANCE command 886 SHOW SSH SERVER command 1427 1437 SHOW STACK command 410 SHOW STARTUP CONFIG command 574 SHO...

Page 1962: ...ORT MODE PRIVATE VLAN PROMISCUOUS command 1020 1028 SWITCHPORT MODE TRUNK command 918 935 SWITCHPORT PORT SECURITY AGING command 1040 1056 SWITCHPORT PORT SECURITY command 1042 1055 SWITCHPORT PORT SECURITY MAXIMUM command 1040 1057 SWITCHPORT PORT SECURITY VIOLATION command 1040 1058 SWITCHPORT TRUNK ALLOWED VLAN command 918 921 937 SWITCHPORT TRUNK NATIVE VLAN command 918 940 SWITCHPORT VOICE DS...

Search results

Summary of Contents for AT-8100L/8

Reviews:

Allied AT-8100L/8, User Manual, Page: 1 / 1962

Search results

Summary of Contents for AT-8100L/8

Reviews: