manualshive.com logo in svg

Cisco Small Business 300 1.1 Series, Administration Manual

Share
Download
Cisco Small Business 300 1.1 Series Administration Manual Download Page 601

Quality of Service (QoS) Commands

78-20269-01 Command Line Interface Reference Guide

603

41

 

41.45 security-suite dos syn-attack

Use the security-suite dos syn-attack Interface Configuration mode command to 
rate limit Denial of Service (DoS) SYN attacks. This provides partial blocking of of 
SNY packets (up to the rate that the user specifies).

Use the no form of this command to disable rate limiting.

Syntax

security-suite dos syn-attack 

syn-rate

 {

any | ip-address

 } {

mask

 | /

prefix-length

}

no security-suite dos syn-attack {

any | ip-address

} {

mask

 | /

prefix-length

}

Parameters

syn-rate—Specifies the maximum number of connections per second. 
(Range: 199–1000)

any | ip-address—Specifies the destination IP address. Use any to specify 
all IP addresses.

mask—Specifies the network mask of the destination IP address.

prefix-length—Specifies the number of bits that comprise the destination IP 
address prefix. The prefix length must be preceded by a forward slash (/).

Default Configuration

No rate limit is configured.

If ip-address is unspecified, the default is 255.255.255.255

If prefix-length is unspecified, the default is 32.

Command Mode

Interface Configuration (Ethernet, Port-channel) mode

User Guidelines

For this command to work, 

security-suite enable

 must be enabled both globally 

and for interfaces.

This command rate limits ingress TCP packets with "SYN=1", "ACK=0" and "FIN=0" 
for the specified destination IP addresses.

SYN attack rate limiting is implemented after the security suite rules are applied to 
the packets. The ACL and QoS rules are not applied to those packets.

Summary of Contents for Small Business 300 1.1 Series

Page 1: ...Cisco Small Business 300 1 1 Series Managed Switch Administration Guide CLI GUIDE ...

Page 2: ... privilege 44 do 45 banner login 46 login banner 48 show banner 49 3 Macro Commands 50 macro name 50 macro apply 53 macro description 55 macro global 57 macro global description 58 show parser macro 59 4 RSA and Certificate Commands 62 crypto key generate dsa 62 crypto key generate rsa 62 show crypto key mypubkey 63 crypto certificate generate 64 crypto certificate request 66 crypto certificate im...

Page 3: ... 96 show cpu input rate 96 6 Clock Commands 98 clock set 98 clock source 98 clock timezone 99 clock summer time 100 clock dhcp timezone 102 sntp authentication key 103 sntp authenticate 104 sntp trusted key 105 sntp broadcast client enable 106 sntp unicast client enable 107 sntp server 107 show clock 110 show sntp configuration 111 show sntp status 113 7 Configuration and Image File Commands 115 c...

Page 4: ...ver community 145 snmp server view 148 snmp server group 149 snmp server user 151 snmp server filter 153 snmp server host 154 snmp server engineID remote 156 snmp server enable traps 157 snmp server trap authentication 158 snmp server contact 159 snmp server location 159 snmp server set 160 show snmp 161 show snmp engineID 162 show snmp views 163 show snmp groups 164 show snmp filters 165 show snm...

Page 5: ...methods 192 password 194 enable password 195 username 196 show user accounts 197 passwords complexity enable 198 passwords complexity attributes 200 passwords aging 202 show passwords configuration 203 16 Remote Authentication Dial In User Service RADIUS Commands 205 radius server host 205 radius server key 207 radius server retransmit 208 radius server source ip 209 radius server source ipv6 210 ...

Page 6: ...39 show rmon alarm table 241 show rmon alarm 242 rmon event 244 show rmon events 245 show rmon log 246 rmon table size 247 20 802 1x Commands 249 aaa authentication dot1x 249 dot1x system auth control 250 dot1x port control 250 dot1x reauthentication 252 dot1x timeout reauth period 252 dot1x timeout quiet period 253 dot1x timeout tx period 254 dot1x max req 255 dot1x timeout supp timeout 256 dot1x...

Page 7: ...cast level kbps 291 storm control broadcast level 291 storm control include multicast 293 show storm control 293 22 PHY Diagnostics Commands 295 show cable diagnostics cable length 295 show fiber ports optical transceiver 295 23 Power over Ethernet PoE Commands 298 power inline 298 power inline priority 298 power inline usage threshold 299 power inline traps enable 300 power inline limit 300 power...

Page 8: ... ipv6 forbidden ip address 336 bridge multicast ipv6 source group 337 bridge multicast ipv6 forbidden source group 338 bridge multicast unregistered 340 bridge multicast forward all 341 bridge multicast forbidden forward all 342 mac address table static 343 clear mac address table 344 mac address table aging time 344 port security 345 port security mode 346 port security max 347 show mac address t...

Page 9: ... tree mst cost 379 spanning tree mst configuration 380 instance MST 381 name MST 382 revision MST 382 show MST 383 exit MST 384 abort MST 384 show spanning tree 385 show spanning tree bpdu 401 30 Virtual Local Area Network VLAN Commands 403 vlan database 403 vlan 403 show vlan 404 default vlan vlan 406 show default vlan membership 407 interface vlan 408 interface range vlan 409 name 410 switchport...

Page 10: ...rier version 442 ip igmp robustness 442 ip igmp query interval 443 ip igmp query max response time 444 ip igmp last member query count 445 ip igmp last member query interval 446 ip igmp snooping vlan immediate leave 446 show ip igmp snooping mrouter 447 show ip igmp snooping interface 448 show ip igmp snooping groups 449 32 IPv6 MLD Snooping Commands 451 ipv6 mld snooping Global 451 ipv6 mld snoop...

Page 11: ...Addressing Commands 478 ip address 478 ip address dhcp 479 renew dhcp 481 ip default gateway 482 show ip interface 482 arp 483 arp timeout Global 484 ip arp proxy disable 485 ip proxy arp 486 clear arp cache 486 show arp 487 show arp configuration 488 interface ip 489 ip helper address 490 show ip helper address 491 ip domain name 492 ip name server 493 ip host 494 clear host 495 clear host dhcp 4...

Page 12: ...show ipv6 tunnel 522 38 DHCP Relay Commands 524 ip dhcp relay enable Global 524 ip dhcp relay enable Interface 524 ip dhcp relay address 525 show ip dhcp relay 526 39 IP Routing Protocol Independent Commands 529 ip route 529 show ip route 530 40 ACL Commands 533 ip access list 533 permit IP 534 deny IP 536 ipv6 access list 539 permit IPv6 540 deny IPv6 542 mac access list 544 permit MAC 545 deny M...

Page 13: ...et 579 rate limit VLAN 580 qos wrr queue wrtd 581 show qos wrr queue wrtd 582 show qos interface 583 wrr queue 585 qos wrr queue threshold 586 qos map policed dscp 587 qos map dscp queue 588 qos map dscp dp 589 qos trust Global 590 qos trust Interface 591 qos cos 592 qos dscp mutation 592 qos map dscp mutation 593 show qos map 594 clear qos statistics 595 qos statistics policer 596 qos statistics ...

Page 14: ...unk refresh 631 macro auto resume 632 macro auto persistent 633 macro auto smartport type 634 macro auto processing cdp 636 macro auto processing lldp 637 macro auto processing type 638 macro auto user smartport macro 639 macro auto built in parameters 640 show macro auto processing 641 show macro auto smart macros 642 show macro auto ports 643 smartport switchport trunk allowed vlan 645 smartport...

Page 15: ...ocal tlvs overloading 670 show lldp local 671 show lldp statistics 673 show lldp neighbors 674 45 CDP Commands 681 cdp run 681 cdp enable 682 cdp pdu 682 cdp advertise v2 683 cdp appliance tlv enable 684 cdp mandatory tlvs validation 685 cdp source interface 686 cdp log mismatch duplex 686 cdp log mismatch voip 687 cdp log mismatch native 688 cdp device id format 689 cdp timer 689 cdp holdtime 690...

Page 16: ...own unique console prompt and set of CLI commands Entering a question mark at the console prompt displays a list of available commands for the current mode and for the level of the user Specific commands are used to switch from one mode to another User EXEC Mode Users with level 1 initially log into User EXEC mode User EXEC mode is used for tasks that do not change the configuration such as perfor...

Page 17: ...command level of 7 or 15 can access this mode To enter this mode from User EXEC mode follow these steps STEP 1 At the prompt enter the enable command and press Enter A password prompt is displayed STEP 2 Enter the password to go the next level and press Enter For security purposes each character in the password is replaced by The Privileged EXEC mode prompt consisting of the Switch host name follo...

Page 18: ... Console config Use any of the following commands to return from Global Configuration mode to the Privileged EXEC mode exit end Ctrl Z The following example shows how to access Global Configuration mode and return to Privileged EXEC mode Interface or Line Configuration Modes Various submodes may be entered from Global Configuration mode These submodes enable performing commands on a group of inter...

Page 19: ...e The vlan database Global Configuration mode command is used to enter the VLAN Database Interface Configuration mode Management Access List Contains commands used to define management access lists The management access list Global Configuration mode command is used to enter the Management Access List Configuration mode Port Channel Contains commands used to configure port channels for example ass...

Page 20: ...cess the web GUI Level 15 Users with this level can run all commands Only users at this level can access the web GUI A system administrator user with level 15 can create passwords that allow a lower level user to temporarily become a higher level user For example the user may go from level 1 to level 7 level 1 to 15 or level 7 to level 15 The passwords for each level are set by an administrator us...

Page 21: ...rds assigned to user level 7 and user level 15 must be configured on the external server and associated with the enable7 and enable15 user names respectively See the Authentication Authorization and Accounting AAA Commands chapter for details Console configure Console conf enable password level 7 level7 abc Console conf enable password level 15 level15 abc Console conf Console Console username joh...

Page 22: ... using CLI commands The switch has a defined IP address Corresponding management access is granted There is an IP path such that the computer and the switch can reach each other Using HyperTerminal over the Console Interface NOTE When using HyperTerminal with Microsoft Windows 2000 ensure that Windows 2000 Service Pack 2 or later is installed on your computer The arrow keys will not function prope...

Page 23: ...onnection Select an icon for the application then click OK STEP 4 Select a port to communicate with the switch Select COM1 or COM2 STEP 5 Set the serial port settings then click OK STEP 6 When the Command Line Interface appears enter admin at the User Name prompt and press Enter Figure 2 Command Line User Name Prompt The console prompt is displayed This prompt is where you enter CLI commands Figur...

Page 24: ...network To establish a telnet session from the command prompt perform the following steps STEP 1 Click Start then select All Programs Accessories Command Prompt to open a command prompt Figure 4 Start All Programs Accessories Command Prompt STEP 2 At the prompt enter telnet 1 IP address of switch then press Enter Figure 5 Command Prompt STEP 3 The Command Line Interface will be displayed ...

Page 25: ...nd to request help is There are two instances where help information can be displayed Keyword lookup The character is entered in place of a command A list of all valid commands and corresponding help messages are is displayed Partial keyword lookup If a command is incomplete and or the character is entered in place of a parameter the matched keyword or parameters for this command are displayed To ...

Page 26: ...uration to the default value This Reference Guide provides a description of the negation effect for each CLI command Command Completion If the command entered is incomplete invalid or has missing or invalid parameters then the appropriate error message is displayed This assists in entering the correct command By pressing Tab after an incomplete command is entered the system will attempt to identif...

Page 27: ...devices Fast Ethernet 10 100 bits This can be written as FastEthernet or fa Gigabit Ethernet ports 10 100 1000 bits This can be written either Gigabit Ethernet or gi or GE LAG Port Channel This can be written as either Port Channel or po VLAN This is written as VLAN Tunnel This is written as tunnel or tu Number of interface Number of port LAG tunnel or VLAN The syntax for this is port type port nu...

Page 28: ... tunnel number vlan first vlan id last vlan id A sample of this command is shown in the example below Interface List A combination of interface types can be specified in the interface range command in the following format range list interface range range list interface range Up to five ranges can be included console configure console config interface GigabitEthernet 1 console config interface GE 1...

Page 29: ...cribes the CLI shortcuts console configure cconsole config if interface range gi1 5 vlan 1 2 Keyboard Key Description Up arrow Recalls commands from the history buffer beginning with the most recent command Repeat the key sequence to recall successively older commands Down arrow Returns the most recent commands from the history buffer after recalling commands with the up arrow key Repeating the ke...

Page 30: ...curly brackets indicate a selection of compulsory parameters separated the character One option must be selected For example flowcontrol auto on off means that for the flowcontrol command either auto on or off must be selected parameter Italic text indicates a parameter press key Names of keys to be pressed are shown in bold Ctrl F4 Keys separated by the character are to be pressed simultaneously ...

Page 31: ...mmand performs a system reboot In Layer 2 mode the switch forwards packets as a VLAN aware bridge In Layer 3 mode the switch performs both IPv4 routing and VLAN aware bridging If Layer 2 mode is selected a single IP address is supported on the default VLAN The user also must configure a default gateway If Layer 3 mode is selected the user can manage the device on any IP interface configured on the...

Page 32: ... privilege level Parameters privilege level Specifies the privilege level at which to enter the system Range 1 7 15 Default Configuration The default privilege level is 15 Command Mode EXEC mode Example The following example enters privilege level 7 Console enable 7 enter password Console Accepted The following example enters privilege level 15 Console enable enter password Console Accepted ...

Page 33: ...privilege level to the specified privileged level If privilege level is left blank the level is reduce to 1 Default Configuration The default privilege level is 1 Command Mode Privileged EXEC mode Example The following example returns the user to user level 7 Console disable 7 Console 2 3 login The login EXEC mode command enables changing the user that is logged in When this command is logged in t...

Page 34: ... username admin Console login User Name admin Password Console 2 4 configure The configure Privileged EXEC mode command enters the Global Configuration mode Syntax configure terminal Parameters terminal Enter the Global Configuration mode with or without the keyword terminal Command Mode Privileged EXEC mode Example The following example enters Global Configuration mode Console configure Console c...

Page 35: ...rchy Syntax exit Parameters N A Default Configuration N A Command Mode All commands in configuration modes Examples The following examples change the configuration mode from Interface Configuration mode to Privileged EXEC mode Console config if exit Console config exit 2 6 exit EXEC The exit EXEC mode command closes an active terminal session by logging off the device Syntax exit Parameters N A ...

Page 36: ... active terminal session Console exit 2 7 end The end command ends the current configuration session and returns to the Privileged EXEC mode Syntax end Parameters N A Default Configuration N A Command Mode All configuration modes Example The following example ends the Global Configuration mode session and returns to the Privileged EXEC mode Console config end Console ...

Page 37: ...es the currently entered incomplete command the help list is empty This indicates that there is no command matching the input as it currently appears If the request is within a command press the Backspace key and erase the entered characters to a point where the request results in a match Help is provided when 1 There is a valid command and a help request is made for entering a parameter or argume...

Page 38: ...ion mode User Guidelines This command enables saving user entered commands for a specified line You can return to previous lines by using the up or down arrows The following are related commands Use the terminal history size EXEC mode command to enable or disable this command for the current terminal session Use the history size Line Configuration mode command to set the number of commands that ar...

Page 39: ...efault Configuration The default command history buffer size is 10 commands Command Mode Line Configuration mode User Guidelines This command configures the command history buffer size for a particular line Use the terminal history size EXEC mode command to configure the command history buffer size for the current terminal session The allocated command history buffer is per terminal user and is ta...

Page 40: ... mode command Command Mode EXEC mode User Guidelines The command enables the command history for the current session The default is determined by the history Line Configuration mode command Example The following example disables the command history function for the current terminal session Console terminal no history 2 12 terminal history size The terminal history size EXEC mode command changes th...

Page 41: ...mand changes the command history buffer size for the current terminal session Use the history Line Configuration mode command to change the default history buffer size The maximum number of commands in all buffers is 207 Example The following example sets the command history buffer size to 20 commands for the current terminal session Console terminal history size 20 2 13 terminal datadump The term...

Page 42: ...terminal datadump command enables dumping all output immediately after entering the show command by removing the pause The width is currently not limited previously the limit was 77 chars and the width of the line being printed on the terminal is based on the terminal itself This command is relevant only for the current session Example The following example dumps all output immediately after enter...

Page 43: ...rning from configuration modes Example The following example displays all the commands entered while in the current Privileged EXEC mode Console show version SW version 3 131 date 23 Jul 2005 time 17 34 19 HW version 1 0 0 Console show clock 15 29 03 Jun 17 2005 Console show history show version show clock show history 3 commands were logged buffer size is 10 2 15 show privilege The show privilege...

Page 44: ...nt privilege level is 15 2 16 do The do command executes an EXEC level command from Global Configuration mode or any configuration submode Syntax do command Parameters command Specifies the EXEC level command to execute Command Mode All configuration modes Example The following example executes the show vlan Privileged EXEC mode command from Global Configuration mode Example Console Config do show...

Page 45: ...s applied automatically on all the CLI interfaces Console Telnet and SSH and also on the WEB GUI Use the no form of this command to delete the existing login banner Syntax banner login d message text d no banner login Parameters d Delimiting character of user s choice a pound sign for example You cannot use the delimiting character in the banner message message text Message text The message must s...

Page 46: ...wing example sets a Login banner that uses tokens The percent sign is used as a delimiting character Note that the token syntax is replaced by the corresponding configuration variable Device config banner login Enter TEXT message End with the character You have entered hostname domain Token Information displayed in the banner hostname Displays the host name for the device domain Displays the domai...

Page 47: ...le the display of login banners Use the no form of this command to disable the display of login banners Syntax login banner no login banner Parameters N A Default Configuration Enabled Command Mode Line Configuration mode Example console configure console config line console console config line login banner console config line exit console config line telnet console config line login banner consol...

Page 48: ...9 2 2 19 show banner Use the show banner commands in EXEC mode to display the banners that have been defined Syntax show banner login Parameters N A Command Mode EXEC mode Examples console show banner login Banner Login Line SSH Enabled Line Telnet Enabled Line Console Enabled ...

Page 49: ...ides the previously defined one Use the no form of this command to delete the macro definition Syntax macro name macro name no macro name macro name Parameters macro name Name of the macro Macro names are case sensitive Default Configuration The command has no default setting Command Mode Global Configuration mode User Guidelines A macro is a script that contains CLI commands and is assigned a nam...

Page 50: ...d1 description_string keyword2 description_string keyword3 description_string Parameters keyword A keyword must be prefixed with description string description of the keyword macro keywords This preprocessor command accepts up to 3 keywords The command creates a CLI help string with the keywords for the macro The help string will be displayed if help on the macro is requested from the macro apply ...

Page 51: ...igures the duplex mode and speed of a port Switch config macro name dup Enter macro commands one per line End with the character macro description dup no negotiation duplex full negotiation Example 2 The following example shows how to create the same macro as in Example 1 but in this example the macro has the parameters DUPLEX and SPEED When the macro is run the values of DUPLEX and SPEED must be ...

Page 52: ...y trace Interface Configuration command to either Apply a macro to an interface without displaying the actions being performed Apply a macro to the interface while displaying the actions being performed Syntax macro apply trace macro name parameter name1 value parameter name2 value parameter name3 value Parameters apply Apply a macro to the specific interface trace Apply and trace a macro to the s...

Page 53: ...have defined these with the macro keywords preprocessor command Parameter keyword matching is case sensitive All matching occurrences of the parameter are replaced with the provided value Any full match of a keyword even if it is part of a large string is considered a match and replaced by the corresponding value When you apply a macro to an interface the switch automatically generates a macro des...

Page 54: ... macro description Use the macro description Interface Configuration mode command to append a description for example a macro name to the macro history of an interface Use the no form of this command to clear the macro history of an interface When the macro is applied to an interface the switch automatically generates a macro description command with the macro name As a result the name of the macr...

Page 55: ...ering the show parser macro description privileged EXEC mode command Example Switch config interface gi2 Switch config if macro apply dup Switch config if end Switch config interface gi3 Switch config if macro apply duplex DUPLEX full SPEED 100 Switch config if end Switch show parser macro description Interface Macro Description gi2 dup gi3 duplex Switch config interface gi2 Switch config if no ma...

Page 56: ...ced with the corresponding value Default Configuration The command has no default setting Command Mode Global Configuration mode User Guidelines You can use the macro global trace macro name Global Configuration mode command to apply and show the macros running on the switch or to debug the macro in order to locate any syntax or configuration errors If a command fails because of a syntax error or ...

Page 57: ...display the global macro history using the show parser macro description command Example The following is an example of a macro being defined and then applied to the switch with the trace option Switch config macro name console timeout Enter macro commands one per line End with the character line console exec timeout timeout interval Switch config macro global trace console timeout timeout interva...

Page 58: ...Examples Switch conf macro global description set console timeout interval 3 6 show parser macro Use the show parser macro User EXEC mode command to display the parameters for all configured macros or for one macro on the switch Syntax show parser macro brief description interface interface id name macro name Parameters brief Display the name of all macros description interface interface id Displa...

Page 59: ...k state failures output truncated Macro name cisco desktop Macro type default interface macro keywords AVID Basic interface Enable data VLAN only Recommended value for access vlan AVID should not be 1 switchport access vlan AVID switchport mode access output truncated description interface Example 2 This is an example of output from the show parser macro name command Switch show parser macro stand...

Page 60: ...default global cisco global default interface cisco desktop default interface cisco phone default interface cisco switch default interface cisco router customizable snmp Example 4 This is an example of output from the show parser macro description command Switch show parser macro description Global Macro s cisco global This is an example of output from the show parser macro description interface c...

Page 61: ...one public DSA key and one private DSA key If the device already has DSA keys a warning is displayed with a prompt to replace the existing keys with new keys This command is not saved in the router configuration However the keys generated by this command are saved in the private configuration which is never displayed to the user or backed up to another device Example The following example generate...

Page 62: ...ith new keys This command is not saved in the router configuration however the keys generated by this command are saved in the private configuration which is never displayed to the user or backed up to another device Example The following example generates RSA key pairs Console config crypto key generate rsa 4 3 show crypto key mypubkey The show crypto key mypubkey Privileged EXEC mode command dis...

Page 63: ...ificate generate Global Configuration mode command generates a self signed certificate for HTTPS Syntax crypto certificate number generate key generate length passphrase string cn common name ou organization unit or organization loc location st state cu country duration days Parameters number Specifies the certificate number Range 1 2 key generate Regenerates SSL RSA key length Specifies the SSL s...

Page 64: ...address when the certificate is generated or to the device s lowest static IPv4 address if there is no static IPv6 address or to 0 0 0 0 if there is no static IP address If duration days is not specified it defaults to 365 days Command Mode Global Configuration mode User Guidelines This command is not saved in the router configuration However the certificate and keys generated by this command are ...

Page 65: ...h 1 64 characters loc location Specifies the location or city name Length 1 64 characters st state Specifies the state or province name Length 1 64 characters cu country Specifies the country name Length 2 characters Command Mode Privileged EXEC mode User Guidelines Use this command to export a certificate request to a Certification Authority The certificate request is generated in Base64 encoded ...

Page 66: ...nUUenbfHp igVPmFM 1nbqTDekb2ymCu6K aKvEbVLF9F2LmM7VPjDBb9bb4jnxkvwW wzDLvW2rsy5NPmH1QVl 8Ubx3GyCm oW93BSOFwxwEsP58kf sPYPy 8wwmoNtDwIDAQABoB8wHQYJKoZIhvcNAQkH MRDjEyMwgICCAgICAICAgIMA0GCSqGSIb3DQEBBAUAA4GBAGb8UgIx7rB05m 2 m5ZZPhIwl8ARSPXwhVdJexFjbnmvcacqjPG8pIiRV6LkxryGF2bVU3jKEipcZa g uNpyTkDt3ZVU72pjz fa8TF0n3 END CERTIFICATE REQUEST CN router gm com 0 General Motors C US 4 6 crypto certificate ...

Page 67: ...r displayed to the user or backed up to another device Example The following example imports a certificate signed by Certification Authority for HTTPS Console config crypto certificate 1 import BEGIN CERTIFICATE dHmUgUm9vdCBDZXJ0aWZpZXIwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAp4HS nnH xQSGA2ffkRBwU2XIxb7n8VPsTm1xyJ1t11a1GaqchfMqqe0kmfhcoHSWr yf1FpD0MWOTgDAwIDAQABo4IBojCCAZ4wEwYJKwYBBAGCNxQCBAYeBABDAEEw Cw...

Page 68: ...mple The following example displays SSL certificate 1 present on the device Console show crypto certificate mycertificate 1 BEGIN CERTIFICATE dHmUgUm9vdCBDZXJ0aWZpZXIwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAp4HS nnH xQSGA2ffkRBwU2XIxb7n8VPsTm1xyJ1t11a1GaqchfMqqe0kmfhcoHSWr yf1FpD0MWOTgDAwIDAQABo4IBojCCAZ4wEwYJKwYBBAGCNxQCBAYeBABDAEEw CwR0PBAQDAgFGMA8GA1UdEwEB wQFMAMBAf8wHQYDVR0OBBYEFAf4MT9BRD47 ZvKBAEL9Gg...

Page 69: ...RSA and Certificate Commands 78 20269 01 Command Line Interface Reference Guide 70 4 Finger print DC789788 DC88A988 127897BC BB789788 ...

Page 70: ...v6 address Unicast or Multicast IPv6 address to ping When the IPv6 address is a Link Local address IPv6Z address the outgoing interface name must be specified Refer to the User Guidelines of this command for the interface name syntax hostname Hostname to ping 160 characters Maximum label size 63 size packet_size Number of bytes in the packet not including the VLAN tag The default is 64 bytes IPv4 ...

Page 71: ...decimal number decimal number 0 1 2 3 4 5 6 7 8 9 physical port name Designated port number for example gi1 If the physical port name 0 then it is not defined and the default interface is used When using the ping ipv6 command to check network connectivity of a directly attached host using its link local address the egress interface may be specified in the IPv6Z format If the egress interface is no...

Page 72: ...tes from 10 1 1 1 icmp_seq 3 time 7 ms 10 1 1 1 PING Statistics 4 packets transmitted 4 packets received 0 packet loss round trip ms min avg max 7 8 11 Example 3 Ping an IPv6 address console ping ipv6 3003 11 Pinging 3003 11 with 64 bytes of data 64 bytes from 3003 11 icmp_seq 1 time 0 ms 64 bytes from 3003 11 icmp_seq 2 time 50 ms 64 bytes from 3003 11 icmp_seq 3 time 0 ms 64 bytes from 3003 11 i...

Page 73: ...me 70 ms 64 bytes from 3003 55 icmp_sq 4 time 1050 ms FF02 1 PING Statistics 4 packets transmitted 12 packets received 5 2 traceroute To display the routes that packets will take when traveling to their destination use the traceroute EXEC mode command Syntax traceroute ip ipv4 address hostname size packet_size ttl max ttl count packet_count timeout time_out source ip address tos tos traceroute ipv...

Page 74: ... default Range Valid IP address tos tos The Type Of Service byte in the IP Header of the packet Range 0 255 Default Usage N A Command Mode EXEC mode User Guidelines The traceroute command works by taking advantage of the error messages generated by routers when a datagram exceeds its time to live TTL value The traceroute command starts by sending probe datagrams with a TTL value of one This causes...

Page 75: ...ilene QSV POS calren2 net 198 32 249 162 1 msec 1 msec 1 msec 5 kscyng snvang abilene ucaid edu 198 32 8 103 33 msec 35 msec 35 msec 6 iplsng kscyng abilene ucaid edu 198 32 8 80 47 msec 45 msec 45 msec 7 so 0 2 0x1 aa1 mich net 192 122 183 9 56 msec 53 msec 54 msec 8 atm1 0x24 michnet8 mich net 198 108 23 82 56 msec 56 msec 57 msec 9 10 A ARB3 LSA NG c SEB umnet umich edu 141 211 5 22 58 msec 58m...

Page 76: ...6 hostname Specifies the destination host name Length 1 160 characters Maximum label length 63 characters port Specifies the decimal TCP port number or one of the keywords listed in the Ports table in the User Guidelines Field Description The probe timed out Unknown packet type A Administratively unreachable Usually this output indicates that an access list is blocking traffic F Fragmentation requ...

Page 77: ...ol functions to operating system specific functions To enter a Telnet sequence press the escape sequence keys Ctrl shift 6 followed by a Telnet command character Special Telnet Sequences At any time during an active Telnet session available Telnet commands can be listed by pressing the help keys at the system prompt A sample of this list follows Console help Special telnet escape help B sends teln...

Page 78: ...s to remote hosts that were opened by the current Telnet session to the local device It does not list Telnet connections to remote hosts that were opened by other Telnet sessions Keywords Table Ports Table Options Description echo Enables local echo quiet Prevents onscreen display of all messages from the software source interfac e Specifies the source interface stream Turns on stream processing w...

Page 79: ...P data connections 20 gopher Gopher 70 hostname NIC hostname server 101 ident Ident Protocol 113 irc Internet Relay Chat 194 klogin Kerberos login 543 kshell Kerberos shell 544 login Login 513 lpd Printer service 515 nntp Network News Transport Protocol 119 pim auto r p PIM Auto RP 496 pop2 Post Office Protocol v2 109 pop3 Post Office Protocol v3 110 smtp Simple Mail Transport Protocol 25 sunrpc S...

Page 80: ...ching to another open Telnet session Syntax resume connection Parameters connection Specifies the connection number Range 1 4 connections Default Configuration The default connection number is that of the most recent connection Command Mode EXEC mode syslog Syslog 514 tacacs TAC Access Control System 49 talk Talk 517 telnet Telnet 23 time Time 37 uucp Unix to Unix Copy Program 540 whois Nickname 4...

Page 81: ...ng host name Syntax hostname name no hostname Parameters Name Specifies the device host name Length 1 63 The hostname must start with a letter end with a letter or digit and have as interior characters only letters digits and hyphens Default Configuration No host name is defined Command Mode Global Configuration mode Example The following example specifies the device host name as enterprise Consol...

Page 82: ...oad This command will reset the whole system and disconnect your current session Do you want to continue y n n 5 7 service cpu utilization The service cpu utilization Global Configuration mode command enables measuring CPU utilization Use the no form of this command to restore the default configuration Syntax service cpu utilization no service cpu utilization Parameters N A Default Configuration M...

Page 83: ...le enables measuring CPU utilization Console config service cpu utilization 5 8 show cpu utilization The show cpu utilization Privileged EXEC mode command displays information about CPU utilization Syntax show cpu utilization Parameters N A Default Usage N A Command Mode Privileged EXEC mode User Guidelines Use the show cpu utilization command to enable measuring CPU utilization Example The follow...

Page 84: ... Console show cpu utilization CPU utilization service is on CPU utilization five seconds 5 one minute 3 five minutes 3 5 9 show users The show users EXEC mode command displays information about the active users Syntax show users Parameters N A Default Usage N A Command Mode EXEC mode ...

Page 85: ...how sessions Parameters N A Default Usage N A Command Mode EXEC mode User Guidelines The show sessions command displays Telnet sessions to remote hosts opened by the current Telnet session to the local device It does not display Telnet sessions to remote hosts opened by other Telnet sessions to the local device Console show users Username Bob John Robert Betty Sam Protocol Serial SSH HTTP Telnet L...

Page 86: ...on Syntax show system Parameters There are no parameters for this command Command Mode EXEC mode Console show sessions Connection 1 2 Host Remote router 172 16 1 2 Address 172 16 1 1 172 16 1 2 Port 23 23 Byte 89 8 Field Description Connection The connection number Host The remote host to which the device is connected through a Telnet session Address The remote host IP address Port The Telnet TCP ...

Page 87: ...port Gigabit Managed Switch System Up Time days hour min sec 03 02 27 46 System Contact System Name switch151400 System Location System MAC Address 00 24 ab 15 14 00 System Object ID 1 3 6 1 4 1 9 6 1 83 20 1 5 12 show version The show version EXEC mode command displays system version information Syntax show version Parameters N A Default Usage N A Command Mode EXEC mode Example The following exam...

Page 88: ...5 EXEC mode command to display external MD5 digest of firmware Syntax show version md5 Parameters N A Default Usage N A Command Mode EXEC mode Example show version md5 Filename Status MD5 Digest image1 Active 23FA000012857D8855AABC7577AB5562 image2 Not Active 23FA000012857D8855AABEA7451265456 boot 23FA000012857D8855AABC7577AB8999 mage1 Not Active 23FA000012857D8855AABC757FE693844 image2 Active 23F...

Page 89: ...o system resources routing Parameters routes Specifies the maximum number of remote networks in the routing table hosts Specifies the maximum number of directly attached hosts interfaces Specifies the maximum number of IP interfaces Default Configuration Hosts 2 100 default 100 Routes 1 32 default 32 IP Interfaces 2 32 default 32 Command Mode Global Configuration mode User Guidelines The settings ...

Page 90: ...s information The values in the Current Value column show what resources are currently available The values in the After Reboot Value column show what resources will be available after reboot as a result of system resources routing command Console show system resources routing Parameters Current Value After Reboot Value Hosts 100 100 Routes 32 32 IP Interfaces 32 32 Example 2 The following example...

Page 91: ...system mode router switch Parameters router Specifies that the device functions as a switch router switch Specifies that the device functions as a switch Default Configuration The default configuration is switch mode Layer 2 Command Mode Privileged EXEC mode User Guidelines After executing the command the Startup Configuration file is deleted and the device is rebooted It is highly recommended to ...

Page 92: ...control Syntax show system mode Parameters N A Default Usage N A Command Mode EXEC mode Example The following example displays system mode information Console show system mode Feature State Mode Router Qos Active Policy based vlans Active 5 18 show system languages The show system languages EXEC mode command displays the list of supported languages Syntax show system languages ...

Page 93: ...ions indicates the number of languages permitted on the device Console show system languages Language Name Unicode Name Code Num of Sections English English en US 2 Japanese µùѵ F P ja JP 2 5 19 show system tcam utilization The show system tcam utilization EXEC mode command displays the Ternary Content Addressable Memory TCAM utilization Syntax show system tcam utilization Parameters N A Default ...

Page 94: ...es Syntax show services tcp udp Parameters N A Command Mode Privileged EXEC mode User Guidelines The output does not show sessions where the device is a TCP UDP client Examples Console show services tcp udp Type Local IP Address Remote IP address Service Name State TCP All 22 SSH LISTEN TCP All 23 Telnet LISTEN TCP All 80 HTTP LISTEN TCP All 443 HTTPS LISTEN TCP 172 16 1 1 23 172 16 1 18 8789 Teln...

Page 95: ...mmand displays the system identity information Syntax show system id Parameters There are no parameters for this command Command Mode EXEC mode Example The following example displays the system identity information Console show system id serial number 114 5 22 show cpu input rate The show cpu input rate EXEC mode command displays the rate of input frames to the CPU in packets per seconds pps Synta...

Page 96: ...agement Commands 78 20269 01 Command Line Interface Reference Guide 97 5 User Guidelines Example The following example displays CPU input rate information Console show cpu input rate Input Rate to CPU is 1030 pps ...

Page 97: ...onth Range 1 31 month Specifies the current month using the first three letters of the month name Range Jan Dec year Specifies the current year Range 2000 2037 Command Mode Privileged EXEC mode User Guidelines It is recommended that the user enter the local clock time and date Example The following example sets the system time to 13 32 00 on March 7th 2005 Console clock set 13 32 00 7 Mar 2005 6 2...

Page 98: ... time source for the system clock Console config clock source sntp 6 3 clock timezone Use the clock timezone Global Configuration command to set the time zone for display purposes Use the no form of this command to set the time to Coordinated Universal Time UTC or Greenwich Mean Time GMT which is the same Syntax clock timezone zone hours offset minutes offset no clock timezone Parameters zone The ...

Page 99: ...ck summer time Global Configuration command to configure the system to automatically switch to summer time Daylight Saving Time Use the no form of this command to configure the software not to automatically switch to summer time Syntax clock summer time zone recurring usa eu week day month hh mm week day month hh mm offset clock summer time zone date day month year hh mm date month year hh mm offs...

Page 100: ... year no abbreviation Range 2000 2097 hh mm Time military format in hours and minutes Range hh mmhh 0 23 mm 0 59 offset Number of minutes to add during summer time default is 60 Range 1440 Default Configuration Summer time is disabled Command Mode Global Configuration mode User Guidelines In both the date and recurring forms of the command the first part of the command specifies when summer time b...

Page 101: ...ich Mean Time GMT Example console config clock summer time abc date apr 1 2010 09 00 aug 2 2010 09 00 6 5 clock dhcp timezone Use the clock dhcp timezone Global Configuration command to specify that the timezone and the Summer Time Daylight Saving Time of the system can be taken from the DHCP Timezone option Use the no form of this command disable this option Syntax clock dhcp timezone no clock dh...

Page 102: ... the dynamic Time Zone and Summer Time from the DHCP server are cleared In case of multiple DHCP enabled interfaces the last accepted DHCP Time Zone option overrides any previous DHCP Time Zone option This means that the last accepted DHCP Time Zone option overrides the previous Time Zone and the Summer Time even if it includes only one of them Disabling the DHCP client from where the DHCP TimeZon...

Page 103: ...uthentication key 8 md5 ClkKey Device config sntp authentication key 8 md5 ClkKey Device config sntp trusted key 8 Device config sntp authenticate 6 7 sntp authenticate The sntp authenticate Global Configuration mode command enables authentication for received Simple Network Time Protocol SNTP traffic from servers Use the no form of this command to disable the feature Syntax sntp authenticate no s...

Page 104: ... authenticate 6 8 sntp trusted key The sntp trusted key Global Configuration mode command authenticates the identity of the system with which Simple Network Time Protocol SNTP synchronizes Use the no form of this command to disable system identity authentication Syntax sntp trusted key key number no sntp trusted key key number Parameters key number Specifies the key number of the authentication ke...

Page 105: ...Protocol SNTP Broadcast clients Use the no form of this command to disable SNTP Broadcast clients Syntax sntp broadcast client enable no sntp broadcast client enable Default Configuration The SNTP Broadcast client is disabled Command Mode Global Configuration mode User Guidelines Use the sntp broadcast client enable Interface Configuration mode command to enable the SNTP Broadcast client on a spec...

Page 106: ...e SNTP unicast client is disabled Command Mode Global Configuration mode User Guidelines Use the sntp server Global Configuration mode command to define SNTP servers Example The following example enables the device to use SNTP Unicast clients Console config sntp unicast client enable 6 11 sntp server The sntp server Global Configuration mode command configures the device to use the Simple Network ...

Page 107: ...interface name has the format vlan integer po integer isatap integer physical port name The subparameter integer has the format decimal digit integer decimal digit Range for the decimal digit 0 9 The following combinations are possible ipv6_address interface_id Refers to the IPv6 address on the interface specified ipv6_address 0 Refers to the IPv6 address on the single interface on which an IPv6 a...

Page 108: ...ger decimal number decimal number 0 1 2 3 4 5 6 7 8 9 physical port name Designated port number for example gi6 If the egress interface is not specified the default interface is selected The following combinations are possible ipv6_address interface_id Refers to the IPv6 address on the interface specified ipv6_address 0 Refers to the IPv6 address on the single interface on which an IPv6 address is...

Page 109: ...ple The following example displays the system time and date Console show clock 15 29 03 PDT UTC 7 Jun 17 2002 Time source is SNTP Console show clock detail 15 29 03 PDT UTC 7 Jun 17 2002 Time source is SNTP Time zone Acronym is PST Offset is UTC 8 Summertime Acronym is PDT Recurring every year Begins at first Sunday of April at 2 00 Ends at last Sunday of October at 2 00 Offset is 60 minutes ...

Page 110: ...ne static Acronym is PST Offset is UTC 8 Summertime Static Acronym is PDT Recurring every year Begins at first Sunday of April at 2 00 Ends at last Sunday of October at 2 00 Offset is 60 minutes DHCP timezone Enabled 6 13 show sntp configuration The show sntp configuration Privileged EXEC mode command displays the Simple Network Time Protocol SNTP configuration on the device Syntax show sntp confi...

Page 111: ...terval 1024 seconds No MD5 authentication keys Authentication is not required for synchronization No trusted keys Unicast Clients Enabled Unicast Clients Polling Enabled Server Polling Encryption Key 1 1 1 121 Disabled Disabled Broadcast Clients disabled Anycast Clients disabled No Broadcast Interfaces console 6 14 show sntp status The show sntp status Privileged EXEC mode command displays the Sim...

Page 112: ...is synchronized stratum 4 reference is 176 1 1 8 unicast Reference time is AFE2525E 70597B34 00 10 22 438 PDT Jul 5 1993 Unicast servers Server 176 1 1 8 176 1 8 1 79 Status Up Unknown Last response 19 58 22 289 PDT Feb 19 2005 12 17 17 987 PDT Feb 19 2005 Offset mSec 7 33 8 98 Delay mSec 117 79 189 19 Anycast server Server 176 1 11 8 Interface VLAN 118 Status Up Last response 9 53 21 789 PDT Feb ...

Page 113: ...Clock Commands 78 20269 01 Command Line Interface Reference Guide 114 6 Broadcast Server 176 9 1 1 Interface VLAN 119 Last response 19 17 59 792 PDT Feb 19 2002 ...

Page 114: ...in SNMP format Used only when copying from to the Startup Configuration file The following table displays the URL options Keyword Source or Destination flash Source or destination URL for flash memory This is the default URL If a URL is specified without a prefix running config Currently running configuration file This cannot be the destination file startup config flash startup co nfig Startup con...

Page 115: ... Xmodem protocol null Null destination for copies or files A remote file can be copied to null to determine its size For instance copy running conf null returns the size of the running configuration file backup config Backup configuration file A configuration file can be downloaded to this file without giving a file name This can then be copied to the running conf or startup conf files mirror conf...

Page 116: ...ly tftp is the source file and destination file on the same copy prv files cannot be copied The destination file cannot be the Running Configuration file for products with mirror config mirror config cannot be used as a destination The following table describes the characters displayed by the system when copy is being run Copying an Image File from a Server to Flash Memory Use the copy source url ...

Page 117: ... file to a network server Saving the Running Configuration to the Startup Configuration Use the copy running config startup config command to copy the running configuration to the startup configuration file Backing Up the Running Configuration or Startup Configuration to the Backup Configuration Use the copy running config backup config command to back up the running configuration to the backup co...

Page 118: ...server with an IP address of 172 16 101 101 to a non active image file console copy tftp 172 16 101 101 file1 flash image Accessing file file1 on 172 16 101 101 Loading file1 from 172 16 101 101 OK Copy took 0 01 11 hh mm ss Example 3 Copying the mirror config file to the startup configuration file The following example copies the mirror configuration file saved by the system to the Startup Config...

Page 119: ...s N A Default Configuration N A Command Mode Privileged EXEC mode Examples The following example copies system image file1 from the TFTP server 172 16 101 101 to a non active image file Console write memory Overwrite file startup config Yes press any key for no 15 Sep 2010 11 27 48 COPY I FILECPY Files Copy source URL running config destination URL flash startup config 15 Sep 2010 11 27 50 COPY N ...

Page 120: ... Examples The following example copies system image file1 from the TFTP server 172 16 101 101 to a non active image file Console write Overwrite file startup config Yes press any key for no 15 Sep 2010 11 27 48 COPY I FILECPY Files Copy source URL running config destination URL flash startup config 15 Sep 2010 11 27 50 COPY N TRAP The copy operation was completed successfully Copy succeeded 7 4 de...

Page 121: ...XEC mode User Guidelines sys prv image 1 and image 2 files cannot be deleted Example The following example deletes the file called test from the flash memory Console delete flash test Delete flash test confirm 7 5 dir The dir Privileged EXEC mode command displays the list of files on a flash file system Syntax dir directory path Keyword Source or Destination flash URL of the flash memory This is t...

Page 122: ... Name Permission Flash Size Data Size Modified backuplo rw 851760 525565 22 Dec 2010 10 50 32 tmp rw 524288 104 01 Jan 2010 05 35 04 image 1 rw 10485760 10485760 01 Jan 2010 06 10 23 image 2 rw 10485760 10485760 01 Jan 2010 05 43 54 dhcpsn prv 262144 01 Jan 2010 05 25 07 sshkeys prv 262144 04 Jan 2010 06 05 00 syslog1 sys r 524288 01 Jan 2010 05 57 00 syslog2 sys r 524288 01 Jan 2010 05 57 00 dire...

Page 123: ...Command Mode Privileged EXEC mode User Guidelines Files are displayed in ASCII format except for the images which are displayed in a hexadecimal format prv files cannot be displayed Example The following example displays the running configuration file contents console more running config no spanning tree Keyword Source or Destination flash Source or destination URL for flash memory If a URL is spe...

Page 124: ...tem image 1 image 2 Parameters image 1 Specifies that image 1 is loaded as the system image during the next device startup image 2 Specifies that image 2 is loaded as the system image during the next device startup Default Configuration This command has no default configuration Command Mode Privileged EXEC mode User Guidelines Use the show bootvar command to display the active image Example The fo...

Page 125: ...displays the active system image file that is loaded by the device at startup 7 9 show running config The show running config Privileged EXEC mode command displays the entire current Running Configuration file contents or the contents of the file for the specified interface s Syntax show running config interface interface id list Console show bootvar Image 1 2 filename image 1 image 2 Version 1 1 ...

Page 126: ...ion that can be displayed in the output Only non default configurations are displayed Example The following example displays the Running Configuration file contents Example 1 Show the entire Running Configuration file Console show running config no spanning tree interface range gi1 48 speed 1000 exit no lldp run interface vlan 1 ip address 1 1 1 1 255 0 0 0 exit line console exec timeout 0 exit co...

Page 127: ...uto spanning tree link type point to point spanning tree cost 200000 spanning tree port priority 224 spanning tree guard root spanning tree mst 2 port priority 64 spanning tree mst 2 cost 2222 spanning tree mst 4 port priority 80 qos cos 6 traffic shape 12345 switchport mode general switchport general allowed vlan add 12 14 20 tagged switchport general allowed vlan add 2 11 13 100 3000 3002 3004 3...

Page 128: ...agged only switchport general pvid 111 switchport trunk native vlan 22 7 10 show startup config The show startup config Privileged EXEC mode command displays the startup configuration file contents Syntax show startup config interface interface id list Parameters interface interface id list Specifies list of interface IDs The interface IDs can be one of the following types Ethernet port Port chann...

Page 129: ...i1 48 speed 1000 exit no lldp run interface vlan 1 ip address 1 1 1 1 255 0 0 0 exit line console exec timeout 0 exit console Example 2 The following example displays the Startup Configuration file contents for ports 1 and 2 console show startup config interface gi1 2 interface gi1 back pressure duplex half speed 10 flowcontrol on negotiation 10h 100h 100f dot1x max req 8 description Hello World S...

Page 130: ...6 traffic shape 12345 switchport mode general switchport general allowed vlan add 12 14 20 tagged switchport general allowed vlan add 2 11 13 100 3000 3002 3004 3006 3008 untagged switchport general map macs group 1 vlan 111 switchport general ingress filtering disable switchport general acceptable frame type untagged only switchport general pvid 111 interface fastethernet 2 ip address 1 100 100 1...

Page 131: ...Configuration and Image File Commands 78 20269 01 Command Line Interface Reference Guide 132 7 switchport general pvid 111 switchport trunk native vlan 22 ...

Page 132: ...e the no form of this command to disable DHCP auto configuration Syntax boot host auto config no boot host auto config Parameters N A Default Configuration Enabled by default Command Mode Global Configuration mode Default Configuration Enabled by default Example console conf boot host auto config 8 2 show boot Use the show boot Privilege EXEC mode command to show the status of the IP DHCP Auto Con...

Page 133: ...ip dhcp tftp server ip address Use the ip dhcp tftp server ip address Global Configuration mode command to set the TFTP server s IP address This address server as the default address used by a switch when it has not been received from the DHCP server Use the no form of this command to remove the address Syntax ip dhcp tftp server ip address ip addr no ip dhcp tftp server ip address Parameters ip a...

Page 134: ... when it has not been received from the DHCP server This serves as the default configuration file Use the no form of this command to remove the name Syntax ip dhcp tftp server file file path no ip dhcp tftp server file Parameters file path Full file path and name of the configuration file on TFTP server Default Configuration No file name Command Mode Global Configuration mode Examples console conf...

Page 135: ... 1 from sname manual 2 2 2 2 file path on tftp server active conf conf file from option 67 8 6 ip dhcp information option Use the ip dhcp information option Global Configuration command to enable DHCP option 82 data insertion Use the no form of this command to disable DHCP option 82 data insertion Syntax ip dhcp information option no ip dhcp information option Parameters N A Default Configuration ...

Page 136: ...le config ip dhcp information option 8 7 show ip dhcp information option The show ip dhcp information option EXEC mode command displays the DHCP Option 82 configuration Syntax show ip dhcp information option Parameters N A Default Configuration N A Command Mode EXEC mode Example The following example displays the DHCP Option 82 configuration console show ip dhcp information option Relay agent Info...

Page 137: ...ation mode User Guidelines Use this command to configure a management access list This command enters the Management Access List Configuration mode where the denied or permitted access conditions are defined with the deny and permit commands If no match criteria are defined the default value is deny When re entering the access list context the new rules are entered at the end of the access list Us...

Page 138: ...eates a management access list called mlist configures all interfaces to be management interfaces except gi1 and 9 and makes the new access list the active list Console config management access list mlist Console config macl deny gi1 Console config macl deny gi9 Console config macl permit Console config macl exit Console config management access class mlist 9 2 permit Management The permit Managem...

Page 139: ...work mask This parameter is relevant only to IPv4 addresses mask prefix length Specifies the number of bits that comprise the source IPv4 address prefix The prefix length must be preceded by a forward slash This parameter is relevant only to IPv4 addresses Range 0 32 Default Configuration No rules are configured Command Mode Management Access List Configuration mode User Guidelines Rules with Ethe...

Page 140: ...address prefix length The prefix length must be preceded by a forward slash The parameter is optional mask mask Specifies the source IPv4 address network mask The parameter is relevant only to IPv4 addresses mask prefix length Specifies the number of bits that comprise the source IPv4 address prefix The prefix length must be preceded by a forward slash The parameter is relevant only to IPv4 addres...

Page 141: ... class Parameters console only Specifies that the device can be managed only from the console name Specifies the ACL name to be used Length 1 32 characters Default Configuration The default configuration is no management connection restrictions Command Mode Global Configuration mode Example The following example defines an access list called mlist as the active management access list Console confi...

Page 142: ...ivileged EXEC mode Example The following example displays the mlist management ACL Console show management access list mlist console only deny Note all other access implicitly denied mlist permit gi1 permit gi9 Note all other access implicitly denied console 9 6 show management access class The show management access class Privileged EXEC mode command displays information about the active manageme...

Page 143: ... Line Interface Reference Guide 144 9 Command Mode Privileged EXEC mode Example The following example displays the active management ACL information Console show management access class Management access class is enabled using access list mlist ...

Page 144: ...ult Configuration Enabled Command Mode Global Configuration mode Example console config snmp server server 10 2 snmp server community Use the snmp server community Global Configuration mode command to set up the community access string to permit access to the Simple Network Management Protocol command Use the no form of this command to remove the specified community string Syntax snmp server commu...

Page 145: ...racters ipv4 address Management station IPv4 address The default is all IP addresses ipv6 address Management station IPv4 address The default is all IP addresses The following combinations are possible ipv6_address interface_id Refers to the IPv6 address on the interface specified ipv6_address 0 Refers to the IPv6 address on the single interface on which an IPv6 address is defined ipv6_address Ref...

Page 146: ...ing The logical key of the command is the pair community ip address If ip address is omitted then the key is community All Ips By specifying the view name parameter the software Generates an internal security name Maps the internal security name for SNMPv1 and SNMPv2 security models to an internal group name Maps the internal group name for SNMPv1 and SNMPv2 security models to view name read view ...

Page 147: ...n SNMP server view entry Syntax snmp server view view name oid tree included excluded no snmp server view view name oid tree Parameters view name Specifies the label for the view record that is being created or updated The name is used to reference the record Length 1 30 characters oid tree Specifies the ASN 1 subtree object identifier to be included or excluded from the view To identify the subtr...

Page 148: ...B II interface group Console config snmp server view user view system included Console config snmp server view user view system 7 excluded Console config snmp server view user view ifEntry 1 included 10 4 snmp server group The snmp server group Global Configuration mode command configures a new Simple Network Management Protocol SNMP group or a table that maps SNMP users to SNMP views Use the no f...

Page 149: ...ame that enables viewing only the agent contents Length 1 30 characters write writeview Specifies the view name that enables entering data and configuring the agent contents Length 1 30 characters Default Configuration No group entry exists If notifyview is not specified nothing is defined for the notify view If readview is not specified all objects except for the community table and SNMPv3 user a...

Page 150: ...aracters groupname The name of the group to which the user belongs The group should be configured using the command snmp server group with v3 parameters no specific order of the 2 command configurations is imposed on the user Range Up to 30 characters remote host IP address of the remote SNMP host v1 Specifies that v1 is to be used v2c Specifies that v2c is to be used v3 Specifies that v3 is to be...

Page 151: ...nforms To configure a remote user specify the IP address for the remote SNMP agent of the device where the user resides Also before you configure remote users for a particular agent configure the SNMP engine ID using the snmp server engineID remote command The remote agent s SNMP engine ID is needed when computing the authentication and privacy digests from the password If the remote engine ID is ...

Page 152: ...excluded no snmp server filter filter name oid tree Parameters filter name Specifies the label for the filter record that is being updated or created The name is used to reference the record Length 1 30 characters oid tree Specifies the ASN 1 subtree object identifier to be included or excluded from the view To identify the subtree specify a text string consisting of numbers such as 1 3 6 2 4 or a...

Page 153: ...erver host Use the snmp server host Global Configuration mode command to specify the recipient of a Simple Network Management Protocol notification operation Use the no form of this command to remove the specified host Syntax snmp server host ipv4 address ipv6 address hostname traps informs version 1 2c 3 auth noauth priv community string udp port port filter filtername timeout seconds retries ret...

Page 154: ...onfigurations is imposed on the user Range Up to 30 characters timeout seconds Number of seconds to wait for an acknowledgment before resending informs The default is 15 seconds The parameter is relevant only for informs Range 1 300 retries retries Maximum number of times to resend an inform request when a response is not received for a generated message The default is 3 The parameter is relevant ...

Page 155: ...ingle interface on which an IPv6 address is defined If the egress interface is not specified the default interface is selected Specifying interface zone 0 is equal to not defining an egress interface Example The following defines a host at the IP address displayed console config snmp server host 1 1 1 121 abc 10 8 snmp server engineID remote To specify the Simple Network Management Protocol SNMP e...

Page 156: ... ID is used to compute the security digest for authenticating and encrypting packets sent to a user on the remote host The format of an IPv6Z address is ipv6 link local address interface name interface name vlan integer ch integer isatap integer physical port name 0 integer decimal number integer decimal number decimal number 0 1 2 3 4 5 6 7 8 9 physical port name Designated port number for exampl...

Page 157: ...mp server trap authentication Use the snmp server trap authentication Global Configuration mode command to enable the device to send SNMP traps when authentication fails Use the no form of this command to disable SNMP failed authentication traps Syntax snmp server trap authentication no snmp server trap authentication Default Configuration SNMP failed authentication traps are enabled Command Mode ...

Page 158: ...tring describing system contact information Length 1 160 characters Command Mode Global Configuration mode Example The following example configures the system contact point called Technical_Support Console config snmp server contact Technical_Support 10 12 snmp server location Use the snmp server location Global Configuration mode command to configure the system location string Use the no form of ...

Page 159: ... name Specifies the SNMP MIB variable name which must be a valid string name value Specifies a list of name and value pairs Each name and value must be a valid string In the case of scalar MIBs there is only a single name value pair In the case of an entry in a table there is at least one name value pair followed by one or more fields Command Mode Global Configuration mode User Guidelines Although...

Page 160: ...isplay the SNMP status Syntax show snmp Command Mode Privileged EXEC mode Example The following example displays the SNMP communications status Console show snmp SNMP is enabled Community String public private private Community Access read only read write su View name user view Default DefaultSuper IP Address All 172 16 1 1 10 172 16 1 1 Type Router Router Router Community string public Group name...

Page 161: ...unity public public Version 2 2 UDP Port 162 162 Filter Name TO Sec 15 15 Retries 3 3 Version 3 notifications Target Address 192 122 173 42 Type Inform Username Bob Security Level Priv UDP Port 162 Filter name TO Sec 15 Retries 3 System Contact Robert System Location Marketing Field Description Community string The community access string permitting access to the SNMP protocol Community access The...

Page 162: ...16 1 1 08009009020C0B099C075879 10 16 show snmp views Use the show snmp views Privileged EXEC mode command to display the configured SNMP views Syntax show snmp views viewname Parameters viewname Specifies the view name Length 1 30 characters Command Mode Privileged EXEC mode Example The following example displays the configured SNMP views Console show snmp views Name OID Tree Type Default Default...

Page 163: ... Length 1 30 characters Command Mode Privileged EXEC mode Example The following example displays the configured SNMP groups The following table describes significant fields shown above Console show snmp groups Name Securit y Views user group managers gro up Model V3 V3 Level priv priv Read Default Default Write Default Notify Field Description Name Group name Security Model SNMP model in use v1 v2...

Page 164: ...ileged EXEC mode Example The following example displays the configured SNMP filters Views Read View name enabling viewing the agent contents If unspecified all objects except the community table and SNMPv3 user and access tables are available Write View name enabling data entry and managing the agent contents Notify View name enabling specifying an inform or a trap Console show snmp filters Name O...

Page 165: ... command to display the configured SNMP users Syntax show snmp users username Parameters username Specifies the user name Length 1 30 characters Command Mode Privileged EXEC mode Example The following example displays the configured SNMP users Console show snmp users Name John John Group name user group user group Auth Method md5 md5 Remote 08009009020C0B099C07 5879 ...

Page 166: ...xample The following example enables configuring the device from a web browser Console config ip http server 11 2 ip http timeout policy Use the ip http timeout policy Global Configuration mode command to set the interval for the system to wait for user input in http https sessions before automatic logoff Use the no form of this command to return to the default value Syntax ip http timeout policy ...

Page 167: ...ttp timeout policy 0 command Example The following example configures the http timeout to be 1000 seconds Console config ip http timeout policy 1000 11 3 ip http secure server Use the ip http secure server Global Configuration mode command to enable the device to be configured securely from a browser and to also enable the device to be monitored or have its configuration modified securely from a b...

Page 168: ...iguration mode command configures the active certificate for HTTPS Use the no form of this command to restore the default configuration Syntax ip https certificate number no ip https certificate Parameters number Specifies the certificate number Range 1 2 Default Configuration The default certificate number is 1 Command Mode Global Configuration mode User Guidelines Use the crypto certificate gene...

Page 169: ... show ip http Command Mode EXEC mode Example The following example displays the HTTP server configuration Console show ip http HTTP server enabled Port 80 Interactive timeout 10 minutes 11 6 show ip https The show ip https Privileged EXEC mode command displays the HTTPS server configuration Syntax show ip https Command Mode Privileged EXEC mode Example The following example displays the HTTPS serv...

Page 170: ...ive timeout 10 minutes Certificate 1 is active Issued by www verisign com Valid from 8 9 2003 to 8 9 2004 Subject CN router gm com 0 General Motors C US Finger print DC789788 DC88A988 127897BC BB789788 Certificate 2 is inactive Issued by self signed Valid from 8 9 2003 to 8 9 2004 Subject CN router gm com 0 General Motors C US Finger print 1873B936 88DC3411 BC8932EF 782134BA ...

Page 171: ...yntax ip telnet server no ip telnet server Default Configuration Device configuration from a Telnet server is disabled by default Command Mode Global Configuration mode User Guidelines To control the device configuration by SSH use the ip ssh server Global Configuration mode command Example The following example enables the device to be configured from a Telnet server Console config ip telnet serv...

Page 172: ... generate rsa Global Configuration mode commands Example The following example enables configuring the device from a SSH server Console config ip ssh server 12 3 user key The user key SSH Public Key string Configuration mode command specifies which SSH public key is manually configured Use the no form of this command to remove an SSH public key Syntax user key username rsa dsa no user key username...

Page 173: ...wing example enables manually configuring an SSH public key for SSH public key chain bob Console config crypto key pubkey chain ssh Console config pubkey chain user key bob rsa Console config pubkey key key string row AAAAB3NzaC1yc2EAAAADAQABAAABAQCvTnRwPWl 12 4 key string The key string SSH Public Key string Configuration mode command manually specifies an SSH public key Syntax key string row key...

Page 174: ...key string row command The UU encoded DER format is the same format as in the authorized_keys file used by OpenSSH Example The following example enters public key strings for SSH public key client bob Console config crypto key pubkey chain ssh Console config pubkey chain user key bob rsa Console config pubkey key key string AAAAB3NzaC1yc2EAAAADAQABAAABAQCvTnRwPWl Al4kpqIw9GBRonZQZxjHKcqKL6rMlQ ZNX...

Page 175: ...e is used to manually specify other device public keys such as SSH client public keys Syntax crypto key pubkey chain ssh Default Configuration Keys do not exist Command Mode Global Configuration mode User Guidelines Use this command when you want to manually specify SSH client s public keys Example The following example enters the SSH Public Key chain Configuration mode and manually configures the...

Page 176: ... b9 33 e9 12 6 show crypto key pubkey chain ssh The show crypto key pubkey chain ssh Privileged EXEC mode command displays SSH public keys stored on the device Syntax show crypto key pubkey chain ssh username username fingerprint bubble babble hex Parameters username username Specifies the remote SSH client username Length 1 48 characters fingerprint bubble babble hex Specifies the fingerprint dis...

Page 177: ... Username bob john Fingerprint 9A CC 01 C5 78 39 27 86 79 CC 23 C5 98 59 F1 86 98 F7 6E 28 F2 79 87 C8 18 F8 88 CC F8 89 87 C8 Console show crypto key pubkey chain ssh username bob Username bob Key 005C300D 06092A86 4886F70D 01010105 00034B00 30480241 00C5E23B 55D6AB22 04AEF1BA A54028A6 9ACC01C5 129D99E4 Fingerprint 9A CC 01 C5 78 39 27 86 79 CC 23 C5 98 59 F1 86 12 7 show ip ssh The show ip ssh P...

Page 178: ...fields shown in the display Console show ip ssh SSH server enabled Port 22 RSA key was generated DSA DSS key was generated SSH Public Key Authentication is enabled Active incoming sessions IP address 172 16 0 1 SSH username John Brown Version 1 5 Cipher 3DES Auth code HMAC SHA1 Field Description IP address The client address SSH username The user name Version The SSH version number Cipher The encr...

Page 179: ...t Configures the device as a virtual terminal for remote console access Telnet ssh Configures the device as a virtual terminal for secured remote console access SSH Command Mode Global Configuration mode Example The following example configures the device as a virtual terminal for remote Telnet console access Console config line telnet Console config line 13 2 speed The speed Line Configuration mo...

Page 180: ...speed is applied when Autobaud is disabled This configuration applies to the current session only Example The following example configures the line baud rate as 9600 bits per second Console config line speed 9600 13 3 autobaud The autobaud Line Configuration mode command sets the line for automatic baud rate detection autobaud Use the no form of this command to disable automatic baud rate detectio...

Page 181: ...tem waits for user input before automatic logoff Use the no form of this command to restore the default configuration Syntax exec timeout minutes seconds no exec timeout Parameters minutes Specifies the number of minutes Range 0 65535 seconds Specifies the number of seconds Range 0 59 Default Configuration The default idle time interval is 10 minutes Command Mode Line Configuration mode Example Th...

Page 182: ...tion telnet Displays the Telnet configuration ssh Displays the SSH configuration Default Configuration If the line is not specified all line configuration parameters are displayed Command Mode EXEC mode Example The following example displays the line configuration Console show line Console configuration Interactive timeout Disabled History 10 Baudrate 9600 Databits 8 Parity none Stopbits 1 Telnet ...

Page 183: ... Commands 78 20269 01 Command Line Interface Reference Guide 184 13 Interactive timeout 10 minutes 10 seconds History 10 SSH configuration SSH is enabled Interactive timeout 10 minutes 10 seconds History 10 ...

Page 184: ...efault Configuration Enable Command Mode Global Configuration mode Examples console conf bonjour enable 14 2 bonjour interface range Use the bonjour interface range Global Configuration mode command to add L2 interfaces to the Bonjour L2 Interface List Use the no format of the command to remove L2 interfaces from the list Syntax bonjour interface range interface list Parameters interface list Spec...

Page 185: ... is in Layer 3 router mode Examples console config bonjour interface range gi1 3 14 3 show bonjour Use the show bonjour Privileged EXEC mode command to show Bonjour information Syntax show bonjour interface id Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port Port channel VLAN Command Mode Privileged EXEC mode Examples Layer 2 consol...

Page 186: ...per Status csco sb enabled enabled http enabled enabled https enabled disabled ssh enabled disabled telnet enabled disabled Layer 3 console show bonjour Bonjour global status enabled Bonjour L2 interfaces port list vlans 1 Service Admin Status Oper Status csco sb enabled enabled http enabled enabled https enabled disabled ssh enabled disabled telnet enabled disabled ...

Page 187: ... Uses the authentication methods that follow this argument as the default method list when a user logs in list name Specifies a name of a list of authentication methods activated when a user logs in Length 1 12 characters method1 method2 Specifies a list of methods that the authentication algorithm tries in the given sequence The additional authentication methods are used only if the previous meth...

Page 188: ...and are used with aaa authentication login and aaa authentication enable The additional methods of authentication are used only if the previous method returns an error not if it fails Specify none as the final method in the command line to ensure that the authentication succeeds even if all methods return an error no aaa authentication login list name deletes list name if it has not been reference...

Page 189: ...the final method in the command line to ensure that the authentication succeeds even if all methods return an error Select one or more methods from the following list Default Configuration The enable password command is the default authentication login method This is the same as entering the command aaa authentication enable default enable On a console the enable password is used if a password exi...

Page 190: ...al methods of authentication are used only if the previous method returns an error not if it fails Specify none as the final method in the command line to ensure that the authentication succeeds even if all methods return an error no aaa authentication enable list name deletes list name if it has not been referenced Example The following example sets the enable password for authentication for acce...

Page 191: ...mmand Mode Global Configuration mode User Guidelines The command is relevant for HTTP and HTTPS server users The additional methods of authentication are used only if the previous method returns an error not if it fails Specify none as the final method in the command line to ensure that the authentication succeeds even if all methods return an error Example The following example specifies the HTTP...

Page 192: ... Parameters N A Default Configuration N A Command Mode Privileged EXEC mode Example The following example displays the authentication configuration Console show authentication methods Login Authentication Method Lists Default Radius Local Line Console_Login Line None Enable Authentication Method Lists Default Radius Enable Console_Enable Enable None ...

Page 193: ...n to the default password Syntax password password encrypted no password Parameters password Specifies the password for this line Length 0 159 characters encrypted Specifies that the password is encrypted and copied from another device configuration Default Configuration No password is defined Command Mode Line Configuration mode Line Console Telnet SSH Login Method List Console_Login Default Defa...

Page 194: ...pted and the encrypted value If the administrator wants to manually copy a password that was configured on one switch for instance switch B to another switch for instance switch A the administrator must add encrypted in front of this encrypted password when entering the enable command in switch A In this way the two switches will have the same password Syntax enable password level privilege level ...

Page 195: ...n file The second command sets a password that has already been encrypted It will copied to the configuration file just as it is entered To use it the user must know its unencrypted form console config enable password level 7 let me in console config enable password level 15 encrypted 4b529f21c93d4706090285b0c10172eb073ffebc4 15 7 username Use the username Global Configuration mode command to esta...

Page 196: ...evel is 15 Range 1 15 Default Configuration No user is defined Command Mode Global Configuration mode Usage Guidelines See User Privilege Levels for an explanation of privilege levels Example The first command sets an unencrypted password for user tom it will be encrypted in the configuration file The second command sets a password for user jerry that has already been encrypted It will copied to t...

Page 197: ...on about the users local database The following table describes the significant fields shown in the display 15 9 passwords complexity enable Use the passwords complexity enable Global Configuration mode command to enforce minimum password complexity The no form of this command disables enforcing password complexity Console show user accounts Username Bob Robert Smith Privilege 15 15 15 Field Descr...

Page 198: ...ters lowercase letters numbers and special characters available on a standard keyboard Are different from the current password Contains no character that is repeated more than 3 times consecutively Does not repeat or reverse the user name or any variant reached by changing the case of the characters Does not repeat or reverse the manufacturer s name or any variant reached by changing the case of t...

Page 199: ...current Enabled Maximum consecutive same characters 3 New password must be different than the user name Enabled New password must be different than the manufacturer name Enabled switchcc293e 15 10 passwords complexity attributes Use the passwords complexity attributes Global Configuration mode commands to control the minimum requirements from a password when password complexity is enabled Use the ...

Page 200: ...that the new password cannot be the same as the current password no repeat number Specifies the maximum number of characters in the new password that can be repeated consecutively Zero specifies that there is no limit on repeated characters Range 0 16 not username Specifies that the password cannot repeat or reverse the user name or any variant reached by changing the case of the characters not ma...

Page 201: ...mand to return to default Syntax passwords aging days no passwords aging Parameters days Specifies the number of days before a password change is forced You can use 0 to disable aging Range 0 365 Default Configuration Enabled and the number of days is 180 days Command Mode Global Configuration mode User Guidelines Aging is relevant only to users of the local database with privilege level 15 and to...

Page 202: ...n Parameters N A Default Configuration N A Command Mode Privileged EXEC mode Example console show passwords configuration Passwords aging is enabled with aging time 180 days Passwords complexity is enabled with the following attributes Minimal length 3 characters Minimal classes 3 New password must be different than the current Enabled Maximum consecutive same characters 3 New password must be dif...

Page 203: ...ength The minimal length required for passwords in the local database Minimal character classes The minimal number of different types of characters special characters integers and so on required to be part of the password Maximum number of repeated characters The maximum number of times a singe character can be repeated in the password Level The applied password privilege level Aging The password ...

Page 204: ...ameters ipv4 address Specifies the RADIUS server host IPv4 address ipv6 address Specifies the RADIUS server host IPv6 address ipv6z address Specifies the RADIUS server host IPv6Z address The IPv6Z address format is ipv6 link local address interface name The subparameters are ipv6 link local address Specifies the IPv6 Link Local address interface name Specifies the outgoing interface name The inter...

Page 205: ...cation and encryption key for all RADIUS communications between the device and the RADIUS server This key must match the encryption used on the RADIUS daemon To specify an empty string enter Length 0 128 characters source ipv4 address ipv6 address Specifies the source IPv4 or IPv6 address to use for communication 0 0 0 0 is interpreted as a request to use the IP address of the outgoing IP interfac...

Page 206: ...tries deadtime or key string values are specified the global values apply to each RADIUS server host The source parameter address type must be the same as that of the host parameter Example The following example specifies a RADIUS server host with IP address 192 168 10 1 authentication request port number 20 and a 20 second timeout period Console config radius server host 192 168 10 1 auth port 20...

Page 207: ...s the authentication and encryption key for all RADIUS communications between the device and the RADIUS daemon Console config radius server key enterprise server 16 3 radius server retransmit Use the radius server retransmit Global Configuration mode command to specify the number of times the software searches the list of RADIUS server hosts Use the no form of this command to restore the default c...

Page 208: ... no form of this command to restore the default configuration Syntax radius server source ip source no radius server source ip source Parameters source Specifies the source IP address Default Configuration The source IP address is the IP address of the outgoing IP interface Command Mode Global Configuration mode User Guidelines If there is no available IP interface of the configured IP source addr...

Page 209: ...address is the IP address of the outgoing IP interface Command Mode Global Configuration mode User Guidelines If there is no available IP interface of the configured IP source address an error message is issued when attempting to communicate with the IP address Example The following example configures the source IP address used for communication with all RADIUS servers to 3ffe 1900 4545 3 200 f8ff...

Page 210: ...erval on all RADIUS servers to 5 seconds Console config radius server timeout 5 16 7 radius server deadtime Use the radius server deadtime Global Configuration mode command to configure the time interval during which unavailable RADIUS servers are skipped over by transaction requests This improves RADIUS response time when servers are unavailable Use the no form of this command to restore the defa...

Page 211: ...time interval is 0 Command Mode Global Configuration mode Example The following example sets all RADIUS server deadtimes to 10 minutes Console config radius server deadtime 10 16 8 show radius servers Use the show radius servers Privileged EXEC mode command to display the RADIUS server settings Syntax show radius servers Command Mode Privileged EXEC mode ...

Page 212: ...lowing example displays RADIUS server settings Console show radius servers IP address 172 16 1 1 172 16 1 2 Port Auth 1812 1812 Port Acct 1813 1813 Time Out Global 11 Retransmision Global 8 Dead time Global Global Sourc e IP Global Global Priority 1 2 Usage All All Global values TimeOut 3 Retransmit 3 Deadtime 0 Source IP 172 16 8 1 ...

Page 213: ... connection Specifies that a single open connection is maintained between the device and the daemon instead of the device opening and closing a TCP connection to the daemon each time it communicates port port number Specifies the server port number If the port number is 0 the host is not used for authentication Range 0 65535 timeout timeout Specifies the timeout value in seconds Range 1 30 key key...

Page 214: ... values are specified the global values apply to each host Example The following example specifies a TACACS host Console config tacacs server host 172 16 1 1 17 2 tacacs server key Use the tacacs server key Global Configuration mode command to set the authentication encryption key used for all TACACS communications between the device and the TACACS daemon Use the no form of this command to disable...

Page 215: ...acs server timeout Use the tacacs server timeout Global Configuration mode command to set the interval during which the device waits for a TACACS server to reply Use the no form of this command to restore the default configuration Syntax tacacs server timeout timeout no tacacs server timeout Parameters timeout Specifies the timeout value in seconds Range 1 30 Default Configuration The default time...

Page 216: ...ers source Specifies the source IP address Range Valid IP address Default Configuration The default source IP address is the outgoing IP interface address Command Mode Global Configuration mode User Guidelines If the configured IP source address has no available IP interface an error message is issued when attempting to communicate with the IP address Example The following example specifies the so...

Page 217: ...iguration If ip address is not specified information for all TACACS servers is displayed Command Mode Privileged EXEC mode Example The following example displays configuration and statistical information for all TACACS servers Console show tacacs IP address 172 16 1 1 Status Connected Por t 49 Single Connectio n No Time Out Globa l Sourc e IP Globa l Priorit y 1 Global values Time Out 3 Source IP ...

Page 218: ...n Message logging is enabled Command Mode Global Configuration mode User Guidelines The logging process controls the logging messages distribution at various destinations such as the logging buffer logging file or SYSLOG server Logging on and off at these destinations can be individually configured using the logging buffered logging file and logging on Global Configuration mode commands However if...

Page 219: ...ust be specified Refer to the User Guidelines for the interface name syntax hostname Hostname of the host to be used as a SYSLOG server Only translation to IPv4 addresses is supported Range 1 158 characters Maximum label size 63 port port Port number for SYSLOG messages If unspecified the port number defaults to 514 Range 1 65535 severity level Limits the logging of messages to the SYSLOG servers ...

Page 220: ...wing combinations are possible ipv6_address interface_id Refers to the IPv6 address on the interface specified ipv6_address 0 Refers to the IPv6 address on the single interface on which an IPv6 address is defined ipv6_address Refers to the IPv6 address on the single interface on which an IPv6 address is defined Examples console config logging host 1 1 1 121 console config logging host 3000 100 SYS...

Page 221: ...ion mode command to limit the SYSLOG message display to messages with a specific severity level and to define the buffer size number of messages that can be stored Use the no form of this command to cancel displaying the SYSLOG messages and to return the buffer size to default Syntax logging buffered buffer size severity level severity level name no logging buffered Parameters buffer size Specifie...

Page 222: ...isplayed to the user Example The following example shows two ways of limiting the SYSLOG message display from an internal buffer to messages with severity level debugging In the second example the buffer size is set to 100 Console config logging buffered debugging Console config logging buffered 100 7 18 5 clear logging Use the clear logging Privileged EXEC mode command to clear messages from the ...

Page 223: ...evel Use the no form of this command to cancel sending messages to the file Syntax logging file level no logging file Parameters level Specifies the severity level of SYSLOG messages sent to the logging file The possible values are emergencies alerts critical errors warnings notifications informational and debugging Default Configuration The default severity level is errors Command Mode Global Con...

Page 224: ... EXEC mode Example The following example clears messages from the logging file Console clear logging file Clear Logging File y n 18 8 file system logging Use the file system logging Global Configuration mode command to enable logging file system events Use the no form of this command to disable logging file system events Syntax file system logging copy delete rename no file system logging copy del...

Page 225: ...config file system logging copy 18 9 logging aggregation on Use the logging aggregation on Global Configuration mode command to control aggregation of SYSLOG messages If aggregation is enabled logging messages are displayed every time interval according to the aging time specified by logging aggregation aging time Use the no form of this command to disable aggregation of SYSLOG messages Syntax log...

Page 226: ... aggregated during the time interval set by the aging time parameter Use the no form of this command to return to the default Syntax logging aggregation aging time sec no logging aggregation aging time Parameters aging time sec Aging time in seconds Range 15 3600 Default Configuration 300 seconds Command Mode Global Configuration mode Example console config logging aggregation aging time 300 18 11...

Page 227: ...ng is enabled Console Logging Level info Console Messages 0 Dropped Buffer Logging Level info Buffer Messages 61 Logged 61 Displayed 200 Max File Logging Level error File Messages 898 Logged 64 Dropped 4 messages were not logged Application filtering control Application Event Status AAA Login Enabled File system Copy Enabled File system Delete Rename Enabled Management ACL Deny Enabled Aggregation...

Page 228: ...the SYSLOG messages stored in the logging file Syntax show logging file Parameters N A Default Configuration N A Command Mode Privileged EXEC mode Example The following example displays the logging status and the SYSLOG messages stored in the logging file console show logging file Logging is enabled Console Logging Level info Console Messages 0 Dropped Buffer Logging Level info Buffer Messages 61 ...

Page 229: ... 36 SSHD E ERROR SSH error key_read type mismatch encoding error 01 Jan 2010 05 55 37 SSHD E ERROR SSH error key_read type mismatch encoding error 01 Jan 2010 05 55 03 SSHD E ERROR SSH error key_read key_from_blob bgEgGnt9 z6NHgZwKI5xKqF7cBtdl1xmFgSEWuDhho5UedydAjVkKS5XR2 failed 01 Jan 2010 05 55 03 SSHD E ERROR SSH error key_from_blob invalid key type 01 Jan 2010 05 56 34 SSHD E ERROR SSH error b...

Page 230: ...rs Parameters N A Default Configuration N A Command Mode Privileged EXEC mode Example The following example provides information about the SYSLOG servers console show syslog servers Device Configuration IP address Port Facility Severity Description 1 1 1 121 514 local7 info 3000 100 514 local7 info ...

Page 231: ...Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel Command Mode EXEC mode Example The following example displays RMON Ethernet statistics for gigabitethernet port gi1 console show rmon statistics gi1 Port gi1 Dropped 0 Octets 0 Packets 0 Broadcast 0 Multicast 0 CRC Align Errors 0 Collisions 0 Undersize Pkts 0 Oversize Pkts 0 Fragments 0 Jabbe...

Page 232: ... to the broadcast address This does not include multicast packets Multicast The total number of good packets received and directed to a multicast address This number does not include packets directed to the broadcast address CRC Align Errors The total number of packets received with a length excluding framing bits but including FCS octets of between 64 and 1518 octets inclusive but with either a b...

Page 233: ...nment Error 64 Octets The total number of packets including bad packets received that are 64 octets in length excluding framing bits but including FCS octets 65 to 127 Octets The total number of packets including bad packets received that are between 65 and 127 octets in length inclusive excluding framing bits but including FCS octets 128 to 255 Octets The total number of packets including bad pac...

Page 234: ...r of buckets specified for the RMON collection history group of statistics If unspecified defaults to 50 Range 1 50 interval seconds The number of seconds in each polling cycle If unspecified defaults to 1800 Range 1 3600 Command Mode Interface Configuration Ethernet Port channel mode Cannot be configured for a range of interfaces range context 19 3 show rmon collection stats Use the show rmon col...

Page 235: ...index Specifies the set of samples to display Range 1 65535 throughput Displays throughput counters errors Displays error counters other Displays drop and collision counters Console show rmon collection stats Index 1 2 Interface gi1 gi1 Interval 30 1800 Requested Samples 50 50 Granted Samples 50 50 Owner CLI Manager Field Description Index An index that uniquely identifies the entry Interface The ...

Page 236: ... for index 1 Console show rmon history 1 throughput Sample Set 1 Interface gi1 Requested samples 50 Owner CLI Interval 1800 Granted samples 50 Maximum table size 500 Time Jan 18 2005 21 57 00 Jan 18 2005 21 57 30 Octets 30359596 2 28769630 4 Packets 357568 275686 Broadcas t 3289 2789 Multicast 7287 5878 Util 19 20 Console show rmon history 1 errors Sample Set 1 Interface gi1 Requested samples 50 O...

Page 237: ...e and Time the entry is recorded Octets The total number of octets of data including those in bad packets and excluding framing bits but including FCS octets received on the network Packets The number of packets including bad packets received during this sampling interval Broadcast The number of good packets received during this sampling interval that were directed to the broadcast address Multica...

Page 238: ...nts The total number of packets received during this sampling interval that were less than 64 octets in length excluding framing bits but including FCS octets and had either a bad Frame Check Sequence FCS with an integral number of octets FCS Error or a bad FCS with a non integral number of octets Alignment Error It is normal for etherHistoryFragments to increment because it counts both runts whic...

Page 239: ... 0 65535 fevent Specifies the index of the event triggered when a falling threshold is crossed Range 0 65535 type absolute delta Specifies the method used for sampling the selected variable and calculating the value to be compared against the thresholds The possible values are absolute Specifies that the selected variable value is compared directly with the thresholds at the end of the sampling in...

Page 240: ...olute The default startup direction is rising falling If the owner name is not specified it defaults to an empty string Command Mode Global Configuration mode Example The following example configures an alarm with index 1000 MIB object ID D Link sampling interval 360000 seconds 100 hours rising threshold value 1000000 falling threshold value 1000000 rising threshold event index 10 falling threshol...

Page 241: ...splay alarm configuration Syntax show rmon alarm number Parameters alarm number Specifies the alarm index Range 1 65535 Command Mode EXEC mode Example The following example displays RMON 1 alarms Console show rmon alarm 1 Console show rmon alarm table Index 1 2 3 OID 1 3 6 1 2 1 2 2 1 10 1 1 3 6 1 2 1 2 2 1 10 1 1 3 6 1 2 1 2 2 1 10 9 Owner CLI Manager CLI Field Description Index An index that uni...

Page 242: ...od For example if the sample type is delta this value is the difference between the samples at the beginning and end of the period If the sample type is absolute this value is the sampled value at the end of the period Interval The interval in seconds over which the data is sampled and compared with the rising and falling thresholds Sample Type The method of sampling the variable and calculating t...

Page 243: ...falling then a single rising alarm is generated If the first sample is less than or equal to the falling threshold and startup alarm is equal falling or rising falling then a single falling alarm is generated Rising Threshold The sampled statistic rising threshold When the current sampled value is greater than or equal to this threshold and the value at the last sampling interval is less than this...

Page 244: ...ifies the SNMP community to which an SNMP trap is sent Octet string length 0 127 characters description text Specifies a comment describing this event Length 0 127 characters owner name Specifies the name of the person who configured this event Valid string Default Configuration If the owner name is not specified it defaults to an empty string Command Mode Global Configuration mode Example The fol...

Page 245: ...me sent Jan 18 2006 23 58 17 Jan 18 2006 23 59 48 Field Description Index A unique index that identifies this event Description A comment describing this event Type The type of notification that the device generates about this event Can have the following values none log trap log trap In the case of log an entry is made in the log table for each event In the case of trap an SNMP trap is sent to on...

Page 246: ...aximum size of RMON tables Use the no form of this command to return to the default configuration Syntax rmon table size history entries log entries no rmon table size history log Parameters history entries Specifies the maximum number of history table entries Range 20 270 log entries Specifies the maximum number of log table entries Range 20 100 Console show rmon log 1 Maximum table size 500 800 ...

Page 247: ...story table size is 270 entries The default log table size is 200 entries Command Mode Global Configuration mode User Guidelines The configured table size takes effect after the device is rebooted Example The following example configures the maximum size of RMON history tables to 100 entries Console config rmon table size history 100 ...

Page 248: ...1x default Parameters method1 method2 Specify at least one method from the following list Default Configuration The default method is Radius Command Mode Global Configuration mode User Guidelines You can select either authentication by a RADIUS server no authentication none or both methods If both RADIUS and none are selected authentication begins with the RADIUS server If no RADIUS server answers...

Page 249: ...f this command to restore the default configuration Syntax dot1x system auth control no dot1x system auth control Default Configuration All the ports are in FORCE_AUTHORIZED state Command Mode Global Configuration mode Example The following example enables 802 1x globally Console config dot1x system auth control 20 3 dot1x port control Use the dot1x port control Interface Configuration Ethernet mo...

Page 250: ...ort to transition to the unauthorized state and ignoring all attempts by the client to authenticate The device cannot provide authentication services to the client through the interface time range time range name Specifies a time range When the Time Range is not in effect the port state is Unauthorized Range 1 32 characters Default Configuration The port is in the force authorized state Command Mo...

Page 251: ... Periodic re authentication is disabled Command Mode Interface configuration Ethernet Example console config interface gi1 console config if dot1x reauthentication 20 5 dot1x timeout reauth period Use the dot1x timeout reauth period Interface Configuration mode command to set the number of seconds between re authentication attempts Use the no form of this command to return to the default setting S...

Page 252: ...wing a failed authentication exchange for example the client provided an invalid password Use the no form of this command to restore the default configuration Syntax dot1x timeout quiet period seconds no dot1x timeout quiet period Parameters seconds Specifies the time interval in seconds that the device remains in a quiet state following a failed authentication exchange with the client Range 30 65...

Page 253: ...f dot1x timeout quiet period 3600 20 7 dot1x timeout tx period Use the dot1x timeout tx period Interface Configuration Ethernet mode command to set the time interval during which the device waits for a response to an Extensible Authentication Protocol EAP request identity frame from the client before resending the request Use the no form of this command to restore the default configuration Syntax ...

Page 254: ...od 3600 20 8 dot1x max req Use the dot1x max req Interface Configuration mode command to set the maximum number of times that the device sends an Extensible Authentication Protocol EAP request identity frame assuming that no response is received to the client before restarting the authentication process Use the no form of this command to restore the default configuration Syntax dot1x max req count...

Page 255: ...e dot1x timeout supp timeout Interface Configuration Ethernet mode command to set the time interval during which the device waits for a response to an Extensible Authentication Protocol EAP request frame from the client before resending the request Use the no form of this command to restore the default configuration Syntax dot1x timeout supp timeout seconds no dot1x timeout supp timeout Parameters...

Page 256: ...5 Console config if dot1x timeout supp timeout 3600 20 10 dot1x timeout server timeout Use the dot1x timeout server timeout Interface Configuration Ethernet mode command to set the time interval during which the device waits for a response from the authentication server Use the no form of this command to restore the default configuration Syntax dot1x timeout server timeout seconds no dot1x timeout...

Page 257: ...er timeout command and selecting the lower of the two values Example The following example sets the time interval between retransmission of packets to the authentication server to 3600 seconds Console config interface gi15 Console config if dot1x timeout server timeout 3600 20 11 show dot1x Use the show dot1x Privileged EXEC mode command to display the 802 1x device or specified interface status S...

Page 258: ... gi4 gi5 Admin Mode Auto Auto Auto Force auth Force auth Oper Mode Authorized Authorized Unauthorized Authorized Unauthorized Reauth Control Ena Ena Ena Dis Dis Reauth Period 3600 3600 3600 3600 3600 Username Bob John Clark n a n a Port is down or not present Console show dot1x interface gi3 802 1x is enabled Port gi3 Admin Mode Auto Oper Mode Unauthorized Reauth Control Ena Reauth Period 3600 Use...

Page 259: ...entication Method Termination Cause 30 Seconds 08 19 17 00 08 78 32 98 78 Remote Supplicant logoff Authenticator State Machine State HELD Backend State Machine State Authentication success Authentication fails IDLE 9 1 Field Description Port The port number Admin mode The port administration configured mode Possible values Force auth Force unauth Auto Oper mode The port operational actual mode Pos...

Page 260: ...rame assuming that no response is received to the client before restarting the authentication process Supplicant timeout The number of seconds that the device waits for a response to an EAP request frame from the client before resending the request Server timeout The number of seconds that the device waits for a response from the authentication server before resending the request Session Time The ...

Page 261: ...how dot1x users Use the show dot1x users Privileged EXEC mode command to display active 802 1x authenticated users for the device Syntax show dot1x users username username Parameters username Specifies the supplicant username Length 1 160 characters Command Mode Privileged EXEC mode ...

Page 262: ...d Address gi1 Bob 1d 03 08 58 Remote 0008 3b79 8787 3 gi2 John 08 19 17 None 0008 3b89 3127 2 OK Port Username Session Auth MAC VLAN Filter Time Method Address gi1 Bob 1d 09 07 38 Remote 0008 3b79 8787 3 OK gi1 Bernie 03 08 58 Remote 0008 3b79 3232 9 OK gi2 John 08 19 17 Remote 0008 3b89 3127 2 gi3 Paul 02 12 48 Remote 0008 3b89 8237 8 Warning Switch show dot1x users username Bob Port Username Ses...

Page 263: ...ort Command Mode Privileged EXEC mode Example The following example displays 802 1x statistics for gi1 Console show dot1x statistics interface gi1 EapolFramesRx 11 EapolFramesTx 12 EapolStartFramesRx 1 EapolLogoffFramesRx 1 EapolRespIdFramesRx 3 EapolRespFramesRx 6 EapolReqIdFramesTx 3 EapolReqFramesTx 6 InvalidEapolFramesRx 0 EapLengthErrorFramesRx 0 LastEapolFrameVersion 1 LastEapolFrameSource 0...

Page 264: ...y this Authenticator EapolRespFramesRx The number of valid EAP Response frames other than Resp Id frames that have been received by this Authenticator EapolReqIdFramesTx The number of EAP Req Id frames that have been transmitted by this Authenticator EapolReqFramesTx The number of EAP Request frames other than Req Id frames that have been transmitted by this Authenticator InvalidEapolFramesRx The ...

Page 265: ...n N A Command Mode Privileged EXEC User Guidelines The command clears the statistics displayed in the show dot1x statistics command Example console clear dot1x statistics 20 15 dot1x host mode Use the dot1x host mode Interface Configuration mode command to allow a single host client or multiple hosts on an IEEE 802 1x authorized port Use the no form of this command to return to the default setting...

Page 266: ...g is based on the source MAC address only Port security on a port cannot be enabled in single host mode and in multiple sessions mode It is recommended to enable reauthentication when working in multiple sessions mode in order to detect User Logout for users that hadn t sent Logoff Example console config interface gi1 console config if dot1x host mode multi host console config if dot1x host mode s...

Page 267: ...wn the port trap seconds Send SNMP traps and specifies the minimum time between consecutive traps If seconds 0 traps are disabled If the parameter is not specified it defaults to 1 second for the restrict mode and 0 for the other modes Default Configuration Protect Command Mode Interface Configuration Ethernet mode User Guidelines The command is relevant only for single host mode BPDU message whos...

Page 268: ...thorized users on an interface to access the guest VLAN If the guest VLAN is defined and enabled the port automatically joins the guest VLAN when the port is unauthorized and leaves it when the port becomes authorized To be able to join or leave the guest VLAN the port should not be a static member of the guest VLAN Example The following example defines VLAN 2 as a guest VLAN Console config interf...

Page 269: ...elevant if the guest VLAN is enabled on the port Configuring the timeout adds delay from enabling 802 1X or port up to the time the device adds the port to the guest VLAN Example The following example sets the delay between enabling 802 1x and adding a port to a guest VLAN to 60 seconds Console config dot1x guest vlan timeout 60 20 19 dot1x guest vlan enable Use the dot1x guest vlan enable Interfa...

Page 270: ...terface gi15 Console config if dot1x guest vlan enable 20 20 dot1x mac authentication Use the dot1x mac authentication Interface Configuration Ethernet mode command to enable authentication based on the station s MAC address Use the no form of this command to disable access Syntax dot1x mac authentication mac only mac and 802 1x no dot1x mac authentication Parameters mac only Enables authenticatio...

Page 271: ...ed when working in this mode Example The following example enables authentication based on the station s MAC address on gi1 Console config interface gi1 Console config if dot1x mac authentication mac only 20 21 show dot1x advanced Use the show dot1x advanced Privileged EXEC mode command to display 802 1x advanced features for the device or specified interface Syntax show dot1x advanced interface i...

Page 272: ... VLAN Authentication gi1 Disabled Enabled MAC and 802 1X gi2 Enabled Disabled Disabled Switch show dot1x advanced gi1 Interface Multiple Guest MAC Hosts VLAN Authentication gi1 Disabled Enabled MAC and 802 1X Legacy Supp mode is disabled Policy assignment resource err handling Accept Single host parameters Violation action Discard Trap Enabledx Status Single host locked Violations since last trap ...

Page 273: ... can be one of the following types Ethernet port or Port channel Example For Gigabit Ethernet ports console config interface gi1 20 Example For Fast Ethernet ports console config interface fa1 2 Example For Port Channels LAGs console config interface port channel 1 21 2 interface range Use the interface range command to execute a command on multiple ports at the same time Syntax interface range in...

Page 274: ... 3 shutdown Use the shutdown Interface Configuration Ethernet Port channel mode command to disable an interface Use the no form of this command to restart a disabled interface Syntax shutdown no shutdown Default Configuration The interface is enabled Command Mode Interface Configuration Ethernet Port channel mode Example Example 1 The following example disables gi5 operations Console config interf...

Page 275: ... description of the port to assist the user Length 1 64 characters Default Configuration The interface does not have a description Command Mode Interface Configuration Ethernet Port channel mode Example The following example adds the description SW 3 to gi5 Console config interface gi5 Console config if description SW 3 21 5 speed Use the speed Interface Configuration Ethernet Port channel mode co...

Page 276: ...and in a Port channel context returns each port in the Port channel to its maximum capability Example The following example configures the speed of gi5 to 100 Mbps operation Console config interface gi5 Console config if speed 100 21 6 duplex Use the duplex Interface Configuration Ethernet Port channel mode command to configure the full half duplex operation of a given Ethernet interface when not ...

Page 277: ...ation Use the negotiation Interface Configuration Ethernet Port channel mode command to enable auto negotiation operation for the speed and duplex parameters of a given interface Use the no form of this command to disable auto negotiation Syntax negotiation capability capability2 capability5 no negotiation Parameters capability Specifies the capabilities to advertise Possible values 10h 10f 100h 1...

Page 278: ...figure the flow control on a given interface Use the no form of this command to disable flow control Syntax flowcontrol auto on off no flowcontrol Parameters auto Specifies auto negotiation on Enables flow control off Disables flow control Default Configuration Flow control is disabled Command Mode Interface Configuration Ethernet Port channel mode User Guidelines Use the negotiation command to en...

Page 279: ... mdix on auto no mdix Parameters on Enables manual MDIX auto Enables automatic MDI MDIX Default Configuration The default setting is On Command Mode Interface Configuration Ethernet mode Example The following example enables automatic crossover on port gi5 Console config interface gi5 Console config if mdix auto 21 10 back pressure Use the back pressure Interface Configuration Ethernet mode comman...

Page 280: ...essure on port gi5 Console config interface gi5 Console config if back pressure 21 11 port jumbo frame Use the port jumbo frame Global Configuration mode command to enable jumbo frames on the device Use the no form of this command to disable jumbo frames Syntax port jumbo frame no port jumbo frame Default Configuration Jumbo frames are disabled on the device Command Mode Global Configuration mode ...

Page 281: ...yntax show interfaces counters interface id detailed Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel detailed Displays information for non present ports in addition to present ports Command Mode EXEC mode Example The following example clears the statistics counters for gi5 Console clear counters gi5 21 13 set interf...

Page 282: ...e The following example reactivates gi1 Console set interface active gi1 21 14 show interfaces configuration Use the show interfaces configuration EXEC mode command to display the configuration for all configured interfaces or for a specific interface Syntax show interfaces configuration interface id Parameters interface id Specifies an interface ID The interface ID can be one of the following typ...

Page 283: ...aces status Use the show interfaces status EXEC mode command to display the status of all configured interfaces or of a specific interface Syntax show interfaces status interface id detailed Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel detailed Displays information for non present ports in addition to present por...

Page 284: ...vertise EXEC mode command to display auto negotiation advertisement information for all configured interfaces or for a specific interface Syntax show interfaces advertise interface id Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel Command Mode EXEC mode Examples The following examples display auto negotiation infor...

Page 285: ... interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel Console show interfaces advertise gi1 Port gi1 Type 1G Copper Link state Up Auto Negotiation enabled Admin Local link Advertisement Oper Local link Advertisement Remote Local link Advertisement Priority Resolution 10h yes yes no 10f yes yes no 100 h yes yes yes 100f yes yes yes ...

Page 286: ...raffic seen by all the physical interfaces or by a specific interface Syntax show interfaces counters interface id Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel Command Mode EXEC mode Example The following example displays traffic seen by all the physical interfaces Console show interfaces description Port gi1 gi2...

Page 287: ... 0 0 0 0 Port OutUcastPkts OutMcastPkts OutBcastPkts OutOctets gi1 0 1 35 7051 Alignment Errors 0 FCS Errors 0 Single Collision Frames 0 Multiple Collision Frames 0 SQE Test Errors 0 Deferred Transmissions 0 Late Collisions 0 Excessive Collisions 0 Carrier Sense Errors 0 Oversize Packets 0 Internal MAC Rx Errors 0 Symbol Errors 0 Received Pause Frames 0 Transmitted Pause Frames 0 ...

Page 288: ...S check Single Collision Frames The number of frames that are involved in a single collision and are subsequently transmitted successfully Multiple Collision Frames The number of frames that are involved in more than one collision and are subsequently transmitted successfully SQE Test Errors The number of times that the SQE TEST ERROR is received The SQE TEST ERROR is set in accordance with the ru...

Page 289: ... show port jumbo frame Jumbo frames are disabled Jumbo frames will be enabled after reset Oversize Packets The number of frames received that exceed the maximum permitted frame size Internal MAC Rx Errors The number of frames for which reception fails due to an internal MAC sublayer receive error Received Pause Frames The number of MAC Control frames received with an opcode indicating the PAUSE op...

Page 290: ...second of broadcast traffic on a port Range 70 1000000 Default Configuration 1000 Command Mode Interface Configuration mode Ethernet User Guidelines Use the storm control broadcast enable Interface Configuration command to enable storm control The calculated rate includes the 20 bytes of Ethernet framing overhead preamble SFD IPG Example console config interface gi1 console config if storm control...

Page 291: ...0000 Default Configuration level 10 kbps 10 of port speed in Kbps Command Mode Interface Configuration mode Ethernet User Guidelines Use the storm control broadcast enable Interface Configuration command to enable storm control The calculated rate includes the 20 bytes of Ethernet framing overhead preamble SFD IPG The command smartport storm control broadcast level has the same functionality excep...

Page 292: ...trol include multicast Parameters N A unknown unicast Specifies also the count of unknown unicast packets Default Configuration Disabled Command Mode Interface Configuration mode Ethernet User Guidelines The command smartport storm control include multicast has the same functionality except that it does not return an error and does not configure anything when executing it for a port channel Exampl...

Page 293: ...rameters interface id Specifies the interface Command Mode EXEC mode Example console show storm control Port State Admin Rate Oper Rate Included Kb Sec gi1 Enabled 12345 Kb Sec 12345 Broadcast Multicast Unknown Unicast gi2 Disabled 100000 Kb Sec 100000 Broadcast gi3 Enabled 10 000000 Broadcast ...

Page 294: ...interface id Parameters interface id Specify an interface ID The interface ID must be an Ethernet port Command Mode EXEC mode User Guidelines The port must be active and working at 100 M or 1000 M Example The following example displays the estimated copper cable length attached to all ports 22 2 show fiber ports optical transceiver Use the show fiber ports optical transceiver EXEC mode command to ...

Page 295: ...cs results console show fiber ports optical transceiver Port Temp Voltage Current Output Input LOS Power Power gi1 W OK OK OK OK OK gi2 OK OK OK E OK OK Temp Internally measured transceiver temperature Voltage Internally measured supply voltage Current Measured TX bias current Output Power Measured TX output power in milliWatts Input Power Measured RX received power in milliWatts LOS Loss of signa...

Page 296: ...o gi8 29 3 33 6 50 3 53 3 71 No Temp Internally measured transceiver temperature Voltage Internally measured supply voltage Current Measured TX bias current Output Power Measured TX output power in milliWatts Input Power Measured RX received power in milliWatts LOS Loss of signal N A Not Available N S Not Supported W Warning E Error ...

Page 297: ...he device discovery protocol and stops supplying power to the device Default Configuration The default configuration is set to auto Command Mode Interface Configuration Ethernet mode Example The following example turns on the device discovery protocol on port 4 Console config interface gi4 Console config if power inline auto 23 2 power inline priority Use the power inline priority Interface Config...

Page 298: ...ple The following example sets the inline power management priority of gigabitethernet port 4 to High Console config interface gi4 Console config if power inline priority high 23 3 power inline usage threshold Use the power inline usage threshold Global Configuration mode command to configure the threshold for initiating inline power usage alarms Use the no form of this command to restore the defa...

Page 299: ...obal Configuration mode command to enable inline power traps Use the no form of this command to disable traps Syntax power inline traps enable no power inline traps enable Default Configuration Inline power traps are disabled Command Mode Global Configuration mode Example The following example enables inline power traps Console config power inline traps enable 23 5 power inline limit Use the power...

Page 300: ...e following example sets inline power on a port console config interface gi1 console config if power inline limit 2222 23 6 power inline limit mode Use the power inline limit mode Global Configuration mode command to set the power limit mode of the system Use the no form of this command to return to default Syntax power inline limit mode class port no power inline limit mode Parameters class The p...

Page 301: ... power for all interfaces or for a specific interface Syntax show power inline interface id Parameters interface id Specifies an interface ID The interface ID must be an Ethernet port Default Configuration There is no default configuration for this command Command Mode EXEC mode Example The following example displays information about the inline power for all ports port power based console config ...

Page 302: ...W Power limit for port power limit mode 15 W The following table describes the fields shown in the display Field Description Power The inline power sourcing equipment operational status Nominal Power The inline power sourcing equipment nominal power in Watts Consumed Power The measured usage power in Watts Usage Threshold The usage threshold expressed in percent for comparing the measured power an...

Page 303: ...mation about the inline power consumption for all interfaces or for a specific interface Priority The port inline power management priority The possible values are Critical High or Low Status Describes the port inline power operational state The possible values are On Off Test Fail Testing Searching or Fault Class The power consumption classification of the powered device Overload Counter Counts t...

Page 304: ...ace ID The interface ID must be an Ethernet port Default Configuration There is no default configuration for this command Command Mode EXEC mode Example The following example displays information about the inline power consumption Console show power inline consumption Port gi1 gi2 gi3 Power Limit W 15 4 15 4 15 4 Power W 4 115 4 157 4 021 Voltage V 50 8 50 7 50 9 Current mA 81 82 79 ...

Page 305: ...the other end of the link must also support EEE and have it enabled In addition for EEE to work properly Auto Negotaition must be enabled however if the port speed is negotiated 1Giga EEE always works regardless of the auto negotiation status meaning enable or disable If Auto Negotiation is not enabled on the port and its speed is less than 1 Giga the EEE Operational status is disabled 24 2 eee en...

Page 306: ... eee lldp enable Interface Configuration command to enable EEE support by LLDP on an Ethernet port Use the no format of the command to disable the support Syntax eee lldp enable no eee lldp enable Parameters N A Default Configuration Enabled Command Mode Interface Configuration mode Ethernet User Guidelines Enabling EEE LLDP advertisement allows devices to choose and change system wake up times in...

Page 307: ...nistrate status is enabled on ports gi1 6 gi7 EEE Operational status is enabled on ports gi1 gi3 6 gi2 gi5 EEE LLDP Administrate status is enabled on ports gi1 5 EEE LLDP Operational status is enabled on ports gi1 5 Example 2 Port in state notPresent no information if port supports EEE Switch show eee gi10 Port Status notPresent EEE Administrate status enabled EEE LLDP Administrate status enabled ...

Page 308: ... Speed 1G EEE supported Current port speed 1Gbps EEE Administrate status enabled EEE LLDP Administrate status enabled Example 5 Neighbor does not support EEE Switch show eee gi5 Port Status UP EEE capabilities Speed 10M EEE not supported Speed 100M EEE supported Speed 1G EEE supported Current port speed 1Gbps EEE Remote status disabled EEE Administrate status enabled EEE Operational status disable...

Page 309: ...t EEE LLDP is disabled Switch show eee gi2 Port Status UP EEE capabilities Speed 10M EEE not supported Speed 100M EEE supported Speed 1G EEE supported Current port speed 1Gbps EEE Remote status enabled EEE Administrate status enabled EEE Operational status enabled EEE LLDP Administrate status disabled EEE LLDP Operational status disabled Resolved Tx Timer 10usec Local Tx Timer 10 usec Resolved Tim...

Page 310: ... Rx Timer 5 usec Resolved Timer 25 usec Local Rx Timer 20 usec Remote Tx Timer 25 usec Example 9 EEE is running on the port EEE LLDP enabled but not synchronized with remote link partner Switch show eee gi9 Port Status up EEE capabilities Speed 10M EEE not supported Speed 100M EEE supported Speed 1G EEE supported Current port speed 1Gbps EEE Remote status enabled EEE Administrate status enabled EE...

Page 311: ...d 10M EEE not supported Speed 100M EEE supported Speed 1G EEE supported Current port speed 1Gbps EEE Remote status enabled EEE Administrate status enabled EEE Operational status enabled EEE LLDP Administrate status enabled EEE LLDP Operational status enabled Resolved Tx Timer 10usec Local Tx Timer 10 usec Remote Rx Timer 5 usec Resolved Timer 25 usec Local Rx Timer 20 usec Remote Tx Timer 25 usec ...

Page 312: ...tax green ethernet energy detect no green ethernet energy detect Parameters N A Default Configuration Enabled Command Mode Global Configuration mode Example console config green ethernet energy detect 25 2 green ethernet energy detect interface Use the green ethernet energy detect Interface configuration mode command to enable green ethernet Energy Detect mode on an interface use the no form of th...

Page 313: ... 5 seconds to fall into sleep mode when the link is lost after normal operation Example console config interface gi1 console config if green ethernet energy detect 25 3 show green ethernet Use the show green ethernet Privileged EXEC mode command to show green ethernet configuration and information Syntax show green ethernet interface id Parameters interface id Specifies an interface ID The interfa...

Page 314: ...ed Short Reach mode Disabled Power Consumption 76 3 31W out of maximum 4 33W Cumulative Energy Saved 33 Watt Hour Short Reach cable length threshold 50m Energy detect Non operational Reasons Priority Reason Description 1 NP Port is not present 2 LT Link Type is not supported fiber auto media select 3 LU Port Link is up NA Short Reach Non operational Reasons Priority Reason Description 1 NP Port is...

Page 315: ... command to enable green ethernet short reach mode globally Use the no form of this command to disabled it Syntax green ethernet short reach no green ethernet short reach Parameters N A Default Configuration Disabled Command Mode Global Configuration mode Example console config green ethernet short reach 25 5 green ethernet short reach interface Use the green ethernet short reach Interface Configu...

Page 316: ...per or the link speed is not 1000 Mbps and short reach mode is not forced by green ethernet short reach force Short Reach mode is not applied When the interface is set to enhanced mode after the VCT length check has completed and set the power to low an active monitoring for errors is done continuously In the case of errors crossing a certain threshold the PHY will be reverted to long reach Note t...

Page 317: ...Green Ethernet 78 20269 01 Command Line Interface Reference Guide 318 25 Syntax green ethernet power meter reset Command Mode Privileged EXEC mode Example console config green ethernet power meter reset ...

Page 318: ...nel Specifies the port channel number for the current port to join mode on auto Specifies the mode of joining the port channel The possible values are on Forces the port to join a channel without an LACP operation auto Forces the port to join a channel as a result of an LACP operation Default Configuration The port is not assigned to a port channel Command Mode Interface Configuration Ethernet mod...

Page 319: ...on MAC address src dst mac ip Port channel load balancing is based on the source and destination of MAC and IP addresses Default Configuration src dst mac is the default option Command Mode Global Configuration mode User Guidelines In src dst mac ip port load balancing policy fragmented packets might be reordered Example console config port channel load balance src dst mac console config port chan...

Page 320: ... example displays information on all port channels console show interfaces port channel Load balancing src dst mac Gathering information Channel Ports Po1 Active gi1 Inactive gi2 3 Po2 Active gi5 Inactive gi4 console show interfaces switchport gi1 Gathering information Name gi1 Switchport enable Administrative Mode access Operational Mode down Access Mode VLAN 1 Access Multicast TV VLAN none Trunk...

Page 321: ...idden VLANs none General Ingress Filtering enabled General Acceptable Frame Type all General GVRP status disabled Customer Mode VLAN none Private vlan promiscuous association primary VLAN none Private vlan promiscuous association Secondary VLANs Enabled none Private vlan host association primary VLAN none Private vlan host association Secondary VLAN Enabled none DVA disable ...

Page 322: ...rts Command Mode Global Configuration mode User Guidelines If multicast devices exist on the VLAN do not change the unregistered multicast addresses states to drop on the device ports If multicast devices exist on the VLAN and IGMP snooping is not enabled the bridge multicast forward all command should be used to enable forwarding all multicast packets to the multicast switches Example The followi...

Page 323: ...ss and IPv4 source address for IPv4 packets Default Configuration The default mode is mac group Command Mode Interface Configuration VLAN mode User Guidelines Use the mac group mode when using a Network Management System that uses a MIB based on the multicast MAC address Otherwise it is recommended to use the ipv4 group or ipv4 src group mode because there is no overlapping of IPv4 multicast addre...

Page 324: ...4 group Example The following example configures the multicast bridging mode as ipv4 group on VLAN 2 Console config interface vlan 2 Console config if bridge multicast mode ipv4 group 27 3 bridge multicast address Use the bridge multicast address Interface Configuration VLAN mode command to register a MAC layer multicast address in the bridge table and statically add or remove ports to or from the...

Page 325: ...annels Default Configuration No multicast addresses are defined If ethernet interface list or port channel port channel list is specified without specifying add or remove the default option is add Command Mode Interface Configuration VLAN mode User Guidelines To register the group in the bridge database without adding or removing ports or port channels specify the mac multicast address parameter o...

Page 326: ...multicast forbidden address mac multicast address Parameters mac multicast address Specifies the group MAC multicast address add Forbids adding ports to the group remove Forbids removing ports from the group ethernet interface list Specifies a list of Ethernet ports Separate nonconsecutive Ethernet ports with a comma and no spaces Use a hyphen to designate a range of ports port channel port channe...

Page 327: ...of this command to unregister the IP address Syntax bridge multicast ip address ip multicast address add remove ethernet interface list port channel port channel list no bridge multicast ip address ip multicast address Parameters ip multicast address Specifies the group IP multicast address add Adds ports to the group remove Removes ports from the group ethernet interface list Specifies a list of ...

Page 328: ...st ip address 239 2 2 2 The following example registers the IP address and adds ports statically Console config interface vlan 8 Console config if bridge multicast ip address 239 2 2 2 add gi9 27 6 bridge multicast forbidden ip address Use the bridge multicast forbidden ip address Interface Configuration VLAN mode command to forbid adding or removing a specific IP multicast address to or from spec...

Page 329: ...ode Interface Configuration VLAN mode User Guidelines Before defining forbidden ports the multicast group should be registered You can execute the command before the VLAN is created Example The following example registers IP address 239 2 2 2 and forbids the IP address on port gi9 within VLAN 8 Console config interface vlan 8 Console config if bridge multicast ip address 239 2 2 2 Console config i...

Page 330: ...terface list Specifies a list of Ethernet ports Separate nonconsecutive Ethernet ports with a comma and no spaces Use a hyphen to designate a range of ports port channel port channel list Specifies a list of port channels Separate nonconsecutive port channels with a comma and no spaces use a hyphen to designate a range of port channels Default Configuration No multicast addresses are defined The d...

Page 331: ...cifies the source IP address ip multicast address Specifies the group IP multicast address add Forbids adding ports to the group for the specific source IP address remove Forbids removing ports from the group for the specific source IP address ethernet interface list Specifies a list of Ethernet ports Separate nonconsecutive Ethernet ports with a comma and no spaces Use a hyphen to designate a ran...

Page 332: ...guration VLAN mode command to configure the multicast bridging mode for ipv6 multicast packets Use the no form of this command to return to the default configuration Syntax bridge multicast ipv6 mode mac group ip group ip src group no bridge multicast ipv6 mode Parameters mac group Specifies that multicast bridging is based on the packet s VLAN and MAC address ip group Specifies that multicast bri...

Page 333: ...e port is added to the S G entries if they exist that belong to the requested group If an application on the device requests G the operating FDB mode is changed to ip group You can execute the command before the VLAN is created Example The following example configures the Multicast bridging mode as ip group on VLAN 2 Console config interface vlan 2 Console config if bridge multicast ipv6 mode ip g...

Page 334: ...ifies the group IPv6 multicast address add Adds ports to the group remove Removes ports from the group ethernet interface list Specifies a list of Ethernet ports Separate nonconsecutive Ethernet ports with a comma and no spaces use a hyphen to designate a range of ports port channel port channel list Specifies a list of port channels Separate nonconsecutive port channels with a comma and no spaces...

Page 335: ...icast ipv6 forbidden ip address Interface Configuration VLAN mode command to forbid adding or removing a specific IPv6 multicast address to or from specific ports To restore the default configuration use the no form of this command Syntax bridge multicast ipv6 forbidden ip address ipv6 multicast address add remove ethernet interface list port channel port channel list no bridge multicast ipv6 forb...

Page 336: ...he IPv6 address on port gi9 within VLAN 8 console config interface vlan 8 Console config if bridge multicast ipv6 ip address FF00 0 0 0 4 4 4 Console config if bridge multicast ipv6 forbidden ip address FF00 0 0 0 4 4 4 add gi9 27 12 bridge multicast ipv6 source group Use the bridge multicast ipv6 source group Interface Configuration VLAN mode command to register a source IPv6 address multicast IP...

Page 337: ...ort channels with a comma and no spaces Use a hyphen to designate a range of port channels Default Configuration No multicast addresses are defined If ethernet interface list or port channel port channel list is specified without specifying add or remove the default option is add You can execute the command before the VLAN is created Command Mode Interface Configuration VLAN mode Example The follo...

Page 338: ...cast address add Forbids adding ports to the group for the specific source IPv6 address remove Forbids removing ports from the group for the specific source IPv6 address ethernet interface list Specifies a list of Ethernet ports Separate nonconsecutive Ethernet ports with a comma and no spaces Use a hyphen to designate a range of ports port channel port channel list Specifies a list of port channe...

Page 339: ... Ethernet Port Channel mode command to configure the forwarding state of unregistered multicast addresses Use the no form of this command to restore the default configuration Syntax bridge multicast unregistered forwarding filtering no bridge multicast unregistered Parameters forwarding Forwards unregistered multicast packets filtering Filters unregistered multicast packets Default Configuration U...

Page 340: ... restore the default configuration Syntax bridge multicast forward all add remove ethernet interface list port channel port channel list no bridge multicast forward all Parameters add Forces forwarding of all multicast packets remove Does not force forwarding of all multicast packets ethernet interface list Specifies a list of Ethernet ports Separate nonconsecutive Ethernet ports with a comma and ...

Page 341: ...icast forbidden forward all add remove ethernet interface list port channel port channel list no bridge multicast forbidden forward all Parameters add Forbids forwarding of all multicast packets remove Does not forbid forwarding of all multicast packets ethernet interface list Specifies a list of Ethernet ports Separate nonconsecutive Ethernet ports with a comma and no spaces Use a hyphen to desig...

Page 342: ... of this command to delete the MAC address Syntax mac address table static mac address vlan vlan id interface interface id permanent delete on reset delete on timeout secure no mac address table static mac address vlan vlan id Parameters mac address AC address Range Valid MAC address vlan id Specify the VLAN interface id Specify an interface ID The interface ID can be one of the following types Et...

Page 343: ... secure entries from the forwarding database Syntax clear mac address table dynamic interface interface id clear mac address table secure interface interface id Parameters interface interface id Delete all dynamic address on the specified interface The interface ID can be one of the following types Ethernet port or port channel Command Mode Privileged EXEC mode Example console clear mac address ta...

Page 344: ...n Ethernet Port channel mode command to enable port security on an interface Use the no form of this command to disable port security on an interface Syntax port security forward discard discard shutdown trap seconds no port security Parameters forward Forwards packets with unlearned source addresses but does not learn the address discard Discards packets with unlearned source addresses discard sh...

Page 345: ...ity forward trap 100 27 21 port security mode Use the port security mode Interface Configuration Ethernet port channel mode command configures the port security learning mode Use the no form of this command to restore the default configuration Syntax port security mode lock max addresses no port security mode Parameters lock Saves the current dynamic MAC addresses associated with the port and disa...

Page 346: ...nfigure the maximum number of addresses that can be learned on the port while the port is in port security max addresses mode Use the no form of this command to restore the default configuration Syntax port security max max addr no port security max Parameters max addr Specifies the maximum number of addresses that can be learned on the port Range 0 256 Default Configuration This default maximum n...

Page 347: ... MAC address table entries static Displays only static MAC address table entries secure Displays only secure MAC address table entries vlan Specifies VLAN such as VLAN 1 interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or port channel mac address MAC address Default Configuration If no parameters are entered the entire table is displayed Comma...

Page 348: ...show mac address table 00 3f bd 45 5a b1 Aging time is 300 sec VLAN MAC Address Port Type 1 00 3f bd 45 5a b1 static gi9 27 24 show mac address table count Use the show mac address table count EXEC mode command to display the number of addresses present in the Forwarding Database Syntax show mac address table count vlan vlan interface interface id Parameters vlan Specifies VLAN interface id Specif...

Page 349: ...083 Used 109 Static addresses 2 Secure addresses 1 Dynamic addresses 97 Internal addresses 9 27 25 show bridge multicast mode Use the show bridge multicast mode EXEC mode command to display the multicast bridging mode for all VLANs or for a specific VLAN Syntax show bridge multicast mode vlan vlan id Parameters vlan vlan id Specifies the VLAN ID Command Mode EXEC mode ...

Page 350: ...ters vlan id Specifies the VLAN ID address mac multicast address ipv4 multicast address ipv6 multicast address Specifies the multicast address The possible values are mac multicast address Specifies the MAC multicast address ipv4 multicast address Specifies the IPv4 multicast address ipv6 multicast address Specifies the IPv6 multicast address format ip mac Specifies the multicast address format Th...

Page 351: ...ange 0100 5e00 0000 through 0100 5e7f ffff Multicast Router ports defined statically or discovered dynamically are members in all MC groups Ports that were defined via bridge multicast forbidden forward all command are displayed in all forbidden MC entries Changing the multicast mode can move static multicast addresses that are written in the device FDB to a shadow configuration because of FDB has...

Page 352: ...6 5 1 233 22 2 6 Multicast address table for VLANs in IPv4 SRC GROUP bridging mode Vlan Group Address Source address Type Ports 1 224 2 2 251 11 2 2 3 Dynamic gi1 Forbidden ports for multicast addresses Vlan Group Address Source Address Ports 8 239 2 2 2 gi9 8 239 2 2 2 1 1 1 11 gi9 Multicast address table for VLANs in IPv6 GROUP bridging mode VLAN IP MAC Address Type Ports 8 ff02 4 4 4 Static gi1...

Page 353: ...multicast addresses Vlan Group Address Source address Ports 8 ff02 4 4 4 gi9 8 ff02 4 4 4 fe80 200 7ff f gi9 e00 200 27 27 show bridge multicast unregistered Use the show bridge multicast unregistered EXEC mode command to display the unregistered multicast filtering configuration Syntax show bridge multicast unregistered interface id Parameters interface id Specifies an interface ID The interface ...

Page 354: ...ow ports security interface id Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel Command Mode Privileged EXEC mode Example The following example displays the port lock status of all ports console show ports security Port Status Learning Action Max Trap Frequency gi1 Enabled Max Discard 3 Enabled 100 Addresses Console ...

Page 355: ...resses interface id Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel Command Mode Privileged EXEC mode Field Description Port The port number Status The port security status The possible values are Enabled or Disabled Mode The port security mode Action The action taken on violation Maximum The maximum number of addre...

Page 356: ... sap llc snap pid Parameters mac multicast address MAC multicast address in the reserved MAC addresses range Range 01 80 C2 00 00 00 01 80 C2 00 00 02 01 80 C2 00 00 2F ethernet v2 ethtype Specifies that the packet type is Ethernet v2 and the Ethernet type field 16 bits in hexadecimal format Range 0x0600 0xFFFF llc sap Specifies that the packet type is LLC and the DSAP SSAP field 16 bits in hexade...

Page 357: ...not specified the configuration is relevant to all the packets with the configured MAC address Specific configurations that contain service type have precedence over less specific configurations contain only MAC address The packets that are bridged are subject to security ACLs The actions define by this command has precedence over forwarding rules defined by applications protocols STP LLDP etc sup...

Page 358: ...Address Table Commands 78 20269 01 Command Line Interface Reference Guide 359 27 01 80 C2 00 00 00LLC SNAP00 00 0C 01 29Bridge ...

Page 359: ...ets only If no option is specified it monitors both rx and tx tx Monitors transmitted packets only If no option is specified it monitors both rx and tx vlan vlan id VLAN number src interface id Specifies an interface ID The interface ID must be and Ethernet port Default Configuration Monitors both received and transmitted packets Command Mode Interface Configuration Ethernet mode It cannot be conf...

Page 360: ... be automatically removed from the default VLAN L2 protocols such as LLDP CDP LBD STP LACP are not active on the destination port The following restrictions apply to ports that are configured to be monitor ports The port cannot be source port The port is not a member in port channel Notes 1 In this mode some traffic duplication on the analyzer port may be observed For example Port 2 is being egres...

Page 361: ...2 to destination port gi1 1 1 Console config interface gi1 1 1 Console config if port monitor gi1 1 2 28 2 show ports monitor Use the show ports monitor EXEC mode command to display the port monitoring status Syntax show ports monitor Command Mode EXEC mode Example The following example displays the port monitoring status Console show ports monitor Source port Destination Port Type Status gi1 1 8 ...

Page 362: ...tree Default Configuration Spanning tree is enabled Command Mode Global Configuration mode Example The following example enables spanning tree functionality Console config spanning tree 29 2 spanning tree mode Use the spanning tree mode Global Configuration mode command to configure the spanning tree protocol currently running Use the no form of this command to restore the default configuration Sy...

Page 363: ...ple The following example configures the spanning tree protocol as MSTP console config spanning tree mode mstp 29 3 spanning tree forward time Use the spanning tree forward time Global Configuration mode command to configure the spanning tree bridge forward time which is the amount of time a port remains in the listening and learning states before entering the forwarding state Use the no form of t...

Page 364: ...spanning tree hello time Global Configuration mode command to configure the spanning tree bridge Hello time which is how often the device broadcasts Hello messages to other devices Use the no form of this command to restore the default configuration Syntax spanning tree hello time seconds no spanning tree hello time Parameters seconds Specifies the spanning tree Hello time in seconds Range 1 10 De...

Page 365: ...re the spanning tree bridge maximum age Use the no form of this command to restore the default configuration Syntax spanning tree max age seconds no spanning tree max age Parameters seconds Specifies the spanning tree bridge maximum age in seconds Range 6 40 Default Configuration The default maximum age for IEEE Spanning Tree Protocol STP is 20 seconds Command Mode Global Configuration mode User G...

Page 366: ... root bridge Use the no form of this command to restore the default device spanning tree priority Syntax spanning tree priority priority no spanning tree priority Parameters priority Specifies the bridge priority Range 0 61440 Default Configuration The default bridge priority for IEEE Spanning Tree Protocol STP is 32768 Command Mode Global Configuration mode User Guidelines The priority value must...

Page 367: ...ation Spanning tree is enabled on all ports Command Mode Interface Configuration Ethernet port channel mode Example The following example disables the spanning tree on gi5 Console config interface gi5 Console config if spanning tree disable 29 8 spanning tree cost Use the spanning tree cost Interface Configuration Ethernet port channel mode command to configure the spanning tree path cost for a po...

Page 368: ...cost 35000 29 9 spanning tree port priority Use the spanning tree port priority Interface Configuration Ethernet port channel mode command to configure the port priority Use the no form of this command to restore the default configuration Syntax spanning tree port priority priority no spanning tree port priority Parameters priority Specifies the port priority Range 0 240 Default Configuration The ...

Page 369: ...st Interface Configuration Ethernet port channel mode command to enable the PortFast mode In PortFast mode the interface is immediately put into the forwarding state upon linkup without waiting for the standard forward time delay Use the no form of this command to disable the PortFast mode Syntax spanning tree portfast auto no spanning tree portfast Parameters auto Specifies that the software wait...

Page 370: ...ate Use the no form of this command to restore the default configuration Syntax spanning tree link type point to point shared no spanning tree spanning tree link type Parameters point to point Specifies that the port link type is point to point shared Specifies that the port link type is shared Default Configuration The device derives the port link type from the duplex mode A full duplex port is c...

Page 371: ... path costs are within the range 1 200 000 000 short Specifies that the default port path costs are within the range 1 65 535 Default Configuration Long path cost method Command Mode Global Configuration mode User Guidelines This command applies to all the spanning tree instances on the switch If the short method is chosen the switch use for the default cost values in the range 1 through 65 535 If...

Page 372: ...ith the spanning tree disabled and BPDU handling mode of flooding Tagged BPDU packets are filtered bridging Specifies that BPDU packets whether untagged or tagged are flooded and are subject to ingress and egress VLAN rules when the spanning tree is disabled globally This mode is not relevant if the spanning tree is disabled only on a group of ports Default Configuration The default setting is flo...

Page 373: ...ee bpdu Parameters filtering Specifies that BPDU packets are filtered when the spanning tree is disabled on an interface flooding Specifies that untagged BPDU packets are flooded unconditionally without applying VLAN rules to ports with the spanning tree disabled and BPDU handling mode of flooding Tagged BPDU packets are filtered Default Configuration The spanning tree bpdu Global command determin...

Page 374: ...terface when it receives a bridge protocol data unit BPDU Use the no form of this command to restore the default configuration Syntax spanning tree bpduguard enable disable no spanning tree bpduguard Parameters enable Enables BPDU Guard disable Disables BPDU Guard Default Configuration BPDU Guard is disabled Command Mode Interface Configuration Ethernet Port channel mode User Guidelines The comman...

Page 375: ...ies an interface ID The interface ID can be one of the following types Ethernet port or Port channel Command Mode Privileged EXEC mode User Guidelines This feature should be used only when working in RSTP or MSTP mode Example console clear spanning tree detected protocols 29 17 spanning tree mst priority Use the spanning tree mst priority Global Configuration mode command to configure the device p...

Page 376: ... value must be a multiple of 4096 The switch with the lowest priority is the root of the spanning tree Example The following example configures the spanning tree priority of instance 1 to 4096 Console config spanning tree mst 1 priority 4096 29 18 spanning tree mst max hops Use the spanning tree mst max hops Global Configuration mode command to configure the number of hops in an MST region before ...

Page 377: ...ity Interface Configuration Ethernet port channel mode command to configure the priority of a port Use the no form of this command to restore the default configuration Syntax spanning tree mst instance id port priority priority no spanning tree mst instance id port priority Parameters instance id Specifies the spanning tree instance ID Range 1 15 priority Specifies the port priority Range 0 240 in...

Page 378: ... path cost when selecting an interface to put in the forwarding state Use the no form of this command to restore the default configuration Syntax spanning tree mst instance id cost cost no spanning tree mst instance id cost Parameters instance id Specifies the spanning tree instance ID Range 1 15 cost Specifies the port path cost Range 1 200000000 Default Configuration Default path cost is determi...

Page 379: ...tion mode command to enable configuring an MST region by entering the Multiple Spanning Tree MST mode Syntax spanning tree mst configuration Command Mode Global Configuration mode User Guidelines For two or more switches to be in the same MST region they need to contain the same VLAN mapping the same configuration revision number and the same name Example The following example configures an MST re...

Page 380: ...ecify a series use a comma Range 1 4094 Default Configuration All VLANs are mapped to the common and internal spanning tree CIST instance instance 0 Command Mode MST Configuration mode User Guidelines All VLANs that are not explicitly mapped to an MST instance are mapped to the common and internal spanning tree CIST instance instance 0 and cannot be unmapped from the CIST For two or more devices t...

Page 381: ...figuration name Length 1 32 characters Default Configuration The default name is the bridge MAC address Command Mode MST Configuration mode Example The following example defines the configuration name as Region1 Console config spanning tree mst configuration Console config mst name region1 29 24 revision MST Use the revision MST Configuration mode command to define the MST configuration revision n...

Page 382: ...ation mode Example The following example sets the configuration revision to 1 Console config spanning tree mst configuration Console config mst revision 1 29 25 show MST Use the show MST Configuration mode command to displays the current or pending MST region configuration Syntax show current pending Parameters current Displays the current MST region configuration pending Displays the pending MST ...

Page 383: ...ges Syntax exit Command Mode MST Configuration mode Example The following example exits the MST Configuration mode and saves changes Console config spanning tree mst configuration Console config mst exit 29 27 abort MST Use the abort MST Configuration mode command to exit the MST Configuration mode without applying the configuration changes Console config mst show pending Pending MST configuration...

Page 384: ...g tree configuration Syntax show spanning tree interface id instance instance id show spanning tree detail active blockedports instance instance id show spanning tree mst configuration Parameters instance instance id Specifies the spanning tree instance ID Range 1 16 detail Displays detailed information active Displays active ports only blockedports Displays blocked ports only mst configuration Di...

Page 385: ...spanning tree Console show spanning tree Spanning tree enabled mode RSTP Default port cost method long Loopback guard Disabled Root ID Priority Address Cost Port 32768 00 01 42 97 e0 00 20000 gi1 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority Address 36864 00 02 4b 29 7a 00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec ...

Page 386: ... 128 2 128 3 128 4 128 5 Cost 20000 20000 20000 20000 20000 Sts FWD FWD BLK DIS Role Root Desg Altn PortFas t No No No Type P2p RSTP Shared STP Shared STP Console show spanning tree Spanning tree enabled mode RSTP Default port cost method long Root ID Priority Address 36864 00 02 4b 29 7a 00 This switch is the Root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interfaces ...

Page 387: ...0000 Sts FWD FWD FWD DIS Role Desg Desg Desg PortFas t No No No Type P2p RSTP Shared STP Shared STP Console show spanning tree Spanning tree disabled BPDU filtering mode RSTP Default port cost method long Root ID Priority Address Path Cost Root Port Hello Time N A N A N A N A N A Max Age N A Forward Delay N A Bridge ID Priority Address 36864 00 02 4b 29 7a 00 Hello Time 2 sec Max Age 20 sec Forwar...

Page 388: ... 20000 20000 20000 20000 20000 Sts Role PortFas t Type Console show spanning tree active Spanning tree enabled mode RSTP Default port cost method long Root ID Priority Address Path Cost Root Port 32768 00 01 42 97 e0 00 20000 gi1 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority Address 36864 00 02 4b 29 7a 00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interfaces ...

Page 389: ... Altn PortFas t No No No Type P2p RSTP Shared STP Shared STP Console show spanning tree blockedports Spanning tree enabled mode RSTP Default port cost method long Root ID Priority Address Path Cost Root Port 32768 00 01 42 97 e0 00 20000 gi1 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 36864 Address 00 02 4b 29 7a 00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec I...

Page 390: ...c Max Age 20 sec Forward Delay 15 sec Bridge ID Priority Address 36864 00 02 4b 29 7a 00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Number of topology changes 2 last change occurred 2d18h ago Times hold 1 topology change 35 notification 2 hello 2 max age 20 forward delay 15 Port 1 gi1 enabled State Forwarding Port id 128 1 Type P2p configured auto RSTP Designated bridge Priority 32768 De...

Page 391: ...s to forwarding state 1 BPDU sent 2 received 170638 Port 3 gi3 disabled State N A Port id 128 3 Type N A configured auto Designated bridge Priority N A Designated port id N A Guard root Disabled Role N A Port cost 20000 Port Fast N A configured no Address N A Designated path cost N A BPDU guard Disabled Number of transitions to forwarding state N A BPDU sent N A received N A Port 4 gi4 enabled Sta...

Page 392: ...eived 120638 Port 5 gi5 enabled State Disabled Port id 128 5 Type N A configured auto Designated bridge Priority N A Designated port id N A Guard root Disabled Role N A Port cost 20000 Port Fast N A configured no Address N A Designated path cost N A BPDU guard Disabled Number of transitions to forwarding state N A BPDU sent N A received N A ...

Page 393: ...ed no Address 00 01 42 97 e0 00 Designated path cost 0 BPDU guard Disabled Number of transitions to forwarding state 1 BPDU sent 2 received 120638 Console show spanning tree mst configuration Name Region1 Revision 1 Instance 0 1 Vlans mapped 1 9 21 4094 10 20 State Enabled Enabled Console show spanning tree Spanning tree enabled mode MSTP Default port cost method long MST 0 Vlans Mapped 1 9 CST Ro...

Page 394: ...ax hops 20 Interfaces Name gi1 gi2 gi3 gi4 State Enabled Enabled Enabled Enabled Prio Nbr 128 1 128 2 128 3 128 4 Cost 20000 20000 20000 20000 Sts FWD FWD FWD FWD Role Root Desg Desg Desg PortFas t No No No No Type P2p Bound RSTP Shared Bound STP P2p P2p MST 1 Vlans Mapped 10 20 Root ID Priority Address Path Cost Root Port Rem hops 24576 00 02 4b 29 89 76 20000 gi4 19 Bridge ID Priority Address 32...

Page 395: ...PortFas t No No No No Type P2p Bound RSTP Shared Bound STP P2p P2p Console show spanning tree detail Spanning tree enabled mode MSTP Default port cost method long MST 0 Vlans Mapped 1 9 CST Root ID Priority Address Path Cost Root Port 32768 00 01 42 97 e0 00 20000 gi1 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec IST Master ID Priority Address 32768 00 02 4b 29 7a 00 This switch is the IST ...

Page 396: ...riority 32768 Designated port id 128 25 Number of transitions to forwarding state 1 BPDU sent 2 received 120638 Role Root Port cost 20000 Port Fast No configured no Address 00 01 42 97 e0 00 Designated path cost 0 Port 2 gi2 enabled State Forwarding Port id 128 2 Type Shared configured auto Boundary STP Designated bridge Priority 32768 Designated port id 128 2 Number of transitions to forwarding s...

Page 397: ...0 Designated path cost 20000 Port 4 gi4 enabled State Forwarding Port id 128 4 Type Shared configured auto Internal Designated bridge Priority 32768 Designated port id 128 2 Number of transitions to forwarding state 1 BPDU sent 2 received 170638 Role Designated Port cost 20000 Port Fast No configured no Address 00 02 4b 29 7a 00 Designated path cost 20000 MST 1 Vlans Mapped 10 20 Root ID Priority ...

Page 398: ...umber of transitions to forwarding state 1 BPDU sent 2 received 120638 Role Boundary Port cost 20000 Port Fast No configured no Address 00 02 4b 29 7a 00 Designated path cost 20000 Port 2 gi2 enabled State Forwarding Port id 128 2 Type Shared configured auto Boundary STP Designated bridge Priority 32768 Designated port id 128 2 Number of transitions to forwarding state 1 BPDU sent 2 received 17063...

Page 399: ... path cost 20000 Port 4 gi4 enabled State Forwarding Port id 128 4 Type Shared configured auto Internal Designated bridge Priority 32768 Designated port id 128 2 Number of transitions to forwarding state 1 BPDU sent 2 received 170638 Role Designated Port cost 20000 Port Fast No configured no Address 00 02 4b 29 7a 00 Designated path cost 20000 Console show spanning tree Spanning tree enabled mode ...

Page 400: ...e one of the following types Ethernet port or Port channel IST Master ID Priority Address Path Cost Rem hops 32768 00 02 4b 19 7a 00 10000 19 Bridge ID Priority Address 32768 00 02 4b 29 7a 00 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Max hops 20 Console show spanning tree Spanning tree enabled mode MSTP Default port cost method long MST 0 Vlans Mapped 1 9 CST Root ID Priority Address 3...

Page 401: ...spanning tree bpdu The following is the output if the global BPDU handling command is not supported The following is the output if both the global BPDU handling command and the per interface BPDU handling command are supported Global Flooding Interface gi1 gi2 gi3 Admin Mode Global Global Flooding Oper Mode Flooding STP STP The following is the output if bridging mode is supported ...

Page 402: ... default VLAN Use the exit command to return to Global Configuration mode Syntax vlan database Parameters N A Default Configuration VLAN 1 exists by default Command Mode Global Configuration mode Example The following example enters the VLAN Configuration mode creates VLAN 1972 and exits VLAN Configuration mode Console config vlan database Console config vlan vlan 1972 Console config vlan exit Con...

Page 403: ...ge 2 4094 Default Configuration VLAN 1 exists by default Command Mode VLAN Configuration mode Example The following example creates VLAN number 1972 Console config vlan database Console config vlan vlan 1972 Console config vlan 30 3 show vlan Use the show vlan Privileged EXEC mode command to display the following VLAN information for all VLANs or for a specific VLAN VLAN ID VLAN name Ports on the ...

Page 404: ...ll VLANs are displayed Command Mode Privileged EXEC mode Examples Example 1 The following example displays information for all VLANs Console show vlan VLAN 1 10 11 20 21 30 31 91 3978 Name default Marketing VLAN0011 VLAN0020 VLAN0021 VLAN0030 VLAN0031 VLAN0091 Guest VLAN Ports gi1 2 gi3 14 gi5 16 gi7 18 gi2 gi7 Type Default static static static static static static dynamic static Authorization Req...

Page 405: ...onfiguration mode command to define the default VLAN Use the no form of this command to set VLAN 1 as the default VLAN Syntax default vlan vlan vlan id no default vlan vlan Parameters vlan vlan id Specifies the default VLAN ID Default Configuration The default VLAN is 1 by default Command Mode VLAN Configuration mode Console show vlan tag default VLAN 1 Name default Ports gi1 2 Type Default Author...

Page 406: ...on and reboot device 30 5 show default vlan membership Use the show default vlan membership privileged EXEC command to view the default VLAN membership Syntax show default vlan membership interface id Parameters interface id Specify an interface ID The interface ID can be one of the following types Ethernet port or Port channel Default Configuration Membership in the default VLAN is displayed for ...

Page 407: ...d Parameters vlan vlan id Specifies the VLAN to be configured Default Configuration N A Command Mode Global Configuration mode User Guidelines If the VLAN does not exist ghost VLAN some commands are not available under the interface VLAN context The commands that are supported for VLANs but do not exist for ghost VLANs are IGMP snooping control commands Bridge Multicast configuration commands Exam...

Page 408: ... A Command Mode Global Configuration mode User Guidelines Commands under the interface VLAN range context are executed independently on each VLAN in the range If the command returns an error on one of the VLANs an error message is displayed and the system attempts to configure the remaining VLANs If a VLAN does not exist ghost VLAN some commands are not available under the interface VLAN context T...

Page 409: ...aracters Default Configuration No name is defined Command Mode Interface Configuration VLAN mode It cannot be configured for a range of interfaces range context User Guidelines The VLAN name must be unique Example The following example assigns VLAN 19 the name Marketing Console config interface vlan 19 Console config if name Marketing 30 9 switchport protected port Use the switchport protected por...

Page 410: ...ject to all filtering rules and Filtering Database FDB decisions Example console config interface gi1 console config if switchport protected port 30 10 show interfaces protected ports Use the show interfaces protected ports EXEC mode command to display protected ports configuration Syntax show interfaces protected ports interface id Parameters interface id Specifies an interface ID The interface I...

Page 411: ...l mode command to configure the VLAN membership mode access trunk general or customer of a port Use the no form of this command to restore the default configuration Syntax switchport mode access trunk general customer no switchport mode Parameters access Specifies an untagged layer 2 VLAN port trunk Specifies a trunking layer 2 VLAN port general Specifies a full 802 1q supported VLAN port customer...

Page 412: ...emoved Example The following example configures gi1 as an access port untagged layer 2 VLAN port Console config interface gi1 Console config if switchport mode access Console config if switchport access vlan 2 30 12 switchport access vlan An interface in access mode can belong to only one VLAN The switchport access vlan Interface Configuration command reassigns an interface to a different VLAN tha...

Page 413: ... allowed vlan A trunk interface is an untagged member of a single VLAN and in addition it may be an tagged member of one or more VLANs The switchport trunk allowed vlan Interface Configuration mode command adds removes VLAN s to from a trunk port Syntax switchport trunk allowed vlan add vlan list remove vlan list Parameters add vlan list Specifies a list of VLAN IDs to add to a port Separate nonco...

Page 414: ...t is directed to the port s native VLAN Use the switchport trunk native vlan Interface Configuration Ethernet port channel mode command to define the native VLAN for a trunk interface Use the no form of this command to restore the default native VLAN Syntax switchport trunk native vlan vlan id no switchport trunk native vlan Parameters vlan id Specifies the native VLAN ID Default Configuration The...

Page 415: ...le config if Example 2 The following example sets packets on port as untagged on ingress and untagged on egress console config interface gi1 console config if switchport mode trunk console config if switchport trunk native vlan 2 console config if Example 3 The following example sets packets on port as tagged on ingress and tagged on egress console config interface gi1 console config if switchport...

Page 416: ...ts tagged packets for the VLANs This is the default value untagged Specifies that the port transmits untagged packets for the VLANs remove vlan list Specifies the list of VLAN IDs to remove Separate nonconsecutive VLAN IDs with a comma and no spaces use a hyphen to designate a range of IDs Default Configuration The port is not member in any VLAN Packets are transmitted untagged Command Mode Interf...

Page 417: ...general mode Use the no form of this command to restore the default configuration Syntax switchport general pvid vlan id no switchport general pvid Parameters pvid vlan id Specifies the Port VLAN ID PVID Default Configuration The default VLAN is the PVID Command Mode Interface Configuration Ethernet Port channel mode Examples Example 1 The following example configures port 2 as a general port and ...

Page 418: ... port 14 as untagged on input and untagged on output console config interface gi14 console config if switchport mode general console config if switchport general pvid 2 console config if switchport general allowed vlan add 2 untagged console config if Example 4 Configures VLAN on port 21 as untagged on input and tagged on output console config interface gi21 console config if switchport mode gener...

Page 419: ...neral ingress filtering disable Use the switchport general ingress filtering disable Interface Configuration Ethernet Port channel mode command to disable port ingress filtering no packets are discarded at the ingress on a general port Use the no form of this command to restore the default configuration Syntax switchport general ingress filtering disable no switchport general ingress filtering dis...

Page 420: ...eneral acceptable frame type tagged only untagged only all no switchport general acceptable frame type Parameters tagged only Ignore discard untagged packets and priority tagged packets untagged only Ignore discard VLAN tagged packets not including priority tagged packets all Do not discard packets untagged or priority tagged packets Default Configuration All frame types are accepted at ingress al...

Page 421: ...onfiguration Syntax switchport customer vlan vlan id no switchport customer vlan Parameters vlan vlan id Specifies the customer VLAN Default Configuration No VLAN is configured as customer Command Mode Interface Configuration Ethernet Port channel mode Example The following example defines gi5 as a member of customer VLAN 5 Console config interface gi5 Console config if switchport mode customer Co...

Page 422: ...n the mask host Specifies that the mask is comprised of all 1s macs group group Specifies the group number range 1 2147483647 Default Configuration N A Command Mode VLAN Configuration mode Example The following example creates two groups of MAC addresses sets a port to general mode and maps the groups of MAC addresses to specific VLANs Console config vlan database console config vlan map mac 0000 ...

Page 423: ...ral map macs group group Parameters macs group group Specifies the group number range 1 2147483647 vlan vlan id Defines the VLAN ID associated with the rule Default Configuration N A Command Mode Interface Configuration Ethernet port channel mode User Guidelines MAC based VLAN rules cannot contain overlapping ranges on the same interface The VLAN classification rule priorities are 1 MAC based VLAN...

Page 424: ...ral map macs group 1 vlan 2 console config if switchport general map macs group 2 vlan 3 30 22 show vlan macs groups Use the show vlan macs groups EXEC mode command to display the MAC addresses that belong to the defined MACs groups Syntax show vlan macs groups Parameters N A Default Configuration N A Command Mode EXEC mode Example The following example displays macs groups information console sho...

Page 425: ...ernet port channel User Guidelines The command may be used at any time regardless of whether the port belongs to the default VLAN The no command does not add the port to the default VLAN it only defines an interface as permitted to be a member of the default VLAN and the port will be added only when conditions are met Example The following example forbids the port gi1 from being added to the defau...

Page 426: ...tive VLAN IDs with a comma and no spaces use a hyphen designate a range of IDs Default Configuration All VLANs are allowed Command Mode Interface Configuration Ethernet Port channel mode Example The following example forbids adding VLAN IDs 234 to 256 to gi7 Console config interface gi7 Console config if switchport mode trunk Console config if switchport forbidden vlan add 234 256 30 25 switchport...

Page 427: ...native VLAN is 4095 Note If the native VLAN of a port is the default VLAN when the port is added to the default VLAN as tagged the native VLAN is set by the system to 4095 When a general port is a member in the default VLAN as a tagged port then The PVID can be the default VLAN The default PVID is the default VLAN Note The PVID is not changed when the port is added to the default VLAN as a tagged ...

Page 428: ...AN the port is added by the system to the default VLAN as an untagged Example The following example configures the port gi1 as a tagged port in the default VLAN Console config interface gi1 console config if switchport mode trunk Console config if switchport default vlan tagged 30 26 show interfaces switchport Use the show interfaces switchport Privileged EXEC command to display the administrative...

Page 429: ...ltering true Acceptable Frame Type admitAll Ingress UnTagged VLAN NATIVE 2 Protected Enabled Uplink is gi9 Port gi1 is member in VLAN Name Egress Rule Type 1 default untagged System 8 VLAN008 tagged Dynamic 11 VLAN0011 tagged Static 19 IPv6VLAN untagged Static 72 VLAN0072 untagged Static Forbidden VLANS VLAN Name 73 Out Classification rules Mac based VLANs Group ID Vlan ID Example 2 The following ...

Page 430: ... Frame Type All GVRP status Enabled Protected Disabled Port gi1 is member in VLAN Name Egress Rule Type 91 IP Telephony tagged Static Protected Disabled Port gi2 is statically configured to VLAN Name Egress Rule Type 8 VLAN0072 untagged 91 IP Telephony tagged Forbidden VLANS VLAN Name 73 Out Example 3 The following example displays the command output for an access port Console show interfaces swit...

Page 431: ...cation rules Mac based VLANs 30 27 ip internal usage vlan The system assigns a VLAN to every IP address In rare cases this might conflict with a user requirement for that VLAN In this case use the ip internal usage vlan Interface Configuration Ethernet Port channel mode command to reserve a different VLAN as the internal usage VLAN of an interface Use the no form of this command to restore the def...

Page 432: ...age but you want to use that VLAN for a static or dynamic VLAN do one of the following Remove the IP address from the interface this releases the internal usage VLAN Recreate the VLAN on the required interface now it will be assigned to the interface and not be used as an internal usage VLAN Recreate the IP interface another internal usage VLAN is assigned to this IP interface or use this command ...

Page 433: ...uide 434 30 Parameters N A Default Configuration N A Command Mode Privileged EXEC mode Example The following example displays VLANs used internally by the device Console show vlan internal usage Usage gi21 gi22 gi23 VLAN 1007 1008 1009 Reserved No Yes Yes IP address Active Inactive Active ...

Page 434: ...he no form of this command to disable IGMP snooping Syntax ip igmp snooping no ip igmp snooping Default Configuration Disabled Command Mode Global Configuration mode Example The following example enables IGMP snooping Console config ip igmp snooping 31 2 ip igmp snooping vlan Use the ip igmp snooping vlan Global Configuration mode command to enable IGMP snooping on a specific VLAN Use the no form ...

Page 435: ...Interface VLAN Configuration command describes the configuration that is written into the FDB as a function of the FDB mode and the IGMP version that is used in the network Example console config ip igmp snooping vlan 2 31 3 ip igmp snooping vlan mrouter Use the ip igmp snooping mrouter Global Configuration mode command to enable automatic learning of Multicast router ports on a VLAN Use the no fo...

Page 436: ...igmp snooping vlan 1 mrouter learn pim dvmrp 31 4 ip igmp snooping vlan mrouter interface Use the ip igmp snooping mrouter interface Global Configuration mode command to define a port that is connected to a Multicast router port Use the no form of this command to remove the configuration Syntax ip igmp snooping vlan vlan id mrouter interface interface list no ip igmp snooping vlan vlan id mrouter ...

Page 437: ...ce Use the ip igmp snooping forbidden mrouter interface Global Configuration mode command to forbid a port from being defined as a Multicast router port by static configuration or by automatic learning Use the no form of this command to remove the configuration Syntax ip igmp snooping vlan vlan id forbidden mrouter interface interface list no ip igmp snooping vlan vlan id forbidden mrouter interfa...

Page 438: ...able and to add static ports to the group Use the no form of this command to remove ports specified as members of a static Multicast group Syntax ip igmp snooping vlan vlan id static ip address interface interface list no ip igmp snooping vlan vlan id static ip address interface interface list Parameter vlan vlan id Specifies the VLAN static ip address Specifies the IP Multicast address interface ...

Page 439: ...of this command to disable the IGMP querier on a VLAN interface Syntax ip igmp snooping vlan vlan id querier no ip igmp snooping vlan vlan id querier Parameters vlan vlan id Specifies the VLAN Default Configuration Disabled Command Mode Global Configuration mode User Guidelines The IGMP snooping querier can be enabled on a VLAN only if IGMP snooping is enabled for that VLAN At most one switch can ...

Page 440: ...s that the IGMP snooping querier uses Use the no form of this command to return to default Syntax ip igmp snooping vlan vlan id querier address ip address no ip igmp snooping vlan vlan id querier address Parameters vlan vlan id Specifies the VLAN querier address ip address Source IP address Default Configuration If an IP address is configured for the VLAN it is used as the source address of the IG...

Page 441: ... the default version Syntax ip igmp snooping vlan vlan id querier version 2 3 no ip igmp snooping vlan vlan id querier version Parameters vlan vlan id Specifies the VLAN querier version 2 Specifies that the IGMP version would be IGMPv2 querier version 3 Specifies that the IGMP version would be IGMPv3 Default Configuration IGMPv2 Command Mode Global Configuration mode Example console config ip igmp...

Page 442: ...n execute the command before the VLAN is created but you must enter the command in Interface VLAN mode Example console config interface vlan 1 console config if ip igmp robustness 3 31 11 ip igmp query interval Use the ip igmp query interval Interface Configuration VLAN mode command to configure the Query interval on a VLAN Use the no format of the command to return to default Syntax ip igmp query...

Page 443: ...0 31 12 ip igmp query max response time Use the ip igmp query max response time Interface Configuration VLAN mode command to configure the Query Maximum Response time on a VLAN Use the no format of the command to return to default Syntax ip igmp query max response time seconds no ip igmp query max response time Parameters seconds Maximum response time in seconds advertised in IGMP queries Range 5 ...

Page 444: ...ery Counter on a VLAN Use the no format of the command to return to default Syntax ip igmp last member query count count no ip igmp last member query count Parameter count The number of times that group or group source specific queries are sent upon receipt of a message indicating a leave Range 1 7 Default Configuration A value of Robustness variable Command Mode Interface Configuration VLAN mode ...

Page 445: ... in milliseconds at which IGMP group specific host query messages are sent on the interface Range 100 25500 Default Configuration 1000 Command Mode Interface Configuration VLAN mode User Guidelines You can execute the command before the VLAN is created Example console config interface vlan 1 console config if ip igmp last member query interval 2000 31 15 ip igmp snooping vlan immediate leave Use t...

Page 446: ...u can execute the command before the VLAN is created Example The following example enables IGMP snooping immediate leave feature on VLAN 1 Console config ip igmp snooping vlan 1 immediate leave 31 16 show ip igmp snooping mrouter The show ip igmp snooping mrouter EXEC mode command displays information on dynamically learned Multicast router interfaces for all VLANs or for a specific VLAN Syntax sh...

Page 447: ...r a specific VLAN Syntax show ip igmp snooping interface vlan id Parameters interface vlan id Specifies the VLAN ID Command Mode EXEC mode Example The following example displays the IGMP snooping configuration for VLAN 1000 Console show ip igmp snooping interface 1000 IGMP Snooping is globally enabled IGMP Snooping admin Enabled IGMP Snooping oper Enabled Routers IGMP version 3 Groups that are in ...

Page 448: ...query maximum response admin 10 sec oper 10 sec IGMP snooping last member query counter admin 2 oper 2 IGMP snooping last member query interval admin 1000 msec oper 500 msec IGMP snooping last immediate leave enable Automatic learning of Multicast router ports is enabled 31 18 show ip igmp snooping groups The show ip igmp snooping groups EXEC mode command displays the Multicast groups learned by t...

Page 449: ...rameters Use the show ip igmp snooping groups command with parameters to see a needed subset of all Multicast groups learned by IGMP snooping To see the full Multicast address table including static addresses use the show bridge multicast address table command Example The following example shows sample output for IGMP version 2 Console show ip igmp snooping groups Vlan 1 Group Address 239 255 255 ...

Page 450: ...d snooping no ipv6 mld snooping Default Configuration IPv6 MLD snooping is disabled Command Mode Global Configuration mode Example The following example enables IPv6 MLD snooping Console config ipv6 mld snooping 32 2 ipv6 mld snooping vlan Use the ipv6 mld snooping vlan Global Configuration mode command to enable MLD snooping on a specific VLAN Use the no form of this command to disable MLD snoopi...

Page 451: ...Pv6 mode interface VLAN configuration command describe the configuration that can be written into the FDB as a function of the FDB mode and the MLD version that is used in the network Example console config ipv6 mld snooping vlan 2 32 3 ipv6 mld robustness Use the ipv6 mld robustness interface Configuration mode command to change a value of the MLD robustness variable Use the no format of the comm...

Page 452: ...onfiguration mode command to enable automatic learning of multicast router ports Use the no form of this command to remove the configuration Syntax ipv6 mld snooping vlan vlan id mrouter learn pim dvmrp no ipv6 mld snooping vlan vlan id mrouter learn pim dvmrp Parameters vlan id Specifies the VLAN Default Configuration Learning pim dvmrp is enabled Command Mode Global Configuration mode User Guide...

Page 453: ...router interface interface list Parameters vlan id Specifies the VLAN interface list Specifies a list of interfaces The interfaces can be from one of the following types port or port channel Default Configuration No ports defined Command Mode Global Configuration mode User Guidelines This command may be used in conjunction with the bridge multicast forward all command which is used in older versio...

Page 454: ...ifies list of interfaces The interfaces can be from one of the following types Ethernet port or Port channel Default Configuration No forbidden ports by default Command Mode Global Configuration mode User Guidelines A port that is forbidden mrouter port cannot be a multicast router port i e cannot be learned dynamically or assigned statically The command bridge multicast forbidden forward all comm...

Page 455: ...he interfaces can be from one of the following types Ethernet port or Port channel Default Configuration No multicast addresses are defined Command Mode Global configuration mode User Guidelines Static multicast addresses can only be defined on static VLANs You can execute the command before the VLAN is created You can register an entry without specifying an interface Using the no command without ...

Page 456: ...uidelines You can execute the command before the VLAN is created Example console config interface vlan 1 console config if ipv6 mld query interval 3000 32 9 ipv6 mld query max response time Use the ipv6 mld query max response time Interface Configuration mode command to configure the Query Maximum Response time Use the no format of the command to return to default Syntax ipv6 mld query max respons...

Page 457: ...the ipv6 mld last member query count Interface Configuration mode command to configure the Last Member Query Counter Use the no format of the command to return to default Syntax ipv6 mld last member query count count no ipv6 mld last member query count Parameters count The number of times that group or group source specific queries are sent upon receipt of message indicating a leave Range 1 7 Defa...

Page 458: ...nterval milliseconds no ipv6 mld last member query interval Parameter milliseconds Interval in milliseconds at which MLD group specific host query messages are sent on the interface Range 100 64512 Default Configuration 1000 Command Mode Interface Configuration VLAN mode User Guidelines You can execute the command before the VLAN is created Example console config interface vlan 1 console config if...

Page 459: ...094 Default Configuration Disabled Command Mode Global Configuration mode User Guidelines You can execute the command before the VLAN is created Example console config ipv6 mld snooping vlan 1 immediate leave 32 13 show ipv6 mld snooping mrouter The show ipv6 mld snooping mrouter EXEC mode command displays information on dynamically learned multicast router interfaces for all VLANs or for a specif...

Page 460: ...14 show ipv6 mld snooping interface The show ipv6 mld snooping interface EXEC mode command displays the IPv6 MLD snooping configuration for a specific VLAN Syntax show ipv6 mld snooping interface vlan id Parameters vlan id Specifies the VLAN ID Command Mode EXEC mode Example The following example displays the MLD snooping configuration for VLAN 1000 Console show ipv6 mld snooping interface 1000 ML...

Page 461: ...pv6 mld snooping groups EXEC mode command displays the multicast groups learned by the MLD snooping Syntax show ipv6 mld snooping groups vlan vlan id address ipv6 multicast address source ipv6 address Parameters vlan vlan id Specifies the VLAN ID address ipv6 multicast address Specifies the IPv6 multicast address source ipv6 address Specifies the IPv6 source address Command Mode EXEC mode User Gui...

Page 462: ...e group but for different sources the port will not be in the Exclude list but rather in the Include list Example The following example shows the output for IPv6 MLD version 2 Console show ipv6 mld snooping groups VLAN 1 1 19 19 19 Group Address FF12 3 FF12 3 FF12 8 FF12 8 FF12 8 Source Address FE80 201 C9FF FE40 8001 FE80 201 C9FF FE40 8002 FE80 201 C9FF FE40 8003 FE80 201 C9FF FE40 8004 FE80 201...

Page 463: ...tem priority value no lacp system priority Parameters value Specifies the system priority value Range 1 65535 Default Configuration The default system priority is 1 Command Mode Global Configuration mode Example The following example sets the system priority to 120 Console config lacp system priority 120 33 2 lacp port priority Use the lacp port priority Interface Configuration Ethernet mode comma...

Page 464: ...iority of gi6 console config interface gi6 console config if lacp port priority 247 33 3 lacp timeout Use the lacp timeout Interface Configuration Ethernet mode command to assign an administrative LACP timeout to an interface Use the no form of this command to restore the default configuration Syntax lacp timeout long short no lacp timeout Parameters long Specifies the long timeout value short Spe...

Page 465: ...to display LACP information for all Ethernet ports or for a specific Ethernet port Syntax show lacp interface id parameters statistics protocol state Parameters interface id Specify an interface ID The interface ID must be an Ethernet port parameters Displays parameters only statistics Displays statistics only protocol state Displays protocol state only Command Mode EXEC mode Example The following...

Page 466: ...priority system mac addr port Admin key port Oper key port Oper number port Admin priority port Oper priority port Admin timeout port Oper timeout LACP Activity Aggregation synchronization collecting distributing expired 1 00 00 12 34 56 78 30 30 21 1 1 LONG LONG ACTIVE AGGREGATABLE FALSE FALSE FALSE FALSE Partner ...

Page 467: ...ty port Oper priority port Admin timeout port Oper timeout LACP Activity Aggregation synchronization collecting distributing expired 0 00 00 00 00 00 00 0 0 0 0 0 LONG LONG PASSIVE AGGREGATABLE FALSE FALSE FALSE FALSE Port gi1 LACP Statistics LACP PDUs sent LACP PDUs received 2 2 Port gi1 LACP Protocol State LACP State Machines Receive FSM Mux FSM Port Disabled State Detached State Control Variabl...

Page 468: ...hannel port_channel_number Parameters port_channel_number Specifies the port channel number Command Mode EXEC mode Example The following example displays LACP information about port channel 1 BEGIN LACP_Enabled Ready_N Selected Port_moved NNT Port_enabled FALSE TRUE FALSE UNSELECTED FALSE FALSE FALSE Timer counters periodic tx timer current while timer wait while timer 0 0 0 Console show lacp port...

Page 469: ...trol Protocol LACP Commands 78 20269 01 Command Line Interface Reference Guide 470 33 System Priority MAC Address Admin Key Oper Key 1 000285 0E1C00 29 29 Partner System Priority MAC Address Oper Key 0 00 00 00 00 00 00 14 ...

Page 470: ...lly Use the no form of this command to disable GVRP on the device Syntax gvrp enable no gvrp enable Parameters N A Default Configuration GVRP is globally disabled Command Mode Global Configuration mode Example The following example enables GVRP globally on the device Console config gvrp enable 34 2 gvrp enable Interface Use the gvrp enable Interface Configuration Ethernet Port channel mode command...

Page 471: ...e same way as in a tagged VLAN That is the PVID must be manually defined as the untagged VLAN ID Example The following example enables GVRP on gi6 Console config interface gi6 Console config if gvrp enable 34 3 gvrp vlan creation forbid Use the gvrp vlan creation forbid Interface Configuration mode command to disable dynamic VLAN creation or modification Use the no form of this command to enable d...

Page 472: ...gistration on the port Use the no form of this command to allow dynamic registration of VLANs on a port Syntax gvrp registration forbid no gvrp registration forbid Default Configuration Dynamic registration of VLANs on the port is allowed Command Mode Interface Configuration Ethernet Port channel mode Example The following example forbids dynamic registration of VLANs on gi2 Console config interfa...

Page 473: ...ollowing example clears all GVRP statistical information on gi5 Console clear gvrp statistics gi5 34 6 show gvrp configuration Use the show gvrp configuration EXEC mode command to display GVRP configuration information including timer values whether GVRP and dynamic VLAN creation are enabled and which ports are running GVRP Syntax show gvrp configuration interface id Parameters interface id Specif...

Page 474: ... Creation Leave Join Leave All gi1 Enabled Forbidden Disabled 200 600 10000 gi2 Enabled Normal Enabled 400 1200 20000 34 7 show gvrp statistics Use the show gvrp statistics EXEC mode command to display GVRP statistics for all interfaces or for a specific interface Syntax show gvrp statistics interface id Parameters interface id Specifies an interface ID The interface ID can be one of the following...

Page 475: ... Console show gvrp statistics GVRP statistics Legend rJE rEmp rLE sJE sEmp sLE Join Empty Received Empty Received Leave Empty Received Join Empty Sent Empty Sent Leave Empty Sent rJIn Join In Received rLIn Leave In Received rLA Leave All Received sJIn Join In Sent sLIn Leave In Sent sLA Leave All Sent Port gi1 gi2 gi3 gi4 gi5 gi6 gi7 gi8 rJE 0 0 0 0 0 0 0 0 rJIn 0 0 0 0 0 0 0 0 rEmp 0 0 0 0 0 0 0 ...

Page 476: ...atistics are displayed Command Mode EXEC mode Example The following example displays GVRP error statistics console show gvrp error statistics GVRP Error Statistics Legend INVPROT Invalid Protocol Id INVATYP Invalid Attribute Type INVALEN Invalid Attribute Length INVAVAL Invalid Attribute Value INVEVENT Invalid Event Port INVPROT INVATYP INVAVAL INVALEN INVEVENT gi1 0 0 0 0 0 gi2 0 0 0 0 0 gi3 0 0 ...

Page 477: ...fault gateway ip address no ip address ip address If the product is switch only and supports a single IP address ip address ip address mask prefix length default gateway ip address no ip address Parameters ip address Specifies the IP address mask Specifies the network mask of the IP address prefix length Specifies the number of bits that comprise the IP address prefix The prefix length must be pre...

Page 478: ...ally redefined on the new Default VLAN If the IP address is configured in Interface context then the IP address is bound to the interface in context If a static IP address is already defined the user must do no IP address in the relevant interface context before changing the IP address If a dynamic IP address is already defined the user must do no ip address in the relevant interface context befor...

Page 479: ...iguration on the interface If the device is configured to obtain its IP address from a DHCP server it sends a DHCPDISCOVER message to provide information about itself to the DHCP server on the network If the ip address dhcp command is used with or without the optional keyword the DHCP option 12 field host name option is included in the DISCOVER message By default the host name specified in the opt...

Page 480: ...erver holds a DHCP option 67 record for the assigned IP address the record overwrites the existing device configuration Command Mode Privileged EXEC mode User Guidelines Note that this command does not enable DHCP on an interface If DHCP is not enabled on the requested interface the command returns an error message If DHCP is enabled on the interface and an IP address was already acquired the comm...

Page 481: ... Specifies the default gateway IP address Command Mode Global Configuration mode Default Configuration No default gateway is defined Example The following example defines default gateway 192 168 1 1 Console config ip default gateway 192 168 1 1 35 5 show ip interface Use the show ip interface EXEC mode command to display the usability status of configured IP interfaces Syntax show ip interface int...

Page 482: ...c IP Address I F Type Status 1 1 1 1 8 vlan 1 Static Valid 2 2 2 2 24 gi1 Static Valid 35 6 arp Use the arp Global Configuration mode command to add a permanent entry to the Address Resolution Protocol ARP cache Use the no form of this command to remove an entry from the ARP cache Syntax arp ip address mac address interface id no arp ip address Parameters ip address IP address or IP alias to map t...

Page 483: ...mple adds IP address 198 133 219 232 and MAC address 00 00 0c 40 0f bc to the ARP table Console config arp 198 133 219 232 00 00 0c 40 0f bc gi6 35 7 arp timeout Global Use the arp timeout Global Configuration mode command to set the time interval during which an entry remains in the ARP cache Use the no form of this command to restore the default configuration Syntax arp timeout seconds no arp ti...

Page 484: ...lly disable proxy Address Resolution Protocol ARP Use the no form of this command reenable proxy ARP Syntax ip arp proxy disable no ip arp proxy disable Parameters N A Default Enabled by default Command Mode Global Configuration mode User Guidelines The ip arp proxy disable command overrides any proxy ARP interface configuration To use this command you must put the switch into routing mode using t...

Page 485: ...onfiguration Ethernet VLAN Port channel mode It cannot be configured for a range of interfaces range context User Guidelines This configuration can be applied only if at least one IP address is defined on a specific interface To use this command you must put the switch into routing mode using the set system mode router command Example The following example enables ARP proxy when the switch is in r...

Page 486: ...ss mac address mac address interface id Parameters ip address ip address Specifies the IP address mac address mac address Specifies the MAC address interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port or Port channel Command Mode Privileged EXEC mode User Guidelines Since the associated interface of a MAC address can be aged out from the FDB table...

Page 487: ... global and interface configuration of the ARP protocol Syntax show arp configuration Parameters N A Command Mode Privileged EXEC mode Example Console show arp configuration Global configuration ARP Proxy enabled ARP timeout 80000 Seconds Interface configuration Console show arp ARP timeout 80000 Seconds VLAN VLAN 1 VLAN 1 Interface gi1 gi2 IP Address 10 7 1 102 10 7 1 135 HW Address 00 10 B5 04 D...

Page 488: ...he interface ip Global Configuration mode command to enter the IP Interface Configuration mode Syntax interface ip address Parameters ip address Specifies one of the IP addresses of the device Command Mode Global Configuration mode User Guidelines To use this command you must put the switch into routing mode using the set system mode router command Example The following example enters the IP inter...

Page 489: ...nterface Specifies the IP interface all Specifies all IP interfaces address Specifies the destination broadcast or host address to which to forward UDP broadcast packets A value of 0 0 0 0 specifies that UDP broadcast packets are not forwarded to any host udp port list Specifies the destination UDP port number to which to forward broadcast packets Range 1 65535 Default Configuration Forwarding of ...

Page 490: ...per address command specifies a UDP port number to which UDP broadcast packets with that destination port number are forwarded By default if no UDP port number is specified the device forwards UDP broadcast packets for the following six services IEN 116 Name Service port 42 DNS port 53 NetBIOS Name Server port 137 NetBIOS Datagram Server port 138 TACACS Server port 49 Time Service port 37 Example ...

Page 491: ... to define a default domain name used by the software to complete unqualified host names names without a dotted decimal domain name Use the no form of this command to remove the default domain name Syntax ip domain name name no ip domain name Parameters name Specifies the default domain name used to complete unqualified host names Do not include the initial period that separates an unqualified nam...

Page 492: ...w website com Console config ip domain name www website com 35 17 ip name server Use the ip name server Global Configuration mode command to define the available name servers Use the no form of this command to remove a name server Syntax ip name server server1 ipv4 address server1 ipv6 address server address2 server address8 no ip name server server address server address8 Parameters server addres...

Page 493: ...al port name 0 integer decimal number integer decimal number decimal number 0 1 2 3 4 5 6 7 8 9 physical port name Designated port number for example gi16 If the egress interface is not specified the default interface is selected Specifying interface zone 0 is equal to not defining an egress interface Example The following example defines the available name server Console config ip name server 176...

Page 494: ...stricted to the ASCII letters A through Z case insensitive the digits 0 through 9 the underscore and the hyphen A period is used to separate labels Example The following example defines a static host name to address mapping in the host cache Console config ip host accounting website com 176 10 23 1 35 19 clear host Use the clear host Privileged EXEC mode command to delete entries from the host nam...

Page 495: ... name to address mapping received from Dynamic Host Configuration Protocol DHCP Syntax clear host dhcp name Parameters name Specifies the host entry to remove Length 1 158 characters Maximum label length 63 characters Removes all entries Command Mode Privileged EXEC mode User Guidelines This command deletes the host name to address mapping temporarily until the next refresh of the IP addresses Exa...

Page 496: ...arameters name Specifies the host name Length 1 158 characters Maximum label length 63 characters Command Mode EXEC mode Example The following example displays host information Console show hosts System name Device Default domain is gm com sales gm com usa sales gm com DHCP Name address lookup is enabled Name servers Preference order 176 16 1 18 176 16 1 19 Configured host name to address mapping ...

Page 497: ...IP Addressing Commands 78 20269 01 Command Line Interface Reference Guide 498 35 Host www stanford edu Total 72 Elapsed 3 Type IP Addresses 171 64 14 203 ...

Page 498: ...sing is disabled Unless you are using the no autoconfig parameter when the interface is enabled stateless address autoconfiguration procedure is enabled Command Mode Interface Configuration Ethernet VLAN Port channel mode It cannot be configured for a range of interfaces range context User Guidelines The ipv6 enable command automatically configures an IPv6 link local unicast address on the interfa...

Page 499: ...ig Parameters N A Default Configuration Address autoconfiguration is enabled on the interface no addresses are assigned by default Command Mode Interface Configuration Ethernet VLAN Port channel mode User Guidelines When address autoconfig is enabled router solicitation ND procedure is initiated to discover a router and assign IP addresses to the interface based on the advertised on link prefixes ...

Page 500: ...eing placed in the bucket Each token represents a single ICMP error message The acceptable range is from 0 2147483647 with a default of 100 milliseconds Setting milliseconds to 0 disables rate limiting Range 0 2147483647 bucketsize Optional The maximum number of tokens stored in the bucket The acceptable range is from 1 200 with a default of 10 tokens Default Configuration The default interval is ...

Page 501: ...this command To remove the address from the interface Syntax ipv6 address ipv6 address prefix length no ipv6 address ipv6 address prefix length Parameters ipv6 address Specifies the IPv6 network assigned to the interface This argument must be in the form documented in RFC 2373 where the address is specified in hexadecimal using 16 bit values between colons prefix length Specifies the length of the...

Page 502: ...mand without arguments removes all manually configured IPv6 addresses from an interface including link local manually configured addresses Example console config interface vlan 1 console config if ipv6 address 3000 123 64 eui 64 anycast 36 6 ipv6 address link local Use the ipv6 address link local command to configure an IPv6 link local address for an interface Use the no form of this command to re...

Page 503: ...s can be configured per interface but only one link local address When the no ipv6 link local address command is used the interface is reconfigured with the standard link local address the same IPv6 link local address that is set automatically when the enable ipv6 command is used The system automatically generates a link local address for an interface when IPv6 processing is enabled on the interfa...

Page 504: ...ce sends ICMP unreachable messages Example console config interface gi1 console config if ipv6 unreachables 36 8 ipv6 default gateway Use the ipv6 default gateway Global Configuration mode command to define an IPv6 default gateway Use the no form of this command To remove the default gateway Syntax ipv6 default gateway ipv6 address no ipv6 default gateway Parameters ipv6 address Specifies the IPv6...

Page 505: ...ol Router reachability can be confirmed by either receiving Router Advertisement message containing router s MAC address or manually configured by user using the IPv6 neighbor CLI command Another option to force reachability confirmation is to ping the router link local address this will initiate the neighbor discovery process If the egress interface is not specified the default interface is selec...

Page 506: ...e Console show ipv6 interface Interface IP addresses Type VLAN 1 4004 55 64 ANY manual VLAN 1 fe80 200 b0ff fe00 0 linklayer VLAN 1 ff02 1 linklayer VLAN 1 ff02 77 manual VLAN 1 ff02 1 ff00 0 manual VLAN 1 ff02 1 ff00 1 manual VLAN 1 ff02 1 ff00 55 manual Default Gateway IP address Type Interface State fe80 77 Static VLAN 1 unreachable fe80 200 cff fe4a dfa8 Dynamic VLAN 1 stale Console show ipv6 ...

Page 507: ... fe80 200 b0ff fe00 0 linklayer Active ff02 1 linklayer ff02 77 manual ff02 1 ff00 0 manual ff02 1 ff00 1 manual ff02 1 ff00 55 manual 36 10 show IPv6 route Use the show ipv6 route command to display the current state of the IPv6 routing table Syntax show ipv6 route Command Mode EXEC mode Example Console show ipv6 route Codes L Local S Static I ICMP ND Router Advertisment The number in the bracket...

Page 508: ...rface Use the no form of this command to restore the number of messages to the default value Syntax ipv6 nd dad attempts attempts Parameters attempts Specifies the number of neighbor solicitation messages A value of 0 disables DAD processing on the specified interface A value of 1 configures a single transmission without follow up transmissions Range 0 600 Default Configuration Duplicate Address D...

Page 509: ... on the new Link Local address and all of the other IPv6 address associated with the interface are regenerated DAD is performed only on the new Link Local address Configuring a value of 0 with the ipv6 nd dad attempts Interface Configuration mode command disables duplicate address detection processing on the specified interface A value of 1 configures a single transmission without follow up transm...

Page 510: ...ress2 4 Optional Additional IPv6 addresses that may be associated with the host s name Default Configuration No host is defined Command Mode Global Configuration mode User Guidelines The format of an IPv6Z address is ipv6 link local address interface id Example console config ipv6 host server 3000 a31b 36 13 ipv6 neighbor Use the ipv6 neighbor command to configure a static entry in the IPv6 neighb...

Page 511: ... entry with a global address can be configured only if a manually configured subnet already exists in the device Use the show IPv6 neighbors command to view static entries in the IPv6 neighbor discovery cache Example console config ipv6 neighbor 3000 a31b vlan 1 001b 3f9c 84ea 36 14 ipv6 set mtu Use the ipv6 mtu Interface Configuration mode command to set the maximum transmission unit MTU size of ...

Page 512: ...splay IPv6 neighbor discovery cache information Syntax show ipv6 neighbors static dynamic ipv6 address ipv6 address mac address mac address interface id Parameters static Shows static neighbor discovery cash entries dynamic Shows dynamic neighbor discovery cash entries ipv6 address Shows the neighbor discovery cache information entry of a specific IPv6 address mac address Shows the neighbor discov...

Page 513: ...akes place as packets are sent STALE More than ReachableTime milliseconds have elapsed since the last positive confirmation was received that the forward path was functioning properly While stale no action takes place until a packet is sent DELAY More than ReachableTime milliseconds have elapsed since the last positive confirmation was received that the forward path was functioning properly and a ...

Page 514: ...eighbors Use the clear ipv6 neighbors Privileged EXEC mode command to delete all entries in the IPv6 neighbor discovery cache except for static entries Syntax clear ipv6 neighbors Parameters This command has no keywords or arguments Command Mode Privileged EXEC mode Example console clear ipv6 neighbors ...

Page 515: ...ode Example The following example enters the Interface Configuration Tunnel mode Console config interface tunnel 1 Console config tunnel 37 2 tunnel mode ipv6ip Use the tunnel mode ipv6ip Interface Configuration Tunnel mode command to configure an IPv6 transition mechanism global support mode Use the no form of this command to remove an IPv6 transition mechanism Syntax tunnel mode ipv6ip isatap no...

Page 516: ...the egress interface according to the scope of the destination IP address such as ISATAP or native IPv6 Example The following example configures an IPv6 transition mechanism global support mode Console config interface tunnel 1 Console config tunnel tunnel mode ipv6ip isatap 37 3 tunnel isatap router Use the tunnel isatap router Interface Configuration Tunnel mode command to configure a global str...

Page 517: ...mple The following example configures the global string ISATAP2 as the automatic tunnel router domain name Console config tunnel 1 Console config tunnel tunnel isatap router ISATAP2 37 4 tunnel source Use the tunnel source Interface Configuration Tunnel mode command to set the local source IPv4 address of a tunnel interface The no form deletes the tunnel local address Syntax tunnel source auto ipv...

Page 518: ...ts Example console config interface tunnel 1 console config tunnel tunnel source auto 37 5 tunnel isatap query interval Use the tunnel isatap query interval Global Configuration mode command to set the time interval between Domain Name System DNS queries before the ISATAP router IP address is known for the automatic tunnel router domain name Use the no form of this command to restore the default c...

Page 519: ... 30 seconds Console config tunnel isatap query interval 30 37 6 tunnel isatap solicitation interval Use the tunnel isatap solicitation interval Global Configuration mode command to set the time interval between ISATAP router solicitation messages Use the no form of this command to restore the default configuration Syntax tunnel isatap solicitation interval seconds no tunnel isatap solicitation int...

Page 520: ...ustness Use the tunnel isatap robustness Global Configuration mode command to configure the number of DNS query router solicitation refresh messages that the device sends Use the no form of this command to restore the default configuration Syntax tunnel isatap robustness number no tunnel isatap robustness Parameters number Specifies the number of DNS query router solicitation refresh messages that...

Page 521: ...citation refresh messages that the device sends to 5 Console config tunnel isatap robustness 5 37 8 show ipv6 tunnel Use the show ïpv6 tunnel EXEC mode command to display information on the ISATAP tunnel Syntax show ïpv6 tunnel Command Mode EXEC mode Example The following example displays information on the ISATAP tunnel Console show ipv6 tunnel Tunnel 1 Tunnel status DOWN Tunnel protocol NONE Tun...

Page 522: ...78 20269 01 Command Line Interface Reference Guide 523 37 DNS Query interval 300 seconds Min DNS Query interval 0 seconds Router Solicitation interval 10 seconds Min Router Solicitation interval 0 seconds Robustness 2 ...

Page 523: ... relay enable Parameters N A Default Configuration DHCP relay feature is disabled Command Mode Global Configuration mode Example The following example enables the DHCP relay feature on the device Console config ip dhcp relay enable 38 2 ip dhcp relay enable Interface Use the ip dhcp relay enable Interface Configuration VLAN Ethernet Port channel mode command to enable the DHCP relay feature on an ...

Page 524: ...efined on the interface Or DHCP Relay is globally enabled there is no IP address defined on the interface the interface is a VLAN and option 82 is enabled Example The following example enables DHCP Relay on VLAN 21 Console config interface vlan 21 Console config if ip dhcp relay enable 38 3 ip dhcp relay address Use the ip dhcp relay address Global Configuration mode command to define the DHCP ser...

Page 525: ...n the device Console config ip dhcp relay address 176 16 1 1 38 4 show ip dhcp relay Use the show ip dhcp relay EXEC mode command to display the DHCP relay information Syntax show ip dhcp relay Command Mode EXEC mode Examples Example 1 Option 82 is not supported console show ip dhcp relay DHCP relay is globally enabled Option 82 is Disabled Maximum number of supported VLANs without IP Address is 2...

Page 526: ...on VLANs without IP Address 4 DHCP relay is enabled on Ports gi5 po3 4 Active Inactive gi5 po3 4 DHCP relay is enabled on VLANs 1 2 4 5 Active Inactive 1 2 4 5 Servers 1 1 1 1 2 2 2 2 Example 3 Option 82 is supported enabled console show ip dhcp relay DHCP relay is globally enabled Option 82 is enabled Maximum number of supported VLANs without IP Address is 4 Number of DHCP Relays enabled on VLANs...

Page 527: ...DHCP Relay Commands 78 20269 01 Command Line Interface Reference Guide 528 38 Servers 1 1 1 1 2 2 2 2 ...

Page 528: ...work subnet mask of the IP address prefix prefix length Specifies the number of bits that comprise the IP address prefix The prefix length must be preceded by a forward slash Range 0 32 ip address Specifies the IP address or IP alias of the next hop that can be used to reach the network metric distance Specifies an administrative distance Range 1 255 reject route Stops routing to the destination n...

Page 529: ... to route packets for network 172 31 0 0 to a router at 172 31 6 6 using prefix length console conf ip route 172 31 0 0 16 172 31 6 6 metric 2 Example 3 The following example shows how to reject packets for network 194 1 1 0 console conf ip route 194 1 1 0 255 255 255 0 reject route Example 4 The following example shows how to remove all static routes to network 194 1 1 0 24 console conf no ip rou...

Page 530: ...ngth Specifies the number of bits that comprise the IP address prefix The prefix length must be preceded by a forward slash Range 1 32 longer prefixes Specifies that the address and mask pair becomes a prefix and any routes that match that prefix are displayed Command Mode EXEC mode User Guidelines To use this command set the device in router mode with the command set system mode Example The follo...

Page 531: ...ernal S 172 1 1 0 24 gi3 via 10 0 2 1 17 12 19 gi1 S 172 1 1 1 32 gi3 via 10 0 3 1 19 51 18 gi1 The following table describes the significant fields shown in the display Field Description O The protocol that derived the route 10 8 1 0 24 The remote network address 30 2000 The first number in the brackets is the administrative distance of the information source the second number is the metric for t...

Page 532: ...s The service acl command is used to attach this ACL to an interface Use the no form of this command to remove the access list Syntax ip access list extended acl name no ip access list extended acl name Parameters acl name Name of the IPv4 access list acl name 0 32 characters Use for empty string Default Configuration No IPv4 access list is defined Command Mode Global Configuration mode User Guide...

Page 533: ...ildcard any source port port range any destination destination wildcard any destination port port range dscp number precedence number Parameters permit protocol The name or the number of an IP protocol Available protocol names are icmp igmp ip tcp egp igp udp hmp rdp idpr ipv6 ipv6 rout ipv6 frag idrp rsvp gre esp ah ipv6 icmp eigrp ospf ipinip pim l2tp isis To match any protocol use the ip keywor...

Page 534: ...gen 19 daytime 13 discard 9 domain 53 drip 3949 echo 7 finger 79 ftp 21 ftp data 20 gopher 70 hostname 42 irc 194 klogin 543 kshell 544 lpd 515 nntp 119 pop2 109 pop3 110 smtp 25 sunrpc 1110 syslog 514 tacacs ds 49 talk 517 telnet 23 time 37 uucp 117 whois 43 www 80 For UDP enter a number or one of the following values biff 512 bootpc 68 bootps 67 discard 9 dnsix 90 domain 53 echo 7 mobile ip 434 ...

Page 535: ...nsole config ip access list extended server console config ip al permit ip 176 212 0 0 00 255 255 40 3 deny IP Use the deny IP Access list Configuration mode command to set deny conditions for IPv4 access list Deny conditions are also known as access control entries ACEs Syntax deny protocol any source source wildcard any destination destination wildcard dscp number precedence number deny icmp any...

Page 536: ...ment router solicitation time exceeded parameter problem timestamp timestamp reply information request information reply address mask request address mask reply traceroute datagram conversion error mobile host redirect mobile registration request mobile registration reply domain name request domain name reply skip photuris Range 0 255 icmp code Specifies an ICMP message code for filtering ICMP pac...

Page 537: ...nd logging is done in software if a large number of packets match a deny ACE containing a log input keyword the software might not be able to match the hardware processing rate and not all packets will be logged Default Configuration No IPv4 access list is defined Command Mode IP Access list Configuration mode User Guidelines After an ACE is added to an access control list an implicit deny any any...

Page 538: ...access list acl name Parameters acl name Name of the IPv6 access list Range 0 32 characters use for empty string Default Configuration No IPv6 access list is defined Command Mode Global Configuration mode User Guidelines IPv6 ACL is defined by a unique name IPv4 ACL IPv6 ACL MAC ACL or policy maps cannot have the same name Every IPv6 ACL has an implicit permit icmp any any nd ns any permit icmp an...

Page 539: ...ge any destination prefix length any destination port port range dscp number precedence number match all list of flags permit udp any source prefix length any source port port range any destination prefix length any destination port port range dscp number precedence number Parameters protocol The name or the number of an IP protocol Available protocol names are icmp 58 tcp 6 and udp 17 To match an...

Page 540: ... 7 finger 79 ftp 21 ftp data 20 gopher 70 hostname 42 irc 194 klogin 543 kshell 544 lpd 515 nntp 119 pop2 109 pop3 110 smtp 25 sunrpc 1110 syslog 514 tacacs ds 49 talk 517 telnet 23 time 37 uucp 117 whois 43 www 80 For UDP enter a number or one of the following values biff 512 bootpc 68 bootps 67 discard 9 dnsix 90 domain 53 echo 7 mobile ip 434 nameserver 42 netbios dgm 138 netbios ns 137 non500 ...

Page 541: ...le ACE for tcp packets console config ipv6 access list server console config ipv6 al permit tcp 3001 2 64 any any 80 40 6 deny IPv6 Use the deny command in IPv6 Access List Configuration mode to set permit conditions ACEs for IPv6 ACLs Syntax deny protocol any source prefix length any destination prefix length dscp number precedence number disable port log input deny icmp any source prefix length ...

Page 542: ...g 2 time exceeded 3 parameter problem 4 echo request 128 echo reply 129 mld query 130 mld report 131 mldv2 report 143 mld done 132 router solicitation 133 router advertisement 134 nd ns 135 nd na 136 Range 0 255 icmp code Specifies an ICMP message code for filtering ICMP packets Range 0 255 destination port Specifies the UDP TCP destination port You can enter a range of ports by using a hyphen E g...

Page 543: ...s defined Command Mode IPv6 Access list Configuration mode User Guidelines The number of TCP UDP ranges that can be defined in ACLs is limited You can define up to ASIC specific ranges for TCP and up to ASIC specific ranges for UDP If a range of ports is used for source port in ACE it is not counted again if it is also used for source port in another ACE If a range of ports is used for a destinati...

Page 544: ...MAC access list is defined Command Mode Global Configuration mode User Guidelines A MAC ACL is defined by a unique name IPv4 ACL IPv6 ACL MAC ACL or policy maps cannot have the same name Example console config mac access list extended server1 console config mac al permit 00 00 00 00 00 01 00 00 00 00 00 ff any 40 8 permit MAC Use the permit command in MAC Access List Configuration mode to set perm...

Page 545: ...et Range 1 4094 cos The Class of Service of the packet Range 0 7 cos wildcard Wildcard bits to be applied to the CoS Default Configuration No MAC access list is defined Command Mode MAC Access list Configuration mode User Guidelines After an access control entry ACE is added to an access control list an implicit deny any any condition exists at the end of the list That is if there are no matches t...

Page 546: ... ID of the packet Range 1 4094 cos The Class of Service of the packet Range 0 7 cos wildcard Wildcard bits to be applied to the CoS disable port The Ethernet interface is disabled if the condition is matched log input Sends an informational syslog message about the packet that matches the entry Because forwarding is done in hardware and logging is done in software if a large number of packets matc...

Page 547: ...fies an ACL to apply to the interface See the user guidelines Range 0 32 characters Use for empty string Default Configuration No ACL is assigned Command Mode Interface Configuration Ethernet Port Channel mode User Guidelines The following rules govern when ACLs can be bound or unbound from an interface IPv4 ACLs and IPv6 ACLs can be bound together to an interface A MAC ACL cannot be bound on an i...

Page 548: ... no absolute start absolute end hh mm day month year no absolute end Parameters start Absolute time and date that the permit or deny statement of the associated function going into effect If no start time and date are specified the function is in effect immediately end Absolute time and date that the permit or deny statement of the associated function is no longer in effect If no end time and date...

Page 549: ...the week2 day of the week7 no periodic list hh mm to hh mm day of the week1 day of the week2 day of the week7 periodic list hh mm to hh mm all no periodic list all hh mm to hh mm all Parameters day of the week The starting day that the associated time range is in effect The second occurrence is the ending day the associated statement is in effect The second occurrence can be the following week see...

Page 550: ... Thursday Monday means that the time range is effective on Thursday Friday Saturday Sunday and Monday The second occurrence of the time can be on the following day e g 22 00 2 00 Example Console config time range Console config time range periodic Monday 12 00 to Wednesday 12 00 40 13 show time range Use the show time range EXEC command to display the time range configuration Syntax show time rang...

Page 551: ... access control lists ACLs configured on the switch Syntax show access lists name show access lists Parameters name Specifies the name of the ACL Command Mode Privileged EXEC mode Example Console show access lists Standard IP access list 1 deny any Standard IP access list 2 deny 192 168 0 0 wildcard bits 0 0 0 255 permit any Standard IP access list 3 deny 0 0 0 0 deny 192 168 0 1 wildcard bits 0 0...

Page 552: ...0 23 8 0 0 0 255 any 40 15 show interfaces access lists Use the show interfaces access lists Privileged EXEC mode command to display access lists ACLs applied on interfaces Syntax show interfaces access lists interface id Parameters interface id Specifies an interface ID The interface ID can be one of the following types Ethernet port port channel or VLAN Command Mode Privileged EXEC mode Example ...

Page 553: ...t channel Command Mode Privileged EXEC mode Example console clear access lists counters gi1 40 17 show interfaces access lists counters Use the show interfaces access lists counters Privileged EXEC mode command to display Access List ACLs counters Syntax show interfaces access lists counters interface id port channel number Parameters interface id Specifies an interface ID The interface ID can be ...

Page 554: ... large number of packets match a deny ACE containing a log input keyword the software might not be able to match the hardware processing rate and not all packets are counted Example console show interfaces access lists counters Interface deny ACE hits gi1 79 gi2 9 gi3 0 Number of hits that were counted in global counter due to lack of resources 19 ...

Page 555: ...ration ports not trusted Relevant for advanced mode only Indicates that packets which are not classified by policy map rules to a QoS action are mapped to egress queue 0 This is the default setting in advanced mode ports trusted Relevant for advanced mode only Indicates that packets which are not classified by policy map rules to a QoS action are mapped to an egress queue based on the packet s fie...

Page 556: ... to default Syntax qos advanced mode trust cos dscp cos dscp no qos advanced mode trust Parameters cos Classifies ingress packets with the packet CoS values For untagged packets the port default CoS is used dscp Classifies ingress packets with the packet DSCP values cos dscp Classifies ingress packets with the packet DSCP values for IP packets For other packet types use the packet CoS values Defau...

Page 557: ...d mode trust cos 41 3 show qos Use the show qos EXEC mode command to display the QoS information for the device The trust mode is displayed for the QoS basic mode Syntax show qos Parameters N A Default Configuration Disabled Command Mode Command Mode EXEC mode User Guidelines Trust mode is displayed if QoS is enabled in basic mode Examples Example 1 The following example displays QoS attributes wh...

Page 558: ...ts match some or all of the criteria specified in the ACLs Use the class map Global Configuration mode command to create or modify a class map and enter the Class map Configuration mode only possible when QoS is in the advanced mode Use the no form of this command to delete a class map All class map commands are only available when QoS is in advanced mode Syntax class map class map name match all ...

Page 559: ...r of the ACLs is important Error messages are generated in the following cases There is more than one match command in a match all class map There is a repetitive classification field in the participating ACLs After entering the Class map Configuration mode the following configuration commands are available exit Exits the Class map Configuration mode match Configures classification criteria no Rem...

Page 560: ... Map match any class1 id4 Match IP dscp 11 21 41 6 match Use the match Class map Configuration mode command to bind the Access Control Lists ACLs that belong to the class map being configured Use the no form of this command to delete the ACLs This command is available only when the device is in QoS advanced mode Syntax match access group acl name no match access group acl name Parameters acl name ...

Page 561: ...ode command to creates a policy map and enter the Policy map Configuration mode Use the no form of this command to delete a policy map This command is only available when QoS is in advanced mode Syntax policy map policy map name no policy map policy map name Parameters policy map name Specifies the policy map name Default Configuration N A Command Mode Global Configuration mode User Guidelines Use...

Page 562: ...ers the Policy map Configuration mode Console config policy map policy1 Console config pmap 41 8 class Use the class Policy map Configuration mode command after the policy map command to attach ACLs to a policy map Use the no form of this command to detach a class map from a policy map This command is only available when QoS is in advanced mode Syntax class class map name access group acl name no ...

Page 563: ...ple The following example defines a traffic classification class map called class1 containing an ACL called enterprise The class is in a policy map called policy1 The policy map policy1 now contains the ACL enterprise Console config policy map policy1 Console config pmap class class1 access group enterprise 41 9 show policy map Use the show policy map EXEC mode command to display all policy maps o...

Page 564: ...olicy map Class Configuration mode command to configure the trust state This command is relevant only when QoS is in advanced ports not trusted mode Trust indicates that traffic is sent to the queue according to the packet s QoS parameters UP or DSCP Use the no form of this command to return to the default trust state This command is only available when QoS is in advanced mode Syntax trust no trus...

Page 565: ...ly exclusive within the same policy map Policy maps that contain set or trust commands cannot be attached or that have Access Control List ACL classification to an egress interface by using the service policy Interface Configuration mode command If specifying trust cos QoS maps a packet to a queue the received or default port CoS value and the CoS to queue map Example The following example creates...

Page 566: ... Specifies the new user priority to be marked in the packet Range 0 16 Command Mode Policy map Class Configuration mode User Guidelines The set and trust commands are mutually exclusive within the same policy map To return to the Policy map Configuration mode use the exit command To return to the Privileged EXEC mode use the end command Example The following example creates an ACL places it into a...

Page 567: ...emove a policer This command is only available when QoS is in advanced mode Syntax police committed rate kbps committed burst byte exceed action drop policed dscp transmit no police Parameters committed rate kbps Specifies the average traffic rate CIR in kbits per second bps Range 100 10000000 committed burst byte Specifies the normal burst size CBS in bytes Range 3000 19173960 exceed action drop ...

Page 568: ...packet is dropped The class is called class1 and is in a policy map called policy1 Console config policy map policy1 Console config pmap class class1 Console config pmap c police 124000 9600 exceed action drop 41 13 service policy Use the service policy Interface Configuration Ethernet Port channel mode command to bind a policy map to a port port channel Use the no form of this command to detach a...

Page 569: ... policer This command is only available when QoS is in advanced mode Syntax qos aggregate policer aggregate policer name committed rate kbps excess burst byte exceed action drop policed dscp transmit no qos aggregate policer aggregate policer name Parameters aggregate policer name Specifies the aggregate policer name committed rate kbps Specifies the average traffic rate CIR in kbits per second kb...

Page 570: ...deleted if it is being used in a policy map The no police aggregate Policy map Class Configuration mode command must first be used to delete the aggregate policer from all policy maps before using the no mls qos aggregate policer command Policing uses a token bucket algorithm CIR represents the speed with which the token is added to the bucket CBS represents the depth of the bucket Example The fol...

Page 571: ...show qos aggregate policer policer1 aggregate policer policer1 96000 4800 exceed action drop not used by any policy map 41 16 police aggregate Use the police aggregate Policy map Class Configuration mode command to apply an aggregate policer to multiple class maps within the same policy map Use the no form of this command to remove an existing aggregate policer from a policy map This command is on...

Page 572: ...s called class1 in a policy map called policy1 and class2 in policy map policy2 Console config qos aggregate policer policer1 124000 9600 exceed action drop Console config policy map policy1 Console config pmap class class1 Console config pmap c police aggregate policer1 Console config pmap c exit Console config pmap exit Console config policy map policy2 Console config pmap class class2 Console c...

Page 573: ...ueue 1 CoS value 2 is mapped to queue 2 CoS value 3 is mapped to queue 3 CoS value 4 is mapped to queue 3 CoS value 5 is mapped to queue 4 CoS value 6 is mapped to queue 4 CoS value 7 is mapped to queue 4 Command Mode Global Configuration mode User Guidelines Use this command to distribute traffic to different queues Example The following example maps CoS value 4 and 6 to queue 2 Console config wr...

Page 574: ...uidelines The ratio for each queue is defined as the queue weight divided by the sum of all queue weights the normalized weight This sets the bandwidth allocation of each queue A weight of 0 indicates that no bandwidth is allocated for the same queue and the shared bandwidth is divided among the remaining queues It is not recommended to set the weight of a queue to a 0 as it might stop transmissio...

Page 575: ...eues Expedite queues are assigned to the queues with the higher indexes Range 0 4 There must be either 0 wrr queues or more than one If number of queues 0 all queues are assured forwarding according to wrr weights If the number of queues 4 all queues are expedited strict priority queues Default Configuration All queues are expedite queues Command Mode Global Configuration mode User Guidelines the ...

Page 576: ...Kbps maximum port speed committed burst Specifies the maximum permitted excess burst size CBS in bytes Range 4096 16762902 bytes Default Configuration The shaper is disabled Command Mode Interface Configuration Ethernet Port channel mode Example The following example sets a traffic shaper on gi5 on queue 1 when the average traffic rate exceeds 124000 kbps or the normal burst size exceeds 9600 byte...

Page 577: ...S in bytes Range 4096 16762902 bytes Default Configuration The shaper is disabled Command Mode Interface Configuration Ethernet Port channel mode Example The following example sets a shaper on queue 1 on gi5 when the average traffic rate exceeds 124000 kbps or the normal burst size exceeds 9600 bytes Console config interface gi5 Console config if traffic shape 1 124000 9600 41 22 rate limit Ethern...

Page 578: ...d Mode Interface Configuration Ethernet mode User Guidelines Storm control and rate limit of Unicast packets cannot be enabled simultaneously on the same port Example The following example limits the incoming traffic rate on gi5 to 150 000 kbps Console config interface gi5 Console config if rate limit 150000 41 23 rate limit VLAN Use the Layer 2 rate limit VLAN Global Configuration mode command to...

Page 579: ...akes precedence over VLAN rate limiting If a packet is subject to traffic policing in a policy map and is associated with a VLAN that is rate limited the packet is counted only in the traffic policing of the policy map This command does not work in Layer 3 mode Example The following example limits the rate on VLAN 11 to 150000 kbps or the normal burst size to 9600 bytes Console config rate limit 1...

Page 580: ...et Example Console conf qos wrr queue wrtd This setting will take effect only after copying running configuration to startup configuration and resetting the device Console config 41 25 show qos wrr queue wrtd Use the show qos wrr queue wrtd Exec mode command to display the Weighted Random Tail Drop WRTD configuration Syntax show qos wrr queue wrtd Parameters N A Default Configuration N A Command M...

Page 581: ... settings for the interface s queues For GE ports displays the queue depth for each of the 4 queues queueing Displays the queue s strategy WRR or EF the weight for WRR queues the CoS to queue map and the EF priority policers Displays all the policers configured for this interface their settings and the number of policers currently unused on a VLAN shapers Displays the shaper of the specified inter...

Page 582: ...the port and policy map if any attached to the interface are displayed If a specific interface is not specified the information for all interfaces is displayed Example This is an example of the output from the show qos interface queueing command for 4 queues Console show qos interface queueing gi1 gi1 wrr bandwidth weights and EF priority qid 1 2 3 4 weights 125 125 125 125 Ef Disable Disable Disa...

Page 583: ... an egress queue Use the no form of this command to disable the tail drop mechanism on an egress queue Console show qos interface policer gi1 Ethernet gi1 Class map A Policer type aggregate Commited rate 192000 bps Commited burst 9600 bytes Exceed action policed dscp transmit Class map B Policer type single Commited rate 192000 bps Commited burst 9600 bytes Exceed action drop Class map C Policer t...

Page 584: ...nly be used if Advanced mode is enabled Example The following example enables the tail drop mechanism on an egress queue Console config wrr queue tail drop 41 28 qos wrr queue threshold Use the qos wrr queue threshold Global Configuration mode command to assign queue thresholds globally Use the no form of this command to restore the default configuration This command is only available in QoS advan...

Page 585: ...r Guidelines If the threshold is exceeded packets with the corresponding Drop Precedence DP are dropped until the threshold is no longer exceeded Example The following example assigns a threshold of 80 percent to WRR queue 1 Console config qos wrr queue threshold gigabitethernet 1 80 41 29 qos map policed dscp Use the qos map policed dscp Global Configuration mode command to configure the policed ...

Page 586: ...uidelines The original DSCP value and policed DSCP value must be mapped to the same queue in order to prevent reordering Example The following example marks incoming DSCP value 3 as DSCP value 5 on the policed DSCP map Console config qos map policed dscp 3 to 5 41 30 qos map dscp queue Use the qos map dscp queue Global Configuration mode command to configure the DSCP to CoS map Use the no form of ...

Page 587: ...qos map dscp dp Use the qos map dscp dp Global Configuration mode command to map the DSCP values to Drop Precedence Use the no form of this command to restore the default configuration This command is only available in QoS advanced mode Syntax qos map dscp dp dscp list to dp no qos map dscp dp dscp list Parameters dscp list Specifies up to 8 DSCP values with values separated by a space Range 0 63 ...

Page 588: ...s trust Parameters cos Specifies that ingress packets are classified with packet CoS values Untagged packets are classified with the default port CoS value dscp Specifies that ingress packets are classified with packet DSCP values Default Configuration DSCP is the default trust mode Command Mode Global Configuration mode User Guidelines This command can be used only in QoS basic mode Packets enter...

Page 589: ...mutation map if the DSCP values are different in the QoS domains Example The following example configures the system to the DSCP trust state Console config qos trust dscp 41 33 qos trust Interface Use the qos trust Interface Configuration Ethernet Port channel mode command to enable port trust state while the system is in the basic QoS mode Use the no form of this command to disable the trust stat...

Page 590: ...ged then the default CoS value become the CoS value Range 0 16 Default Configuration The default CoS value of a port is 0 Command Mode Interface Configuration Ethernet Port channel mode User Guidelines Use the default CoS value to assign a CoS value to all untagged packets entering the interface Example The following example defines the port gi5 default CoS value as 3 Console config interface gi5 ...

Page 591: ...pplying this map to a port causes IP packets to be rewritten with newly mapped DSCP values at the ingress ports If applying the DSCP mutation map to an untrusted port to class of service CoS or to an IP precedence trusted port Global trust mode must be DSCP or CoS DSCP In advanced CoS mode ports must be trusted Example The following example applies the DSCP Mutation map to system DSCP trusted port...

Page 592: ...mode User Guidelines This is the only map that is not globally configured It is possible to have several maps and assign each one to a different port Example The following example changes DSCP values 1 2 4 5 and 6 to DSCP Mutation Map value 63 Console config qos map dscp mutation 1 2 4 5 6 to 63 41 37 show qos map Use the show qos map EXEC mode command to display the various types of QoS mapping S...

Page 593: ...stics EXEC mode command to clear the QoS statistics counters Syntax clear qos statistics Command Mode EXEC mode Example The following example clears the QoS statistics counters Console clear qos statistics Console show qos map dscp queue Dscp queue map d1 0 1 2 3 4 5 6 d2 0 01 01 02 04 06 07 08 1 01 01 02 04 06 07 08 2 01 01 02 05 06 07 08 3 01 01 02 05 06 07 08 4 01 01 03 05 06 07 5 01 01 03 05 0...

Page 594: ... map name class map name Specifies the class map name Default Configuration Counting in profile and out of profile is disabled Command Mode Interface Configuration Ethernet Port channel mode Example The following example enables counting in profile and out of profile on the interface Console config if qos statistics policer policy1 class1 41 40 qos statistics aggregate policer Use the qos statisti...

Page 595: ...icer policer1 41 41 qos statistics queues Use the qos statistics queues Global Configuration mode command to enable QoS statistics for output queues Use the no form of this command to disable QoS statistics for output queues Syntax qos statistics queues set queue all dp all interface all no qos statistics queues set Parameters set Specifies the counter set number interface Specifies the Ethernet p...

Page 596: ...tatistics for output queues for counter set 1 Console config qos statistics queues 1 all all all 41 42 show qos statistics Use the show qos statistics EXEC mode command to display Quality of Service statistical information Syntax show qos statistics Command Mode EXEC mode User Guidelines Up to 16 sets of counters can be enabled for policers The counters can be enabled in the creation of the police...

Page 597: ...stics Policers Interface gi1 gi1 gi2 gi2 Policy map Policy1 Policy1 Policy1 Policy1 Class Map Class1 Class2 Class1 Class2 In profile bytes 7564575 8759 746587458 5326 Out of prof ile bytes 5433 52 3214 23 Aggregate Policers Name Policer1 In profile bytes 7985687 Out of profile bytes 121322 Output Queues Interface gi1 gi2 Queue 2 All DP High High Total packets 799921 5387326 TD packets 1 2 0 2 ...

Page 598: ...enabled globally and per interface Use the no form of this command to disable the security suite feature When security suite is enabled you can specify the types of protection required The following commands can be used security suite dos protect security suite dos syn attack security suite deny martian addresses security suite deny syn security suite deny icmp security suite deny fragmented show ...

Page 599: ...specifies that security suite commands are global commands only When an attempt is made to configure security suite on a port it fails Console config security suite enable global rules only Console config interface gi1 Console config if security suite dos syn attack 199 any 10 To perform this command DoS Prevention must be enabled in the per interface mode Example 2 The following example enables t...

Page 600: ... it to remove the attack is to remove protection The possible attack types are stacheldraht Discards TCP packets with source TCP port 16660 invasor trojan Discards TCP packets with destination TCP port 2140 and source TCP port 1024 back orifice trojan Discards UDP packets with destination UDP port 31337 and source UDP port 1024 Default Configuration No protection is configured Command Mode Global ...

Page 601: ...ination IP address Use any to specify all IP addresses mask Specifies the network mask of the destination IP address prefix length Specifies the number of bits that comprise the destination IP address prefix The prefix length must be preceded by a forward slash Default Configuration No rate limit is configured If ip address is unspecified the default is 255 255 255 255 If prefix length is unspecif...

Page 602: ... packets containing system reserved IP addresses or user defined IP addresses Syntax security suite deny martian addresses add ip address mask prefix length remove ip address mask prefix length Add remove user specified IP addresses security suite deny martian addresses reserved add remove Add remove system reserved IP addresses see tables below no security suite deny martian addresses This comman...

Page 603: ...dress in the block of the reserved Martian IP addresses See the User Guidelines for a list of reserved addresses Default Configuration Martian addresses are allowed Command Mode Global Configuration mode User Guidelines For this command to work security suite enable must be enabled globally security suite deny martian addresses reserved adds or removes the addresses in the following table Address ...

Page 604: ...form of this command to permit creation of TCP connections Syntax security suite deny syn add tcp port any ip address any mask prefix length remove tcp port any ip address any mask prefix length no security suite deny syn Parameters ip address any Specifies the destination IP address Use any to specify all IP addresses mask Specifies the network mask of the destination IP address prefix length Spe...

Page 605: ...tion creation from an interface is done by discarding ingress TCP packets with SYN 1 ACK 0 and FIN 0 for the specified destination IP addresses and destination TCP ports Example The following example attempts to block the creation of TCP connections from an interface It fails because security suite is enabled globally and not per interface Console config security suite enable global rules only Con...

Page 606: ...n Echo requests are allowed from all interfaces If mask is not specified it defaults to 255 255 255 255 If prefix length is not specified it defaults to 32 Command Mode Interface Configuration Ethernet Port channel mode User Guidelines For this command to work security suite enable must be enabled both globally and for interfaces This command discards ICMP packets with ICMP type Echo request that ...

Page 607: ...p address any Specifies the destination IP address Use any to specify all IP addresses mask Specifies the network mask of the IP address prefix length Specifies the number of bits that comprise the IP address prefix The prefix length must be preceded by a forward slash Default Configuration Fragmented packets are allowed from all interfaces If mask is unspecified the default is 255 255 255 255 If ...

Page 608: ...security suite configuration Use the show security suite configuration EXEC mode command to display the security suite configuration Syntax show security suite configuration Command Mode EXEC mode Example The following example displays the security suite configuration Console show security suite configuration Security suite is enabled Per interface rules are enabled Denial Of Service Protect stach...

Page 609: ...artian addresses filtering Reserved addresses enabled Configured addresses 10 0 0 0 8 192 168 0 0 16 SYN filtering Interface gi2 IP Address 176 16 23 0 24 TCP port FTP ICMP filtering Interface gi2 IP Address 176 16 23 0 24 Fragmented packets filtering Interface gi2s IP Address 176 16 23 0 24 ...

Page 610: ...Voice VLAN is enabled but it will be triggered by an external event such as an IP phone being attached to a Smartport disabled Voice VLAN is disabled Default Configuration auto triggered Command Mode Global Configuration mode User Guidelines By factory default CDP LLDP and LLDP MED are enabled on the switch In addition manual Smartport mode and Basic QoS with trusted DSCP is enabled All ports are ...

Page 611: ... VSDP message was received from a neighbor In all other cases the operation state is disabled Notes The administrative state cannot be set to oui enabled if the Auto SmartPort Global administrative state is enabled To change the administrative state from oui enabled to auto enabled or auto triggered or vice versa you must first set the administrative state to disabled The administrative state cann...

Page 612: ...e is re applied console config voice vlan state auto triggered console config 30 Apr 2011 00 13 52 LINK I Up Vlan 5 30 Apr 2011 00 13 52 LINK I Up Vlan 8 30 Apr 2011 00 13 52 LINK I Up Vlan 9 30 Apr 2011 00 13 52 LINK I Up Vlan 100 42 2 voice vlan refresh The voice vlan refresh Global Configuration mode command restarts the Voice VLAN discovery process on all the Auto Voice VLAN enabled switches i...

Page 613: ...show voice vlan Administrate Voice VLAN state is auto triggered Operational Voice VLAN state is auto enabled Best Local Voice VLAN ID is 100 Best Local VPT is 5 default Best Local DSCP is 46 default Following is the new active source Agreed Voice VLAN is received from switch b0 c6 9a c1 da 00 Agreed Voice VLAN priority is 2 active CDP device Agreed Voice VLAN ID is 100 Agreed VPT is 5 Agreed DSCP ...

Page 614: ...s in the voice VLAN ID CoS 802 1p and or DSCP will cause the switch to advertise the administrative voice VLAN as static voice VLAN which has higher priority than voice VLAN learnt from external sources Are you sure you want to continue Y N Y Y 30 Apr 2011 00 19 36 VLAN I VoiceVlanCreated Voice Vlan ID 104 was created console config 30 Apr 2011 00 19 51 VLAN I ReceivedFromVSDP Voice VLAN updated b...

Page 615: ...strative voice VLAN as static voice VLANwhich has higher priority than voice VLAN learnt from external sources Are you sure you want to continue Y N Y Y 30 Apr 2011 00 24 52 VLAN W BestLocal Oper inconsistency detected VSDP voice VLAN configuration differs from best local Best local is Voice VLAN ID 104 VPT 5 DSCP 46 console config 30 Apr 2011 00 25 07 VLAN I ReceivedFromVSDP Voice VLAN updated by...

Page 616: ...ty than voice VLAN learnt from external sources Are you sure you want to continue Y N Y Y 30 Apr 2011 00 31 07 VLAN W BestLocal Oper inconsistency detected VSDP voice VLAN configuration differs from best local Best local is Voice VLAN ID 104 VPT 7 DSCP 46 console config 30 Apr 2011 00 31 22 VLAN I ReceivedFromVSDP Voice VLAN updated by VSDP Voice VLAN ID 104 VPT 7 DSCP 63 42 6 voice vlan oui table...

Page 617: ...elines The classification of a packet from VoIP equipment phones is based on the packet s OUI in the source MAC address OUIs are globally assigned administered by the IEEE In MAC addresses the first three bytes contain a manufacturer ID Organizationally Unique Identifiers OUI and the last three bytes contain a unique station ID Since the number of IP phone manufacturers that dominates the market i...

Page 618: ...ss of Service CoS mode Use the no form of this command to return to the default Syntax voice vlan cos mode src all no voice vlan cos mode Parameters src QoS attributes are applied to packets with OUIs in the source MAC address See the User Guidelines of voice vlan oui table all QoS attributes are applied to packets that are classified to the Voice VLAN Default Configuration The default mode is src...

Page 619: ...nge 0 7 remark Specifies that the L2 user priority is remarked with the CoS value Default Configuration The default CoS value is 5 The L2 user priority is not remarked by default Command Mode Global Configuration mode Example The following example sets the OUI voice VLAN CoS to 7 and does not do remarking Console config voice vlan cos 7 42 9 voice vlan aging timeout Use the voice vlan aging timeou...

Page 620: ...erval to 12 hours Console config voice vlan aging timeout 720 42 10 voice vlan enable Use the voice vlan enable Interface Configuration Ethernet Port channel mode command to enable OUI voice VLAN configuration on an interface Use the no form of this command to disable OUI voice VLAN configuration on an interface Syntax voice vlan enable no voice vlan enable Default Configuration Disabled Command M...

Page 621: ...ample The following example enables OUI voice VLAN configuration on gi2 Console config interface gi2 Console config if voice vlan enable 42 11 show voice vlan Use the show voice vlan EXEC mode command to display the voice VLAN status for all interfaces or for a specific interface if the voice VLAN type is OUI Syntax show voice vlan type oui auto interface id Parameters type oui Common and OUI voic...

Page 622: ...state is auto enabled Best Local Voice VLAN ID is 20 Best Local VPT is 4 Best Local DSCP is 1 Voice VLAN is received from switch 00 01 22 01 ab 87 45 Agreed Voice VLAN priority is 0 active UC device Agreed Voice VLAN ID is 100 Agreed VPT is 0 Agreed DSCP is 0 Agreed VLAN Last Change is 10 Apr 10 20 01 00 Example 2 Displays the current voice VLAN parameters switch show voice vlan Administrate Voice...

Page 623: ...e 4 Displays the current voice VLAN parameters switch show voice vlan Administrate Voice VLAN state is disabled Operational Voice VLAN state is disabled Best Local Voice VLAN ID is 20 Best Local VPT is 0 default Best Local DSCP is 0 default Aging timeout 1440 minutes CoS 6 Remark Yes Example 5 Displays the voice VLAN parameters when the voice VLAN state is OUI switch show voice vlan oui Administra...

Page 624: ...imens 00 60 B9 NEC Philips 00 0F E2 Huawei 3COM 00 09 6E Avaya Interface Enabled Secure Activated CoS Mode gi1 Yes Yes Yes all gi2 Yes Yes No src gi3 No No src 42 12 show voice vlan local The show voice vlan local EXEC mode command displays information about the auto voice VLAN local configuration including the best local voice VLAN Syntax show voice vlan local Parameters N A Default Configuration...

Page 625: ...o triggered Operational Voice VLAN state is auto enabled VSDP Authentication is enabled key string name is alpha The character marks the best local Voice VLAN VLAN ID VPT DSCP Source MAC Address Interface 1 5 46 default 104 7 63 static 100 CDP 00 1e 13 73 3d 62 gi7 Example 2 Displays the local voice VLAN configuration when the voice VLAN state is Auto triggered console show voice vlan local Admini...

Page 626: ...Displays the local voice VLAN configuration when the voice VLAN state is OUI console show voice vlan local Administrate Voice VLAN state is auto OUI Operational Voice VLAN state is OUI The character marks the best local Voice VLAN VLAN ID VPT DSCP Source MAC Address Interface 1 0 0 default 10 1 27 static 10 UC 00 00 12 ea 87 dc gi1 10 UC 00 00 aa aa 89 dc po1 ...

Page 627: ...port administrative global and operational states are enabled when Auto Voice VLAN is in operation Default Configuration Administrative state is controlled Command Mode Global Configuration mode User Guidelines Regardless of the status of Auto Smartport you can always manually apply a Smartport macro to its associated Smartport type A Smartport macro is either a built in macro or a user defined ma...

Page 628: ...rts on these VLANs console config macro auto controlled console config macro auto enabled Auto smartports cannot be enabled because OUI voice is enabled console config voice vlan state disabled console config macro auto enabled console config 10 Apr 2011 16 11 31 LINK I Up Vlan 20 10 Apr 2011 16 11 33 LINK I Up Vlan 5 10 Apr 2011 16 11 33 LINK I Up Vlan 6 10 Apr 2011 16 11 33 LINK I Up Vlan 7 10 A...

Page 629: ...ature on port 1 console conf conf interface gi1 console conf if macro auto smartport 43 3 macro auto trunk refresh The macro auto trunk refresh Global Configuration command reapplies the Smartport macro on a specific interface or to all the interfaces with the specified Smartport type Syntax macro auto trunk refresh smartport type interface id Parameters smartport type Smartport type switch router...

Page 630: ...macro is executed if the interface has one of the following Smartport types switch router or wireless access point ap If a Smartport macro contains configuration commands that are no longer current on one or more interfaces you can update their configuration by reapplying the Smartport macro on the interfaces Example Adds the ports of Smartport type switch to all existing VLANs by running the asso...

Page 631: ...esired Smartport macro you must reset the interface using the macro auto resume command which changes the Smartport type of the interface to Default Then you can run macro auto trunk refresh Example Changes the Smartport type from unknown to default and resumes the Smartport feature on port 1 console conf interface gi1 console conf if macro auto resume 43 5 macro auto persistent The macro auto per...

Page 632: ...nge gi1 2 console config if range macro auto persistent console config if range exit console config interface range gi3 4 console config if range no macro auto persistent 43 6 macro auto smartport type The macro auto smartport type Interface Configuration mode command manually statically assigns a Smartport type to an interface The no format of the command removes the manually configured type and ...

Page 633: ...ine 10 The show parser macro name command is run to display the contents of the macro printer in order to see which line failed console conf interface gi1 console conf if macro auto smartport type printer 30 May 2011 15 02 45 AUTOSMARTPORT E FAILEDMACRO Macro printer for auto smar port type Printer on interface gi1 failed at command number 10 console conf if exit console conf if do show parser mac...

Page 634: ...08 config 43 7 macro auto processing cdp The macro auto processing cdp Global Configuration mode command enables using CDP capability information to identify the type of an attached device When Auto Smartport is enabled on an interface and this command is run the switch automatically applies the corresponding Smartport type to the interface based on the CDP capabilities advertised by the attaching...

Page 635: ...e of an attached device When Auto Smartport is enabled on an interface and this command is run the switch automatically applies the corresponding Smartport type to the interface based on the LLDP capabilities advertised by the attaching device s The no format of the command disables the feature Syntax macro auto processing lldp no macro auto processing lldp Parameters N A Default Configuration Ena...

Page 636: ...t ip_phone ip_phone_desktop switch router or wireless access point ap Default Configuration By default auto detection of ip_phone ip_phone_desktop switch and wireless access point ap is enabled Command Mode Global Configuration Example Example 1 In this example VLANs were de activated because LLDP was disabled console config no macro auto processing lldp console config 10 Apr 2011 16 21 16 LINK W ...

Page 637: ... to a Smartport type This is done by replacing the link to the built in macro with the link to the user defined macro The no format of the command returns the link to the default built in Smartport macro Syntax macro auto user smartport macro smartport type user defined macro name parameter name value parameter name value parameter name value no macro auto user smartport macro smartport type Param...

Page 638: ...have defined a pair of macros one to apply the configuration and the other anti macro to remove the configuration The macros are paired by their name The name of the anti macro is the concatenation of no_ with the name of the corresponding macro Please refer to the Macro Command section for details about defining macro Example To link the user defined macro my_ip_phone_desktop to the Smartport typ...

Page 639: ...e VLAN the default value is the default native VLAN Command Mode Global Configuration User Guidelines By default each Smartport type is associated with a pair of built in macros a macro that applies the configuration and the anti macro no macro to remove the configuration The Smartport types are the same as the name of the corresponding built in Smartport macros with the anti macro prefixed with n...

Page 640: ...abled ap enabled 43 13 show macro auto smart macros The show macro auto smart macros EXEC mode command displays the name of Smartport macros their type built in or user defined and their parameters This information is displayed for all Smartport types or for the specified one Syntax show macro auto smart macros smartport type Parameters smartport type Smartport type range printer desktop guest ser...

Page 641: ...ort Macro use switch Smartport type router Parameters native_vlan 2 Smartport Macro router built in 43 14 show macro auto ports The show macro auto ports EXEC mode command displays information about all Smartport ports or a specific one If a macro was run on the port and it failed the type of the port is displayed as Unknown Syntax show macro auto ports interface id Parameters interface id Interfa...

Page 642: ...ate gi1 disabled enabled switch gi2 enabled enabled default gi3 enabled disabled phone gi4 enabled enabled router static gi5 enabled enabled switch gi6 enabled enabled unknown Example 2 Disabling auto SmartPort on gi2 console config if interface gi2 console config if no macro auto smartport console config if end console show macro auto ports gi2 SmartPort is Enabled Administrative Globally Auto Sm...

Page 643: ...allowed vlan The smartport switchport trunk allowed vlan Interface Configuration Ethernet port channel mode command adds removes VLANs to from a trunk port Syntax smartport switchport trunk allowed vlan add vlan list all remove vlan list all Parameters add vlan list Specifies a list of VLAN IDs to add to interface Separate nonconsecutive VLAN IDs with a comma and no spaces use a hyphen to designat...

Page 644: ...gress tagged port remove all Removes the interface from the default VLAN Example To add port 1 to VLANs 1 5 console conf interface gi1 console conf if smartport switchport trunk allowed vlan add 1 5 43 16 smartport switchport trunk native vlan Use the smartport switchport trunk native vlan Interface Configuration Ethernet port channel mode command to define the native VLAN when the interface is in...

Page 645: ...nk native vlan CLI command Unlike the switchport trunk native vlan CLI command this command may also be applied to the default VLAN when the interface belongs to the default VLAN as egress tagged port Example Define the native VLAN when port 1 is in trunk mode console conf interface gi1 console conf if smartport switchport trunk native vlan 1 ...

Page 646: ...sable LLDP use the no form of this command Syntax lldp run no lldp run Parameters N A Default Configuration Enabled Command Mode Global Configuration mode Example console config lldp run 44 2 lldp transmit Use the lldp transmit Interface Configuration mode command to enable transmitting LLDP on an interface Use the no form of this command to stop transmitting LLDP on an interface Syntax lldp trans...

Page 647: ...on the STP state of a port I e LLDP frames are sent on blocked ports If a port is controlled by 802 1x LLDP operates only if the port is authorized Example console config interface gi1 console config if lldp transmit 44 3 lldp receive Use the lldp receive Interface Configuration mode command to enable receiving LLDP on an interface Use the no form of this command to stop receiving LLDP on an inter...

Page 648: ...authorized Example console config interface gi1 console config if lldp receive 44 4 lldp timer Use the lldp timer Global Configuration mode command to specify how often the software sends LLDP updates Use the no form of this command to restore the default configuration Syntax lldp timer seconds no lldp timer Parameters timer seconds Specifies in seconds how often the software sends LLDP updates ra...

Page 649: ... LLDP packet hold time interval as a multiple of the LLDP timer value range 2 10 Default Configuration The default LLDP hold multiplier is 4 Command Mode Global Configuration mode User Guidelines The actual Time To Live TTL value of LLDP frames is calculated by the following formula TTL min 65535 LLDP Timer LLDP hold multiplier For example if the value of the LLDP timer is 30 seconds and the value...

Page 650: ...einit Parameters reinit seconds Specifies the minimum time in seconds an LLDP port waits before reinitializing LLDP transmission Range 1 10 Default Configuration 2 seconds Command Mode Global Configuration mode Example console config lldp reinit 4 44 7 lldp tx delay Use the lldp tx delay Global Configuration mode command to set the delay between successive LLDP frame transmissions initiated by val...

Page 651: ...less than 0 25 of the LLDP timer interval Example The following example sets the LLDP transmission delay to 10 seconds Console config lldp tx delay 10 44 8 lldp optional tlv Use the lldp optional tlv Interface Configuration Ethernet mode command to specify which optional TLVs are transmitted Use the no form of this command to restore the default configuration Syntax lldp optional tlv tlv tlv2 tlv5...

Page 652: ...e Specifies that no address is advertised automatic Specifies that the software automatically selects a management address to advertise from all the IP addresses of the product In case of multiple IP addresses the software selects the lowest IP address among the dynamic IP addresses If there are no dynamic addresses the software selects the lowest IP address among the static IP addresses automatic...

Page 653: ...h port can advertise one IP address Example The following example sets the LLDP management address advertisement mode to automatic on gi2 Console config interface gi2 Console config if lldp management address automatic 44 10 lldp notifications Use the lldp notifications Interface Configuration Ethernet mode command to enable disable sending LLDP notifications on an interface Use the no form of thi...

Page 654: ...dp notifications interval Use the lldp notifications interval Global Configuration mode command to configure the maximum transmission rate of LLDP notifications Use the no form of this command to return to the default Syntax lldp notifications interval seconds no lldp notifications interval Parameters interval seconds The device does not send more than a single notification in the indicated period...

Page 655: ...guration LLDP packets are filtered when LLDP is globally disabled Command Mode Global Configuration mode User Guidelines If the STP mode is MSTP the LLDP packet handling mode cannot be set to flooding The STP mode cannot be set to MSTP if the LLDP packet handling mode is flooding If LLDP is globally disabled and the LLDP packet handling mode is flooding LLDP packets are treated as data packets wit...

Page 656: ...form of this command to return to the default state Syntax lldp med enable tlv tlv4 disable no lldp med Parameters enable Enable LLDP MED tlv Specifies the TLV that should be included Available TLVs are network policy location and poe pse inventory The capabilities TLV is always included if LLDP MED is enabled disable disable LLDP MED on the port Default Configuration Enabled with network policy T...

Page 657: ...ogy change notifications disable Disables sending LLDP MED topology change notifications Default Configuration Disable is the default Command Mode Interface Configuration Ethernet mode Example The following example enables sending LLDP MED topology change notifications on gi2 Console config interface gi2 Console config if lldp med notifications topology change enable 44 15 lldp med fast start repe...

Page 658: ...ldp med network policy global Use the lldp med network policy Global Configuration mode command to define a LLDP MED network policy For voice applications it is simpler to use lldp med network policy voice auto The lldp med network policy command creates the network policy which is attached to a port by lldp med network policy interface The network policy defines how LLDP packets are constructed U...

Page 659: ...g video video signaling vlan vlan id VLAN identifier for the application vlan type Specifies if the application is using a tagged or an untagged VLAN up priority User Priority Layer 2 priority to be used for the specified application dscp value DSCP value to be used for the specified application Default Configuration No network policy is defined Command Mode Global Configuration mode User Guidelin...

Page 660: ...ed network policy interface Use the lldp med network policy Interface Configuration Ethernet mode command to attach or remove an LLDP MED network policy on a port Network policies are created in lldp med network policy global Use the no form of this command to remove all the LLDP MED network policies from the port Syntax lldp med network policy add remove number no lldp med network policy number P...

Page 661: ...k policy voice auto A network policy for voice LLDP packets can be created by using the lldp med network policy global The lldp med network policy voice auto Global Configuration mode is simpler in that it uses the configuration of the Voice appliation to create the network policy instead of the user having to manually configure it The lldp med network policy voice auto command generates an LLDP M...

Page 662: ...igured network policies for the voice application In Auto mode you cannot manually define a network policy for the voice application using the lldp med network policy global command Example console config lldp med network policy voice auto 44 19 clear lldp table Use the clear lldp table command in Privileged EXEC mode to clear the neighbors table for all ports or for a specific port Syntax clear l...

Page 663: ...ss data Specifies the location data as a civic address in hexadecimal format ecs elin data Specifies the location data as an Emergency Call Service Emergency Location Identification Number ECS ELIN in hexadecimal format data Specifies the location data in the format defined in ANSI TIA 1057 dotted hexadecimal data Each byte in a hexadecimal character string is two hexadecimal digits Bytes are sepa...

Page 664: ...Parameters interface id Specifies the port ID Default Configuration N A Command Mode Privileged EXEC mode Examples Example 1 Display LLDP configuration for all ports Switch show lldp configuration State Enabled Timer 30 Seconds Hold multiplier 4 Reinit delay 2 Seconds Tx delay 2 Seconds Notifications interval 5 seconds LLDP packets handling Filtering Port State Optional TLVs Address Notifications ...

Page 665: ...Example 2 Display LLDP configuration for port 1 Switch show lldp configuration gi1 State Enabled Timer 30 Seconds Hold multiplier 4 Reinit delay 2 Seconds Tx delay 2 Seconds Notifications interval 5 seconds LLDP packets handling Filtering Port State Optional TLVs Address Notifications gi1 RX TX PD SN SD SC 72 16 1 1 Disabled 802 3 optional TLVs 802 3 mac phy 802 3 lag 802 3 max frame size 802 1 op...

Page 666: ...f time as a multiple of the timer interval that the receiving device holds a LLDP packet before discarding it Reinit timer The minimum time interval an LLDP port waits before re initializing an LLDP transmission Tx delay The delay between successive LLDP frame transmissions initiated by value status changes in the LLDP local systems MIB Port The port number State The port s LLDP state Optional TLV...

Page 667: ...how lldp med configuration Fast Start Repeat Count 4 lldp med network policy voice manual Network policy 1 Application type voiceSignaling VLAN ID 1 untagged Layer 2 priority 0 DSCP 0 Port Capabilities Network Policy Location Notifications Inventory gi1 Yes Yes Yes Enabled Yes gi2 Yes Yes No Enabled No gi3 No No No Enabled No Example 2 The following example displays the LLDP MED configuration for ...

Page 668: ... the LLDP on all ports or on a specific port Syntax show lldp local tlvs overloading interface id Parameters interface id Specifies a port ID Default Configuration If no port ID is entered the command displays information for all ports Command Mode EXEC mode User Guidelines The command calculates the overloading status of the current LLDP configuration and not for the last LLDP packet that was sen...

Page 669: ...face id Parameters Interface id Specifies a port ID Default Configuration If no port ID is entered the command displays information for all ports Command Mode Privileged EXEC mode Example The following examples display LLDP information that is advertised from gi1 and 2 Switch show lldp local gi1 Device ID 0060 704C 73FF Port ID gi1 Capabilities Bridge System Name ts 7800 1 System description Port ...

Page 670: ...ggregated Aggregation status Not currently in aggregation Aggregation port ID 1 802 3 Maximum Frame Size 1522 802 3 EEE Local Tx 30 usec Local Rx 25 usec Remote Tx Echo 30 usec Remote Rx Echo 25 usec 802 1 PVID 1 802 1 PPVID 2 supported enabled 802 1 VLAN 2 VLAN2 802 1 Protocol 88 8E 01 LLDP MED capabilities Network Policy Location Identification LLDP MED Device type Network Connectivity LLDP MED ...

Page 671: ...Firmware Revision A1 Software Revision 3 8 Serial number 7978399 Manufacturer name Manufacturer Model name Model 1 Asset ID Asset 123 Switch show lldp local gi2 LLDP is disabled 44 25 show lldp statistics Use the show lldp statistics EXEC mode command to display LLDP statistics on all ports or a specific port Syntax show lldp statistics interface id Parameters interface id Specifies a port ID Defa...

Page 672: ... Port Total Total Discarded Errors Discarded Unrecognized Total gi1 730 850 0 0 0 0 0 gi2 0 0 0 0 0 0 0 gi3 730 0 0 0 0 0 0 gi4 0 0 0 0 0 0 0 gi5 0 0 0 0 0 0 0 gi6 8 7 0 0 0 0 1 gi7 0 0 0 0 0 0 0 gi8 0 0 0 0 0 0 0 gi9 730 0 0 0 0 0 0 gi10 0 0 0 0 0 0 0 44 26 show lldp neighbors Use the show lldp neighbors Privileged EXEC mode command to display information about neighboring devices discovered usin...

Page 673: ...s Detail is the default parameter Command Mode Privileged EXEC mode User Guidelines A TLV value that cannot be displayed as an ASCII string is displayed as an hexadecimal string Examples Example 1 The following example displays information about neighboring devices discovered using LLDP on all ports Location information if it exists is also displayed Switch show lldp neighbors Port Device ID Port ...

Page 674: ...Management address 172 16 1 1 Time To Live 90 seconds 802 3 MAC PHY Configuration Status Auto negotiation support Supported Auto negotiation status Enabled Auto negotiation Advertised Capabilities 100BASE TX full duplex 1000BASE T full duplex Operational MAU type 1000BaseTFD 802 3 Power via MDI MDI Power support Port Class PD PSE MDI Power Support Not Supported PSE MDI Power State Not Enabled PSE ...

Page 675: ...30 usec Local Tx Echo 30 usec Local Rx Echo 25 usec 802 1 PVID 1 802 1 PPVID 2 supported enabled 802 1 VLAN 2 VLAN2 802 1 Protocol 88 8E 01 LLDP MED capabilities Network Policy LLDP MED Device type Endpoint class 2 LLDP MED Network policy Application type Voice Flags Unknown policy VLAN ID 0 Layer 2 priority 0 DSCP 0 LLDP MED Power over Ethernet Device Type Power Device Power source Primary power ...

Page 676: ...s significant LLDP fields shown in the display Field Description Port The port number Device ID The neighbor device s configured ID name or MAC address Port ID The neighbor device s port ID System name The neighbor device s administratively assigned name Capabilities The capabilities discovered on the neighbor device Possible values are B Bridge R Router W WLAN Access Point T Telephone D DOCSIS ca...

Page 677: ...tes whether the sender is a Network Connectivity Device or Endpoint Device and if an Endpoint to which Endpoint Class it belongs LLDP MED Network Policy Application type The primary function of the application defined for this network policy Flags Flags The possible values are Unknown policy Policy is required by the device but is currently unknown Tagged VLAN The specified application type is usi...

Page 678: ...Local power Primary and Local power Power priority The PD device priority A PSE device advertises the power priority configured for the port A PD device advertises the power priority configured for the device The possible values are Critical High and Low Power value The total power in watts required by a PD device from a PSE device or the total power a PSE device is capable of sourcing over a maxi...

Page 679: ...s are not directly connected and are separated with CDP LLDP incapable devices the CDP LLDP capable devices may be able to receive the advertisement from other device s only if the CDP LLDP incapable devices flood the CDP LLDP packets they receives If the CDP LLDP incapable devices perform VLAN aware flooding then CDP LLDP capable devices can hear each other only if they are in the same VLAN It sh...

Page 680: ...abled Command Mode Ethernet Interface User Guidelines For CDP to be enabled on an interface it must first be enabled globally using cdp run Example console conf cdp run console conf interface gi1 console conf if cdp enable 45 3 cdp pdu Use the cdp pdu Global Configuration mode command when CDP is not enabled globally It specifies CDP packets handling when CDP is globally disabled The no format of ...

Page 681: ...ate ignoring the VLAN filtering rules Default Configuration bridging Command Mode Global Configuration mode User Guidelines When CDP is globally enabled CDP packets are filtered discarded on CDP disabled ports In the flooding mode VLAN filtering rules are not applied but STP rules are applied In case of MSTP the CDP packets are classified to instance 0 Example console conf cdp run console conf cdp...

Page 682: ...dp appliance tlv enable The cdp appliance tlv enable Global Configuration mode command enables sending of the Appliance TLV The no format of this command disables the sending of the Appliance TLV Syntax cdp appliance tlv enable no cdp appliance tlv enable Parameters N A Default Configuration Enabled Command Mode Global Configuration mode User Guidelines This MIB specifies the Voice Vlan ID VVID to...

Page 683: ...ets are expected to be sent and received untagged without an 802 1p priority 4096 The CDP packets transmitting through this port would not include Appliance VLAN ID TLV or if the VVID is not supported on the port this MIB object will not be configurable and will return 4096 Example console conf cdp appliance tlv enable 45 6 cdp mandatory tlvs validation Use the cdp mandatory tlvs validation Global...

Page 684: ...no cdp source interface Parameters interface id Source port used for Source IP address selection Default Configuration No CDP source interface is specified Command Mode Global Configuration mode User Guidelines Use the cdp source interface command to specify an interface whose minimal IP address will be advertised in the TVL instead of the minimal IP address of the outgoing interface Example conso...

Page 685: ...x mismatches from all ports Command Mode Global Configuration mode Ethernet Interface Example console conf interface gi1 console conf if cdp log mismatch duplex 45 9 cdp log mismatch voip Use the cdp log mismatch voip Global and Interface Configuration mode command to enable validating that the VoIP status of the port received in a CDP packet matches its actual configuration If not a SYSLOG messag...

Page 686: ... Global and Interface Configuration mode command to enable validating that the native VLAN received in a CDP packet matches the actual native VLAN of the port If not a SYSLOG native mismatch message is generated The no format of the CLI command disables the generation of the SYSLOG messages Syntax cdp log mismatch native no cdp log mismatch native Parameters N A Default Configuration The switch re...

Page 687: ...dp device id format Parameters mac Specifies that the Device ID TLV contains the device s MAC address serial number Specifies that Device ID TLV contains the device s hardware serial number Default Configuration MAC address is selected by default Command Mode Global Configuration mode Example console conf cdp device id format serial number 45 12 cdp timer The cdp timer Global Configuration mode co...

Page 688: ...0 45 13 cdp holdtime The cdp holdtime Global Configuration mode command specified a value of the Time to Live field into sent CDP messages The no format of this command returns to default Syntax cdp holdtime seconds no cdp timer Parameters seconds Value of the Time to Live field in seconds The value should be bigger than the value of Transmission Timer Parameters range seconds 10 255 Default Confi...

Page 689: ... Configuration mode command resets the CDP traffic counters to 0 Syntax clear cdp counters Parameters N A Command Mode Global Configuration mode Example console conf clear cdp couters 45 15 clear cdp table The clear cdp table Global Configuration mode command deletes the CDP Cache tables Syntax clear cdp table Parameters N A Command Mode Global Configuration mode ...

Page 690: ...the advertisements Syntax show cdp Parameters N A Command Mode Privileged EXEC mode Example switch show cdp Global CDP information cdp is globally enabled cdp log duplex mismatch is globally enabled cdp log voice VLAN mismatch is globally enabled cdp log native VLAN mismatch is globally disabled Mandatory TLVs are Device ID TLV 0x0001 Address TLV 0x0002 Port ID TLV 0x0003 Capabilities TLV 0x0004 V...

Page 691: ...limited to protocol or version information Syntax show cdp entry device name protocol version Parameters Specifies all neighbors device name Specifies the name of the neighbor protocol Limits the display to information about the protocols enabled on neighbors version Limits the display to information about the version of software running on the neighbors Default Configuration Version Command Mode ...

Page 692: ...SOFTWARE Copyright c 1986 1997 by cisco Systems Inc Compiled Mon 07 Apr 97 19 51 by dschwart Example 2 switch show cdp entry device cisco com protocol Protocol information for device cisco com IP address 192 168 68 18 CLNS address 490001 1111 1111 1111 00 DECnet address 10 1 Example 3 switch show cdp entry device cisco com version Version information for device cisco com Cisco Internetwork Operati...

Page 693: ...ace id Parameters interface id Port ID Command Mode Privileged EXEC mode Example switch show cdp interface gi1 CDP is globally enabled CDP log duplex mismatch Globally is enabled Per interface is enabled CDP log voice VLAN mismatch Globally is enabled Per interface is enabled CDP log native VLAN mismatch Globally is disabled Per interface is enabled gi1 is Down CDP is enabled Sending CDP packets e...

Page 694: ...ls hold time and software version secondary Displays information about neighbors from the secondary cache Default Configuration If interface id is not specified the command displays information for neighbors of all ports If detail or secondary are not specified the default is secondary Command Mode Privileged EXEC mode Example switch show cdp neighbors Capability Codes R Router T Trans Bridge B So...

Page 695: ...eighbors detail Device ID lab 7206 Advertisement version 2 Entry address es IP address 172 19 169 83 Platform cisco 7206VXR Capabilities Router Interface Ethernet0 Port ID outgoing port fa 0 Time To Live 123 sec Version Cisco Internetwork Operating System Software IOS tm 5800 Software C5800 P4 M Version 12 1 2 Copyright c 1986 2002 by Cisco Systems Inc Duplex half Device ID lab as5300 1 Entry addr...

Page 696: ...50 sec Version P00303020204 Duplex full Power drawn 6 300 Watts switch show cdp neighbors secondary Capability Codes R Router T Trans Bridge B Source Route Bridge S Switch H Host I IGMP r Repeater P VoIP Phone M Remotely Managed Device C CAST Phone Port W Two Port MAC Relay Local Interface Mac Address TimeToLive Capability VLAN ID Platform fa 1 00 00 01 23a 86 9c 157 R S 10 206VXRYC fa 1 00 00 05 ...

Page 697: ...es such as those with optical ports in which signals from multiple hardware interfaces are multiplexed through a single physical port It contains the name of the external physical port through which the multiplexed signal is transmitted Interface The protocol and port number of the port on the current device IP Network Prefix It is used by On Demand Routing ODR When transmitted by a hub router it ...

Page 698: ...r supplied by the routing device generally 5 watts shown using the show power command Protocol Hello Specifies that a particular protocol has asked CDP to piggyback its hello messages within transmitted CDP packets Remote Port_ID Identifies the port the CDP packet is sent on sysName An ASCII string containing the same value as the sending device s sysName MIB object sysObjectID The OBJECT IDENTIFI...

Page 699: ...rts if not specified Information for a port is displayed if only CDP is really running on the port i e CDP is enabled globally and on the port which is UP Examples Example 1 In this example CDP is disabled and no information is displayed switch show cdp tlv cdp globally is disabled Example 2 In this example CDP is globally enabled but disabled on the port and no information is displayed switch sho...

Page 700: ...ce C CAST Phone Port W Two Port MAC Relay Interface TLV gi3 CDP is enabled on gi3 Ethernet gi3 is down Example 4 In this example CDP is globally enabled and enabled on the port which is up and information is displayed switch show cdp tlv interface gi1 cdp globally is enabled Capability Codes R Router T Trans Bridge B Source Route Bridge S Switch H Host I IGMP r Repeater P VoIP Phone M Remotely Man...

Page 701: ...ation is displayed for all ports on which CDP is enabled who are up switch show cdp tlv interface cdp globally is enabled Capability Codes R Router T Trans Bridge B Source Route Bridge S Switch H Host I IGMP r Repeater P VoIP Phone M Remotely Managed Device C CAST Phone Port W Two Port MAC Relay Interface TLV gi1 CDP is enabled Ethernet gi1 is up Device ID TLV type is MAC address Value is 00 11 22...

Page 702: ...wn 45 21 show cdp traffic The show cdp traffic Privileged EXEC mode command displays the CDP counters including the number of packets sent and received and checksum errors Syntax show cdp traffic Parameters N A Command Mode Privileged EXEC mode Example switch show cdp traffic CDP counters Total packets output 81684 Input 81790 Hdr syntax 0 Chksum error 0 Encaps 0 No memory 0 Invalid packet 0 CDP v...

Page 703: ...e checksum verifying operation failed on incoming CDP advertisements No memory The number of times the local device did not have enough memory to store the CDP advertisements in the advertisement cache table when the device was attempting to assemble advertisement packets for transmission and parse them when receiving them Invalid The number of invalid CDP advertisements received CDP version 1 adv...

Page 704: ...Revision History 78 20269 01 Command Line Interface Reference Guide 935 4 46 Revision History Revision Date Comments 1 0 June 14 2011 Draft ...

Page 705: ...Revision History 78 20269 01 Command Line Interface Reference Guide 936 4 ...

Page 706: ... and or its affiliates in the U S and other countries A listing of Cisco s trademarks can be found at www cisco com go trademarks Third party trademarks mentioned are the property of their respective owners The use of the word partner does not imply a partnership relationship between Cisco and any other company 1005R ...

Reviews:

No comments

Brands by name

Popular brands

Load more brands