manualshive.com logo in svg

D-Link DES-1228/ME, Reference Manual

The D-Link DES-1228/ME is a high-performance network switch designed for small to medium-sized businesses. With advanced features and reliable performance, this product offers exceptional value for optimizing your network. Access the Reference Manual for comprehensive information and configurations, available for free download at manualshive.com.

Share
Download
background image

DES-1228/ME Metro Ethernet Managed Switch CLI Reference Guide 

 

335 

 

config dos_prevention dos_type 

Purpose

 

This command is used to discard the L3 control packets sent to CPU 
from specific ports. 

Syntax

 

config dos_prevention dos_type [ {land_attack | blat_attack | 
smurf_attack | tcp_null_scan | tcp_xmascan | tcp_synfin | 
tcp_syn_srcport_less_1024} (1) | all] {action [ drop | mirror <port> {priority 
<value 0-7> | rx_rate [ no_limit | <value 64-1024000> ] } ] | enable | 
disable ] } (1) 

Description

 

This command is used to configure the prevention of DoS attacks, and 
includes state and action. The packets matching will be used by the 
hardware. For a specific type of attack, the content of the packet, 
regardless of the receipt port or destination port, will be matched against 
a specific pattern.  

Parameters

 

The type of DoS attack. Possible values are as follows: 

land_attack 

blat_attack 

smurf_attack 

tcp_null_scan 

tcp_xmascan 

tcp_synfin 

tcp_syn_srcport_less_1024 

state - Enable or disable DoS prevention. 

By default, prevention for all types of DoS are enabled except for 
tcp_syn_srcport_less_1024. 

action - When enabling DoS prevention, the following actions can be 
taken. 

drop – Drop the attack packets. 

mirror – Mirror the packet to other port for further process. 

priority – Change packet priority by the Switch from 0 to 7. 

If the priority is not specified, the original priority will be used. 

rx_rate – controls the rate of the received DoS attack packets. 

If not specified, the default action is drop. 

Restrictions

 

Only Administrator level, Operator level or Power User level users can 
issue this command. 

 

Example usage 

 

To configure a land attack and blat attack prevention: 

DES-1228/ME:5#  config dos_prevention dos_type land_attack blat_attack state 
enable action drop  

Command: config dos_prevention dos_type land_attack blat_attack state enable 
action drop 

 

Success.  

 

DES-1228/ME:5#  

Summary of Contents for DES-1228/ME

Page 1: ...DES 1228 ME Metro Ethernet Managed Switch CLI Reference Guide ...

Page 2: ...n is strictly forbidden Trademarks used in this text D Link and the D LINK logo are trademarks of D Link Corporation Microsoft and Windows are registered trademarks of Microsoft Corporation Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products D Link Corporation disclaims any proprietary interest in trademarks a...

Page 3: ...TORM CONTROL COMMANDS 129 QOS COMMANDS 133 PORT MIRRORING COMMANDS 148 VLAN COMMANDS 151 LINK AGGREGATION COMMANDS 160 BASIC IP COMMANDS 165 IGMP SNOOPING COMMANDS 172 DHCP RELAY COMMANDS 185 802 1X COMMANDS 192 ACCESS CONTROL LIST ACL COMMANDS 213 CPU FILTERING COMMANDS 228 SAFEGUARD ENGINE COMMANDS 230 TRAFFIC SEGMENTATION COMMANDS 233 TIME AND SNTP COMMANDS 235 ARP COMMANDS 241 ROUTING TABLE CO...

Page 4: ...MMANDS 354 ARP SPOOFING PREVENTION COMMANDS 357 TECHNICAL SUPPORT COMMANDS 360 COMMAND HISTORY COMMANDS 363 BPDU ATTACK PROTECTION COMMANDS 367 PPPOE CIRCUIT ID INSERTION COMMANDS 374 DHCP SERVER SCREENING SETTINGS 377 IPV6 NEIGHBOUR DISCOVERY COMMANDS 380 DEBUG SOFTWARE COMMANDS 384 BPDU TUNNEL COMMANDS 395 APPENDIX A PASSWORD RECOVERY PROCEDURE 398 APPENDIX B SYSTEM LOG ENTRIES 399 APPENDIX C TR...

Page 5: ...ink Corporation All rights reserved UserName PassWord Figure 1 1 Initial CLI screen There is no initial username or password Just press the Enter key twice to display the CLI input cursor DES 1228 ME 5 This is the command line where all commands are input Setting the Switch s IP Address Each Switch must be assigned its own IP Address which is used for communication with an SNMP network manager or ...

Page 6: ...in CIDR notation The IP interface named System on the Switch can be assigned an IP address and subnet mask which can then be used to connect a management station to the Switch s Telnet or Web based management agent DES 1228 ME 5 config ipif System ipaddress 10 73 21 11 8 Command config ipif System ipaddress 10 73 21 11 8 Success DES 1228 ME 5 Figure 1 3 Assigning an IP Address In the above example...

Page 7: ...console interface is used by connecting the Switch to a VT100 compatible terminal or a computer running an ordinary terminal emulator program e g the HyperTerminal program included with the Windows operating system using an RJ 45 console cable Your terminal parameters will need to be set to VT 100 compatible 9600 baud 8 data bits No parity One stop bit No flow control Users can also access the sam...

Page 8: ...ommand without its required parameters the CLI will prompt users with Next possible completions message DES 1228 ME 5 config account Command config account Next possible completions username DES 1228 ME 5 Figure 2 3 Example Command Parameter Help In this case the command config account was entered without the parameter username The CLI will then prompt users to enter the username with the message ...

Page 9: ...ompts are the same as presented in this manual angle brackets indicate a numerical value or character string braces indicate optional parameters or a choice of parameters and brackets indicate required parameters If a command is entered that is unrecognized by the CLI the top level commands will be displayed under the Available commands prompt DES 1228 ME 5 the Available commands cable_diag clear ...

Page 10: ...tous_arp greeting_message gvrp igmp igmp_snooping ipif iproute jumbo_frame lacp_ports link_aggregation lldp log log_save_timing loopdetect mac_notification mirror multicast multicast_fdb packet per_queue port_security ports pppoe pvid radius router_ports safeguard_engine scheduling scheduling_mechanism serial_port session smtp snmp sntp ssh stp switch syslog tech_support terminal_line time traffic...

Page 11: ...twork address in the network_address space Do not type the angle brackets Example Command config ipif System ipaddress 10 24 22 5 8 vlan Design state enable square brackets Purpose Encloses a required value or set of required arguments One value or argument can be specified Syntax create account admin operator Power User user username 15 Description In the above syntax example users must specify e...

Page 12: ...e argument or value within the braces must be specified Do not type the parentheses Example command config dhcp_relay hops 3 Line Editing Key Usage Delete Deletes the character under the cursor and then shifts the remaining characters in the line to the left Backspace Deletes the character to the left of the cursor and then shifts the remaining characters in the line to the left Insert or Ctrl R T...

Page 13: ... pages are to be displayed ESC Stops the display of remaining pages when multiple pages are to be displayed n Displays the next page p Displays the previous page q Stops the display of remaining pages when multiple pages are to be displayed r Refreshes the pages currently displayed a Displays the remaining pages without pausing between pages Enter Displays the next line or table entry ...

Page 14: ...tes 5_minutes 10_minutes 15_minutes 1 enable clipaging disable clipaging enable telnet tcp_port_number 1 65535 disable telnet telnet ipaddr tcp_port value 0 65535 ping ipaddr domain_name 255 times value 1 255 timeout sec 1 99 source_ip ipaddr enable web tcp_port_number 1 65535 disable web save config config_id value 1 2 log all reboot force_agree reset config system force_agree login logout show c...

Page 15: ...ll still be in encrypted form It can not revert back to plain text Parameters None Restrictions Only Administrator level users can issue this command Example usage To enable password encryption on the Switch DES 1228 ME 5 enable password encryption Command enable password encryption Success DES 1228 ME 5 disable password encryption Purpose Used to disable password encryption on a user account Synt...

Page 16: ...DES 1228 ME Metro Ethernet Managed Switch CLI Reference Guide 12 DES 1228 ME 5 disable password encryption Command disable password encryption Success DES 1228 ME 5 ...

Page 17: ... higher than the user level user username Name of the user account username The user name with a minimum of 1 character and a maximum of 15 characters Restrictions Only Administrator level users can issue this command Usernames can be between 1 and 15 characters Passwords can be between 0 and 15 characters Example usage To create an operator level user account with the username dlink DES 1228 ME 5...

Page 18: ...ount The account must already be defined plain_text Select to specify the password in plain text form sha_1 Select to specify the password in the SHA 1 encrypted form password The password for the usefr account The length of the password in plain text form and in encrypted form are different For the plain text form passwords must have a minimum of 0 character and can have a maximum of 15 character...

Page 19: ... 5 show account Command show account Current Accounts Username Access Level admin Admin dlink Operator beta Power User guest User Total Entries 4 DES 1228 ME 5 delete account Purpose Used to delete an existing user account Syntax delete account username Description This command is used to delete a user account that has been created using the create account command Parameters username The name of t...

Page 20: ...mand is used to display a list of all the users that are logged in at the time the command is issued Parameters None Restrictions None Example usage To display the way that the users logged in DES 1228 ME 5 show session Command show session ID Live Time From Level Name 8 0 2 27 60 Serial Port 5 dlink Total Entries 1 CTRL C ESC q Quit SPACE n Next Page p Previous Page r Refresh ...

Page 21: ...net Switch MAC Address 00 12 28 8E 77 00 IP Address 10 90 90 90 Manual VLAN Name default Subnet Mask 255 0 0 0 Default Gateway 0 0 0 0 Boot PROM Version Build 2 00 001 Firmware Version Build 2 01 001 Hardware Version B1 System Name System Location System Uptime 0 days 1 hours 46 minutes 17 seconds System Contact Spanning Tree Disabled GVRP Disabled IGMP Snooping Disabled VLAN Trunk Disabled 802 1X...

Page 22: ...tings Syntax show serial_port Description This command is used to display the current serial port settings Parameters None Restrictions None Example usage To display the serial port setting DES 1228 ME 5 show serial_port Command show serial_port Baud Rate 9600 Data Bits 8 Parity Bits None Stop Bits 1 Auto Logout 10 mins DES 1228 ME 5 ...

Page 23: ...and 115200 never No time limit on the length of time the console can be open with no user input 2_minutes The console will log out the current user if there is no user input for 2 minutes 5_minutes The console will log out the current user if there is no user input for 5 minutes 10_minutes The console will log out the current user if there is no user input for 10 minutes 15_minutes The console wil...

Page 24: ...ay when the show command output reaches the end of the page DES 1228 ME 5 enable clipaging Command enable clipaging Success DES 1228 ME 5 disable clipaging Purpose Used to disable the pausing of the console screen scrolling at the end of each page when a command displays more than one screen of information Syntax disable clipaging Description This command is used to disable the pausing of the cons...

Page 25: ... 65535 The well known TCP port for the Telnet protocol is 23 Restrictions Only Administrator level and Operator level users can issue this command Example usage To enable Telnet and configure port number ES 1228 ME 5 enable telnet Command enable telnet Success DES 1228 ME 5 disable telnet Purpose Used to disable the Telnet protocol on the Switch Syntax disable telnet Description This command is us...

Page 26: ...l Message Protocol ICMP echo messages to a remote IP address The remote IP address will then echo or return the message This is used to confirm connectivity between the switch and the remote device Parameters ipaddr Specifies the IP address of the host domain_name 255 Specifies the domain name of the host This name can be up to 255 characters long times Optional Specify the number of individual IC...

Page 27: ...ement software on the Switch The user can specify the TCP port number the Switch will use to listen for Telnet requests Parameters tcp_port_number 1 65535 The TCP port number TCP ports are numbered between 1 and 65535 The well known port for the Web based management software is 80 Restrictions Only Administrator level and Operator level users can issue this command Example usage To enable HTTP and...

Page 28: ...ID if cfg ID is not specified it refers to the boot_up CFG file log Used to save the current log to a file The log file cannot be deleted all Save changes to currently activated configurations and save log If no keywords are specified save the changes to the configuration If there are no keywords specified the changes will be saved to the configuration Restrictions Only Administrator level Operato...

Page 29: ...ion This command is used to restart the Switch Parameters force_agree When force_agree is specified the Switch will be forced to restart immediately without further confirmation Restrictions Only Administrator level users can issue this command Example usage To restart the Switch DES 1228 ME 5 reboot Command reboot Are you sure you want to proceed with the system reboot y n y Please wait the switc...

Page 30: ... entries in the Forwarding Data Base force_agree When force_agree is specified the reset command will be executed immediately without further confirmation If no parameter is specified the Switch s current IP address user accounts and the switch history log are not changed All other parameters are restored to the factory default settings The Switch will not save or reboot Restrictions Only Administ...

Page 31: ...ting login Purpose Used to log in a user to the Switch s console Syntax login Description This command is used to initiate the login procedure The user will be prompted for a Username and Password Parameters None Restrictions None Example usage To initiate the login procedure DES 1228 ME 5 login Command login UserName logout Purpose Used to log out a user from the Switch s console Syntax logout De...

Page 32: ...ine that contains the specified filter string will be the first line of the output The relationship of multiple filter strings following the same filter type is OR That is one line is qualified if one of specified filter strings is matched If more than one filter evaluation is specified the output is filtered by the former evaluation and will be used as the input of the latter evaluation For examp...

Page 33: ...ty 128 config stp ports 1 26 fbpdu enable config stp ports 1 26 restricted_role false config stp ports 1 26 restricted_tcn false DES 1228 ME 5 config terminal_line Purpose Used to configure the number of rows which can be displayed on a screen Syntax config terminal_line default value 20 80 Description This command is used to configure the number of rows which can be displayed on a screen The defa...

Page 34: ...5 enable jumbo_frame Purpose Used to enable jumbo frame Syntax enable jumbo_frame Description This command is used to configure the jumbo frame setting as enable Parameters None Restrictions Only Administrator level Operator level or Power User level users can issue this command Example usage To enable jumbo frame DES 1228 ME 5 enable jumbo_frame Command enable jumbo_frame Success DES 1228 ME 5 di...

Page 35: ...used to display the current configuration of the jumbo frame setting Parameters None Restrictions None Example usage To display jumbo frame DES 1228 ME 5 show jumbo_frame Command show jumbo_frame Jumbo Frame State Disabled Maximum Jumbo Frame Size 2048 Bytes DES 1228 ME 5 clear Purpose This command is used to clear the terminal screen Syntax clear Description This command is used to clear the term...

Page 36: ...elect a configuration file as the next boot up configuration or to apply a specific configuration to the system This command is required when multiple configuration files are supported Parameters delete Specifies to delete the configuration file boot_up Specifies the configuration file as a boot up file active Specifies to apply the configuration Restrictions Only Administrator level users can iss...

Page 37: ... complete download the configuration Disable No trap will be sent Restrictions Only Administrator level users can issue this command Example usage To enable the trap of a configuration saving completed DES 1228 ME 5 config configuration trap save enable Command config configuration trap save enable Success DES 1228 ME 5 show config information Purpose Used to display the content of the configurati...

Page 38: ...istrator level users can use this command to change the command prompt Parameters string 32 The command prompt can be changed by entering a new name of no more that 32 characters username The command prompt will be changed to the login username default The command prompt will reset to factory default command prompt Default the name of the Switch model for example DES 1288 ME Restrictions Only Admi...

Page 39: ...L Restrictions Only Administrator level users can issue this command Other restrictions include If the reset command is executed the modified banner will remain modified However the reset config reset system command will reset the modified banner to the original factory banner The capacity of the banner is 24 80 24 Lines and 80 characters per line Ctrl W will only save the modified banner in the D...

Page 40: ...age Description This command is used to view the currently configured greeting message on the Switch Parameters None Restrictions None Example usage To view the currently configured greeting message DES 1228 ME 5 show greeting_message Command show greeting_message DES 1228 ME Metro Ethernet Switch Command Line Interface Firmware Build 2 01 001 Copyright C 2012 D Link Corporation All rights reserve...

Page 41: ...n the following table Command Parameters config ports portlist all medium_type fiber copper speed auto 10_half 10_full 100_half 100_full 1000_full master slave flow_control enable disable state enable disable learning enable disable description desc 32 clear_description mdix auto normal cross 1 show ports portlist description err_disabled Each command is listed in detail in the following sections ...

Page 42: ...cted physical layers This relationship is necessary for establishing the timing control between the two physical layers The timing control is set on a master physical layer by a local source The slave setting 1000M Full_S uses loop timing where the timing comes from a data stream received from the master If one connection is set for 1000M Full_M the other side of the connection must be set for 100...

Page 43: ...bled Restrictions None Example usage To display the configuration of all ports on a standalone switch DES 1228 ME 5 show ports Command show ports Port State Settings Connection Address MDI Speed Duplex FlowCtrl Speed Duplex FlowCtrl Learning 1 Enabled Auto Disabled LinkDown Enabled Auto Auto Disabled LinkDown Enabled 2 Enabled Auto Disabled LinkDown Enabled Auto Auto Disabled LinkDown Enabled 3 En...

Page 44: ...ngs Connection Address MDI Speed Duplex FlowCtrl Speed Duplex FlowCtrl Learning 1 Enabled Auto Disabled LinkDown Enabled Auto Desc 2 Enabled Auto Disabled LinkDown Enabled Auto Desc 3 Enabled Auto Disabled LinkDown Enabled Auto Desc 4 Enabled Auto Disabled LinkDown Enabled Auto Desc 5 Enabled Auto Disabled LinkDown Enabled Auto Desc 6 Enabled Auto Disabled LinkDown Enabled Auto Desc CTRL C ESC q Q...

Page 45: ... port_security ports auth_portlist all admin_state enable disable max_learning_addr max_lock_no 0 64 lock_address_mode DeleteOnTimeout DeleteOnReset Permanent 1 delete port_security_entry vlan_name vlan_name 32 mac_address macaddr port auth_port clear port_security_entry port auth_portlist show port_security ports auth_portlist enable port_security trap_log disable port_security trap_log Each comm...

Page 46: ...x_lock_no 0 64 Use this to limit the number of MAC addresses dynamically listed in the FDB for the ports lock_address_mode DeleteOnTimout DeleteOnReset Permanent Indicates the method of locking addresses The user has three choices DeleteOnTimeout The locked addresses will age out after the aging timer expires Aging Time is set using the FDB command DeleteOnReset The locked addresses will not age o...

Page 47: ...e vlan_name 32 Enter the corresponding VLAN name of the port to delete mac_address macaddr Enter the corresponding MAC address previously learned by the port to delete port auth_port Enter the port number which has learned the previously entered MAC address Restrictions Only Administrator level Operator level or Power User level users can issue this command Example usage To delete a port security ...

Page 48: ...s used to clear MAC address entries which were learned by the Switch by a specified port This command only relates to the port security function Parameters auth_portlist Specifies a port or port range to clear Restrictions Only Administrator level Operator level or Power User level users can issue this command Example usage To clear a port security entry by port DES 1228 ME 5 clear port_security_e...

Page 49: ... security admin state maximum number of learning address and lock mode Parameters auth_portlist Specifies a port or range of ports to be viewed Restrictions None Example usage To display the port security configuration DES 1228 ME 5 show port_security ports 1 5 Command show port_security ports 1 5 Port_security Trap Log Disabled Port Admin State Max Learning Addr Lock Address Mode 1 Enabled 5 Dele...

Page 50: ... security trap log setting DES 1228 ME 5 enable port_security trap_log Command enable port_security trap_log Success DES 1228 ME 5 disable port_security trap_log Purpose Used to disable the trap log for port security Syntax disable port_security trap_log Description This command along with the enable port_security trap_log will disable the sending of log messages to the Switch s log and SNMP agent...

Page 51: ...NMP versions SNMP Version Authentication Method Description v1 Community String Community String is used for authentication NoAuthNoPriv v2c Community String Community String is used for authentication NoAuthNoPriv v3 Username Username is used for authentication NoAuthNoPriv v3 MD5 or SHA Authentication is based on the HMAC MD5 or HMAC SHA algorithms AuthNoPriv v3 MD5 DES or SHA DES Authentication...

Page 52: ...eID 10 64 show snmp engineID create snmp group groupname 32 v1 v2c v3 noauth_nopriv auth_nopriv auth_priv read_view view_name 32 write_view view_name 32 notify_view view_name 32 1 delete snmp group groupname 32 show snmp groups create snmp host ipaddr v1 v2c v3 noauth_nopriv auth_nopriv auth_priv auth_string 32 delete snmp host ipaddr show snmp host ipaddr create trusted_host ipaddr network networ...

Page 53: ...pecifying the auth_password below This method is recommended by_key Requires the SNMP user to enter an encryption key for authentication and privacy The key is defined by specifying the key in hex form This method is not recommended auth The user may also choose the type of authentication algorithms used to authenticate the snmp user The choices are md5 Specifies that the HMAC MD5 96 authenticatio...

Page 54: ... dlink encrypted by_password auth md5 knickerbockers priv none Success DES 1228 ME 5 delete snmp user Purpose Used to remove an SNMP user from an SNMP group and also to delete the associated SNMP group Syntax delete snmp user SNMP_name 32 Description This command is used to remove an SNMP user from its SNMP group and then delete the associated SNMP group Parameters SNMP_name 32 An alphanumeric str...

Page 55: ...This command is used to display information about each SNMP username in the SNMP group username table Parameters None Restrictions None Example usage To display the SNMP users currently configured on the Switch DES 1228 ME 5 show snmp user Command show snmp user Username Group Name SNMP Version Auth Protocol PrivProtocol initial initial V3 None None dlinkuser dlink V3 MD5 None Total Entries 2 DES ...

Page 56: ...entifies the SNMP view that will be created oid The object ID that identifies an object tree MIB tree that will be included or excluded from access by an SNMP manager view type Sets the view type to be included Include this object in the list of objects that an SNMP manager can access excluded Exclude this object from the list of objects that an SNMP manager can access Restrictions Only Administra...

Page 57: ...entifies an object tree MIB tree that will be deleted from the Switch Restrictions Only Administrator level Operator level or Power User level users can issue this command Example usage To delete a previously configured SNMP view from the Switch DES 1228 ME 5 delete snmp view dlinkview all Command delete snmp view dlinkview all Success DES 1228 ME 5 show snmp view Purpose Used to display an SNMP v...

Page 58: ...y read_write or read_only level permission for the MIB objects accessible to the SNMP community Syntax create snmp community community_string 32 view view_name 32 read_only read_write Description This command is used to create an SNMP community string and to assign access limiting characteristics to this community string Parameters community_string 32 An alphanumeric string of up to 32 characters ...

Page 59: ...unity This string is used like a password to give remote SNMP managers access to MIB objects in the Switch s SNMP agent Restrictions Only Administrator level users can issue this command Example usage To delete the SNMP community string dlinkcomm DES 1228 ME 5 delete snmp community dlinkcomm Command delete snmp community dlinkcomm Success DES 1228 ME 5 show snmp community Purpose Used to display S...

Page 60: ...pose Used to configure an identifier for the SNMP engine on the Switch Syntax config snmp engineID snmp_engineID 10 64 Description This command is used to configure an identifier for the SNMP engine on the Switch Parameters snmp_engineID 10 64 An alphanumeric string that will be used to identify the SNMP engine on the Switch Restrictions Only Administrator level Operator level or Power User level ...

Page 61: ...e on the Switch Syntax show snmp engineID Description This command is used to display the identification of the SNMP engine on the Switch Parameters None Restrictions None Example usage To display the current name of the SNMP engine on the Switch DES 1228 ME 5 show snmp engineID Command show snmp engineID SNMP Engine ID 0035636666 DES 1228 ME 5 ...

Page 62: ...ombination of authentication and encrypting packets over the network SNMP v3 adds Message integrity Ensures that packets have not been tampered with during transit Authentication Determines if an SNMP message is from a valid source Encryption Scrambles the contents of messages to prevent it being viewed by an unauthorized source noauth_nopriv Specifies that there will be no authorization and no en...

Page 63: ... alphanumeric name of up to 32 characters that will identify the SNMP group the new SNMP user will be associated with Restrictions Only Administrator level Operator level or Power User level users can issue this command Example usage To delete the SNMP group named dlink DES 1228 ME 5 delete snmp group dlink Command delete snmp group dlink Success DES 1228 ME 5 show snmp groups Purpose Used to disp...

Page 64: ...ame dlinkview WriteView Name dlinkview Notify View Name dlinkview Securiy Model SNMPv3 Securiy Level NoAuthNoPriv Group Name public ReadView Name CommunityView WriteView Name Notify View Name CommunityView Securiy Model SNMPv1 Securiy Level NoAuthNoPriv Group Name public ReadView Name CommunityView WriteView Name Notify View Name CommunityView Securiy Model SNMPv2 Securiy Level NoAuthNoPriv CTRL C...

Page 65: ...evices through a combination of authentication and encrypting packets over the network SNMP v3 adds Message integrity ensures that packets have not been tampered with during transit Authentication determines if an SNMP message is from a valid source Encryption scrambles the contents of messages to prevent it being viewed by an unauthorized source noauth_nopriv Specifies that there will be no autho...

Page 66: ...elete snmp host 10 48 74 100 Success DES 1228 ME 5 show snmp host Purpose Used to display the recipient of SNMP traps generated by the Switch s SNMP agent Syntax show snmp host ipaddr Description This command is used to display the IP addresses and configuration information of remote SNMP managers that are designated as recipients of SNMP traps that are generated by the Switch s SNMP agent Paramet...

Page 67: ... to be created Restrictions Only Administrator level or Operator level users can issue this command Example usage To create a trusted host DES 1228 ME 5 create trusted_host 10 81 17 1 Command create trusted_host 10 81 17 1 Success DES 1228 ME 5 To create a trusted host network DES 1228 ME 5 create trusted_host network 10 81 0 0 16 Command create trusted_host network 10 81 0 0 16 Success DES 1228 M...

Page 68: ...ted_host network 10 81 0 0 16 Command delete trusted_host network 10 81 0 0 16 Success DES 1228 ME 5 To delete all trusted host entries DES 1228 ME 5 delete trusted_host all Command delete trusted_host all Success DES 1228 ME 5 show trusted_host Purpose Used to display a list of trusted hosts entered on the Switch using the create trusted_host command above Syntax show trusted_host Description Thi...

Page 69: ...r level or Operator level users can issue this command To enable SNMP trap support DES 1228 ME 5 enable snmp traps Command enable snmp traps Success DES 1228 5 enable snmp authenticate_traps Purpose Used to enable SNMP authentication failure trap support Syntax enable snmp authenticate_traps Description This command is used to enable snmp authenticate_traps command enables SNMP authentication fail...

Page 70: ... enable snmp linkchange_traps Description This command is used to enable disable snmp link change traps Parameters None Restrictions Only Administrator level or Operator level users can issue this command To enable SNMP linkchange trap support on the Switch DES 1228 ME 5 enable snmp linkchange_traps Command enable snmp linkchange_traps Success DES 1228 ME 5 ...

Page 71: ...o disable SNMP trap support on the switch Syntax disable snmp authenticate_traps Description The disable snmp authenticate_traps command disables SNMP authentication failure trap support Parameters None Restrictions Only Administrator level or Operator level users can issue this command To disable SNMP authentication trap support DES 1228 ME 5 disable snmp authenticate_traps Command disable snmp a...

Page 72: ... the sending of a link change trap for this port disable To disable the sending of a link change trap for this port Restrictions Only Administrator level or Operator level users can issue this command Example usage To configure SNMP linkchange traps for ports 1 to 4 DES 1228 ME 5 config snmp linkchange_traps ports 1 4 enable Command config snmp linkchange_traps ports 1 4 enable Success DES 1228 ME...

Page 73: ...ES 1228 ME Metro Ethernet Managed Switch CLI Reference Guide 69 DES 1228 ME 5 show snmp traps Command show snmp traps SNMP Traps Enabled Authenticate Traps Enabled Linkchange Traps Enabled DES 1228 ME 5 ...

Page 74: ...gure the Switch contact to MIS Department II DES 1228 ME 5 config snmp system_contact MIS Department II Command config snmp system_contact MIS Department II Success DES 1228 ME 5 config snmp system_location Purpose Used to enter a description of the location of the Switch Syntax config snmp system_location sw_location Description This command is used to enter a description of the location of the S...

Page 75: ...tem_name DES 1228 Switch Success DES 1228 ME 5 enable rmon Purpose Used to enable RMON on the Switch Syntax enable rmon Description This command is used in conjunction with the disable rmon command below to enable and disable remote monitoring RMON on the Switch Parameters None Restrictions Only Administrator level or Operator level users can issue this command Example Usage To enable RMON DES 122...

Page 76: ...ue this command Example usage To enable the trap for coldstart events DES 1228 ME 5 config snmp coldstart_traps enable Command config snmp coldstart_traps enable Success DES 1228 ME 5 config snmp warmstart_traps Purpose Used to configure the trap for warmstart event Syntax config snmp warmstart_traps enable disable Description This command is used to configure the trap state for warmstart event Pa...

Page 77: ...v6addr path_filename 64 config_id value 1 2 include exclude begin filter_string 80 filter_string 80 filter_string 80 include exclude begin filter_string 80 filter_string 80 filter_string 80 include exclude begin filter_string 80 filter_string 80 filter_string 80 log_toTFTP ipaddr ipv6addr path_filename 64 enable autoconfig disable autoconfig config autoconfig timeout value 1 65535 show autoconfig ...

Page 78: ...ress of the TFTP server path_filename The DOS path and filename of the firmware or switch configuration file on the TFTP server For example C 1228 had image_id value 1 2 Specify the working section ID The Switch can hold two firmware versions for the user to select from which are specified by section ID increment Allows the download of a partial switch configuration file This allows a file to be d...

Page 79: ...n successfully loaded the message End of configuration file for DES 1228 ME appears followed by the command prompt DES 1228 ME 5 disable authen_policy Command disable authen_policy Success DES 1228 ME 5 config firmware Purpose Used to configure the firmware section image as a boot up section or to delete the firmware section Syntax config firmware image_id value 1 2 delete boot_up Description This...

Page 80: ...DES 1228 ME Metro Ethernet Managed Switch CLI Reference Guide 76 DES 1228 ME 5 config firmware image_id 1 boot_up Command config firmware image_id 1 boot_up Success DES 1228 ME 5 ...

Page 81: ...mand is used to display the firmware section information Parameters None Restrictions None Example usage To display the current firmware information on the Switch DES 1228 ME 5 show firmware information Command show firmware information Image ID 1 Boot up firmware Version 2 01 001 Size 2420752 Bytes Update Time 0000 00 00 00 03 03 From 10 10 27 67 User Anonymous CONSOLE Image ID 2 Empty DES 1228 M...

Page 82: ... filter evaluation is specified the output is filtered by the former evaluation and will be used as the input of the latter evaluation Parameters cfg_toTFTP Specifies that the Switch s current settings will be uploaded to the TFTP server log_toTFTP Specifies that the switch history log will be uploaded to the TFTP server ipaddr The IP address of the TFTP server The TFTP server must be on the same ...

Page 83: ...Switch CLI Reference Guide 79 DES 1228 ME 5 upload cfg_toTFTP 10 90 90 1 config_stp txt include stp Command upload cfg_toTFTP 10 90 90 1 config_stp txt include stp Connecting to server Done Upload configuration Done Success DES 1228 ME 5 ...

Page 84: ...onfiguration file present in Switch memory will be loaded Only Administrator level or Operator level users can issue this command Example usage To enable auto configuration on the Switch DES 1228 ME 5 enable autoconfig Command enable autoconfig Success DES 1228 ME 5 When autoconfig is enabled and the Switch is rebooted the normal login screen will appear for a few moments while the autoconfig requ...

Page 85: ...load cfg_fromTFTP 10 41 44 44 c cfg setting txt Connecting to server Done Download configuration Done The very end of the autoconfig process appears like this Success DES 1228 ME 5 DES 1228 ME 5 ROUTE DES 1228 ME 5 DES 1228 ME 5 DES 1228 ME 5 DES 1228 ME 5 End of configuration file for DES 1228 ME DES 1228 ME 5 DES 1228 ME 5 DES 1228 ME 5 Note With autoconfig enabled the Switch ipif settings now d...

Page 86: ...nfig Success DES 1228 ME 5 config autoconfig timeout Purpose This command is used to specify the timeout length in getting of network setting through DHCP Syntax config autoconfig timeout value 1 65535 Description This command is used to configure the timeout value This timer is used to limit the length of time in getting configuration setting from the network When timeout occurs the auto configur...

Page 87: ... status of the Switch Syntax show autoconfig Description This command is used to list the current status of the auto configuration function Parameters None Restrictions None Example usage To display the autoconfig status DES 1228 ME 5 show autoconfig Command show autoconfig Autoconfig State Disabled Timeout 50 sec DES 1228 ME 5 ...

Page 88: ...se from the remote device A value of 1 to 99 seconds can be specified The default is 1 second Restrictions None Example usage To ping the IP address 10 48 74 121 four times DES 1228 ME 5 ping 10 48 74 121 times 4 Command ping 10 48 74 121 Reply from 10 48 74 121 time 10ms Reply from 10 48 74 121 time 10ms Reply from 10 48 74 121 time 10ms Reply from 10 48 74 121 time 10ms Ping statistics for 10 48...

Page 89: ... 1804 System times 6 Reply from FE80 254 85FF FE32 1804 bytes 100 time 10 ms Reply from FE80 254 85FF FE32 1804 bytes 100 time 10 ms Reply from FE80 254 85FF FE32 1804 bytes 100 time 10 ms Reply from FE80 254 85FF FE32 1804 bytes 100 time 10 ms Reply from FE80 254 85FF FE32 1804 bytes 100 time 10 ms Reply from FE80 254 85FF FE32 1804 bytes 100 time 10 ms Ping Statistics for FE80 254 85FF FE32 1804...

Page 90: ... live value of the trace route request This is the maximum number of routers This command will cross while seeking the network path between two devices port value 30000 64900 The port number It must be above 1024 The value range is between 30000 and 64900 probe value 1 9 The number of probes The range is from 1 to 9 Restrictions Only Administrator level Operator level or Power User level users can...

Page 91: ...ator level or Power User level users can issue this command Example usage To configure the terminal line DES 1228 ME 5 config terminal_line 30 Command config terminal_line 30 Success DES 1228 ME 5 show terminal line Purpose Used to display the number of rows which can be displayed at a screen Syntax show terminal_line Description This command is used to display the number of rows which can be disp...

Page 92: ...g disable syslog show syslog create syslog host index 1 4 severity informational warning all facility local0 local1 local2 local3 local4 local5 local6 local7 udp_port udp_port_number ipaddress ipaddr state enable disable config syslog host all index 1 4 severity informational warning all facility local0 local1 local2 local3 local4 local5 local6 local7 udp_port udp_port_number ipaddress ipaddr stat...

Page 93: ... of ports to be displayed Restrictions None Example usage To display the packets analysis for port 1 DES 1228 ME 5 show packet ports 1 Command show packet ports 1 Port Number 1 Frame Size Frame Counts Frames sec Frame Type Total Total sec 64 0 0 RX Bytes 0 0 65 127 0 0 RX Frames 0 0 128 255 0 0 Port Number 1 0 TX Bytes 0 0 Frame Size Frame Counts Frames sec Frame Type Total Total sec 64 0 0 RX Byt...

Page 94: ...nge of ports to be displayed Restrictions None Example usage To display the errors of the port 3 DES 1228 ME 5 show error ports 1 Command show error ports 1 Port Number 1 RX Frames TX Frames CRC Error 0 Excessive Deferral 0 Undersize 0 CRC Error 0 Oversize 0 Late Collision 0 Port Number 1 Excessive Collision 0 RX Frames TX Frames CRC Error 0 Excessive Deferral 0 Undersize 0 CRC Error 0 Oversize 0 ...

Page 95: ...ter will display the current Flash utilization of the Switch ports Entering this parameter will display the current port utilization of the Switch portlist Specifies a range of ports to be displayed Restrictions None Example usage To display the current CPU utilization DES 1228 ME 5 show utilization cpu Command show utilization cpu CPU Utilization Five Seconds 3 One Minute 2 Five Minutes 5 CTRL C ...

Page 96: ...Page p Previous Page r Refresh To display the port utilization statistics DES 1228 ME 5 show utilization ports Command show utilization ports Port TX sec RX sec Util Port TX sec RX sec Util 1 0 0 0 22 0 0 0 2 0 0 0 23 0 0 0 3 0 0 0 24 0 0 0 4 0 0 0 25 0 0 0 5 0 0 0 26 0 0 0 6 0 0 0 27 0 0 0 7 0 37 1 28 0 0 0 8 0 0 0 9 0 0 0 10 0 0 0 11 36 0 1 12 0 0 0 13 0 0 0 14 0 0 0 15 0 0 0 16 0 0 0 17 0 0 0 1...

Page 97: ...s Only Administrator level or Operator level users can issue this command Example usage To clear the counters DES 1228 ME 5 clear counters ports 2 9 Command clear counters ports 2 9 Success DES 1228 ME 5 clear log Purpose Used to clear the Switch s history log Syntax clear log Description This command is used to clear the Switch s history log Parameters None Restrictions Only Administrator level o...

Page 98: ...x 1 5 Command show log index 1 5 Index Data Time Log Text 5 00000 00 00 01 01 09 Successful login through Console Username Anonymous 4 00000 00 00 00 00 14 System warm start 3 00000 00 00 00 00 06 Port 25 link up 1000Mbps FULL duplex 2 00000 00 00 00 00 01 Port 25 link down 1 00000 00 00 00 06 31 Port 25 link up 1000Mbps FULL duplex DES 1228 ME 5 enable syslog Purpose Used to enable the system log...

Page 99: ...can issue this command Example usage To disable the syslog function on the Switch DES 1228 ME 5 disable syslog Command disable syslog Success DES 1228 ME 5 show syslog Purpose Used to display the syslog protocol status as enabled or disabled Syntax show syslog Description This command is used to display the syslog status as enabled or disabled Parameters None Restrictions None Example usage To dis...

Page 100: ... 1 4 Specifies that the command will be applied to an index of hosts There are four available indexes numbered 1 through 4 severity Severity level indicator These are described in the following Bold font indicates that the corresponding severity level is currently supported on the Switch Numerical Severity Code 0 Emergency system is unusable 1 Alert action must be taken immediately 2 Critical crit...

Page 101: ...emote host This corresponds to number 18 from the list above local3 Specifies that local use 3 messages will be sent to the remote host This corresponds to number 19 from the list above local4 Specifies that local use 4 messages will be sent to the remote host This corresponds to number 20 from the list above local5 Specifies that local use 5 messages will be sent to the remote host This correspon...

Page 102: ...ng Bold font indicates that the corresponding severity level is currently supported on the Switch Numerical Severity Code 0 Emergency system is unusable 1 Alert action must be taken immediately 2 Critical critical conditions 3 Error error conditions 4 Warning warning conditions 5 Notice normal but significant condition 6 Informational informational messages 7 Debug debug level messages information...

Page 103: ...emote host This corresponds to number 18 from the list above local3 Specifies that local use 3 messages will be sent to the remote host This corresponds to number 19 from the list above local4 Specifies that local use 4 messages will be sent to the remote host This corresponds to number 20 from the list above local5 Specifies that local use 5 messages will be sent to the remote host This correspon...

Page 104: ...d to remove a syslog host that has been previously configured from the Switch Syntax delete syslog host index 1 4 all Description This command is used to remove a syslog host that has been previously configured from the Switch Parameters index 1 4 Specifies that the command will be applied to an index of hosts There are four available indexes numbered 1 through 4 all Specifies that the command wil...

Page 105: ... Switch Parameters index 1 4 Specifies that the command will be applied to an index of hosts There are four available indexes numbered 1 through 4 Restrictions None Example usage To show syslog host information DES 1228 ME 5 show syslog host Command show syslog host Syslog Global State Disabled Host Id Host IP Address Severity Facility UDP port Status 1 10 1 1 2 All Local0 514 Disabled 2 10 40 2 3...

Page 106: ...save log command log_trigger Users who choose this method will have logs saved to the Switch every time a log event occurs on the Switch Restrictions Only Administrator level Operator level or Power User level users can issue this command Example usage To configure the time interval as every 30 minutes for saving logs DES 1228 ME 5 config log_save_timing time_interval 30 Command config log_save_ti...

Page 107: ... enable the command logging function DES 1228 ME 5 enable command logging Command enable command logging Success DES 1228 ME 5 disable command logging Purpose Used to disable command logging Syntax disable command logging Description This command is used to disable the command logging function Parameters None Restrictions Only Administrator level or Operator level users can issue this command Exam...

Page 108: ...Ethernet Managed Switch CLI Reference Guide 104 Example usage To show the command logging configuration status DES 1228 ME 5 show command logging Command show command logging Command Logging State Disabled DES 1228 ME 5 ...

Page 109: ... trees with a Common and Internal Spanning Tree CIST The CIST will automatically determine each MSTP region its maximum possible extent and will appear as one virtual bridge that runs a single spanning tree Consequentially frames assigned to different VLANs will follow different data routes within administratively established regions on the network continuing to allow simple and full processing of...

Page 110: ...false auto restricted_role true false restricted_tcn true false p2p true false auto state enable disable fbpdu enable disable 1 create stp instance_id value 1 8 config stp instance _id value 1 8 add_vlan remove_vlan vidlist delete stp instance_id value 1 8 config stp priority value 0 61440 instance_id value 0 8 config stp mst_config_id revision_level int 0 65535 name string 1 config stp mst_ports ...

Page 111: ...ssue this command Example usage To enable STP globally on the Switch DES 1228 ME 5 enable stp Command enable stp Success DES 1228 ME 5 disable stp Purpose Used to globally disable STP on the Switch Syntax disable stp Description This command is used to globally disable the Spanning Tree Protocol on the Switch Parameters None Restrictions Only Administrator level Operator level or Power User level ...

Page 112: ...l set the Multiple Spanning Tree Protocol MSTP globally on the Switch rstp Selecting this parameter will set the Rapid Spanning Tree Protocol RSTP globally on the Switch stp Selecting this parameter will set the Spanning Tree Protocol STP globally on the Switch Restrictions Only Administrator level Operator level or Power User level users can issue this command Example usage To set the Switch glob...

Page 113: ... BPDU bridge protocol data unit packet sent by the Switch will be discarded Each switch on the hop count will reduce the hop count by one until the value reaches zero The Switch will then discard the BDPU packet and the information held for the port will age out The user may set a hop count from 6 to 40 The default is 20 hellotime value 1 2 The user may set the time interval between transmission o...

Page 114: ...enabled network Migration should be set as yes on ports connected to network stations or segments that are capable of being upgraded to 802 1w RSTP or 802 1s MSTP on all or some portion of the segment edge true false auto true designates the port as an edge port Edge ports cannot create loops however an edge port can lose edge port status if a topology change creates a potential for a loop An edge...

Page 115: ...r MSTP Syntax create stp instance_id value 1 8 Description This command allows the user to create a STP instance ID for the Multiple Spanning Tree Protocol There are five STP instances on the Switch one internal CIST unchangeable and the user may create up to four instance IDs for the Switch Parameters value 1 8 Enter a value between 1 and 8 to identify the Spanning Tree instance on the Switch Res...

Page 116: ...ame name Parameters value 1 8 Enter a number between 1 and 8 to define the instance_id The Switch supports five STP instances with one unchangeable default instance ID set as 0 add_vlan Along with the vid_range vidlist parameter this command will add VIDs to the previously configured STP instance_id remove_vlan Along with the vid_range vidlist parameter this command will remove VIDs to the previou...

Page 117: ...settings on the Switch The MSTP will utilize the priority in selecting the root bridge root port and designated port Assigning higher priorities to STP regions will instruct the Switch to give precedence to the selected instance_id for forwarding packets The lower the priority value set the higher the priority Parameters priority value 0 61440 Select a value between 0 and 61440 to specify the prio...

Page 118: ...r between 0 and 65535 to identify the MSTP region This value along with the name will identify the MSTP region configured on the Switch The default setting is 0 name string Enter an alphanumeric string of up to 32 characters to uniquely identify the MSTP region on the Switch This name along with the revision_level value will identify the MSTP region configured on the Switch If no name is entered t...

Page 119: ... the CIST Common and Internal Spanning Tree internalCost This parameter is set to represent the relative cost of forwarding packets to specified ports when an interface is selected within a STP instance The default setting is auto There are two options auto Selecting this parameter for the internalCost will set quickest route automatically and optimally for an interface The default value is derive...

Page 120: ... the Switch s current STP configuration Parameters None Restrictions None Example usage To display the status of STP on the Switch Status 1 STP enabled with STP compatible version DES 1228 ME 5 show stp Command show stp STP Bridge Global Settings STP Status Enabled STP Version STP compatible Max Age 20 Hello Time 2 Forward Delay 15 Max Hops 20 TX Hold Count 6 Forwarding BPDU Enabled DES 1228 ME 5 ...

Page 121: ...P Status Enabled STP Version RSTP Max Age 20 Hello Time 2 Forward Delay 15 Max Hops 20 TX Hold Count 6 Forwarding BPDU Enabled DES 1228 ME 5 Status 3 STP enabled for MSTP DES 1228 ME 5 show stp Command show stp STP Bridge Global Settings STP Status Enabled STP Version MSTP Max Age 20 Forward Delay 15 Max Hops 20 TX Hold Count 6 Forwarding BPDU Enabled DES 1228 ME 5 ...

Page 122: ...maining ports instance value 0 8 Enter a value between 0 and 8 corresponding to the previously configured instance_id of which the user wishes to show the specified ports setting An instance id of 0 denotes the default instance_id CIST internally set on the Switch Restrictions None Example usage To show STP ports information for port 1 STP enabled on Switch DES 1228 ME 5 show stp ports Command sho...

Page 123: ... the Switch Restrictions None Example usage To display the STP instance configuration for instance 0 the internal CIST on the Switch DES 1228 ME 5 show stp instance 0 Command show stp instance 0 STP Instance Settings Instance Type CIST Instance Status Enabled Instance Priority 32768 Bridge Priority 32768 sys ID ext 0 STP Instance Operational Status Designated Root Bridge 32766 00 90 27 39 78 E2 Ex...

Page 124: ...on Name 00 53 13 1A 33 24 Revision Level 0 MSTI ID VID list CIST 1 4094 DES 1228 ME 5 config stp trap Purpose Used to configure the sending state for STP traps Syntax config stp trap new_root enable disable topo_change enable disable 1 Description This command is used to configure the sending state for STP traps Parameters new_root Enable disable sending of new root trap The default state is enabl...

Page 125: ...name 32 macaddr config multicast_fdb vlan_name 32 macaddr add delete portlist config fdb aging_time sec 10 1000000 delete fdb vlan_name 32 macaddr clear fdb vlan vlan_name 32 port port all show multicast_fdb vlan vlan_name 32 mac_address macaddr show fdb port port vlan vlan_name 32 vlanid vidlist mac_address macaddr static aging_time config multicast port_filtering_mode portlist all forward_unregi...

Page 126: ...ue this command Example usage To create a unicast MAC FDB entry DES 1228 ME 5 create fdb default 00 00 00 00 01 02 port 5 Command create fdb default 00 00 00 00 01 02 port 5 Success DES 1228 ME 5 create multicast_fdb Purpose Used to create a static entry in the multicast MAC address forwarding table database Syntax create multicast_fdb vlan_name 32 macaddr Description This command is used to make ...

Page 127: ...me Purpose Used to set the aging time of the forwarding database Syntax config fdb aging_time sec 10 1000000 Description The aging time affects the learning process of the Switch Dynamic forwarding table entries which are made up of the source MAC addresses and their associated port numbers are deleted from the table if they are not accessed within the aging time The aging time can be from 10 to 1...

Page 128: ... s MAC address forwarding database Parameters vlan_name 32 The name of the VLAN on which the MAC address resides macaddr The MAC address that will be added to the forwarding table Restrictions Only Administrator level Operator level or Power User level users can issue this command Example usage To delete a permanent FDB entry DES 1228 ME 5 delete fdb default 00 00 00 00 01 02 Command delete fdb de...

Page 129: ...s to the Switch s forwarding database Restrictions Only Administrator level Operator level or Power User level users can issue this command Example usage To clear all FDB dynamic entries DES 1228 ME 5 clear fdb all Command clear fdb all Success DES 1228 ME 5 show multicast_fdb Purpose Used to display the contents of the Switch s multicast forwarding database Syntax show multicast_fdb vlan vlan_nam...

Page 130: ...vidlist mac_address macaddr static aging_time Description This command is used to display the current contents of the Switch s forwarding database Parameters port port The port number corresponding to the MAC destination address The Switch will always forward traffic to the specified device through this port vlan_name 32 The name of the VLAN on which the MAC address resides vidlist Displays the en...

Page 131: ...configure the multicast packet filtering mode for specified ports on the Switch Parameters portlist all Enter a port or list of ports for which to configure the multicast port filtering mode Entering the all parameter will denote all ports on the switch forward_unregistered_groups filter_unregistered_groups The user may set the filtering mode to any of these two options Restrictions Only Administr...

Page 132: ...mode Description This command is used to display the current multicast packet filtering mode for ports on the Switch Parameters None Restrictions None Example usage To view the multicast port filtering mode for all ports DES 1228 ME 5 show multicast port_filtering_mode Command show multicast port_filtering_mode Multicast Filter Mode For Unregistered Group Forwarding List 1 28 Filtering List DES 12...

Page 133: ...hese two types of packets Once a storm has been detected that is once the packet threshold set below has been exceeded the Switch will shutdown the port to all incoming traffic with the exception of STP BPDU packets for a time period specified using the CountDown field If this field times out and the packet storm continues the port will be placed in a Rest mode which will produce a warning message...

Page 134: ...ed in Rest mode and is no longer operational until 1 auto recovery after 5 minutes or 2 the user manually resets the port using the config ports 1 state disable and config ports 1 state enable command Choosing this option obligates the user to configure the time_interval field as well which will provide packet count samplings from the Switch s chip to determine if a Packet Storm is occurring thres...

Page 135: ...This command is used to display the current storm traffic control configuration on the Switch Parameters portlist Used to specify port or list of ports for which to display traffic control settings The beginning and end of the port list range are separated by a dash Restrictions None Example usage To display traffic control setting for ports 1 to 4 DES 1228 ME 5 show traffic control 1 4 Command sh...

Page 136: ...down If the control action is drop there will no traps issued when a storm event is detected Parameters none No notification will be generated when a storm event is detected or cleared storm _occurred A notification will be generated when a storm event is detected storm_cleared A notification will be generated when a storm event is cleared both A notification will be generated both when a storm ev...

Page 137: ...t all of the packets in its buffer before permitting the next lower priority to transmit its packets When the lowest hardware priority queue has finished transmitting all of its packets the highest hardware priority queue will begin transmitting any packets it may have received The QoS commands in the Command Line Interface CLI are listed along with the appropriate parameters in the following tabl...

Page 138: ...s will be allowed to receive tx_rate Specifies that one of the parameters below no_limit or value 64 1024000 will be applied to the rate at which the above specified ports will be allowed to transmit packets no_limit Specifies that there will be no limit on the rate of packets received by the above specified ports value 64 1024000 Specifies the traffic limit in Kbits that the above ports will be a...

Page 139: ...r specified limit but will not exceed it The actual limit recognized by the device will be displayed when the command is executed Parameters portlist Specifies a port or range of ports to be viewed Restrictions None Example usage To display bandwidth control settings DES 1228 ME 5 show bandwidth_control 1 5 Command show bandwidth_control 1 5 Bandwidth Control Table Port RX Rate TX Rate Effective R...

Page 140: ...ved For projects support hybrid scheduling mode this command can be used to configure strict priority by class_id In hybrid scheduling mode the CoS queues are divided into a SP Strict Priority group and a WRR group with the SP group given higher precedence over the WRR group for scheduling as long as there is a packet waiting in the SP group The setting of weight is effective when the operating mo...

Page 141: ...command is used to specify the rotation by which these four hardware priority classes of service are emptied The Switch s default is to empty the four priority classes of service in order from the highest priority class of service queue 3 to the lowest priority class of service queue 0 Each queue will transmit all of the packets in its buffer before allowing the next lower priority class of servic...

Page 142: ...o display the current traffic scheduling mechanisms in use on the Switch Syntax show scheduling_mechanism Description This command is used to display the current traffic scheduling mechanisms in use on the Switch Parameters None Restrictions None Example usage To show the scheduling mechanism DES 1228 ME 5 show scheduling_mechanism Command show scheduling_mechanism QOS Scheduling_mechanism CLASS I...

Page 143: ...t 2 0 Lowest 3 1 Mid low 4 2 Mid high 5 2 Mid high 6 3 Highest 7 3 Highest This mapping scheme is based upon recommendations contained in IEEE 802 1D Change this mapping by specifying the 802 1p user priority users want to map to the class_id 0 3 the number of the hardware queue priority 0 7 The 802 1p user priority to associate with the class_id the number of the hardware queue class_id 0 3 The n...

Page 144: ...is command is used to display the current mapping of an incoming packet s 802 1p priority value to one of the Switch s four hardware priority queues Parameters None Restrictions None Example usage To display 802 1p user priority DES 1228 ME 5 show 802 1p user_priority Command show 802 1p user_priority QOS Class of Traffic Priority 0 Class 1 Priority 1 Class 0 Priority 2 Class 0 Priority 3 Class 1 ...

Page 145: ...tch The priority value entered with this command will be used to determine to which of the four hardware priority queues the packet is forwarded Parameters portlist Specifies a port or range of ports to be configured all Specifies that the command applies to all ports on the Switch priority 0 7 The priority value to assign to untagged packets received by the Switch or a range of ports on the Switc...

Page 146: ... configured 802 1p priority value that will be assigned to an incoming untagged packet before being forwarded to its destination Parameters portlist Specifies a port or range of ports to be displayed Restrictions None Example usage To display the current 802 1p default priority configuration on the Switch DES 1228 ME 5 show 802 1p default_priority Command show 802 1p default_priority Port Priority...

Page 147: ...packets will be forwarded to the appropriate CoS queue Parameters portlist Specifies a port or range of ports to be configured all Specifies all ports will be configured none Disable all priority base CoS features ethernet Enable Ethernet frame based priority 802 1p Enable 802 1p CoS ip Enable Ethernet frame based priority Restrictions Only Administrator level Operator level or Power User level us...

Page 148: ...r is specified the all ports priority settings will be shown Restrictions None Example usage To show the CoS mapping information DES 1228 ME 5 show cos mapping Command show cos mapping Port Ethernet_priority IP_priority 1 802 1p off 2 802 1p off 3 802 1p off 4 802 1p off 5 802 1p off 6 802 1p off 7 802 1p off 8 802 1p off 9 802 1p off 10 802 1p off 11 802 1p off 12 802 1p off 13 802 1p off 14 802 ...

Page 149: ... 3 the highest priority Restrictions Only Administrator level Operator level or Power User level users can issue this command Example usage Configure the TOS 5 to the traffic class 1 mapping DES 1228 ME 5 config cos tos value 5 class 1 Command config cos tos value 5 class 1 Success DES 1228 ME 5 show cos tos Purpose Used to show TOS value to traffic class mapping Syntax show cos tos value value 0 ...

Page 150: ...ters value 0 63 The DSCP value of the incoming packet you want to associate with the class ID class_id 0 3 The number of the Switch s hardware priority queue The Switch has four hardware priority queues available They are numbered between 0 the lowest priority and 3 the highest priority Restrictions Only Administrator level Operator level or Power User level users can issue this command Example us...

Page 151: ... to traffic class Parameters value 0 63 The DSCP value of the incoming packet If no parameter is specified all the DSCP value mapping to traffic class will be shown Restrictions None Example usage To show the DSCP map to traffic class DES 1228 ME 5 show dscp_mapping Command show dscp_mapping DSCP Class 0 0 1 0 2 0 3 0 4 0 5 0 6 0 7 0 8 0 9 0 10 0 11 0 12 0 13 0 14 0 15 0 16 0 17 0 18 0 19 0 CTRL C...

Page 152: ...o a designated port where a network sniffer or other device can monitor the network traffic In addition users can specify that only traffic received by or sent by one or both is mirrored to the Target port Parameters port This specifies the Target port the port where mirrored packets will be received add delete Specifies if the user wishes to add or delete ports to be mirrored that are specified i...

Page 153: ...ter a port mirroring configuration into the Switch and then turn the port mirroring on and off without having to modify the port mirroring configuration Parameters None Restrictions Only Administrator level or Operator level users can issue this command Example usage To enable mirroring configurations DES 1228 ME 5 enable mirror Command enable mirror Success DES 1228 ME 5 disable mirror Purpose Us...

Page 154: ...Purpose Used to show the current port mirroring configuration on the Switch Syntax show mirror Description This command displays the current port mirroring configuration on the Switch Parameters None Restrictions None Example usage To display mirroring configuration DES 1228 ME 5 show mirror Command show mirror Current Settings Mirror Status Enabled Target Port 1 Mirrored Port RX TX 5 7 DES 1228 M...

Page 155: ... disable ingress_checking enable disable acceptable_frame tagged_only admit_all pvid vlanid 1 4094 1 enable gvrp disable gvrp show vlan vlan_name 32 vlanid vidlist ports portlist show gvrp portlist Each command is listed in detail in the following sections create vlan Purpose Used to create a VLAN on the Switch Syntax create vlan vlan_name 32 tag vlanid 1 4094 advertisement Description This comman...

Page 156: ...s to a previously configured VLAN Syntax config vlan vlan_name 32 add tagged untagged forbidden delete portlist advertisement enable disable 1 Description This command is used to add ports to the port list of a previously configured VLAN The user can specify the additional ports as tagging untagging or forbidden The default is to assign the ports as untagging Parameters vlan_name 32 The name of th...

Page 157: ...vidlist Specifies a range of multiple VLAN IDs to be created advertisement Join GVRP or not If not the VLAN can t join dynamically Restrictions Only Administrator level Operator level or Power User level users can issue this command Example usage To create a VLAN ID on the Switch DES 1228 ME 5 create vlan vlanid 5 advertisement Command create vlan vlanid 5 advertisement Success DES 1228 ME 5 delet...

Page 158: ...eeds to be modified to be specified Parameters vidlist Specifies a range of multiple VLAN IDs to be configured tagged Specifies the additional ports as tagged untagged Specifies the additional ports as untagged forbidden Specifies the additional ports as forbidden portlist A range of ports to add to the VLAN advertisement Entering the advertisement parameter specifies if the port should join GVRP ...

Page 159: ...ss DES 1228 ME 5 disable pvid auto_assign Purpose Used to disable the auto assignment of PVID Syntax disable pvid auto_assign Description This command is used to disable the auto assignment of PVID Parameters None Restrictions Only Administrator level Operator level or Power User level users can issue this command Example usage To disable the auto assignment of PVID DES 1228 ME 5 disable pvid auto...

Page 160: ...e Switch state enable disable Enables or disables GVRP for the ports specified in the port list ingress_checking enable disable Enables or disables ingress checking for the specified port list acceptable_frame tagged_only admit_all This parameter states the frame type that will be accepted by the Switch for this function tagged_only implies that only VLAN tagged frames will be accepted while admit...

Page 161: ...xample usage To enable the generic VLAN Registration Protocol GVRP DES 1228 ME 5 enable gvrp Command enable gvrp Success DES 1228 ME 5 disable gvrp Purpose Used to disable GVRP on the Switch Syntax disable gvrp Description This command along with enable gvrp is used to enable and disable GVRP on the Switch without changing the GVRP configuration on the Switch Parameters None Restrictions Only Admi...

Page 162: ... summary of settings vlanid vidlist Specifies a range of multiple VLAN IDs to be displayed ports portlist Specifies a port or range of ports that will be displayed Restrictions None Example usage To display the Switch s current VLAN settings DES 1228 ME 5 show vlan Command show vlan VID 1 VLAN Name default VLAN Type Static Advertisement Enabled Member Ports 1 28 Static Ports 1 28 Current Tagged Po...

Page 163: ...isplayed Restrictions None Example usage To display GVRP port status DES 1228 ME 5 show gvrp 1 10 Command show gvrp 1 10 Global GVRP Disabled Port PVID Reassigned GVRP Ingress Acceptable Frame Type PVID State Checking 1 1 Disabled Enabled All Frames 2 1 Disabled Enabled All Frames 3 1 Disabled Enabled All Frames 4 1 Disabled Enabled All Frames 5 1 Disabled Enabled All Frames 6 1 Disabled Enabled A...

Page 164: ...r Parameters value Specifies the group ID The Switch allows up to 6 link aggregation groups to be configured The group number identifies each of the groups type Specify the type of link aggregation used for the group If the type is not specified the default type is static lacp This designates the port group as LACP compliant LACP allows dynamic adjustment to the aggregated port group LACP complian...

Page 165: ...iption This command is used to configure a link aggregation group that was created with the create link_aggregation command above Parameters group _id value Specifies the group ID The Switch allows up to 6 link aggregation groups to be configured The group number identifies each of the groups master_port port Master port ID Specifies which port by port number of the link aggregation group will be ...

Page 166: ...ource address ip_destination Indicates that the Switch should examine the IP destination address ip_source_dest Indicates that the Switch should examine the IP source and destination addresses Restrictions Only Administrator level Operator level or Power User level users can issue this command Example usage To configure link aggregation algorithm for mac source dest DES 1228 ME 5 config link_aggre...

Page 167: ...ol frames active Active LACP ports are capable of processing and sending LACP control frames This allows LACP compliant devices to negotiate the aggregated link so the group may be changed dynamically as needs require In order to utilize the ability to change an aggregated port group that is to add or subtract ports from the group at least one of the participating devices must designate LACP ports...

Page 168: ...they are currently configured Parameters portlist Specifies a port or range of ports to be configured If no parameter is specified the system will display the current LACP status for all ports Restrictions None Example usage To display LACP port mode settings DES 1228 ME 5 show lacp_ports 1 10 Command show lacp_ports 1 10 Port Activity 1 Active 2 Active 3 Active 4 Active 5 Active 6 Active 7 Active...

Page 169: ... vlan vlan_name 32 state enable disable bootp dhcp dhcp_option12 hostname hostname 63 clear_hostname state enable disable ipv6 ipv6address ipv6networkaddr show ipif enable autoconfig disable autoconfig delete ipif System ipv6adress ipv6networkaddr enable ipif_ipv6_link_local_auto System disable ipif_ipv6_link_local_auto System show ipif_ipv6_link_local_auto Each command is listed in detail in the ...

Page 170: ...nfig feature the Switch becomes a DHCP client automatically after rebooting so it is not necessary to change the ipif settings ipv6 ipv6address ipv6networkaddr IPV6 network address The address should specify a host address and length of network prefix length There can be multiple V6 addresses defined on an interface Thus as a new address is defined it is added on this ipif dhcp option12 hostname S...

Page 171: ...pif System dhcp_option12 hostname switch1234 Command config ipif System dhcp_option12 hostname switch1234 Success DES 1228 ME 5 To configure an interface s DHCP option12 state DES 1228 ME 5 config ipif System dhcp_option12 state enable Command config ipif System dhcp_option12 state enable Success DES 1228 ME 5 show ipif Purpose Used to display the configuration of an IP interface on the Switch Syn...

Page 172: ...ngs DES 1228 ME 5 show ipif Command show ipif IP Interface Settings Interface Name IP Address Subnet Mask VLAN Name Admin State Link Status Member Ports DHCP Option12 State DHCP Option12 Host Name Total Entries DES 1228 ME 5 System 192 168 1 66 MANUAL 255 0 0 0 default Enabled Link UP 1 28 Enabled switch1234 1 ...

Page 173: ...gured to deliver this information in the data field of the DHCP reply packet The TFTP server must be running and have the requested configuration file in its base directory when the request is received from the Switch Consult the DHCP server and TFTP server software instructions for information on loading a boot file or configuration file Only Administrator level or Operator level users can issue ...

Page 174: ...FE02 303 128 Success DES 1228 ME 5 enable ipif_ipv6_link_local_auto Purpose Used to enable the auto configuration of a link local address when no IPv6 address is configured Syntax enable ipif_ipv6_link_local_auto System Description This command is used to enable the auto configuration of a link local address when there are no IPv6 addresses explicitly configured When an IPv6 address is explicitly ...

Page 175: ...tor level Operator level or Power User level users can issue this command Example usage To disable the automatic configuration of link local address for an interface DES 1228 ME 5 disable ipif_ipv6_link_local_auto System Command disable ipif_ipv6_link_local_auto System Success DES 1228 ME 5 show ipif_ipv6_link_local_auto Purpose Used to display the link local address automatic configuration state ...

Page 176: ...me 32 vlanid vidlist add delete portlist enable igmp_snooping forward_mcrouter_only show igmp_snooping vlan vlan_name 32 vlanid vidlist disable igmp_snooping forward_mcrouter_only show router_ports vlan vlan_name 32 vlanid vidlist static dynamic forbidden show igmp_snooping group vlan vlan_name 32 vlanid vidlist data_driven config igmp_snooping data_driven_learning vlan_name vlan_name 32 vlanid vi...

Page 177: ...at all VLANs configured on the Switch will be configured fast_leave enable disable Enable or disable the IGMP snooping fast leave function If enabled the membership is immediately removed when the system receives the IGMP leave message and the host that sends the leave message is the last host for the group state enable disable Allows users to enable or disable IGMP snooping for the specified VLAN...

Page 178: ...bustness variable x query interval 1 x query response interval Other querier present interval Amount of time that must pass before a multicast router decides that there is no longer another multicast router that is the querier This interval is calculated as follows robustness variable x query interval 0 5 x query response interval Last member query count Number of group specific queries sent befor...

Page 179: ...rts as being connected to multicast enabled routers This will ensure that all packets with such a router as its destination will reach the multicast enabled router regardless of protocol etc Parameters vlan_name 32 The name of the VLAN on which the router port resides vidlist The VID range of the router ports to be configured add delete Specifies whether to add or delete router ports to be configu...

Page 180: ...r User level users can issue this command Example usage To set up forbidden router ports DES 1228 ME 5 config router_ports_forbidden default add 2 10 Command config router_ports_forbidden default add 2 10 Success DES 1228 ME 5 enable igmp_snooping Purpose Used to enable IGMP snooping on the Switch Syntax enable igmp_snooping forward_mcrouter_only Description This command is used to enable IGMP sno...

Page 181: ...g protocol packet the multicast routing protocol packet and the IGMP control packet and the disable igmp_snooping forward_mcrouter_only command will not take effect The Switch will learn the router port based on identification of the multicast routing protocol packet and the IGMP control packet Restrictions Only Administrator level Operator level or Power User level users can issue this command Ex...

Page 182: ...3 Data Driven Learning Aged Out Disabled Total Entries 1 DES 1228 ME 5 show router_ports Purpose Used to display the currently configured router ports on the Switch Syntax show router_ports vlan vlan_name 32 vlanid vidlist static dynamic forbidden Description This command is used to display the router ports currently configured on the Switch Parameters vlan_name 32 The name of the VLAN on which th...

Page 183: ...dlist data_driven Description This command will display the current IGMP snooping group configuration on the Switch Parameters vlan_name 32 The name of the VLAN for which to view IGMP snooping group information vidlist The VID list for which to view IGMP snooping group information data_driven Display the data driven groups Restrictions None Example usage To view the current IGMP snooping group DES...

Page 184: ...tor level or Power User level users can issue this command Example usage To configure the IGMP snooping data driven entry DES 1228 ME 5 config igmp_snooping data_driven_learning vlan_name default aged_out enable Command config igmp_snooping data_driven_learning vlan_name default aged_out enable Success DES 1228 ME 5 config igmp_snooping data_driven_learning max_learned_entry Purpose Used to config...

Page 185: ...lete all IP addresses Restrictions Only Administrator level Operator level or Power User level users can issue this command Example usage To delete all the groups learned by data driven DES 1228 ME 5 clear igmp_snooping data_driven_group all Command clear igmp_snooping data_driven_group all Success DES 1228 ME 5 show igmp_snooping host Purpose Used to display the IGMP host that has joined groups o...

Page 186: ...0 90 90 90 Total Entries 11 DES 1228 ME 5 config igmp access_authentication ports Purpose Used to configure the IGMP Access Control port status Syntax config igmp access_authentication ports portlist all state enable disable Description This command is used to enable or disable IGMP Access Control function for specified port When the access_authentication is enabled and the switch received an IGMP...

Page 187: ...s 1 4 Port Authentication State 1 Enabled 2 Disabled 3 Disabled 4 Enabled DES 1228 ME 5 show igmp_snooping forwarding Purpose Used to display the switch s current IGMP snooping forwarding table Syntax show igmp_snooping forwarding vlan vlan_name 32 vlanid vlanid_list Description This command displays the switch s current IGMP snooping forwarding table It provides an easy way for users to check the...

Page 188: ...228 ME 5 show igmp_snooping forwarding Command show igmp_snooping forwarding VLAN Name default Source IP 10 90 90 114 Multicast Group 225 0 0 0 Port Member 2 7 VLAN Name default Source IP 10 90 90 10 Multicast Group 225 0 0 1 Port Member 2 5 VLAN Name default Source IP 10 90 90 20 Multicast Group 225 0 0 2 Port Member 2 8 Total Entries 3 DES 1228 ME 5 ...

Page 189: ...ng 32 show dhcp_relay ipif System enable dhcp_relay disable dhcp_relay Each command is listed in detail in the following sections config dhcp_relay Purpose Used to configure the DHCP BOOTP relay feature of the switch Syntax config dhcp_relay hops value 1 16 time sec 0 65535 1 Description This command is used to configure the DHCP BOOTP relay feature Parameters hops value 1 16 Specifies the maximum...

Page 190: ...5 config dhcp_relay add ipif System 10 58 44 6 Command config dhcp_relay add ipif System 10 58 44 6 Success DES 1228 ME 5 config dhcp_relay delete ipif Purpose Used to delete one or all IP destination addresses from the Switch s DHCP BOOTP relay table Syntax config dhcp_relay delete ipif System ipaddr Description This command is used to delete an IP destination addresses in the Switch s DHCP BOOTP...

Page 191: ...2 field and forwards the packet to the switch port that connects to the DHCP client that sent the DHCP request disable If the field is toggled to disable the relay agent will not insert and remove DHCP relay information option 82 field in messages between DHCP servers and clients and the check and policy settings will have no effect Restrictions Only Administrator level Operator level or Power Use...

Page 192: ... of DHCP relay agent information option 82 of the Switch Parameters replace The option 82 field will be replaced if the option 82 field already exists in the packet received from the DHCP client drop The packet will be dropped if the option 82 field already exists in the packet received from the DHCP client keep The option 82 field will be retained if the option 82 field already exists in the pack...

Page 193: ... zero Remote ID suboption format 2 Using user defined string as remote ID A B C D E 2 n 2 1 n User defined string 1 byte 1 byte 1 byte 1 byte 6 bytes A Suboption type B Length the string length of the Remote ID suboption C Remote ID type D Length the string length of a user defined string E User defined string Parameters None Restrictions Only Administrator level Operator level or Power User level...

Page 194: ...face Server 1 Server 2 Server 3 Server 4 DES 1228 ME 5 To show a single IP destination of the DHCP relay configuration DES 1228 ME 5 show dhcp_relay ipif System Command show dhcp_relay ipif System Interface Server 1 Server 2 Server 3 Server 4 System 10 58 44 6 DES 1228 ME 5 enable dhcp_relay Purpose Used to enable the DHCP BOOTP relay function on the Switch Syntax enable dhcp_relay Description Thi...

Page 195: ...ch Syntax disable dhcp_relay Description This command is used to disable the DHCP BOOTP relay function on the Switch Parameters None Restrictions Only Administrator level Operator level or Power User level users can issue this command Example usage To disable DHCP relay DES 1228 ME 5 disable dhcp_relay Command disable dhcp_relay Success DES 1228 ME 5 ...

Page 196: ... value 1 10 reauth_period sec 1 65535 enable_reauth enable disable 1 config 802 1x auth_protocol local radius_eap config 802 1x init port_based ports portlist all mac_based ports portlist all mac_address macaddr config 802 1x auth_mode port_based mac_based config 802 1x reauth port_based ports portlist all mac_based ports portlist all mac_address macaddr config radius add server_index 1 3 server_i...

Page 197: ...y Administrator level Operator level or Power User level users can issue this command Example usage To enable 802 1X switch wide DES 1228 ME 5 enable 802 1x Command enable 802 1x Success DES 1228 ME 5 disable 802 1x Purpose Used to disable the 802 1X server on the Switch Syntax disable 802 1x Description This command is used to disable the 802 1X Network Access control application on the Switch Pa...

Page 198: ...horized will exert control over communication in both receiving and transmitting directions or just the receiving direction Port Control ForceAuth ForceUnauth Auto Shows the administrative control over the port s authorization status ForceAuth forces the Authenticator of the port to become Authorized ForceUnauth forces the port to become Unauthorized QuietPeriod This is the initialization value of...

Page 199: ...e for port based 802 1X DES 1228 ME 5 show 802 1x auth_state Command show 802 1x auth_state Port Auth PAE State Backend State Port Status 1 ForceAuth Success Authorized 2 ForceAuth Success Authorized 3 ForceAuth Success Authorized 4 ForceAuth Success Authorized 5 ForceAuth Success Authorized 6 ForceAuth Success Authorized 7 ForceAuth Success Authorized 8 ForceAuth Success Authorized 9 ForceAuth Su...

Page 200: ... 1x auth_mode Purpose Used to configure the 802 1X authentication mode on the Switch Syntax config 802 1x auth_mode port_based mac_based Description This command is used to enable either the port based or Host based 802 1X authentication feature on the Switch Parameters port_based mac_based The Switch allows users to authenticate 802 1X by either port or MAC address Restrictions Only Administrator...

Page 201: ...s portlist Specifies a port or range of ports to be configured all Specifies all of the ports on the Switch authenticator A user must pass the authentication process to gain access to the network none The port is not controlled by the 802 1X functions Restrictions Only Administrator level Operator level or Power User level users can issue this command Example usage To configure 802 1X capability o...

Page 202: ...ntrol over the authentication process for the range of ports The user has the following authentication options force_auth Forces the Authenticator for the port to become authorized Network access is allowed auto Allows the port s status to reflect the outcome of the authentication process force_unauth Forces the Authenticator for the port to become unauthorized Network access will be blocked quiet...

Page 203: ... 802 1x auth_protocol radius_eap Success DES 1228 ME 5 config 802 1x init Purpose Used to initialize the 802 1X function on a range of ports Syntax config 802 1x init port_based ports portlist all mac_based ports portlist all mac_address macaddr Description This command is used to immediately initialize the 802 1X functions on a specified range of ports or for specified MAC addresses operating fro...

Page 204: ... instructs the Switch to re authorize 802 1X functions based only on the port number Ports approved for re authorization can then be specified mac_based This instructs the Switch to re authorize 802 1X functions based only on the port number or the MAC address MAC addresses approved for re authorization can then be specified ports portlist Specifies a port or range of ports to be re authorized all...

Page 205: ...t and acct_port settings auth_port udp_port_number 1 65535 The UDP port number for authentication requests The default is 1812 acct_port udp_port_number 1 65535 The UDP port number for accounting requests The default is 1813 Restrictions Only Administrator level Operator level or Power User level users can issue this command Example usage To configure the RADIUS server communication settings DES 1...

Page 206: ...r to the current set of RADIUS server settings Up to three groups of RADIUS server settings can be entered on the Switch ipaddress server_ip The IP address of the RADIUS server key Specifies that a password and encryption key will be used between the Switch and the RADIUS server passwd 32 The shared secret key used by the RADIUS server and the Switch Up to 32 characters can be used auth_port udp_p...

Page 207: ...Parameters timeout int 1 255 The time in second for waiting server reply The default value is 5 seconds retransmit int 1 255 The count for re transmit The default value is 2 Restrictions Only Administrator level Operator level or Power User level users can issue this command Example usage To configure the timeout option for RADIUS servers DES 1228 ME 5 config radius parameter timeout 3 Command con...

Page 208: ...s are those who have not been authorized for 802 1X or they haven t yet installed the necessary 802 1X software yet would still like to have limited access rights on the Switch Parameters vlan_name 32 Enter an alphanumeric string of no more than 32 characters to define a pre existing VLAN as a 802 1X Guest VLAN This VLAN must have first been created with the create vlan command mentioned earlier i...

Page 209: ... can issue this command Users must have already previously created a VLAN using the create vlan command If the specific port state changes from an enabled state to a disabled state these ports will return to the default VLAN Example usage To configure the ports for a previously created 802 1X Guest VLAN as enabled DES 1228 ME 5 config 802 1x guest_vlan ports 1 5 state enable Command config 802 1x ...

Page 210: ...scription This command is used to delete an 802 1X Guest VLAN Guest 802 1X VLAN clients are those who have not been authorized for 802 1X or they haven t yet installed the necessary 802 1X software yet would still like to have limited access rights on the Switch Parameters vlan_name 32 Enter the VLAN name of the Guest 802 1X VLAN to be deleted Restrictions Only Administrator level Operator level o...

Page 211: ...ent Command show acct_client radiusAcctClient radiusAcctClientInvalidServerAddresses 0 radiusAcctClientIdentifier D Link radiusAuthServerEntry radiusAccServerIndex 1 radiusAccServerAddress 10 53 13 199 radiusAccClientServerPortNumber 1813 radiusAccClientRoundTripTime 0 radiusAccClientRequests 0 radiusAccClientRetransmissions 0 radiusAccClientResponses 0 radiusAccClientMalformedResponses 0 radiusAc...

Page 212: ...ient radiusAuthClientInvalidServerAddresses 0 radiusAuthClientIdentifier D Link radiusAuthServerEntry radiusAuthServerIndex 1 radiusAuthServerAddress 0 0 0 0 radiusAuthClientServerPortNumber 0 radiusAuthClientRoundTripTime 0 radiusAuthClientAccessRequests 0 radiusAuthClientAccessRetransmissions 0 radiusAuthClientAccessAccepts 0 radiusAuthClientAccessRejects 0 radiusAuthClientAccessChallenges 0 rad...

Page 213: ...E 5 show auth_diagnostics ports 1 Command show auth_diagnostics ports 1 Port number 1 MAC address 00 00 07 5D 60 02 EntersConnecting 3 EapLogoffsWhileConnecting 0 EntersAuthenticating 2 SuccessWhileAuthenticating 2 TimeoutsWhileAuthenticating 0 FailWhileAuthenticating 0 ReauthsWhileAuthenticating 0 EapStartsWhileAuthenticating 0 EapLogoffWhileAuthenticating 0 ReauthsWhileAuthenticated 0 EapStartsW...

Page 214: ...1228 ME 5 show auth_session_statistics ports 1 Command show auth_session_statistics ports 1 Port number 1 MAC address 00 00 07 5D 60 02 SessionOctetsRx 7808 SessionOctetsTx 469102741 SessionFramesRx 122 SessionFramesTx 4196211 SessionId ether1_2 1 SessionAuthenticMethod Remote Authentication Server SessionTime 70803 SessionTerminateCause NotTerminatedYet SessionUserName 456 CTRL C ESC q Quit SPACE...

Page 215: ...EapolFrameVersion 1 LastEapolFrameSource 00 00 07 5D 60 02 CTRL C ESC q Quit SPACE n Next Page ENTER Next Entry a All create 802 1x user Purpose Used to create a new 802 1X user Syntax create 802 1x user username 15 Description This command is used to create new 802 1X users Parameters username 15 A username of up to 15 alphanumeric characters in length Restrictions Only Administrator level Operat...

Page 216: ...ommand show 802 1x user Index UserName 1 ctsnow Total Entries 1 DES 1228 ME 5 delete 802 1x user Purpose Used to delete an 802 1X user account on the Switch Syntax delete 802 1x user username 15 Description This command is used to delete the 802 1X Port based or Host based Network Access control local users currently configured on the Switch Parameters username 15 A username can be as many as 15 a...

Page 217: ... src_port value 0 65535 mask hex 0x0 0xffff dst_port value 0 65535 mask hex 0x0 0xffff flag all urg ack psh rst syn fin 1 udp src_port value 0 65535 dst_port value 0 65535 protocol_id value 0 255 1 ipv6 class value 0 255 flowlabel hex 0x0 0xfffff source_ipv6 ipv6addr mask ipv6mask tcp src_port value 0 65535 mask hex 0x0 0xffff dst_port value 0 65535 mask hex 0x0 0xffff udp src_port value 0 65535 m...

Page 218: ... range of IP addresses through an individual port Here we want to filter any packets that have an IP source address between 10 42 73 0 and 10 42 73 255 and specify the port that will not be allowed config access_profile profile_id 1 add access_id 1 ip source_ip 10 42 73 1 port 7 deny We use the profile_id 1 which was specified when the access profile was created The add parameter instructs the Swi...

Page 219: ...ecifies that the Switch will examine each frame s IGMP Type field tcp Specifies that the Switch will examine each frames Transport Control Protocol TCP field src_port_mask hex 0x0 0xffff Specifies a TCP port mask for the source port dst_port_mask hex 0x0 0xffff Specifies a TCP port mask for the destination port flag_mask Enter the appropriate flag_mask parameter All incoming packets have TCP port ...

Page 220: ...rictions Only Administrator level Operator level or Power User level users can issue this command Example usage To delete the access profile with a profile ID of 1 DES 1228 ME 5 delete access_profile profile_id 1 Command delete access_profile profile_id 1 Success DES 1228 ME 5 config access_profile Purpose Used to configure an access profile on the Switch and to define specific values that will be...

Page 221: ... rule being configured ethernet Specifies that the Switch will look only into the layer 2 part of each packet vlan vlan_name 32 Specifies that the access profile will only apply to the VLAN with this name vlan_id vid Specifies that the access profile will only apply to packets belonging to the VLAN with this ID source_mac macaddr Specifies that the access profile will apply to only packets with th...

Page 222: ...ers port portlist Specifies the port number on the Switch to permit or deny access for the rule The user can also configure all to specify all ports permit Specifies that packets that match the access profile are permitted to be forwarded by the Switch priority value 0 7 This parameter is specified if you want to re write the 802 1p user priority value set in the packet which is used to determine ...

Page 223: ...en 10 42 73 0 to 10 42 73 255 DES 1228 ME 5 config access_profile profile_id 1 add access_id 1 ip source_ip 10 42 73 1 port 7 deny Command config access_profile profile_id 1 add access_id 1 ip source_ip 10 42 73 1 port 7 deny Success DES 1228 ME 5 show access_profile Purpose Used to display the currently configured access profiles on the Switch Syntax show access_profile profile_id value 1 256 Des...

Page 224: ...x0 0xffffffff 1 ipv6 class flowlabel source_ipv6_mask ipv6mask destination_ipv6_mask ipv6mask 1 Description This command is used to create an access profile used only for CPU Interface Filtering Masks can be entered that will be combined with the values the Switch finds in the specified frame header fields Specific values for the rules are entered using the config cpu access_profile command below ...

Page 225: ... 0xffff Specifies a UDP port mask for the destination port protocol_id_mask hex 0x0 0xff Specifies that the Switch will examine each frame s Protocol ID field using the hex form entered here user_define_mask hex 0x0 0xffffffff Specifies that the rule applies to the IP protocol ID and the mask options behind the IP header ipv6 Denotes that IPv6 packets will be examined by the Switch for forwarding ...

Page 226: ...ethernet_type hex 0x0 0xffff 1 ip vlan vlan_name 32 source_ip ipaddr destination_ip ipaddr dscp value 0 63 icmp type value 0 255 code value 0 255 igmp type value 0 255 tcp src_port value 0 65535 dst_port value 0 65535 flag all urg ack psh rst syn fin 1 udp src_port value 0 65535 dst_port value 0 65535 protocol_id value 0 255 user_define hex 0x0 0xffffffff 1 ipv6 class value 0 255 flowlabel hex 0x0...

Page 227: ...will apply only to packets that have this TCP source port in their TCP header dst_port value 0 65535 Specifies that the access profile will apply only to packets that have this TCP destination port in their TCP header flag Enter the type of TCP flag to be matched all All flags are selected urg TCP control flag urgent ack TCP control flag acknowledgement psh TCP control flag push rst TCP control fl...

Page 228: ...and will either be permitted entry to the cpu or denied entry to the CPU delete access_id value 1 5 Use this to remove a previously created access rule in a profile ID Restrictions Only Administrator level Operator level or Power User level users can issue this command Example usage To configure CPU access list entry DES 1228 ME 5 config cpu access_profile profile_id 3 add access_id 1 ip vlan defa...

Page 229: ...l Operator level or Power User level users can issue this command Example usage To delete the CPU access profile with a profile ID of 1 DES 1228 ME 5 delete cpu access_profile profile_id 1 Command delete cpu access_profile profile_id 1 Success DES 1228 ME 5 show cpu access_profile Purpose Used to view the CPU access profile entry currently set in the Switch Syntax show cpu access_profile profile_i...

Page 230: ...ccess ID 3 Ports 1 10 Mode Deny VLAN Name Source IP Dest IP DSCP Prot Type Code Mask Mask Mask default 0x1 20 0 0 0 10 0 0 0 3 ICMP 11 32 Total Profile Entries 1 Total Rule Entries 1 enable cpu_interface_filtering Purpose Used to enable CPU interface filtering on the Switch Syntax enable cpu_interface_filtering Description This command is used in conjunction with the disable cpu_interface_filterin...

Page 231: ... filtering on the Switch Syntax disable cpu_interface_filtering Description This command is used in conjunction with the enable cpu_interface_filtering command above to enable and disable CPU interface filtering on the Switch Parameters None Restrictions Only Administrator level Operator level or Power User level users can issue this command Example Usage To disable CPU filtering DES 1228 ME 5 dis...

Page 232: ...mrp Protocol filter pim Protocol filter igmp_query Protocol filter ospf Protocol filter rip Protocol filter vrrp Protocol filter state Enable or disable the filtering function Default is disabled Restrictions Only Administrator level Operator level or Power User level users can issue this command Example Usage To filter DVMRP and OSPF in port 1 24 DES 1228 ME 5 config cpu_filter l3_control_pkt 1 2...

Page 233: ...ontrol packet filtering status for port 1 and 2 DES 1228 ME 5 show cpu_filter l3_control_pkt 1 2 Command show cpu_filter l3_control_pkt 1 2 Port RIP OSPF VRRP PIM DVMRP IGMP Query 1 Disabled Enabled Disabled Disabled Enabled Disabled 2 Disabled Enabled Disabled Disabled Enabled Disabled DES 1228 ME 5 ...

Page 234: ... mode the Switch will perform the following tasks to minimize the CPU usage It will limit bandwidth of receiving ARP packets It will limit the bandwidth of IP packets received by the Switch IP packets may also be limited by the Switch by configuring only certain IP addresses to be accepted This method can be accomplished through the create trusted_host explained in the previous section Once the us...

Page 235: ...uard Engine mechanism will shut down trap_log enable disable Choose whether to enable or disable the sending of messages to the device s SNMP agent and switch log once the Safeguard Engine has been activated by a high CPU utilization rate mode strict fuzzy Toggle between strict and fuzzy mode strict If selected this function will stop accepting all ARP packets not intended for the Switch and will ...

Page 236: ...ay the safeguard engine status DES 1228 ME 5 show safeguard_engine Command show safeguard_engine Safeguard Engine State Disabled Safeguard Engine Current Status Normal mode CPU Utilization Information Rising Threshold 30 Falling Threshold 20 Trap Log State Disabled Mode Fuzzy DES 1228 ME 5 ...

Page 237: ...segmentation portlist forward_list null portlist Description This command is used to configure traffic segmentation on the Switch Parameters portlist Specifies a port or range of ports that will be configured for traffic segmentation forward_list Specifies a range of ports that will receive forwarded frames from the ports specified in the portlist above null No ports are specified portlist Specifi...

Page 238: ...t traffic segmentation configuration on the Switch will be displayed Restrictions The port lists for segmentation and the forward list must be on the same Switch There are no user level restrictions Example usage To display the current traffic segmentation configuration on the Switch DES 1228 ME 5 show traffic_segmentation Command show traffic_segmentation Traffic Segmentation Table Port Forward P...

Page 239: ..._date 1 31 e_mth end_mth 1 12 e_time end_time hh mm offset 30 60 90 120 show time Each command is listed in detail in the following sections config sntp Purpose Used to setup SNTP service Syntax config sntp primary ipaddr secondary ipaddr poll interval int 30 99999 1 Description This command is used to configure SNTP service from an SNTP server SNTP must be enabled for this command to function See...

Page 240: ...e Example usage To display SNTP configuration information DES 1228 ME 5 show sntp Command show sntp Current Time Source System Clock SNTP Disabled SNTP Primary Server 10 1 1 1 SNTP Secondary Server 10 1 1 2 SNTP Poll Interval 30 sec DES 1228 ME 5 enable sntp Purpose To enable SNTP server support Syntax enable sntp Description This command is used to enable SNTP support SNTP service must be separat...

Page 241: ... time Purpose Used to manually configure system time and date settings Syntax config time date ddmmmyyyy time hh mm ss Description This command is used to configure the system time and date settings These will be overridden if SNTP is configured and enabled Parameters date Express the date using two numerical characters for the day of the month three alphabetical characters for the name of the mon...

Page 242: ...nistrator level Operator level or Power User level users can issue this command Example usage To configure time zone settings DES 1228 ME 5 config time_zone operator hour 2 min 30 Command config time_zone operator hour 2 min 30 Success DES 1228 ME 5 config dst Purpose Used to enable and configure time adjustments to allow for the use of Daylight Savings Time DST Syntax config dst disable repeating...

Page 243: ...h s_day Configure the day of the week in which DST begins start_day sun sat The day of the week in which DST begins expressed using a three character abbreviation sun mon tue wed thu fri sat e_day Configure the day of the week in which DST ends end_day sun sat The day of the week in which DST ends expressed using a three character abbreviation sun mon tue wed thu fri sat s_mth Configure the month ...

Page 244: ...how time Purpose Used to display the current time settings and status Syntax show time Description This command is used to display system time and date configuration as well as display current system time Parameters None Restrictions None Example usage To display the time currently set on the Switch s System clock DES 1228 ME 5 show time Command show time Current Time Source System Clock Current T...

Page 245: ...n macaddr The MAC address corresponding to the IP address above Restrictions Only Administrator level Operator level or Power User level users can issue this command The Switch supports up to 255 static ARP entries Example Usage To create a static ARP entry for the IP address 10 48 74 121 and MAC address 00 50 BA 00 07 36 DES 1228 ME 5 create arpentry 10 48 74 121 00 50 BA 00 07 36 Command create ...

Page 246: ...de or station all Deletes all ARP entries Restrictions Only Administrator level Operator level or Power User level users can issue this command Example Usage To delete an entry of IP address 10 48 74 121 from the ARP table DES 1228 ME 5 delete arpentry 10 48 74 121 Command delete arpentry 10 48 74 121 Success DES 1228 ME 5 config arp_aging time Purpose Used to configure the age out timer for ARP t...

Page 247: ...he ARP table Restrictions None Example Usage To display the ARP table DES 1228 ME 5 show arpentry Command show arpentry ARP Aging Time 20 Interface IP Address MAC Address Type System 10 0 0 0 FF FF FF FF FF FF Local Broadcast System 10 6 51 15 00 1D 60 E7 B5 CD Dynamic System 10 22 8 50 00 80 C8 DF E8 EE Dynamic System 10 30 28 112 00 30 28 01 12 02 Dynamic System 10 39 77 24 08 00 01 43 00 00 Dyn...

Page 248: ...s command is used to remove dynamic ARP table entries from the Switch s ARP table Static ARP table entries are not affected Parameters None Restrictions Only Administrator level Operator level or Power User level users can issue this command Example Usage To remove dynamic entries in the ARP table DES 1228 ME 5 clear arptable Command clear arptable Success DES 1228 ME 5 ...

Page 249: ... create IP route entries to the Switch s IP routing table Syntax create iproute default ipaddr metric 1 65535 Description This command is used to create a default static IP route entry to the Switch s IP routing table Parameters ipaddr The gateway IP address for the next hop router metric 1 65535 Allows the entry of a routing protocol metric entry representing the number of routers between the Swi...

Page 250: ...54 DES 1228 ME 5 delete iproute default Command delete iproute default Success DES 1228 ME 5 show iproute Purpose Used to display the Switch s current IP routing table Syntax show iproute network_address static Description This command is used to display the Switch s current IP routing table Parameters network_address The network IP address static Select a static IP route Restrictions None Example...

Page 251: ...l users can issue this command Example usage To add the default static address 10 48 74 121 with a metric setting of 1 to the routing table DES 1228 ME 5 create ipv6route default System 3FFC 1 Command create ipv6route default System 3FFC 1 Success DES 1228 ME 5 delete ipv6route Purpose Used to delete an IPv6 route Syntax delete ipv6route default ipif_name 12 ipv6addr all Description This command i...

Page 252: ...routes Syntax show ipv6route Description This command is used to display IPv6 routes Parameters None Restrictions None Example usage To display all the IPv6 routes DES 1228 ME 5 show ipv6route Command show ipv6route IPv6 Prefix 0 Protocol Static Metric 1 Next Hop 3FFC 1 IPIF System Total Entries 1 DES 1228 ME 5 ...

Page 253: ... address table notification on the Switch Syntax enable mac_notification Description This command is used to enable MAC address notification without changing configuration Parameters None Restrictions Only Administrator level Operator level or Power User level users can issue this command Example usage To enable MAC notification without changing basic configuration DES 1228 ME 5 enable mac_notific...

Page 254: ...tion Restrictions Only Administrator level Operator level or Power User level users can issue this command Example usage To configure the Switch s MAC address table notification global settings DES 1228 ME 5 config mac_notification interval 1 historysize 500 Command config mac_notification interval 1 historysize 500 Success DES 1228 ME 5 config mac_notification ports Purpose Used to configure MAC ...

Page 255: ...rs None Restrictions None Example usage To view the Switch s MAC address table notification global settings DES 1228 ME 5 show mac_notification Command show mac_notification Global Mac Notification Settings State Enabled Interval 1 History Size 1 DES 1228 ME 5 show mac_notification ports Purpose Used to display the Switch s MAC address table notification status settings Syntax show mac_notificatio...

Page 256: ...tion ports Command show mac_notification ports Port MAC Address Table Notification State 1 Disabled 2 Disabled 3 Disabled 4 Disabled 5 Disabled 6 Disabled 7 Disabled 8 Disabled 9 Disabled 10 Disabled 11 Disabled 12 Disabled 13 Disabled 14 Disabled 15 Disabled 16 Disabled 17 Disabled 18 Disabled 19 Disabled 20 Disabled CTRL C ESC q Quit SPACE n Next Page p Previous Page r Refresh ...

Page 257: ... authentication the Switch contacts the TACACS XTACACS TACACS RADIUS server to verify and the server will respond with one of three messages The server verifies the username and password and the user is granted normal user privileges on the Switch The server will not accept the username and password and the user is denied access to the Switch The server doesn t respond to the verification query At...

Page 258: ...e telnet ssh http all login enable default method_list_name string 15 show authen application create authen server_group string 15 config authen server_group tacacs xtacacs tacacs radius string 15 add delete server_host ipaddr protocol tacacs xtacacs tacacs radius delete authen server_group string 15 show authen server_group string 15 create authen server_host ipaddr protocol tacacs xtacacs tacacs...

Page 259: ...y Command enable authen_policy Success DES 1228 ME 5 disable authen_policy Purpose Used to disable system access authentication policy Syntax disable authen_policy Description This command is used to disable the administrator defined authentication policy for users trying to access the Switch When disabled the Switch will access the local user account database for username and password verificatio...

Page 260: ... create a user defined method list of authentication methods for users logging on to the Switch Syntax create authen_login method_list_name string 15 Description This command is used to create a list for authentication techniques for user login The Switch can support up to eight method lists but one is reserved as a default and cannot be deleted Multiple method lists must be created and configured...

Page 261: ... enable admin command Parameters default The default method list for access authentication as defined by the user The user may choose one or a combination of up to four 4 of the following authentication methods tacacs Adding this parameter will require the user to be authenticated using the TACACS protocol from the remote TACACS server hosts of the TACACS server group list xtacacs Adding this para...

Page 262: ...ser defined method list Zira with authentication methods TACACS XTACACS and local in that order DES 1228 ME 5 config authen_login method_list_name Zira method tacacs xtacacs local Command config authen_login method_list_name Zira method tacacs xtacacs local Success DES 1228 ME 5 To configure the default method list with authentication methods XTACACS TACACS and local in that order DES 1228 ME 5 co...

Page 263: ...st to view all Entering this parameter will display all the authentication login methods currently configured on the Switch The window will display the following parameters Method List Name The name of a previously configured method list name Priority Defines which order the method list protocols will be queried for authentication when a user attempts to log on to the Switch Priority ranges from 1...

Page 264: ...inistrator A maximum of eight enable method lists can be implemented on the Switch Parameters string 15 Enter an alphanumeric string of up to 15 characters to define the given enable method list to create Restrictions Only Administrator level users can issue this command Example usage To create a user defined method list named Permit for promoting user privileges to Administrator privileges DES 12...

Page 265: ...ACS server group list tacacs Adding this parameter will require the user to be authenticated using the TACACS protocol from the remote TACACS server hosts of the TACACS server group list radius Adding this parameter will require the user to be authenticated using the RADIUS protocol from the remote RADIUS server hosts of the RADIUS server group list server_group string 15 Adding this parameter wil...

Page 266: ...n methods XTACACS TACACS and local in that order DES 1228 ME 5 config authen_enable default method xtacacs tacacs local_enable Command config authen_enable default method xtacacs tacacs local_enable Success DES 1228 ME 5 delete authen_enable method_list_name Purpose Used to delete a user defined method list of authentication methods for promoting normal user level privileges to Administrator level...

Page 267: ...igured method list name Priority Defines which order the method list protocols will be queried for authentication when a user attempts to log on to the Switch Priority ranges from 1 highest to 4 lowest Method Name Defines which security protocols are implemented per method list name Comment Defines the type of Method User defined Group refers to server groups defined by the user Built in Group ref...

Page 268: ...to configure an application for normal login on the user level using a previously configured method list enable Use this parameter to configure an application for upgrading a normal user level to administrator privileges using a previously configured method list default Use this parameter to configure an application for user authentication using the default method list method_list_name string 15 U...

Page 269: ...lay the login and enable method list for all applications on the Switch DES 1228 ME 5 show authen application Command show authen application Application Login Method List Enable Method List Console default default Telnet Zira default SSH default default HTTP default default DES 1228 ME 5 ...

Page 270: ...he remote server host to add protocol The protocol used by the server host The user may choose one of the following tacacs Enter this parameter if the server host utilizes the TACACS protocol xtacacs Enter this parameter if the server host utilizes the XTACACS protocol tacacs Enter this parameter if the server host utilizes the TACACS protocol radius Enter this parameter if the server host utilize...

Page 271: ...on server host with port number 1234 a timeout value of 10 seconds and a retransmit count of 5 DES 1228 ME 5 create authen server_host 10 1 1 121 protocol tacacs port 1234 timeout 10 retransmit 5 Command create authen server_host 10 1 1 121 protocol tacacs port 1234 timeout 10 retransmit 5 Success DES 1228 ME 5 ...

Page 272: ...he user wishes to alter protocol The protocol used by the server host The user may choose one of the following tacacs Enter this parameter if the server host utilizes the TACACS protocol xtacacs Enter this parameter if the server host utilizes the XTACACS protocol tacacs Enter this parameter if the server host utilizes the TACACS protocol radius Enter this parameter if the server host utilizes the...

Page 273: ... authentication server host previously created on the Switch Parameters server_host ipaddr The IP address of the remote server host to be deleted protocol The protocol used by the server host the user wishes to delete The user may choose one of the following tacacs Enter this parameter if the server host utilizes the TACACS protocol xtacacs Enter this parameter if the server host utilizes the XTAC...

Page 274: ...operable for the tacacs protocol Key Authentication key to be shared with a configured TACACS server only Parameters None Restrictions None Example usage To view authentication server hosts currently set on the Switch DES 1228 ME 5 show authen server_host Command show authen server_host IP Address Protocol Port Timeout Retransmit Key 10 53 13 94 TACACS 49 5 2 No Use Total Entries 1 DES 1228 ME 5 c...

Page 275: ... Use this parameter to utilize the built in XTACACS server protocol on the Switch Only server hosts utilizing the XTACACS protocol may be added to this group tacacs Use this parameter to utilize the built in TACACS server protocol on the Switch Only server hosts utilizing the TACACS protocol may be added to this group radius Use this parameter to utilize the built in RADIUS server protocol on the ...

Page 276: ...nd Example usage To delete the server group group_1 DES 1228 ME 5 delete authen server_group group_1 Command delete authen server_group group_1 Success DES 1228 ME 5 show authen server_group Purpose Used to view authentication server groups on the Switch Syntax show authen server_group string 15 Description This command is used to display authentication server groups currently configured on the Sw...

Page 277: ...en parameter response_timeout int 0 255 Description This command is used to set the time the Switch will wait for a response of authentication from the user Parameters response_timeout int 0 255 Set the time in seconds the Switch will wait for a response of authentication from the user attempting to log in from the command line interface or telnet interface 0 means there won t be a time out The de...

Page 278: ...mand Example usage To set the maximum number of authentication attempts at 5 DES 1228 ME 5 config authen parameter attempt 5 Command config authen parameter attempt 5 Success DES 1228 ME 5 show authen parameter Purpose Used to display the authentication parameters currently configured on the Switch Syntax show authen parameter Description This command will display the authentication parameters cur...

Page 279: ...Parameters None Restrictions None Example usage To enable administrator privileges on the Switch DES 1228 ME 5 enable admin Password DES 1228 ME 5 config admin local_enable Purpose Used to configure the local enable password for administrator level privileges Syntax config admin local_enable encrypt plain_text sha_1 password Description This command is used to configure the locally enabled passwor...

Page 280: ...ble Command config admin local_enable Enter the old password Enter the case sensitive new password Enter the new password again for confirmation Success DES 1228 ME 5 To configure the password for the local_enable authentication method in encrypted form DES 1228 ME 5 config admin local_enable encrypt plain_text abcdef Command config admin local_enable encrypt plain_text abcdef Success DES 1228 ME ...

Page 281: ...he SSH Server Finally enable SSH on the Switch using the enable ssh command After following the above steps users can configure an SSH Client on the remote PC and manage the Switch using secure in band communication The Secure Shell SSH commands in the Command Line Interface CLI are listed along with the appropriate parameters in the following table Command Parameters enable ssh disable ssh config...

Page 282: ... command is used to configure the SSH authentication mode for users attempting to access the Switch Parameters password This parameter may be chosen if the administrator wishes to use a locally configured password for authentication on the Switch publickey This parameter may be chosen if the administrator wishes to use a publickey configuration set on a SSH server for authentication hostbased This...

Page 283: ...5 show ssh authmode Purpose Used to display the SSH authentication mode setting Syntax show ssh authmode Description This command is used to display the current SSH authentication set on the Switch Parameters None Restrictions None Example usage To view the current authentication mode set on the Switch DES 1228 ME 5 show ssh authmode Command show ssh authmode The SSH Authmode Password Enabled Publ...

Page 284: ...e maximum number of attempts that a user may try to logon utilizing SSH authentication After the maximum number of attempts is exceeded the Switch will be disconnected and the user must reconnect to the Switch to attempt another login rekey 10min 30min 60min never Sets the time period that the Switch will change the security shell encryptions Restrictions Only Administrator level Operator level or...

Page 285: ...y choose between hostbased This parameter should be chosen if the user wishes to use a remote SSH server for authentication purposes Choosing this parameter requires the user to input the following information to identify the SSH user hostname domain_name 32 Enter an alphanumeric string of up to 32 characters identifying the remote SSH user hostname_IP domain_name 32 ipaddr Enter the hostname and ...

Page 286: ... level users can issue this command Example usage To display the SSH user DES 1228 ME 5 show ssh user authmode Command show ssh user authmode Current Accounts Username AuthMode HostName HostIP Zira Password Total Entries 1 DES 1228 ME 5 Note To configure the SSH user the administrator must create a user account on the Switch For information concerning configuring a user account please see the sect...

Page 287: ...disable the Arcfour encryption algorithm blowfish This parameter will enable or disable the Blowfish encryption algorithm cast128 This parameter will enable or disable the Cast128 encryption algorithm twofish128 This parameter will enable or disable the twofish128 encryption algorithm twofish192 This parameter will enable or disable the twofish192 encryption algorithm MD5 This parameter will enabl...

Page 288: ...tions None Usage Example To display SSH algorithms currently set on the Switch DES 1228 ME 5 show ssh algorithm Command show ssh algorithm Encryption Algorithm 3DES Enabled AES128 Enabled AES192 Enabled AES256 Enabled arcfour Enabled blowfish Enabled cast128 Enabled twofish128 Enabled twofish192 Enabled twofish256 Enabled Data Integrity Algorithm MD5 Enabled SHA1 Enabled Public Key Algorithm RSA E...

Page 289: ...S OCCUR When a cold start or a warm start occurs on the Switch When a port enters a link down status When a port enters a link up status When SNMP authentication has been denied by the Switch When a switch configuration entry has been saved to the NVRAM by the Switch When an abnormality occurs on TFTP during a firmware download event This includes invalid file file not found complete and time out ...

Page 290: ...able smtp command will enable and disable the Switch as a SMTP client without changing configurations Parameters None Restrictions Only Administrator level Operator level or Power User level users can issue this command Example usage To enable SMTP on the Switch DES 1228 ME 5 enable smtp Command enable smtp Success DES 1228 ME 5 disable smtp Purpose Used to disable the Switch as a SMTP client Synt...

Page 291: ...ber that the Switch will connect with on the SMTP server The common port number for SMTP is 25 self_mail_addr mail addr 64 Enter the e mail address from which mail messages will be sent This address will be the from address on the e mail message sent to a recipient Only one self mail address can be configured for this Switch This string can be no more than 64 alphanumeric characters add mail_recei...

Page 292: ...show smtp Command show smtp smtp status Enabled smtp server address 166 99 66 33 smtp server port 25 self mail address smtp 30XX dev Index Mail Receiver Address 1 ctsnow axum com 2 clyde knicks com 3 administrator dlink com 4 dgallinari nba com 5 6 7 8 DES 1228 ME 5 smtp send_testmsg Purpose Used to send a test message to mail recipients configured on the Switch Syntax smtp send_testmsg Descriptio...

Page 293: ...ference Guide 289 Example usage To send a test mail message to all configured mail recipients DES 1228 ME 5 smtp send_testmsg Command smtp send_testmsg Subject This is a SMTP test Content Hello everybody Sending mail please wait Success DES 1228 ME 5 ...

Page 294: ...t the specified position When a port is in link up status the test will obtain the distance of the cable Since the status is link up the cable will not have the short or open problem When a port is in link down status the link down may be caused by many factors When the port has a normal cable connection but the remote partner is powered off the cable diagnostics feature can still diagnose the hea...

Page 295: ... test the cable on ports 25 to 28 DES 1228 ME 5 cable_diag ports 20 23 Command cable_diag ports 20 23 Perform Cable Diagnostics Port Type Link Status Test Result Cable Length M 20 GE Link Up OK 3 21 GE Link Down No Cable 22 GE Link Down No Cable 23 GE Link Down No Cable DES 1228 ME 5 ...

Page 296: ... local relay function for a specified VLAN Syntax config dhcp_local_relay vlan vlan_name 32 vlanid vidlist state enable disable Description This command is used to enable or disable the DHCP local relay function for a specified VLAN When DHCP local relay is enabled for the VLAN the DHCP packet will be relayed in broadcast way without change of the source MAC address and gateway address DHCP option...

Page 297: ... packet The default setting is keep Restrictions Only Administrator level Operator level or Power User level users can issue this command Example usage To configure the DHCP local relay policy of port 1 as replace DES 1228 ME 5 config dhcp_local_relay option_82 ports 1 policy replace Command config dhcp_local_relay option_82 ports 1 policy replace Success DES 1228 ME 5 config dhcp_local_relay opti...

Page 298: ... 1228 ME 5 disable dhcp_local_relay Purpose Used to disable the DHCP local relay function on the Switch Syntax disable dhcp_local_relay Description This command is used to globally disable the DHCP local relay function on the Switch Parameters None Restrictions Only Administrator level Operator level or Power User level users can issue this command Example usage To disable the DHCP local relay fun...

Page 299: ...s Purpose Used to display the current DHCP Local Relay port configuration Syntax show dhcp_local_relay option_82 ports portlist Description This command is used to display the current DHCP Local Relay port configuration Parameters portlist Specifies a range of ports to display Restrictions None Example usage To display DHCP local relay option 82 policy of port 1 8 DES 1228 ME 5 show dhcp_local_rel...

Page 300: ...atus_up Purpose Used to enable or disable the sending of gratuitous ARP requests while the IP interface status is up Syntax config gratuitous_arp send ipif_status_up enable disable Description The command is used to enable or disable the sending of gratuitous ARP request packets while the IPIF interface is up This is used to automatically announce the interface s IP address to other nodes By defau...

Page 301: ...ble Success DES 1228 ME 5 config gratuitous_arp learning Purpose Used to enable or disable the learning of ARP entries in ARP cache based on the received gratuitous ARP packets Syntax config gratuitous_arp learning enable disable Description Normally the system will only learn the ARP reply packet or a normal ARP request packet that asks for the MAC address that corresponds to the system s IP addr...

Page 302: ...gratuitous ARP interval time in seconds 0 means it will not send gratuitous ARP periodically Restrictions Only Administrator level Operator level or Power User level users can issue this command Example usage To configure gratuitous ARP intervals for the IPIF System DES 1228 ME 5 config gratuitous_arp send periodically ipif System interval 5 Command config gratuitous_arp send periodically ipif Sys...

Page 303: ...ict event to inform the administrator By default the trap is disabled and event log is enabled Parameters ipif_name 12 IP interface name of the Switch Restrictions Only Administrator level Operator level or Power User level users can issue this command Example usage To disable the System s interface gratuitous ARP log and trap DES 1228 ME 5 disable gratuitous_arp ipif System trap log Command disab...

Page 304: ...tates DES 1228 ME 5 show gratuitous_arp Command show gratuitous_arp Send on IPIF status up Enabled Send on Duplicate_IP_Detected Disabled Gratuitous ARP Learning Enabled IP Interface Name System Gratuitous ARP Trap Disabled Gratuitous ARP Log Enabled Gratuitous ARP Periodical Send Interval 5 Total Entries 1 DES 1228 ME 5 ...

Page 305: ...vlan_trunk Description When the VLAN trunk function is enabled the VLAN trunk ports shall be able to forward all tagged frames with any VID Parameters None Restrictions Only Administrator level Operator level or Power User level users can issue this command Example usage To enable the VLAN Trunk DES 1228 ME 5 enable vlan_trunk Command enable vlan_trunk Success DES 1228 ME 5 disable vlan_trunk Purp...

Page 306: ...ort excluding the master the command will be rejected The ports with different VLAN configurations are not allowed to form an aggregated link However if they are specified as VLAN trunk ports they are allowed to form an aggregated link For a VLAN trunk port the VLANs on which the packets can be by passed will not be advertised by GVRP on that particular port However since the traffic on these VLAN...

Page 307: ...e member ports of any trunk DES 1228 ME 5 To configure a VLAN Trunk port if Port 6 is LA 1 member port port 7 is LA 1 master port DES 1228 ME 5 config vlan_trunk ports 6 7 state enable Command config vlan_trunk ports 6 7 state enable Success DES 1228 ME 5 To configure a VLAN Trunk port if Port 6 7 have the same VLAN configurations before enable VLAN trunking Port 6 is LA 1 member port port 7 is LA...

Page 308: ...y VLAN trunk configuration Syntax show vlan_trunk Description This command is used to display VLAN trunk information Parameters None Restrictions None Example usage To display VLAN Trunk information DES 1228 ME 5 show vlan_trunk Command show vlan_trunk VLAN Trunk Enable VLAN Trunk Port 1 5 7 DES 1228 ME 5 ...

Page 309: ... asymmetric_vlan Description This command is used to enable the asymmetric VLAN function on the Switch Parameters None Restrictions Only Administrator level Operator level or Power User level users can issue this command Example usage To enable asymmetric VLANs DES 1228 ME 5 enable asymmetric_vlan Command enable asymmetric_vlan Success DES 1228 ME 5 disable asymmetric_vlan Purpose Used to disable ...

Page 310: ...w asymmetric_vlan Purpose Used to view the asymmetric VLAN state on the Switch Syntax show asymmetric_vlan Description This command is used to display the asymmetric VLAN state on the Switch Parameters None Restrictions None Example usage To display the asymmetric VLAN state currently set on the Switch DES 1228 ME 5 show asymmetric_vlan Command show asymmetric_vlan Asymmetric VLAN Enabled DES 1228...

Page 311: ... detail in the following sections create igmp_snooping multicast_vlan Purpose Used to create a multicast VLAN Syntax create igmp_snooping multicast_vlan vlan_name 32 vlanid 2 4094 remap_priority value 0 7 none replace_priority Description This command is used to create a multicast VLAN Multiple multicast VLANs can be configured The ISM VLAN being created cannot exist in the 1Q VLAN database Multip...

Page 312: ...ulticast VLAN must be created first before configuration Parameters vlan_name 32 The name of the VLAN to be created Each multicast VLAN is given a name that can be up to 32 characters add delete Add or delete the ports to the multicast VLAN member_port A range of member ports to add to the multicast VLAN They will become the untagged member port of the ISM VLAN tag_member_port Specifies the tagged...

Page 313: ...The join packet will be learned with the multicast VLAN that contain the destination multicast group If the destination multicast group of the join packet can not be classified into any multicast VLAN that this port belong then the join packet will be learned with the natural VLAN of the packet Note The same multicast group can not be overlapped in different multicast VLANs Multiple multicast grou...

Page 314: ...ctions None Example usage To display the multicast groups configured for a multicast VLAN DES 1228 ME 5 show igmp_snooping multicast_vlan_group v1 Command show igmp_snooping multicast_vlan_group v1 VLAN Name VLAN ID From To v1 100 224 19 62 34 224 19 162 200 DES 1228 ME 5 delete igmp_snooping multicast_vlan Purpose Used to delete a multicast VLAN Syntax delete igmp_snooping multicat_vlan vlan_name...

Page 315: ...g multicast_vlan Purpose Used to disable the multicast VLAN function Syntax disable igmp_snooping multicast_vlan Description This command is used to disable the multicast VLAN function By default the multicast VLAN is in a disabled state Parameters None Restrictions Only Administrator level Operator level or Power User level users can issue this command Example usage To enable IGMP snoop multicast...

Page 316: ...snooping multicast_vlan Multicast VLAN Global State Enabled VID 4001 VLAN Name 4001 Member Ports 7 10 Tagged Member Ports 11 18 Source Ports 21 26 Untagged Source Ports 1 6 27 Status Enabled Replace Source IP 10 90 90 100 Priority 7 Replace VID 4002 VLAN Name 4002 Member Ports Tagged Member Ports Source Ports Untagged Source Ports Status Disabled Replace Source IP None Priority None DES 1228 ME 5 ...

Page 317: ...n system_name system_description system_capabilities enable disable config lldp ports portlist all dot1_tlv_pvid enable disable config lldp ports portlist all dot1_tlv_protocol_vid vlan all vlan_name 32 vlanid vlanid_list enable disable config lldp ports portlist all dot1_tlv_vlan_name vlan all vlan_name 32 vlanid vlanid_list enable disable config lldp ports portlist all dot1_tlv_ protocol_identit...

Page 318: ...Switch will learn the information from the LLDP packets advertised from the neighbor in the neighbor table The default state for LLDP is disabled Parameters None Restrictions Only Administrator level Operator level or Power User level users can issue this command Example usage To enable LLDP DES 1228 ME 5 enable lldp Command enable lldp Success DES 1228 ME 5 disable lldp Purpose Used to disable LL...

Page 319: ...interval 30 Success DES 1228 ME 5 config lldp message_tx_hold_multiplier Purpose This command is used to configure the message hold multiplier Syntax config lldp message_tx_hold_multiplier int 2 10 Description This command is a multiplier on the msgTxInterval that is used to compute the TTL value of txTTL in an LLDPDU The TTL will be carried in the LLDPDU packet The lifetime will be the minimum of...

Page 320: ...0 25 msgTxInterval Restrictions Only Administrator level Operator level or Power User level users can issue this command Example usage To configure the delay interval interval DES 1228 ME 5 config lldp tx_delay 8 Command config lldp tx_delay 8 Success DES 1228 ME 5 config lldp reinit_delay Purpose Change the minimum time of re initialization delay interval Syntax config lldp reinit_delay sec 1 10 ...

Page 321: ...ions to configured SNMP trap receiver s Syntax config lldp ports portlist all notification enable disable Description Enable or disable each port for sending change notifications to configured SNMP trap receiver s if an LLDP data change is detected in an advertisement received on the port from an LLDP neighbor The definition of change includes new available information information timeout and info...

Page 322: ...trictions Only Administrator level Operator level or Power User level users can issue this command Example usage To configure the port s transmit and receive mode DES 1228 ME 5 config lldp ports 1 5 admin_status tx_and_rx Command config lldp ports 1 5 admin_status tx_and_rx Success DES 1228 ME 5 config lldp ports mgt_addr Purpose Used to enable or disable the port s which have been specified for a...

Page 323: ...chassis ID TLV port ID TLV Time to Live TLV The mandatory type can not be disabled There are also four data types which can be optionally selected They are port_description system_name system_description and system_capability Parameters portlist Specify a range of ports to be configured all To set all ports in the system use the all parameter port_description This TLV optional data type indicates ...

Page 324: ...This TLV optional data type determines whether the IEEE 802 1 organizationally defined port VLAN TLV transmission is allowed on a given LLDP transmission capable port Parameters portlist Specify a range of ports to be configured all To set all ports in the system use the all parameter dot1_tlv_pvid This TLV optional data type determines whether the IEEE 802 1 organizationally defined port VLAN ID ...

Page 325: ...ission is allowed on a given LLDP transmission capable port The default state is disabled vlanid_list A list of VIDs to be configured for this command Restrictions Only Administrator level Operator level or Power User level users can issue this command Example usage To configure the VLAN name TLV from the outbound LLDP advertisements for all ports DES 1228 ME 5 config lldp ports all dot1_tlv_pvid ...

Page 326: ...onnectivity of the network If EAPOL GVRP STP including MSTP and LACP protocol identity is enabled on this port and it is enabled to be advertised then this protocol identity will be advertised Parameters portlist Specify a range of ports to be configured all To set all ports in the system use the all parameter dot1_tlv_protocol_identity This TLV optional data type indicates whether the correspondi...

Page 327: ...nk_aggregation This TLV optional data type indicates that LLDP agent should transmit Link Aggregation TLV This type indicates the current link aggregation status of IEEE 802 3 MACs More precisely the information should include whether the port is capable of doing link aggregation whether the port is aggregated in a aggregated link and the aggregated port ID The default state is disabled power_via_...

Page 328: ...e default state is disable Parameters None Restrictions Only Administrator level Operator level or Power User level users can issue this command Example usage To configure the LLDP forward LLDPU DU DES 1228 ME 5 config lldp forward_ message enable Command config lldp forward_ message enable Success DES 1228 ME 5 show lldp Purpose This command displays the Switch s general LLDP configuration status...

Page 329: ...LDP management address information Syntax show lldp mgt_addr ipv4 ipaddr Description This command is used to display LLDP management address information Parameters ipv4 IP address of IPV4 Restrictions None Example usage To display the management address information DES 1228 ME 5 show lldp mgt_addr ipv4 192 168 254 10 Command show lldp mgt_addr ipv4 192 168 254 10 Total Address 1 DES 1228 ME 5 show...

Page 330: ...able Power Via MDI Disable Link Aggregation Disable Maximum Frame Size Disable DES 1228 ME 5 show lldp local_ports Purpose Used to display the per port information currently available for populating outbound LLDP advertisements Syntax show lldp local_ports portlist mode brief normal detailed Description This command is used to display the per port information currently available for populating out...

Page 331: ...nt 1 Entry 1 VLAN ID 1 VLAN Name default Protocol Identity Entries count 1 Entry 1 Protocol index 4 Protocol ID 00 27 42 42 03 00 00 02 CTRL C ESC q Quit SPACE n Next Page ENTER Next Entry a All To display outbound LLDP advertisements for specific ports in normal mode DES 1228 ME 5 show lldp local_ports 1 mode normal Command show lldp local_ports 1 mode normal Port ID 1 Port ID Subtype Local Port ...

Page 332: ...rned from the neighbor Syntax show lldp remote_ports portlist brief normal detailed Description This command is used to display the information learned from the neighbor parameters A maximum of 32 VLAN Name entries and 10 Management Address entries can be received Parameters portlist Specify a range of ports to be configured When a port list is not specified information for all ports will be displ...

Page 333: ...ssis ID Subtype MAC Address Chassis ID 00 01 02 03 04 02 Port ID Subtype Local Port ID 1 4 Port Description RMON Port 1 on Unit 4 Port ID 2 Remote Entities Count 3 Entity 1 Chassis ID Subtype MAC Address Chassis ID 00 01 02 03 04 03 Port ID Subtype Local Port ID 2 1 Port Description RMON Port 2 on Unit 1 Entity 2 Chassis ID Subtype MAC Address Chassis ID 00 01 02 03 04 04 Port ID Subtype Local Por...

Page 334: ...es Count 5 VLAN Name Entries Count 3 Protocol ID Entries Count 2 MAC PHY Configuration Status See Detail Power Via MDI See Detail Link Aggregation See Detail Maximum Frame Size 1536 Unknown TLVs Count 2 Entity 2 Chassis ID Subtype MAC Address Chassis ID 00 01 02 03 04 02 Port ID Subtype Local Port ID 2 1 Port Description RMON Port 1 on Unit 2 System Name Switch2 System Description Stackable Ethern...

Page 335: ...128 IF Type unknown OID 1 3 6 1 4 1 171 11 63 9 Port PVID 1 PPVID Entries count 0 None VLAN Name Entries count 1 Entry 1 Vlan ID 1 Vlan Name default Protocol ID Entries count 0 None MAC PHY Configuration Status Auto negotiation support supported Auto negotiation status enabled Auto negotiation advertised capability 8000 hex Auto negotiation operational MAU type 0010 hex Power Via MDI Port class PS...

Page 336: ...ics information DES 1228 ME 5 show lldp statistics Command show lldp statistics Last Change Time 6094 Number of Table Insert 1 Number of Table Delete 0 Number of Table Drop 0 Number of Table Ageout 0 DES 1228 ME 5 show lldp statistics ports Purpose Used to display the ports LLDP statistics information Syntax show lldp statistics ports portlist Description This command is used to display per port L...

Page 337: ...sRxPortFramesTotal 27 lldpStatsRxPortTLVsDiscardedTotal 0 lldpStatsRxPortTLVsUnrecognizedTotal 0 lldpStatsRxPortAgeoutsTotal 0 DES 1228 ME 5 To display statistics information of port 1 DES 1228 ME 5 show lldp statistics ports 1 Command show lldp statistics ports 1 Port ID 1 lldpStatsTxPortFramesTotal 27 lldpStatsRxPortFramesDiscardedTotal 0 lldpStatsRxPortFramesErrors 0 lldpStatsRxPortFramesTotal ...

Page 338: ...scan tcp_xmascan tcp_synfin tcp_syn_srcport_less_1024 1 all action drop mirror port priority value 0 7 rx_rate no_limit value 64 1024000 enable disable 1 show dos_prevention land_attack blat_attack smurf_attack tcp_null_scan tcp_xmascan tcp_synfin tcp_syn_srcport_less_1024 clear dos_prevention counters land_attack blat_attack smurf_attack tcp_null_scan tcp_xmascan tcp_synfin tcp_syn_srcport_less_1...

Page 339: ...ows land_attack blat_attack smurf_attack tcp_null_scan tcp_xmascan tcp_synfin tcp_syn_srcport_less_1024 state Enable or disable DoS prevention By default prevention for all types of DoS are enabled except for tcp_syn_srcport_less_1024 action When enabling DoS prevention the following actions can be taken drop Drop the attack packets mirror Mirror the packet to other port for further process priori...

Page 340: ...sue this command Example usage To enable a DoS prevention trap log DES 1228 ME 5 enable dos_prevention trap_log Command enable dos_prevention trap_log Success DES 1228 ME 5 disable dos_prevention trap_log Purpose Used to disable a DoS prevention trap log Syntax disable dos_prevention trap_log Description This command is used to disable a DoS prevention trap log Parameters None Restrictions Only Ad...

Page 341: ... the counter information of the DoS packet Parameters The type of DoS attack Possible values are as follows land_attack blat_attack smurf_attack tcp_null_scan tcp_xmascan tcp_synfin tcp_syn_srcport_less_1024 Restrictions None Example usage To display DoS prevention information DES 1228 ME 5 show dos_prevention Command show dos_prevention Trap Log Enabled DoS Type State Action Frame Counts Land Att...

Page 342: ... Action MirrorToPort Port 7 Priority no_change Rx Rate Kbit sec no_limit Frame Counts 10500 DES 1228 ME 5 clear dos_prevention counters Purpose Used to clear the counters of the prevention of each DoS attack Syntax clear dos_prevention counters land_attack blat_attack smurf_attack tcp_null_scan tcp_xmascan tcp_synfin tcp_syn_srcport_less_1024 Description This command is used to clear the counters ...

Page 343: ...hernet Managed Switch CLI Reference Guide 339 Example usage To clear all counters of the prevention of each DoS attack DES 1228 ME 5 clear dos_prevention counters Command clear dos_prevention counters Success DES 1228 ME 5 ...

Page 344: ...value for the IP MAC port binding ARP mode is 500 The creation of authorized users can be manually configured by CLI or Web The function is port based meaning a user can enable or disable the function on the individual port The IP MAC Port Binding commands in the Command Line Interface CLI are listed along with the appropriate parameters in the following table Command Parameters create address_bin...

Page 345: ...nd Example usage To create address binding on the Switch DES 1228 ME 5 create address_binding ip_mac ipaddress 10 1 1 3 mac_address 00 00 00 00 00 04 Command create address_binding ip_mac ipaddress 10 1 1 3 mac_address 00 00 00 00 00 04 Success DES 1228 ME 5 config address_binding ip_mac ipaddress Purpose Used to configure an IP MAC port binding entry Syntax config address_binding ip_mac ipaddress...

Page 346: ...command is used to configure the IP MAC port binding state to enable or disable for specified ports Parameters portlist Specifies a port or range of ports all Specifies all ports on the switch state enable disable Enables or disables the specified range of ports allow_zeroip enable disable Enables or disables zero IP address When this function is enabled the Switch doesn t block MAC which send ARP...

Page 347: ...he VLAN name and the physical address of the device ports The number of enabled ports on a device Parameters ip_mac The database the user creates for address binding all For IP MAC binding all specifies all the IP MAC port binding entries for blocked address binding entries all specifies all the blocked VLANs and their bound physical addresses blocked The address database that the system auto lear...

Page 348: ...inding on the Switch DES 1228 ME 5 show address_binding blocked all Command show address_binding blocked all VID VLAN Name MAC Address Port Type 1 default 00 01 02 03 29 38 7 BlockByAddrBind 1 default 00 0C 6E 5C 67 F4 7 BlockByAddrBind 1 default 00 0C F8 20 90 01 7 BlockByAddrBind 1 default 00 0E 35 C7 FA 3F 7 BlockByAddrBind 1 default 00 0E A6 8F 72 EA 7 BlockByAddrBind Total Entries 5 DES 1228 ...

Page 349: ...dress of the device To delete all the blocked address binding entries toggle all Parameters ipaddr The IP address of the device where the IP MAC port binding is made macaddr The MAC address of the device where the IP MAC port binding is made vlan_name The VLAN name of the VLAN that is bound to a MAC address in order to block a specific device on a known VLAN all For IP MAC port binding all specifi...

Page 350: ... messages on the Switch DES 1228 ME 5 enable address_binding trap_log Command enable address_binding trap_log Success DES 1228 ME 5 disable address_binding trap_log Purpose Used to disable the trap log for the IP MAC port binding function Syntax disable address_binding trap_log Description This command along with the enable address_binding trap_log will enable and disable the sending of trap log m...

Page 351: ...iate parameters in the following table Command Parameters config loopdetect recover_timer 0 value 60 1000000 interval value 1 32767 1 config loopdetect ports portlist all state enable disable enable loopdetect disable loopdetect show loopdetect show loopdetect ports portlist all config loopdetect trap none loop_detected loop_cleared both Each command is listed in detail in the following sections ...

Page 352: ...ial value which means to disable the auto recovery mechanism hence a user needs to recover the disabled port back manually The default value of the recover timer is 60 The valid range is 60 to 1000000 interval The time interval in seconds at which a device transmits all the CTP Configuration Test Protocol packets to detect the loopback event The valid range is 1 to 32767 The default setting is 10 ...

Page 353: ...s to be configured for loopback detection status all Apply setting to all ports state Allows loopback detection to be enabled or disabled for the ports specified in the port list The default is disabled enable Set port loopback detection status to enable disable Set port loopback detection status to disable Restrictions Only Administrator level Operator level or Power User level users can issue th...

Page 354: ... Example usage To enable loopback detection on the Switch DES 1228 ME 5 enable loopdetect Command enable loopdetect Success DES 1228 ME 5 disable loopdetect Purpose Used to globally disable the loopback detection on the Switch Syntax disable loopdetect Description This command is used to globally disable the loopback detection on the Switch The default value is disabled Parameters None Restriction...

Page 355: ...t Description This command is used to display the Switch s current loopback detection configuration Parameters None Restrictions None Example usage To display the current loopback detection configuration on the Switch DES 1228 ME 5 show loopdetect Command show loopdetect LBD Global Settings LBD Status Disabled LBD Interval 10 LBD Recover Time 60 LBD Trap Status None DES 1228 ME 5 ...

Page 356: ...configuration and status Parameters portlist Specifies a range of ports to be configured all To set all the ports in the system use the all parameter Restrictions None Example usage To display loopback detection configuration of port 1 9 DES 1228 ME 5 show loopdetect ports 1 9 Command show loopdetect ports 1 9 Port Loopdetect State Loop Status 1 Enabled Normal 2 Enabled Normal 3 Enabled Normal 4 E...

Page 357: ... detection Parameters none A trap is not sent in either case loop_detected Trap is sent when the loop condition is detected loop_cleared Trap is sent when the loop condition is cleared both A trap is sent in either case Restrictions Only Administrator level Operator level or Power User level users can issue this command Example usage To set trap mode for loopback detection DES 1228 ME 5 config loo...

Page 358: ... along with the appropriate parameters in the following table Command Parameters config flow_meter profile_id value 1 256 access_id access_id rate value 64 1024000 burst_size value 0 1016 rate_exceed drop_packet remark_dscp value 0 63 delete show flow_meter profile_id value 1 256 access_id access_id Each command is listed in detail in the following sections ...

Page 359: ... rate two color mode Specify the committed bandwidth in Kbps for the flow The minimum rate is 64 Kbps and maximum rate which can be configured is 1024000 The effective rate however is in multiples of 62 5 Kbps Therefore configuring the rate to 100 Kbps will have an effective rate of 62 5Kbps burst_size This specifies the burst size for the single rate two color mode The unit is Kbytes The minimum ...

Page 360: ... the profile ID access_id Specifies the access ID Restrictions None Example usage To display the flow meter information DES 1228 ME 5 show flow_meter Command show flow_meter Flow Meter information Profile ID 1 Access ID 1 Mode Single rate Two color Rate 2000 Kbps Burst Size 1000 Kbyte Actions Conform Permit Violate Drop Profile ID 1 Access ID 2 Mode Single rate Two color Rate 2000 Kbps Burst Size ...

Page 361: ...mands in the Command Line Interface CLI are listed along with the appropriate parameters in the following table Command Parameters config arp_spoofing_prevention add gateway_ip ipaddr gateway_mac macaddr ports portlist all delete gateway_ip ipaddr show arp_spoofing_prevention Each command is listed in detail in the following sections ...

Page 362: ...r MAC field or source MAC field does not match the gateway MAC of the entry will be dropped by the system Parameters add gateway_ip Specify a gateway IP to be configured add gateway_mac Specify a gateway MAC to be configured portlist Specify a range of ports to be configured all Specifies all of the ports will be configured delete gateway_ip Specify a gateway IP to be configured Restrictions Only ...

Page 363: ...ng_prevention Description This command is used to display ARP spoofing prevention entries Parameters None Restrictions None Example usage To display the current ARP spoofing prevention entry entries DES 1228 ME 5 show arp_spoofing_prevention Command show arp_spoofing_prevention Gateway IP Gateway MAC Ports 10 254 254 251 00 00 00 11 11 11 1 2 Total entries 1 DES 1228 ME 5 ...

Page 364: ...Used to show the information for technical support Syntax show tech_support Description This command is especially used by the technical support personnel to dump the device s overall operation information The information is project dependent and includes the following information Basic System information system log Running configuration Layer 1 information Layer 2 information Layer 3 information ...

Page 365: ... Boot PROM Version Build 2 00 001 Firmware Version Build 2 01 001 Hardware Version B1 Spanning Tree Disabled GVRP Disabled IGMP Snooping Disabled 802 1x Disabled TELNET Enabled TCP 23 WEB Enabled TCP 80 RMON Disabled SSH Disabled Syslog Global State Disabled Dual Image Supported Password Encryption Status Disabled Connection Session Status 1988920ms ID Login Time Live Time From Level Name 8 0 00 0...

Page 366: ... Specifes the IP address of the TFTP server path_filename Specifes the file path to use to send information for technical support to a TFTP server Restrictions Only Administrator level Operator level or Power User level users can issue this command Example usage To upload Switch information for technical support DES 1228 ME 5 upload tech_support_toTFTP 10 55 47 1 tech_support_20090521 txt Command ...

Page 367: ... is listed in detail in the following sections Purpose Used to display all commands in the Command Line Interface CLI Syntax command Description This command is used to display all of the commands available through the Command Line Interface CLI Parameters command Entering the question mark with an appropriate command will list all the corresponding parameters for the specified command along with ...

Page 368: ..._entry port config 802 1p default_priority config 802 1p user_priority config 802 1x auth_mode config 802 1x auth_parameter ports config 802 1x auth_protocol config 802 1x capability ports config 802 1x guest_vlan ports config 802 1x init config 802 1x reauth CTRL C ESC q Quit SPACE n Next Page ENTER Next Entry a All To display the parameters for a specific command DES 1228 ME 5 config account Com...

Page 369: ... DES 1228 ME 5 dir cable_diag ports clear clear arptable clear counters clear dos_prevention counters clear fdb clear igmp_snooping data_driven_group clear log clear mac_based_access_control auth_mac clear port_security_entry port config 802 1p default_priority config 802 1p user_priority config 802 1x auth_mode config 802 1x auth_parameter ports config 802 1x auth_protocol config 802 1x capabilit...

Page 370: ... may be viewed Restrictions Only Administrator level users can issue this command Example usage To configure the command history DES 1228 ME 5 config command_history 20 Command config command_history 20 Success DES 1228 ME 5 show command_history Purpose Used to display the command history Syntax show command_history Description This command is used to display the command history Parameters None Re...

Page 371: ...config bpdu_protection recovery_timer sec 60 1000000 infinite config bpdu_protection trap log none attack_detected attack_cleared both enable bpdu_protection disable bpdu_protection show bpdu_protection ports portlist Each command is listed in detail in the following sections Note The BPDU Attack Protection function and Spanning Tree Protocol for ports are mutually exclusive When the STP function ...

Page 372: ...tting of the config stp command is enabled when determining how to handle BPDU That is when fbpbu is enabled to forward STP BPDU frames AND the BPDU attack protection function is enabled the port will not forward STP BPDU frames BPDU attack protection has a higher priority than BPDU tunnel port setting i e config bpdu_tunnel ports command when determining how to handle BPDU That is when BPDU tunne...

Page 373: ...an be recovered manually or by the auto recovery mechanism This command is used to configure the auto recovery timer To manually recover the port the user needs to disable and re enable the port Parameters recover_timer Specifies the recovery timer The default value of recovery timer is 60 sec 60 1000000 The timer in seconds used by the auto recovery mechanism to recover the port The valid range i...

Page 374: ...and log log Specifies the log state The default state is both trap and log attack_detected Specifies that events will be logged or trapped when a BPDU attack is detected attack_cleared Specifies that events will be logged or trapped when the BPDU attack is cleared both Specifies that events will be logged or trapped for both cases The default setting for log is both and for trap is none Restrictio...

Page 375: ...Attack Protection function and Spanning Tree Protocol for ports are mutually exclusive When the STP function is enabled on a particular port BPDU Attack Protection cannot be enabled Parameters None Restrictions Only Administrator level Operator level or Power User level users can issue this command Example usage To enable BPDU attack protection on the entire Switch DES 1228 ME 5 enable bpdu_protec...

Page 376: ...pdu_protection Commands disable bpdu_protection Success DES 1228 ME 5 show bpdu_protection Purpose Used to display BPDU attack protection settings on the Switch Syntax show bpdu_protection ports portlist Description Use this to view the global or per port BPDU attack protection configuration Parameters ports Specify to view the BPDU attack protection port configuration portlist Specify the ports t...

Page 377: ...w bpdu_protection ports 1 12 Port State Mode Status 1 Enabled shutdown Normal 2 Enabled shutdown Normal 3 Enabled shutdown Normal 4 Enabled shutdown Normal 5 Enabled shutdown Under Attack 6 Enabled shutdown Normal 7 Enabled shutdown Normal 8 Enabled shutdown Normal 9 Enabled shutdown Normal 10 Enabled Block Normal 11 Disabled shutdown Normal 12 Disabled shutdown Normal DES 1228 ME 5 ...

Page 378: ...d is listed in detail in the following sections config pppoe circuit_id_insertion state Purpose Used to enable or disable the PPPoE circuit identifier insertion Syntax config pppoe circuit_id_insertion state enable disable Description When PPPoE circuit identifier insertion is enabled the system will insert the circuit ID tag to the received PPPoE discover and request packet if the tag is absent a...

Page 379: ...id Configures the device ID used for encoding of the circuit ID option mac Specifies that the Switch MAC address be used to encode the circuit ID option ip Specifies that the Switch IP address be used to encode the circuit ID option udf A user defined string to be used to encode the circuit ID option The maximum length is 32 The default encoding for the device ID option is the Switch IP address Re...

Page 380: ...nsertion ports portlist Description This command allows the user to view the configuration of PPPoE ID insertion for each port Parameters portlist Specifies which ports to display If no ports are specified all ports configuration will be listed Restrictions None Example usage To view PPPoE circuit ID configuration for ports 2 to 5 DES 1228 ME 5 show pppoe circuit_id_insertion ports 2 5 Command sho...

Page 381: ...config filter dhcp_server trap_log enable disable config filter dhcp_server illegal_server_log_suppress_duration 1min 5min 30min config filter dhcp_server Purpose DHCP server packets except those that have been IP client MAC bound will be filtered This command is used to configure the state of the function for filtering of DHCP server packet and to add delete the DHCP server client binding entry S...

Page 382: ...lter dhcp_server ports 1 10 state enable Success DES 1228 ME 5 show filter dhcp_server Purpose Used to display current DHCP server client filter list created on the switch Syntax show filter dhcp_server Description This command is used to display DHCP server client filter list created on the switch Parameters None Restrictions None Example usage To display the DHCP server filter list created on th...

Page 383: ...p_server trap enable Success DES 1228 ME 5 config filter dhcp_server illegal_server_log_suppress_duration Purpose Used to configure the suppress duration of illegal DHCP server feature Syntax config filter dhcp_server illegal_server_log_suppress_duration 1min 5min 30min Description Configure the time period to continue to suppress log entries listing illegal DHCP servers for the filter DHCP server...

Page 384: ...static neighbor to an IPv6 interface Parameters ipif_name The interface s name ipv6addr The address of the neighbor macaddr The MAC address of the neighbor Restrictions Only Administrator level Operator level or Power User level users can issue this command Example usage To create a static neighbor cache entry DES 1228 ME 5 create ipv6 neighbor_cache ipif System 3ffc 1 00 01 02 03 04 05 Command cr...

Page 385: ... neighbor_cache ipif ipif_name 12 all ipv6address ipv6addr static dynamic all Description This command is used to display the neighbor cache entry for the specified interface Display a specific entry all entries and all static entries Parameters ipif_name 12 The interface s name ipv6addr The address of the entry static The static neighbor cache entry dynamic The dynamic entries Restrictions None E...

Page 386: ...s DES 1228 ME 5 config ipv6 nd ns ipif Purpose Used to configure neighbor solicitation related arguments Syntax config ipv6 nd ns ipif ipif name 12 retrans_time uint 0 4294967295 Description This command is used to configure neighbor solicitation related arguments Parameters ipif_name The name of the interface retrans_timer The neighbor solicitation s retransmit timer in milliseconds Restrictions ...

Page 387: ...DES 1228 ME Metro Ethernet Managed Switch CLI Reference Guide 383 ...

Page 388: ...TP server Syntax debug error_log dump clear upload_toTFTP ipaddr path_filename 64 Description Dump clear or upload the debug log to a TFTP server The error log here refers to the software error log stored in NVRAM Parameters dump Display the debug message of the debug log clear Clear the debug log upload_toTFTP Upload the debug log to a TFTP server specified by IP address ipaddr Specifies the IPv4...

Page 389: ...ime 0000 00 00 00 34 34 SOFTWARE EXCEPTION ERROR Exception 0x80a3a310 Current TASK CLI TASK STACKTRACE 0x8018b8c0 0x802134b0 0x8023e7b0 0x8023f030 0x80247c18 0x8024758c 0x802472d0 0x8092ccb8 0x80189b40 0x801bd988 TASK NAME StackTop CurStkSP StackSize SchCnt PRIO I STATUS 80949E68 DBG 8094E138 8094A13C 0K 16K 1 1 1 S DBG_SEM 809438B8 myRoot 80949DA8 80943B8C 10K 24K 6879 5 5 Exit ...

Page 390: ...724 0K 19K B 60 60 S s02 80A3A310 CLI 80A4A5E0 80A3A5E44144421K 64K BBC6 65 65 Run 83C2188C IP6 83952540 8394E544 0K 16K 203 65 65 S s01 83C21568 PNG6 8394E540 8394A544 0K 16K 10 66 66 S s00 80950590 SYS_TIM 80951880 80950884 0K 4K 2 70 70 E SYS_TIM 81B77000 PAETMR 81B77000 81B73004 0K 16K 2048 70 70 Sleep 82A6DFB0 SSH_0 82A8F8E0 82A7F8E4 0K 64K 3 75 75 E SSH_0 82A69A78 smtp 82A6DD48 82A69D4C 1K 1...

Page 391: ...BFC4 3K 64K 2 75 75 E tn_6 81BAB1C0 tn_4 81C0BFC0 81BFBFC4 3K 64K 2 75 75 E tn_4 82A6E548 SSH_2 82AAF8E0 82A9F8E4 0K 64K 3 75 75 E SSH_2 83159058 SNP 83161328 8315932C 0K 32K 803 75 75 Sleep 835D82E0 SNP_RX 835E05E0 835D85E4 0K 32K 1 75 75 E eventSN 837844A0 BPDUPRe 83786770 83784774 0K 8K 2 75 75 E BPDUPro 82A6E814 SSH_3 82ABF8E0 82AAF8E4 0K 64K 3 75 75 E SSH_3 82A6EAE0 SSH_4 82ACF8E0 82ABF8E4 0K...

Page 392: ... 81D1F420 81D1E424 0K 4K 809 95 95 Sleep 81D05830 IP Task 81D15DD0 81D0DDD4 0K 32K F8DD 95 95 E IP_EV 80FE0050 RadiusT 80FE0050 80FDC054 0K 16K 3 99 99 Q RCT 82CB94D0 MSTP TM 82CBD7A0 82CB97A4 0K 16K 802 100 100 Sleep 82CBD7A0 MSTP Pr 82CC1A70 82CBDA74 0K 16K 2 101 101 Q MSTP 83358090 GVRP TM 83360360 83358364 0K 32K A21E 110 110 Sleep 87B65FE0 multiAs 87B65FD0 87B61FD4 0K 16K 1 110 110 S multi t ...

Page 393: ...809B547C 1K 32K 1002 200 200 Sleep 835D3318 PSECNOT 835D75E8 835D35EC 0K 16K 2 200 200 E PSecEve 834DD170 svLogTa 834E1440 834DD444 0K 16K 1002 200 200 Sleep 835BB820 Rx_Pkt 835BFAF0 835BBAF4 0K 16K 2 204 204 Q PKT 87B56880 bcmRX 87B56870 87B52874 0K 16K 3230B 205 205 S RX pkt 80E13828 CableDi 80E1FAF8 80E13AFC 0K 48K 1 210 210 Q CableDi 834F80E0 CPUTILI 83500680 834FC684 0K 16K 811 230 230 E CPUT...

Page 394: ... 0 0 81ba13c8 DHCPPEV 0 0 81b9d050 BOOTPEV 0 0 837d84c8 WEB 1 0 81baa65c tn_7 0 1 81baa618 tn_6 0 1 81baa5d4 tn_5 0 1 81baa590 tn_4 0 1 81baa54c tn_3 0 1 81baa508 tn_2 0 1 81baa4c4 tn_1 0 1 81baa480 tn_0 0 1 81c4e2d8 TN_EV 1 0 83c14310 TFTPC_E 0 0 84713060 TFTPC_E 0 0 81d05818 IP_EV 0 0 837867b0 BPDUPro 0 1 8374bf70 eventCT 0 0 83741dd0 safegua 0 1 835d3300 PSecFdb 1 0 835d32e8 PSecEve 0 1 835b36c...

Page 395: ...1040 81F257D0 TFTP 81F257F0 3424256 0 0 0 3424224 1 3424224 81D2B7B0 LA3 81D2B7D0 2072576 45488 0 106 2027744 9 2026880 80E27F20 ASD 80E27F40 1703936 657440 0 1386 1060144 3 1046464 82DD56B0 LLDP_RM 82DD56D0 1024000 0 0 0 1023968 1 1023968 82D71690 LLDP_RM 82D716B0 409600 0 0 0 409568 1 409568 82CE2E70 LLDP_MI 82CE2E90 583680 33840 0 86 549808 1 549808 82CC7650 LLDP_ME 82CC7670 112640 0 0 0 112608...

Page 396: ...v0 2 80935BF0 v1 3 80A4A298 a0 4 80936FF0 a1 5 00001400 a2 6 00000000 a3 7 00000000 t0 8 00000000 t1 9 00000000 t2 10 00000000 t3 11 00000000 t4 12 000013F6 t5 13 00000000 t6 14 00070660 t7 15 00000000 s0 16 802CFB4C s1 17 876ECD40 s2 18 00000008 s3 19 87482BB0 s4 20 00000000 s5 21 80A4A2B0 s6 22 00000002 s7 23 80212874 t8 24 00000000 t9 25 00000000 k0 26 00000008 k1 27 83EDD520 gp 28 8092CCC0 sp ...

Page 397: ... 00000000 87482BB0 00000000 00000008 80A4A3F8 876DC990 00000008 876DC990 876ECD40 TASK STACKTRACE 0x8018b8c0 0x802134b0 0x8023e7b0 0x8023f030 0x80247c18 0x8024758c 0x802472d0 0x8092ccb8 0x80189b40 0x801bd988 Success DES 1228 ME 5 debug config error_reboot Purpose This command is used to set if the switch needs to be rebooted when a fatal error occurs When the error occurs the watchdog timer will b...

Page 398: ...ons Only Administrator level users can issue this command Example usage To set the switch to not need a reboot when a fatal error occurs DES 1228 ME 5 debug config error_reboot disable Command debug config error_reboot disable Success DES 1228 ME 5 debug show error_reboot state Purpose Use the command to show the error reboot status Syntax debug show error_reboot state Description Show the error r...

Page 399: ... used to config the type of BPDU Tunneling ports The tunnel multicast address for STP BPDU is 01 05 5d 00 00 00 The tunnel multicast address for GVRP BPDU is 01 05 5d 00 00 21 Parameters ports Specify the ports on which the BPDU Tunneling will be enabled or disabled type Specify the type on the ports Restrictions Only Administrator level Operator level or Power User level users can issue this comm...

Page 400: ...This command is used to enable the BPDU Tunneling function By default BPDU Tunneling is disabled Parameters None Restrictions Only Administrator level Operator level or Power User level users can issue this command Example usage To enable BPDU tunneling DES 1228 5 enable bpdu_tunnel Command enable bpdu_tunnel Success DES 1228 5 disable bpdu_tunnel Purpose Used to disable the BPDU Tunneling functio...

Page 401: ...DES 1228 ME Metro Ethernet Managed Switch CLI Reference Guide 397 DES 1228 5 disable bpdu_tunnel Command disable bpdu_tunnel Success DES 1228 5 ...

Page 402: ...l emulation to the console port of the switch Power on the switch After the runtime image is loaded to 100 the Switch will allow 2 seconds for the user to press the hotkey Shift 6 to enter the Password Recovery Mode Once the Switch enters the Password Recovery Mode all ports on the Switch will be disabled Boot Procedure V2 00 001 Power On Self Test 100 MAC Address 00 19 5B EC 32 15 H W Version B1 ...

Page 403: ...ad Downlo ad Firmware upgraded successfully Firmware upgraded successfully Username username IP ipaddr Informational Firmware upgraded by console successfully Firmware upgraded by console successfully Username username Informational Firmware upgrade was unsuccessful Firmware upgrade was unsuccessful Username username IP ipaddr Warning Firmware upgrade by console was unsuccessful Firmware upgrade b...

Page 404: ...ssful login through Web Successful login through Web Username username IP ipaddr Informational Login failed through Web Login failed through Web Username username IP ipaddr Warning Logout through Web Logout through Web Username username IP ipaddr Informational Web session timed out Web session timed out Username username IP ipaddr Informational Telnet Successful login through Telnet Successful log...

Page 405: ...l Login failed through Web authenticated by AAA local method Login failed failed through Web from userIP authenticated by AAA local method Username username Warning Successful login through Telnet authenticated by AAA local method Successful login through Telnet from userIP authenticated by AAA local method Username username Informational Login failed through Telnet authenticated by AAA local meth...

Page 406: ...A server serverIP Username username Informational Login failed through SSH authenticated by AAA server Login failed through SSH from userIP authenticated by AAA server serverIP Username username Warning Login failed through SSH due to AAA server timeout or improper configuration Login failed through SSH from userIP due to AAA server timeout or improper Configuration Username username Warning Succe...

Page 407: ...l Enable Admin failed through Web authenticated by AAA server Enable Admin failed through Web from userIP authenticated by AAA server serverIP Username username Warning Successful Enable Admin through Telnet authenticated by AAA server Successful Enable Admin through Telnet from userIP authenticated by AAA server serverIP Username username Informational Enable Admin failed through Telnet authentic...

Page 408: ...Port portNum Account user_account Informational Radius server assigned ingress bandwith Kbits to port Radius server server_ip assigned ingress bandwith bandwidth_value Kbits to Port portNum Account user_account Informational Radius server assigned ingress bandwith no limit to port Radius server server_ip assigned ingress bandwith no limit to Port portNum Account user_account Informational Radius s...

Page 409: ... block shutdown Informational BPDU attack automatically recover Port portNum recover from BPDU under protection state automatically Informational BPDU attack manually recover Port portNum recover from BPDU under protection state manually Informational DHCP Server Screening Detected untrusted DHCP server IP address Detected untrusted DHCP server IP ipaddr Informational ...

Page 410: ...alue alarmRisingThreshold V2 rfc2819 RMON MIB fallingAlarm 1 3 6 1 2 1 16 0 2 alarmIndex alarmVariable alarmSampleType alarmValue alarmFallingThreshold V2 rfc2819 RMON MIB LldpRemTablesChange 1 0 8802 1 1 2 0 0 1 lldpStatsRemTablesInserts lldpStatsRemTablesDeletes lldpStatsRemTablesDrops lldpStatsRemTablesAgeouts V2 LLDP MIB Proprietary Trap List Trap Name OID Variable Bind Format MIB Name agentCf...

Page 411: ... 0 1 swBpduProtectionPortIndex swBpduProtectionPortMode V2 BPDU PROTECTION MIB swBpduProtectionRecoveryTrap 1 3 6 1 4 1 171 12 76 4 0 2 swBpduProtectionPortIndex swBpduProtectionRecoveryMethod V2 BPDU PROTECTION MIB swFilterDetectedTrap 1 3 6 1 4 1 171 12 37 100 0 1 swFilterDetectedIP swFilterDetectedport V2 FILTER MIB swL2PortSecurityViolationTrap 1 3 6 1 4 1 171 11 116 2 2 20 0 1 swL2PortSecurit...

Page 412: ...s not configure the bandwidth attribute and authenticates successfully the device will not assign any bandwidth to the port If the bandwidth attribute is configured on the RADIUS server with a value of 0 or more than the effective bandwidth 100Mbps on an Ethernet port or 1Gbps on a Gigabit port of the port will be set to no_limited To assign 802 1p default priority by RADIUS Server the proper para...

Page 413: ... in use in the case of a tunnel terminatior 13 VLAN Required Tunnel Medium Type This attribute indicates the transport medium being used 6 802 Required Tunnel Private Group ID This attribute indicates group ID for a particular tunneled session A string VID Required If the user has configured the VLAN attribute of the RADIUS server for example VID 3 and the 802 1X authentication is successful the p...

Reviews:

No comments

Related manuals for DES-1228/ME

Eaton COOPER POWER SERIES Maintenance Instructions Manual preview
COOPER POWER SERIES
Brand: Eaton Pages: 32
Keithley 2750 User Manual preview
2750
Brand: Keithley Pages: 452
Black Box LB9019A Installation preview
LB9019A
Brand: Black Box Pages: 2
plasa SRS Lighting DTS16F-DIN Instruction Manual preview
SRS Lighting DTS16F-DIN
Brand: plasa Pages: 4
IOGear GUH420 Quick Start Manual preview
GUH420
Brand: IOGear Pages: 1
Key Digital KD-PS42 Manual preview
KD-PS42
Brand: Key Digital Pages: 31
Lindy 32586 Quick Start Manual preview
32586
Brand: Lindy Pages: 2
Eaton P1 XM Series Instruction Leaflet preview
P1 XM Series
Brand: Eaton Pages: 2
Elements LINQ LQ48006 Product Manual preview
LINQ LQ48006
Brand: Elements Pages: 2
Kobold TDD Operating Instructions Manual preview
TDD
Brand: Kobold Pages: 23
Manhattan 100984 Instruction Manual preview
100984
Brand: Manhattan Pages: 2
Radio Systems HUB16-DC Technical Manual preview
HUB16-DC
Brand: Radio Systems Pages: 19
3onedata IES2008 Quick Installation Manual preview
IES2008
Brand: 3onedata Pages: 2
Seastar Solutions pro-trim PT1000 Installation Manual preview
pro-trim PT1000
Brand: Seastar Solutions Pages: 2
LevelOne IGP-0401 User Manual preview
IGP-0401
Brand: LevelOne Pages: 6
Allied Telesis AT-GS903SX Installation Manual preview
AT-GS903SX
Brand: Allied Telesis Pages: 44
Black Box ServSwitch TDX User Manual preview
ServSwitch TDX
Brand: Black Box Pages: 21
ANTAIRA Lanolinx LNX-1002GN User Manual preview
Lanolinx LNX-1002GN
Brand: ANTAIRA Pages: 110

Brands by name

Popular brands

Load more brands