manualshive.com logo in svg

D-Link DES-3028, Cli Reference Manual, Page: 240 / 358

Share
Download
D-Link DES-3028 Cli Reference Manual Download Page 240

DES-3028 DES-3028P DES-3028G DES-3052 DES-3052P Layer 2 Fast Ethernet Switch CLI Reference Manual

 

 

235

 

disable ssl 

Purpose 

To disable the SSL function on the Switch. 

Syntax 

disable ssl {ciphersuite {RSA_with_RC4_128_MD5 | 
RSA_with_3DES_EDE_CBC_SHA | 
DHE_DSS_with_3DES_EDE_CBC_SHA | 
RSA_EXPORT_with_RC4_40_MD5}} 

Description 

This command will disable SSL on the Switch and can be used to 
disable any one or combination of listed ciphersuites on the Switch. 

Parameters 

ciphersuite

 - A security string that determines the exact cryptographic 

parameters, specific encryption algorithms and key sizes to be used for 
an authentication session. The user may choose any combination of the 
following:  

1.

 

RSA_with_RC4_128_MD5

 – This ciphersuite combines the RSA 

key exchange, stream cipher RC4 encryption with 128-bit keys 
and the MD5 Hash Algorithm. 

2.

 

RSA_with_3DES_EDE_CBC_SHA

 

 This ciphersuite combines 

the RSA key exchange, CBC Block Cipher 3DES_EDE 
encryption and the SHA Hash Algorithm. 

3.

 

DHE_DSS_with_3DES_EDE_CBC_SHA 

 This ciphersuite 

combines the DSA Diffie Hellman key exchange, CBC Block 
Cipher 3DES_EDE encryption and SHA Hash Algorithm. 

4.

 

RSA_EXPORT_with_RC4_40_MD5

 

 This ciphersuite combines 

the RSA Export key exchange, stream cipher RC4 encryption 
with 40-bit keys. 

Restrictions 

Only Administrator-level users can issue this command. 

Example usage:  

 

To disable the SSL status on the Switch: 

DES-3028P:4#disable ssl 

Command: disable ssl 

 

Success. 

 

DES-3028P:4#

 

To disable ciphersuite 

RSA_EXPORT_with_RC4_40_MD5 

only: 

DES-3028P:4#disable 

ssl ciphersuite 

RSA_EXPORT_with_RC4_40_MD5 

Command: disable ssl ciphersuite 
RSA_EXPORT_with_RC4_40_MD5 

 

Success. 

 

DES-3028P:4# 

 

config ssl cachetimeout timeout 

Purpose 

Used to configure the SSL cache timeout. 

Syntax 

config ssl cachetimeout timeout <value 60-86400> 

Description 

This command will set the time between a new key exchange 
between a client and a host using the SSL function. A new SSL 
session is established every time the client and host go through a 

Summary of Contents for DES-3028

Page 1: ...CLI Reference Manual ProductModel DES 3028 DES 3028P DES 3028G DES 3052 DES 3052P Managed 10 100Mbps Fast Ethernet Switch Release 2 ...

Page 2: ...ation is strictly forbidden Trademarks used in this text D Link and the D LINK logo are trademarks of D Link Computer Corporation Microsoft and Windows are registered trademarks of Microsoft Corporation Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products D Link Computer Corporation disclaims any proprietary in...

Page 3: ... SNMP COMMANDS 33 SWITCH UTILITY COMMANDS 53 NETWORK MONITORING COMMANDS 62 MULTIPLE SPANNING TREE PROTOCOL MSTP COMMANDS 74 FORWARDING DATABASE COMMANDS 87 BROADCAST STORM CONTROL COMMANDS 94 COS COMMANDS 98 PORT MIRRORING COMMANDS 112 VLAN COMMANDS 115 LINK AGGREGATION COMMANDS 122 BASIC IP COMMANDS 127 IGMP SNOOPING COMMANDS 130 DHCP RELAY 141 802 1X COMMANDS 148 ACCESS CONTROL LIST ACL COMMAND...

Page 4: ...ROL COMMANDS 205 SSH COMMANDS 226 SSL COMMANDS 233 D LINK SINGLE IP MANAGEMENT COMMANDS 239 SMTP COMMANDS 250 POE COMMANDS 254 CABLE DIAGNOSTICS COMMANDS 259 DHCP LOCAL RELAY COMMANDS 260 GRATUITOUS ARP COMMANDS 262 VLAN TRUNKING COMMANDS 266 QINQ COMMANDS 270 ASYMMETRIC VLAN COMMANDS 273 MLD SNOOPING COMMANDS 275 IGMP SNOOPING MULTICAST VLAN COMMANDS 282 LIMITED IP MULTICAST ADDRESS COMMANDS 287 ...

Page 5: ...MANDS 311 IP MAC PORT BINDING COMMANDS 316 LOOPBACK DETECTION COMMANDS 327 TECHNICAL SUPPORT COMMANDS 331 COMMAND HISTORY LIST 334 TECHNICAL SPECIFICATIONS 338 ARP PACKET CONTENT ACL 344 PASSWORD RECOVERY PROCEEDURE 352 ...

Page 6: ...series of switches unless otherwise stated Configuration and management of the Switch via the Web based management agent is discussed in the User s Guide Accessing the Switch via the Serial Port The Switch s serial port s default settings are as follows 9600 baud no parity 8 data bits 1 stop bit A computer running a terminal emulation program capable of emulating a VT 100 terminal and a serial por...

Page 7: ...ch must be known The IP address may be set using the Command Line Interface CLI over the console serial port as follows 1 Starting at the command line prompt enter the commands config ipif System ipaddress xxx xxx xxx xxx yyy yyy yyy yyy Where the x s represent the IP address to be assigned to the IP interface named System and the y s represent the corresponding subnet mask 2 Alternatively users c...

Page 8: ...d Connecting to the Switch The console interface is used by connecting the Switch to a VT100 compatible terminal or a computer running an ordinary terminal emulator program e g the HyperTerminal program included with the Windows operating system using an RS 232C serial cable Your terminal parameters will need to be set to VT 100 compatible 9600 baud 8 data bits No parity One stop bit No flow contr...

Page 9: ...ure 2 2 The Command When users enter a command without its required parameters the CLI will prompt users with Next possible completions message DES 3028P 4 config account Command config account Next possible completions username DES 3028P 4 Figure 2 3 Example Command Parameter Help In this case the command config account was entered with the parameter username The CLI will then prompt users to ent...

Page 10: ...he help prompts are the same as presented in this manual angle brackets indicate a numerical value or character string braces indicate optional parameters or a choice of parameters and brackets indicate required parameters If a command is entered that is unrecognized by the CLI the top level commands will be displayed under the Available commands prompt DES 3028P 4 the Available commands cable_dia...

Page 11: ...port limited_multicast_addr link_aggregation lldp log log_save_timing loopdetect mac_notification max_mcast_group mcast_filter_profile mirror mld_snooping multicast multicast_fdb packet port_security ports qinq radius router_ports safeguard_engine scheduling scheduling_mechanism serial_port session sim smtp snmp sntp ssh ssl stp switch syslog tech_support terminal_line time time_range traffic traf...

Page 12: ...ommand config ipif Engineering ipaddress 10 24 22 5 255 0 0 0 vlan Design state enable square brackets Purpose Encloses a required value or set of required arguments One value or argument can be specified Syntax create account admin user username 15 Description In the above syntax example users must specify either an admin or a user level account to be created Do not type the square brackets Examp...

Page 13: ...ats the previously entered command Each time the up arrow is pressed the command previous to that displayed appears This way it is possible to review the command history for the current session Use the down arrow to progress sequentially forward through the command history list Down Arrow The down arrow will display the next command in the command history entered in the current session This displa...

Page 14: ...user username 15 config account username 15 show account delete account username 15 show session show switch show serial_port config serial_port baud_rate 9600 19200 38400 115200 auto_logout never 2_minutes 5_minutes 10_minutes 15_minutes enable clipaging disable clipaging enable telnet tcp_port_number 1 65535 disable telnet telnet ipaddr tcp_port value 0 65535 enable web tcp_port_number 1 65535 d...

Page 15: ...mple usage To enable password encryption on the Switch DES 3028P 4 enable password encryption Command enable password encryption Success DES 3028P 4 disable password encryption Purpose Used to disable password encryption on a user account Syntax disable password encryption Description The user account configuration information will be stored in the configuration file and can be applied to the syst...

Page 16: ...e username dlink DES 3028P 4 create account admin dlink Command create account admin dlink Enter a case sensitive new password Enter the new password again for confirmation Success DES 3028P 4 NOTICE In the case of lost passwords or password corruption please refer to Appendix C Password Recovery Procedure at the end of this manual which will guide you through the steps necessary to resolve this i...

Page 17: ...ts can exist at one time Parameters None Restrictions Only Administrator level users can issue this command Example usage To display the accounts that have been created DES 3028P 4 show account Command show account Current Accounts Username Access Level dlink Admin Total Entries 1 DES 3028P 4 delete account Purpose Used to delete an existing user account Syntax delete account username Description ...

Page 18: ... 4 delete account System Command delete account System Success DES 3028P 4 show session Purpose Used to display a list of currently logged in users Syntax show session Description This command displays a list of all the users that are logged in at the time the command is issued Parameters None Restrictions None ...

Page 19: ...mmand displays information about the Switch Parameters None Restrictions Only Administrator level users can issue this command Example usage To display the Switch s information DES 3028P 4 show switch Command show switch Device Type DES 3028P Fast Ethernet Switch MAC Address 00 19 5B EF 78 B5 IP Address 10 73 21 11 Manual VLAN Name default Subnet Mask 255 0 0 0 Default Gateway 0 0 0 0 Boot PROM Ve...

Page 20: ...tes Description This command is used to configure the serial port s baud rate and auto logout settings Parameters baud_rate 9600 19200 38400 115200 The serial bit rate that will be used to communicate with the management host There are four options 9600 19200 38400 115200 never No time limit on the length of time the console can be open with no user input 2_minutes The console will log out the cur...

Page 21: ...d output reaches the end of the page DES 3028P 4 enable clipaging Command enable clipaging Success DES 3028P 4 disable clipaging Purpose Used to disable the pausing of the console screen scrolling at the end of each page when a command displays more than one screen of information Syntax disable clipaging Description This command is used to disable the pausing of the console screen at the end of ea...

Page 22: ... DES 3028P 4 disable telnet Purpose Used to disable the Telnet protocol on the Switch Syntax disable telnet Description This command is used to disable the Telnet protocol on the Switch Parameters None Restrictions Only Administrator level users can issue this command Example usage To disable the Telnet protocol on the Switch DES 3028P 4 disable telnet Command disable telnet Success DES 3028P 4 te...

Page 23: ...TCP port number TCP ports are numbered between 1 and 65535 The well known port for the Web based management software is 80 Restrictions Only Administrator level users can issue this command Example usage To enable HTTP and configure port number DES 3028P 4 enable web 80 Command enable web 80 Note SSL will be disabled if web is enabled Success DES 3028P 4 disable web Purpose Used to disable the HTT...

Page 24: ...aved to the configuration Restrictions Only Administrator level users can issue this command Example usage To save the Switch s current configuration to non volatile RAM DES 3028P 4 save Command save Saving all configurations to NV RAM Done Success DES 3028P 4 reboot Purpose Used to restart the Switch Syntax reboot Description This command is used to restart the Switch Parameters None Restrictions...

Page 25: ... save and reboot after the settings are changed to default Rebooting will clear all entries in the Forwarding Data Base force_agree When force_agree is specified the reset command will be executed immediately without further confirmation If no parameter is specified the Switch s current IP address user accounts and the switch history log are not changed All other parameters are restored to the fac...

Page 26: ... 4 login Command login UserName logout Purpose Used to log out a user from the Switch s console Syntax logout Description This command terminates the current user s session on the Switch s console Parameters None Restrictions None Example usage To terminate the current user s console session DES 3028P 4 logout ...

Page 27: ...se this command to change the command prompt Parameters string 16 The command prompt can be changed by entering a new name of no more that 16 characters username The command prompt will be changed to the login username default The command prompt will reset to factory default command prompt Restrictions Only Administrator level users can issue this command Other restrictions include If the reset re...

Page 28: ...r restrictions include If the reset reset config command is executed the modified banner will remain modified However the reset system command will reset the modified banner to the original factory banner The capacity of the banner is 6 80 6 Lines and 80 characters per line Ctrl W will only save the modified banner in the DRAM Users need to type the save command to save it into FLASH Only valid in...

Page 29: ...w greeting_message Description This command is used to view the currently configured greeting message on the Switch Parameters None Restrictions None Example usage To view the currently configured greeting message DES 3028P 4 show greeting_message Command show greeting_message DES 3028P Fast Ethernet Switch Command Line Interface Firmware Build 2 00 B23 Copyright C 2009 D Link Corporation All righ...

Page 30: ...10 100 1000 Configures the speed in Mbps for the specified range of ports Gigabit ports are statically set to 1000 but can be set to slower speeds half full Configures the specified range of ports as either full duplex or half duplex master slave The master setting 1000M Full_M will allow the port to advertise capabilities related to duplex speed and physical layer type The master setting will als...

Page 31: ...DES 3028P 4 show ports Purpose Used to display the current configuration of a range of ports Syntax show ports portlist description err_disabled Description The show ports command displays the current configurations of a range of ports No parameters will show all ports Parameters portlist Specifies a port or range of ports to be displayed description Adding this parameter to the show ports command...

Page 32: ... FlowCtrl Learning 1 Enabled Auto Disabled LinkDown Enabled Auto 2 Enabled Auto Disabled LinkDown Enabled Auto 3 Enabled Auto Disabled LinkDown Enabled Auto 4 Enabled Auto Disabled LinkDown Enabled Auto 5 Enabled Auto Disabled LinkDown Enabled Auto 6 Enabled Auto Disabled LinkDown Enabled Auto 7 Enabled Auto Disabled 100M Full None Enabled Auto 8 Enabled Auto Disabled LinkDown Enabled Auto 9 Enabl...

Page 33: ... Port State Settings Connection Address MDI Speed Duplex FlowCtrl Speed Duplex FlowCtrl Learning 1 Enabled Auto Disabled LinkDown Enabled Auto Desc 2 Enabled Auto Disabled LinkDown Enabled Auto Desc 3 Enabled Auto Disabled LinkDown Enabled Auto Desc 4 Enabled Auto Disabled LinkDown Enabled Auto Desc 5 Enabled Auto Disabled LinkDown Enabled Auto Desc 6 Enabled Auto Disabled LinkDown Enabled Auto De...

Page 34: ...ate enable disable max_learning_addr max_lock_no 0 16 lock_address_mode Permanent DeleteOnTimeout DeleteOnReset Description This command allows for the configuration of the port security feature Only the ports listed in the auth_portlist are affected Parameters auth_portlist Specifies a port or range of ports to be configured all Configure port security for all ports on the Switch admin_state enab...

Page 35: ...nding MAC address previously learned by the port to delete port auth_port Enter the port number which has learned the previously entered MAC address Restrictions Only Administrator level users can issue this command Example usage To delete a port security entry DES 3028P 4 delete port_security_entry vlan_name default mac_address 00 01 30 10 2C C7 port 6 Command delete port_security_entry vlan_name...

Page 36: ...t security configuration DES 3028P 4 show port_security ports 1 10 Command show port_security ports 1 10 Port_security Trap Log Disabled Port Admin State Max Learning Addr Lock Address Mode 1 Disabled 1 DeleteOnTimeout 2 Disabled 1 DeleteOnTimeout 3 Disabled 1 DeleteOnTimeout 4 Disabled 1 DeleteOnTimeout 5 Disabled 1 DeleteOnTimeout 6 Disabled 1 DeleteOnTimeout 7 Disabled 1 DeleteOnTimeout 8 Disab...

Page 37: ...ose Used to disable the trap log for port security Syntax disable port_security trap_log Description This command along with the enable port_security trap_log will disable the sending of log messages to the Switch s log and SNMP agent when the port security of the Switch has been triggered Parameters None Restrictions None Example usage To enable the port security trap log setting DES 3028P 4 enab...

Page 38: ...A algorithms AuthPriv DES 56 bit encryption is added based on the CBC DES DES 56 standard The network management commands in the Command Line Interface CLI are listed along with the appropriate parameters in the following table Command Parameters create snmp user SNMP_name 32 groupname 32 encrypted by_password auth md5 auth_password 8 16 sha auth_password 8 20 priv none des priv_password 8 16 by_k...

Page 39: ...n SNMP group that is also created by this command SNMP ensures Message integrity Ensures that packets have not been tampered with during transit Authentication Determines if an SNMP message is from a valid source Encryption Scrambles the contents of messages to prevent it from being viewed by an unauthorized source Parameters SNMP_name 32 An alphanumeric name of up to 32 characters that will ident...

Page 40: ...it encryption to be added using the DES 56 standard using priv_password 8 16 An alphanumeric string of between 8 and 16 characters that will be used to encrypt the contents of messages the host sends to the agent priv_key 32 32 Enter an alphanumeric key string of exactly 32 characters in hex form that will be used to encrypt the contents of messages the host sends to the agent none Adding this par...

Page 41: ...how snmp user Username Group Name SNMP Version Auth Protocol PrivProtocol initial initial V3 None None Total Entries 1 DES 3028P 4 create snmp view Purpose Used to assign views to community strings to limit which MIB objects and SNMP manager can access Syntax create snmp view view_name 32 oid view_type included excluded Description The create snmp view command assigns views to community strings to...

Page 42: ... characters that identifies the SNMP view to be deleted all Specifies that all of the SNMP views on the Switch will be deleted oid The object ID that identifies an object tree MIB tree that will be deleted from the Switch Restrictions Only Administrator level users can issue this command Example usage To delete a previously configured SNMP view from the Switch DES 3028P 4 delete snmp view dlinkvie...

Page 43: ...w that defines the subset of all MIB objects that will be accessible to the SNMP community read_write or read_only level permission for the MIB objects accessible to the SNMP community Syntax create snmp community community_string 32 view view_name 32 read_only read_write Description The create snmp community command is used to create an SNMP community string and to assign access limiting characte...

Page 44: ... is used like a password to give remote SNMP managers access to MIB objects in the Switch s SNMP agent Restrictions Only Administrator level users can issue this command Example usage To delete the SNMP community string dlink DES 3028P 4 delete snmp community dlink Command delete snmp community dlink Success DES 3028P 4 show snmp community Purpose Used to display SNMP community strings configured ...

Page 45: ...Parameters snmp_engineID An alphanumeric string that will be used to identify the SNMP engine on the Switch Restrictions Only Administrator level users can issue this command Example usage To give the SNMP agent on the Switch the name 0035636666 DES 3028P 4 config snmp engineID 0035636666 Command config snmp engineID 0035636666 Success DES 3028P 4 show snmp engineID Purpose Used to display the ide...

Page 46: ... devices through a combination of authentication and encrypting packets over the network SNMP v3 adds Message integrity Ensures that packets have not been tampered with during transit Authentication Determines if an SNMP message is from a valid source Encryption Scrambles the contents of messages to prevent it being viewed by an unauthorized source noauth_nopriv Specifies that there will be no aut...

Page 47: ... that will identify the SNMP group the new SNMP user will be associated with Restrictions Only Administrator level users can issue this command Example usage To delete the SNMP group named sg1 DES 3028P 4 delete snmp group sg1 Command delete snmp group sg1 Success DES 3028P 4 show snmp groups Purpose Used to display the group names of SNMP groups currently configured on the Switch The security mod...

Page 48: ... authNoPriv Group Name Group5 ReadView Name ReadView WriteView Name WriteView Notify View Name NotifyView Security Model SNMPv3 Security Level authNoPriv Group Name initial ReadView Name restricted WriteView Name Notify View Name restricted Security Model SNMPv3 Security Level NoAuthNoPriv Group Name ReadGroup ReadView Name CommunityView WriteView Name Notify View Name CommunityView Security Model...

Page 49: ...ng transit Authentication determines if an SNMP message is from a valid source Encryption scrambles the contents of messages to prevent it being viewed by an unauthorized source noauth_nopriv Specifies that there will be no authorization and no encryption of packets sent between the Switch and a remote SNMP manager auth_nopriv Specifies that authorization will be required but there will be no encr...

Page 50: ...emote SNMP managers that are designated as recipients of SNMP traps that are generated by the Switch s SNMP agent Parameters ipaddr The IP address of a remote SNMP manager that will receive SNMP traps generated by the Switch s SNMP agent Restrictions None Example usage To display the currently configured SNMP hosts on the Switch DES 3028P 4 show snmp host Command show snmp host SNMP Host Table Hos...

Page 51: ...IP network addresses that are allowed to manage the Switch via in band SNMP or TELNET based management software These IP addresses must be members of the Management VLAN If no IP addresses are specified then there is nothing to prevent any IP address from accessing the Switch provided the user knows the Username and Password Parameters network_address The IP address and netmask of the trusted host...

Page 52: ...level users can issue this command Example usage To delete a trusted host with an IP address 10 48 74 121 DES 3028P 4 delete trusted_host 10 48 74 121 Command delete trusted_host 10 48 74 121 Success DES 3028P 4 delete trusted_host network Purpose Used to delete a trusted host entry made using the create trusted_host network command above Syntax delete trusted _host network network_address Descrip...

Page 53: ...this command Example usage To delete all trusted host entries DES 3028G 4 delete trusted_host all Command delete trusted_host all Success enable snmp traps Purpose Used to enable SNMP trap support Syntax enable snmp traps Description The enable snmp traps command is used to enable SNMP trap support on the Switch Parameters None Restrictions Only Administrator level users can issue this command Exa...

Page 54: ...e SNMP trap support status currently configured on the Switch Parameters None Restrictions Only Administrator level users can issue this command Example usage To view the current SNMP trap support DES 3028P 4 show snmp traps Command show snmp traps SNMP Traps Enabled Authenticate Traps Enabled DES 3028P 4 disable snmp traps Purpose Used to disable SNMP trap support on the Switch Syntax disable snm...

Page 55: ...on The config snmp system_contact command is used to enter the name and or other information to identify a contact person who is responsible for the Switch A maximum of 128 characters can be used Parameters sw_contact A maximum of 128 characters is allowed A NULL string is accepted if there is no contact Restrictions Only Administrator level users can issue this command Example usage To configure ...

Page 56: ...g snmp system_name command configures the name of the Switch Parameters sw_name A maximum of 128 characters is allowed A NULL string is accepted if no name is desired Restrictions Only Administrator level users can issue this command Example usage To configure the Switch name for DES 3028P Switch DES 3028P 4 config snmp system_name DES 3028P Switch Command config snmp system_name DES 3028P Switch ...

Page 57: ...rpose Used to disable RMON on the Switch Syntax disable rmon Description This command is used in conjunction with the enable rmon command above to enable and disable remote monitoring RMON on the Switch Parameters None Restrictions Only Administrator level users can issue this command Example Usage To disable RMON DES 3028P 4 disable rmon Command disable rmon Success DES 3028P 4 ...

Page 58: ...rver Syntax download firmware_fromTFTP ipaddr path_filename 64 image_id int 1 2 cfg_fromTFTP ipaddr path_filename 64 increment Description This command is used to download a new firmware or a Switch configuration file from a TFTP server Parameters firmware_fromTFTP Download and install new firmware on the Switch from a TFTP server cfg_fromTFTP Download a switch configuration file from a TFTP serve...

Page 59: ...er listed in the configuration file When the file has been successfully loaded the message End of configuration file for DES 3028P appears followed by the command prompt DES 3028P 4 disable authen_policy Command disable authen_policy Success DES 3028P 4 config firmware Purpose Used to configure the firmware section image as a boot up section or to delete the firmware section Syntax config firmware...

Page 60: ...00 B23 1861680 0000 00 00 05 22 22 10 73 21 1 CONSOLE Anonymous 2 1 00 B32 1533156 0000 00 00 00 03 03 172 18 215 217 CONSOLE Anonymous Boot up firmware SSH Firmware update through SSH WEB Firmware update through WEB SIM Firmware update through Single IP Management SNMP Firmware update through SNMP TELNET Firmware update through TELNET CONSOLE Firmware update through CONSOLE DES 3028P 4 show confi...

Page 61: ... base 15 MAC address table notification 16 STP 17 SSH 18 SSL 19 ACL 20 SNTP 21 IP route 22 LACP 23 ARP 24 IP 25 IGMP snooping 26 access authentication control TACACS etc 27 PoE 28 Bandwidth 29 Time_range 30 GM 31 safeguard_engine 32 Banner_promp 33 SMTP 34 AAA 35 DHCP_Relay Parameters current_config Entering this parameter will display configurations entered without being saved to NVRAM config_in_...

Page 62: ... a TFTP Syntax upload cfg_toTFTP log_toTFTP ipaddr path_filename 64 Description This command is used to upload either the Switch s current settings or the Switch s history log to a TFTP server Parameters cfg_toTFTP Specifies that the Switch s current settings will be uploaded to the TFTP server log_toTFTP Specifies that the switch history log will be uploaded to the TFTP server ipaddr The IP addre...

Page 63: ...for information on loading a configuration file If the Switch is unable to complete the auto configuration process the previously saved local configuration file present in Switch memory will be loaded Example usage To enable auto configuration on the Switch DES 3028P 4 enable autoconfig Command enable autoconfig Success DES 3028P 4 When autoconfig is enabled and the Switch is rebooted the normal l...

Page 64: ... ROUTE DES 3028P 4 DES 3028P 4 DES 3028P 4 DES 3028P 4 End of configuration file for DES 3028P DES 3028P 4 DES 3028P 4 DES 3028P 4 disable autoconfig Purpose Use this to deactivate auto configuration from DHCP Syntax disable autoconfig Description This instructs the Switch not to accept auto configuration instruction from the DHCP server This does not change the IP settings of the Switch The ipif ...

Page 65: ...etween network devices Syntax ping ipaddr times value 1 255 timeout sec 1 99 Description The ping command sends Internet Control Message Protocol ICMP echo messages to a remote IP address The remote IP address will then echo or return the message This is used to confirm connectivity between the Switch and the remote device Parameters ipaddr Specifies the IP address of the host times value 1 255 Th...

Page 66: ...lt value 20 80 Description Used to configure the number of rows which can be displayed on a screen Default value is 24 Parameters None Restrictions Only Administrator level users can issue this command Example usage To configure the terminal line DES 3028P 4 config terminal_line 30 Command config terminal_line 30 Success DES 3028P 4 show terminal line Purpose Used to display the number of rows whi...

Page 67: ...t_number state enable disable config syslog host all index 1 4 severity informational warning all facility local0 local1 local2 local3 local4 local5 local6 local7 udp_port udp_port_number ipaddress ipaddr state enable disable delete syslog host index 1 4 all show syslog host index 1 4 config log_save_timing time_interval min 1 65535 on_demand log_trigger show log_save_timing Each command is listed...

Page 68: ... Used to display the error statistics for a range of ports Syntax show error ports portlist Description This command will display all of the packet error statistics collected and logged by the Switch for a given port list Parameters portlist Specifies a port or range of ports to be displayed Restrictions None Example usage To display the errors of the port 3 of module 1 DES 3028P 4 show error port...

Page 69: ...Switch portlist Specifies a port or range of ports to be displayed Restrictions None Example usage To display the port utilization statistics DES 3028P 4 show utilization ports Command show utilization ports Port TX sec RX sec Util Port TX sec RX sec Util 1 0 0 0 22 0 0 0 2 0 0 0 23 0 0 0 3 0 0 0 24 0 0 0 4 0 0 0 25 0 0 0 5 0 0 0 26 0 0 0 6 0 0 0 27 0 0 0 7 0 37 1 28 0 0 0 8 0 0 0 9 0 0 0 10 0 0 0...

Page 70: ...ters ports 2 9 Success DES 3028P 4 clear log Purpose Used to clear the Switch s history log Syntax clear log Description This command will clear the Switch s history log Parameters None Restrictions Only Administrator level users can issue this command Example usage To clear the log information DES 3028P 4 clear log Command clear log Success DES 3028P 4 show log Purpose Used to display the switch ...

Page 71: ...me Anonymous DES 3028P 4 enable syslog Purpose Used to enable the system log to be sent to a remote host Syntax enable syslog Description The enable syslog command enables the system log to be sent to a remote host Parameters None Restrictions Only Administrator level users can issue this command Example usage To the syslog function on the Switch DES 3028P 4 enable syslog Command enable syslog Suc...

Page 72: ...ing all facility local0 local1 local2 local3 local4 local5 local6 local7 udp_port udp_port_number state enable disable Description The create syslog host command is used to create a new syslog host index 1 4 Specifies that the command will be applied to an index of hosts There are four available indexes numbered 1 through 4 ipaddress ipaddr Specifies the IP address of the remote host where syslog ...

Page 73: ...bove local2 Specifies that local use 2 messages will be sent to the remote host This corresponds to number 18 from the list above local3 Specifies that local use 3 messages will be sent to the remote host This corresponds to number 19 from the list above local4 Specifies that local use 4 messages will be sent to the remote host This corresponds to number 20 from the list above local5 Specifies tha...

Page 74: ...wing Bold font indicates that the corresponding severity level is currently supported on the Switch Numerical Severity Code 0 Emergency system is unusable 1 Alert action must be taken immediately 2 Critical critical conditions 3 Error error conditions 4 Warning warning conditions 5 Notice normal but significant condition 6 Informational informational messages 7 Debug debug level messages Parameter...

Page 75: ...ove local2 Specifies that local use 2 messages will be sent to the remote host This corresponds to number 18 from the list above local3 Specifies that local use 3 messages will be sent to the remote host This corresponds to number 19 from the list above local4 Specifies that local use 4 messages will be sent to the remote host This corresponds to number 20 from the list above local5 Specifies that...

Page 76: ...Purpose Used to remove a syslog host that has been previously configured from the Switch Syntax delete syslog host index 1 4 all Description The delete syslog host command is used to remove a syslog host that has been previously configured from the Switch Parameters index 1 4 Specifies that the command will be applied to an index of hosts There are four available indexes numbered 1 through 4 all S...

Page 77: ...bled Total Entries 3 DES 3028P 4 config log_save_timing Purpose Used to configure the method of saving log files to the switch s flash memory Syntax config log_save_timing time_interval min 1 65535 on_demand log_trigger Description The config log_save_timing command allows the user to configure the time method used in saving log files to the switch s flash memory Parameters time_interval min 1 655...

Page 78: ...ay the method configured for saving log files to the switch s flash memory Syntax show log_save_timing Description The show log_save_timing command allows the user to view the time method configured for saving log files to the switch s flash memory Parameters None Restrictions None Example usage To display the time interval for saving log files DES 3028P 4 show log_save_timing Command show log_sav...

Page 79: ...ch utilizing the MSTP on a network will have a single MSTP configuration that will have the following three attributes a A configuration name defined by an alphanumeric string of up to 32 characters defined in the config stp mst_config_id command as name string b A configuration revision number named here as a revision_level and c A 4094 element table defined here as a vid_range which will associa...

Page 80: ...ommand Example usage To enable STP globally on the Switch DES 3028P 4 enable stp Command enable stp Success DES 3028P 4 disable stp Purpose Used to globally disable STP on the Switch Syntax disable stp Description This command allows the Spanning Tree Protocol to be globally disabled on the Switch Parameters None Restrictions Only Administrator level users can issue this command Example usage To d...

Page 81: ... information Set by the Root Bridge this value will aid in determining that the Switch has spanning tree configuration values consistent with other devices on the bridged LAN If the value ages out and a BPDU has still not been received from the Root Bridge the Switch will start sending its own BPDU to all other switches for permission to become the Root Bridge If it turns out that your switch has ...

Page 82: ...ommand config stp maxage 18 maxhops 15 Success DES 3028P 4 config stp ports Purpose Used to setup STP on the port level Syntax portlist externalCost auto value 1 200000000 hellotime value 1 2 migrate yes no edge true false auto restricted_role true false restricted_tcn true false p2p true false auto state enable disable lbd enable disable fbpdu enable disable Description This command is used to cr...

Page 83: ...s P2P ports transition to a forwarding state rapidly thus benefiting from RSTP A p2p value of false indicates that the port cannot have p2p status Auto allows the port to have p2p status whenever possible and operate as if the p2p status were true If the port cannot maintain this status for example if the port is forced to half duplex operation the p2p status changes to operate as if the p2p value...

Page 84: ...e this command Example usage To create a spanning tree instance 2 DES 3028P 4 create stp instance_id 2 Command create stp instance_id 2 Success DES 3028P 4 config stp instance_id Purpose Used to add or delete an STP instance ID Syntax config stp instance_id value 1 4 add_vlan remove_vlan vidlist Description This command is used to map VIDs VLAN IDs to previously configured STP instances on the Swi...

Page 85: ..._id 2 add_vlan 10 Command config stp instance_id 2 add_vlan 10 Success DES 3028P 4 Example usage To remove VID 10 from instance ID 2 DES 3028P 4 config stp instance_id 2 remove_vlan 10 Command config stp instance_id 2 remove_vlan 10 Success DES 3028P 4 delete stp instance_id Purpose Used to delete a STP instance ID from the Switch Syntax delete stp instance_id value 1 4 Description This command al...

Page 86: ...and Example usage To set the priority value for instance_id 2 as 4096 DES 3028P 4 config stp priority 4096 instance_id 2 Command config stp priority 4096 instance_id 2 Success DES 3028P 4 config stp mst_config_id Purpose Used to update the MSTP configuration identification Syntax config stp mst_config_id revision_level int 0 65535 name string 32 Description This command will uniquely identify the ...

Page 87: ...lue between 0 and 4 to identify the instance_id previously configured on the Switch An entry of 0 will denote the CIST Common and Internal Spanning Tree internalCost This parameter is set to represent the relative cost of forwarding packets to specified ports when an interface is selected within a STP instance The default setting is auto There are two options auto Selecting this parameter for the ...

Page 88: ...028P 4 show stp Command show stp STP Bridge Global Settings STP Status Enabled STP Version STP compatible Max Age 20 Hello Time 2 Forward Delay 15 Max Hops 20 TX Hold Count 6 Forwarding BPDU Enabled Loopback Detection Enabled LBD Recover Time 60 DES 3028P 4 Status 2 STP enabled for RSTP DES 3028P 4 show stp Command show stp STP Bridge Global Settings STP Status Enabled STP Version RSTP Max Age 20 ...

Page 89: ...use the Space bar p and n keys to view information for the remaining ports Restrictions None Example usage To show STP ports information for port 1 STP enabled on Switch DES 3028P 4 show stp ports Command show stp ports MSTP Port Information Port Index 1 Hello Time 2 2 Port STP Enabled LBD No Restricted role False Restricted TCN False External PathCost Auto 200000 Edge Port False No P2P Auto Yes P...

Page 90: ...Instance Operational Status Designated Root Bridge 32766 00 90 27 39 78 E2 External Root Cost 200012 Regional Root Bridge 32768 00 53 13 1A 33 24 Internal Root Cost 0 Designated Bridge 32768 00 50 BA 71 20 D6 Root Port 1 Max Age 20 Forward Delay 15 Last Topology Change 856 Topology Changes Count 2987 CTRL C ESC q Quit SPACE n Next Page p Previous Page r Refresh show stp mst_config_id Purpose Used ...

Page 91: ...r 2 Fast Ethernet Switch CLI Reference Manual 86 DES 3028P 4 show stp mst_config_id Command show stp mst_config_id Current MST Configuration Identification Configuration Name 00 53 13 1A 33 24 Revision Level 0 MSTI ID VID list CIST 2 4094 1 1 DES 3028P 4 ...

Page 92: ...dr static aging_time config multicast port_filtering_mode portlist all forward_unregistered_groups filter_unregistered_groups show multicast port_filtering_mode Each command is listed in detail in the following sections create fdb Purpose Used to create a static entry to the unicast MAC address forwarding table database Syntax create fdb vlan_name 32 macaddr port port Description This command will...

Page 93: ...sue this command Example usage To create multicast MAC forwarding DES 3028P 4 create multicast_fdb default 01 00 00 00 00 01 Command create multicast_fdb default 01 00 00 00 00 01 Success DES 3028P 4 config multicast_fdb Purpose Used to configure the Switch s multicast MAC address forwarding database Syntax config multicast_fdb vlan_name 32 macaddr add delete portlist Description This command conf...

Page 94: ... seconds with a default value of 300 seconds A very long aging time can result in dynamic forwarding table entries that are out of date or no longer exist This may cause incorrect packet forwarding decisions by the Switch If the aging time is too short however many entries may be aged out too soon This will result in a high percentage of received packets whose source addresses cannot be found in t...

Page 95: ...ccess DES 3028P 4 To delete a multicast FDB entry DES 3028P 4 delete fdb default 01 00 00 00 01 02 Command delete fdb default 01 00 00 00 01 02 Success DES 3028P 4 clear fdb Purpose Used to clear the Switch s forwarding database of all dynamically learned MAC addresses Syntax clear fdb vlan vlan_name 32 port port all Description This command is used to clear dynamically learned entries to the Swit...

Page 96: ...fdb vlan default VLAN Name default MAC Address 01 00 5E 00 00 00 Egress Ports 1 5 Mode Static Total Entries 1 DES 3028P 4 show fdb Purpose Used to display the current unicast MAC address forwarding database Syntax show fdb port port vlan vlan_name 32 vlan vidlist mac_address macaddr static aging_time Description This command will display the current contents of the Switch s forwarding database Par...

Page 97: ...5 10 Dynamic 1 default 00 01 30 10 2C C7 10 Dynamic 1 default 00 01 30 FA 5F 00 10 Dynamic 1 default 00 02 3F 63 DD 68 10 Dynamic CTRL C ESC q Quit SPACE n Next Page ENTER Next Entry a All config multicast port_filtering_mode Purpose Used to configure the multicast packet filtering mode on a port per port basis Syntax config multicast port_filtering_mode portlist all forward_unregistered_groups fi...

Page 98: ...se Used to show the multicast packet filtering mode on a port per port basis Syntax show multicast port_filtering_mode Description This command will display the current multicast packet filtering mode for specified ports on the Switch Parameters None Restrictions None Example usage To view the multicast port filtering mode for all ports DES 3028P 4 show multicast port_filtering_mode Command show m...

Page 99: ... window in the Administration folder and selecting the disabled port and returning it to an Enabled status To utilize this method of Storm Control choose the Shutdown option of the Action field in the table below The broadcast storm control commands in the Command Line Interface CLI are listed along with the appropriate parameters in the following table Command Parameters config traffic control po...

Page 100: ...raffic control measures The default setting is 64 Kbit sec time_interval The Interval will set the time between Multicast and Broadcast packet counts sent from the Switch s chip to the Traffic Control function These packet counts are the determining factor in deciding when incoming packets exceed the Threshold value secs 5 30 The Interval may be set between 5 and 30 seconds with the default settin...

Page 101: ...bled Disabled drop 0 5 4 64 Disabled Disabled Disabled drop 0 5 Total Entries 4 DES 3028P 4 config traffic trap Purpose Used to configure the trap settings for the packet storm control mechanism Syntax config traffic trap none storm_occurred storm_cleared both Description This command will configure how packet storm control trap messages will be used when a packet storm is detected by the Switch T...

Page 102: ...Fast Ethernet Switch CLI Reference Manual 97 Example usage To configure notifications to be sent when a packet storm control has been detected and cleared by the Switch DES 3028P 4 config traffic trap both Command config traffic trap both Success DES 3028P 4 ...

Page 103: ...ing the next lower priority to transmit its packets When the lowest hardware priority queue has finished transmitting all of its packets the highest hardware priority queue will begin transmitting any packets it may have received The commands in the Command Line Interface CLI are listed along with the appropriate parameters in the following table Command Parameters config bandwidth_control portlis...

Page 104: ...ate Specifies that one of the parameters below no_limit or value 64 1024000 will be applied to the rate at which the above specified ports will be allowed to transmit packets no_limit Specifies that there will be no limit on the rate of packets received by the above specified ports value 64 1024000 Specifies the traffic limit in Kbits that the above ports will be allowed to receive Restrictions On...

Page 105: ...e config scheduling command is not used is to empty the four hardware priority queues in order from the highest priority queue hardware queue 3 to the lowest priority queue hardware queue 0 Each hardware queue will transmit all of the packets in its buffer before allowing the next lower priority queue to transmit its packets When the lowest hardware priority queue has finished transmitting all of ...

Page 106: ... these seven hardware priority classes of service This command is used to specify the rotation by which these seven hardware priority classes of service are emptied The Switch s default is to empty the seven priority classes of service in order from the highest priority class of service queue 6 to the lowest priority class of service queue 0 Each queue will transmit all of the packets in its buffe...

Page 107: ...ll still work at WRR mode Success DES 3028P 4 show scheduling_mechanism Purpose Used to display the current traffic scheduling mechanisms in use on the Switch Syntax show scheduling_mechanism Description This command will display the current traffic scheduling mechanisms in use on the Switch Parameters None Restrictions None Example usage To show the scheduling mechanism DES 3028P 4 show schedulin...

Page 108: ... specifying the 802 1p user priority users want to map to the class_id 0 3 the number of the hardware queue priority 0 7 The 802 1p user priority to associate with the class_id 0 3 the number of the hardware queue class_id 0 3 The number of the Switch s hardware priority queue The Switch has four hardware priority queues available They are numbered between 0 the lowest priority and 3 the highest p...

Page 109: ...agged packets received by the Switch The priority value entered with this command will be used to determine to which of the four hardware priority queues the packet is forwarded Parameters portlist Specifies a port or range of ports to be configured all Specifies that the command applies to all ports on the Switch priority 0 7 The priority value to assign to untagged packets received by the Switch...

Page 110: ...s destination Parameters portlist Specifies a port or range of ports to be configured Restrictions None Example usage To display the current 802 1p default priority configuration on the Switch DES 3028P 4 show 802 1p default_priority Command show 802 1p default_priority Port Priority Effective Priority 1 0 0 2 0 0 3 0 0 4 0 0 5 0 0 6 0 0 7 0 0 8 0 0 9 0 0 10 0 0 11 0 0 12 0 0 13 0 0 14 0 0 15 0 0 ...

Page 111: ...thernet frame based priority 802 1p Enable 802 1p CoS mac_mapping Enable MAC based CoS ip Enable Ethernet frame based priority Restrictions None Example usage To configure port 1 as a CoS enabled port which uses the physical port number as its criteria for identifying packets DES 3028P 4 config cos mapping port 1 port_mapping Command config cos mapping port 1 port_mapping Success DES 3028P 4 show ...

Page 112: ...vailable on the switch Syntax config cos port_mapping 0 3 port portlist all Description The config cos port_mapping command is used to configure port to class CoS mapping Parameters 0 3 The number of the switch s hardware priority queue The switch has eight hardware priority queues available They are numbered between 0 the lowest priority queue and 3 the highest priority queue portlist Specifies a...

Page 113: ...028P 4 config cos mac_mapping Purpose Used to map the destination MAC address in incoming packet to one of the hardware queues available on the switch Syntax config cos mac_mapping destination_addr macaddr class class_id 0 3 Description The config cos mac_mapping command is used to map static destination MAC address to one of the traffic classes Parameters destination_addr The MAC address to be co...

Page 114: ... 05 Command show cos mac_mapping destination_addr 00 01 02 03 04 05 MAC Address Class 00 01 02 03 04 05 2 DES 3028P 4 config cos tos value Purpose Used to map the ToS value in the IP header of incoming packets to one of the eight hardware queues available on the switch Syntax config cos tos value value 0 7 class class_id 0 3 Description The config cos tos command is used to configure ToS to traffi...

Page 115: ...e DSCP value in the IP header of incoming packet to one of the four hardware queues available on the switch Syntax config dscp_mapping dscp_value value 0 63 class class_id 0 3 Description The config dscp_mapping command is used to configure DSCP mapping to traffic class This command is supported when the ACL commands are not supported Parameters value 0 63 The DSCP value of the incoming packet you...

Page 116: ...affic class This command is supported when the ACL commands are not supported Parameters value 0 63 The DSCP value of the incoming packet If no parameter is specified all the DSCP value mapping to traffic class will be shown Restrictions None Example usage To show the DSCP map to traffic class DES 3028P 4 show dscp_mapping Command show dscp_mapping DSCP Class 0 0 1 0 2 0 3 0 4 0 5 0 6 0 7 0 8 0 9 ...

Page 117: ...work traffic In addition users can specify that only traffic received by or sent by one or both is mirrored to the Target port Parameters port This specifies the Target port the port where mirrored packets will be received The target port must be configured in the same VLAN and must be operating at the same speed as the source port add delete Specifies if the user wishes to add or delete ports to ...

Page 118: ...n turn the port mirroring on and off without having to modify the port mirroring configuration Parameters None Restrictions Only Administrator level users can issue this command Example usage To enable mirroring configurations DES 3028P 4 enable mirror Command enable mirror Success DES 3028P 4 disable mirror Purpose Used to disable a previously entered port mirroring configuration Syntax disable m...

Page 119: ... the current port mirroring configuration on the Switch Syntax show mirror Description This command displays the current port mirroring configuration on the Switch Parameters None Restrictions None Example usage To display mirroring configuration DES 3028P 4 show mirror Command show mirror Current Settings Mirror Status Enabled Target Port 1 Mirrored Port RX TX 5 7 DES 3028P 4 ...

Page 120: ...only admit_all pvid vlanid 1 4094 enable gvrp disable gvrp show vlan vlan_name 32 vlanid vidlist ports portlist show gvrp portlist Each command is listed in detail in the following sections create vlan Purpose Used to create a VLAN on the Switch Syntax create vlan vlan_name 32 tag vlanid 2 4094 advertisement Description This command allows the user to create a VLAN on the Switch Parameters vlan_na...

Page 121: ...d allows the user to add ports to the port list of a previously configured VLAN The user can specify the additional ports as tagging untagging or forbidden The default is to assign the ports as untagging Parameters vlan_name 32 The name of the VLAN to which to add ports add Entering the add parameter will add ports to the VLAN There are three types of ports to add tagged Specifies the additional p...

Page 122: ...tions Only Administrator level users can issue this command Example usage To create VLAN ID on the switch DES 3028P 4 create vlan vlanid 5 advertisement Command create vlan vlanid 5 advertisement Success DES 3028P 4 delete vlan vlanid Purpose Used to delete multiple VLANs by VLAN ID on the switch Syntax delete vlan vlanid vidlist Description The delete vlan by vlan id list command deletes previous...

Page 123: ...sement parameter specifies if the port should join GVRP or not There are two parameters enable Specifies that the port should join GVRP Disable Specifies that the port should not join GVRP name Entering the name parameter specifies the name of the VLAN to be modified name Enter a name for the VLAN Restrictions Only Administrator level users can issue this command Example usage To config vlan vlani...

Page 124: ...mation DES 3028P 4 config gvrp 1 4 state enable ingress_checking enable acceptable_frame tagged_only pvid 2 Command config gvrp 1 4 state enable ingress_checking enable acceptable_frame tagged_only pvid 2 Success DES 3028P 4 enable gvrp Purpose Used to enable GVRP on the Switch Syntax enable gvrp Description This command along with disable gvrp below is used to enable and disable GVRP on the Switc...

Page 125: ...agging status and the Member Non member Forbidden status of each port that is a member of the VLAN Parameters vlanid Specifies a range of multiple VLAN IDs to be displayed ports Specifies the ports to be displayed vlan_name 32 The VLAN name of the VLAN for which to display a summary of settings portlist Specifies a port or range of ports that will be displayed Restrictions None Example usage To di...

Page 126: ...he Switch Parameters portlist Specifies a port or range of ports for which the GVRP status is to be displayed Restrictions None Example usage To display GVRP port status DES 3028P 4 show gvrp 1 10 Command show gvrp 1 10 Port PVID GVRP Ingress Checking Acceptable Frame Type 1 1 Disabled Enabled All Frames 2 1 Disabled Enabled All Frames 3 1 Disabled Enabled All Frames 4 1 Disabled Enabled All Frame...

Page 127: ...ith a unique identifier Parameters value Specifies the group ID The Switch allows up to 6 link aggregation groups to be configured The group number identifies each of the groups type Specify the type of link aggregation used for the group If the type is not specified the default type is static lacp This designates the port group as LACP compliant LACP allows dynamic adjustment to the aggregated po...

Page 128: ...able disable Description This command allows users to configure a link aggregation group that was created with the create link_aggregation command above Parameters group _id value 1 6 Specifies the group ID The Switch allows up to 6 link aggregation groups to be configured The group number identifies each of the groups master_port port Master port ID Specifies which port by port number of the link...

Page 129: ...d examine the MAC source and destination addresses Restrictions Only Administrator level users can issue this command Example usage To configure link aggregation algorithm for mac source dest DES 3028P 4 config link_aggregation algorithm mac_source_dest Command config link_aggregation algorithm mac_source_dest Success DES 3028P 4 show link_aggregation Purpose Used to display the current link aggre...

Page 130: ...trol frames active Active LACP ports are capable of processing and sending LACP control frames This allows LACP compliant devices to negotiate the aggregated link so the group may be changed dynamically as needs require In order to utilize the ability to change an aggregated port group that is to add or subtract ports from the group at least one of the participating devices must designate LACP por...

Page 131: ... currently configured Parameters portlist Specifies a port or range of ports to be configured If no parameter is specified the system will display the current LACP status for all ports Restrictions Only Administrator level users can issue this command Example usage To display LACP port mode settings DES 3028P 4 show lacp_port 1 10 Command show lacp_port 1 10 Port Activity 1 Active 2 Active 3 Activ...

Page 132: ...System ipaddress network_address IP address and netmask of the IP interface to be created Users can specify the address and mask information using the traditional format for example 10 1 2 3 255 0 0 0 or in CIDR format 10 1 2 3 8 vlan_name 32 The name of the VLAN corresponding to the System IP interface state enable disable Allows users to enable or disable the IP interface bootp Allows the select...

Page 133: ...Syntax enable autoconfig Description When autoconfig is enabled on the Switch the DHCP reply will contain a configuration file and path name It will then request the file from the TFTP server specified in the reply When autoconfig is enabled the ipif settings will automatically become DHCP client Parameters None Restrictions When autoconfig is enabled the Switch becomes a DHCP client automatically...

Page 134: ...r 2 Fast Ethernet Switch CLI Reference Manual 129 DES 3028P 4 enable autoconfig Command enable autoconfig Success DES 3028P 4 NOTE More detailed information for this command and related commands can be found in the section titled Switch Utility Commands ...

Page 135: ...n config igmp snooping data_driven_learning vlan_name vlan_name 32 all aged_out enable disable config igmp_snooping data_driven_learning max_learned_entry value 1 256 clear igmp snooping data_ driven _group vlan_name vlan_name 32 all config igmp access_authentication ports all portlist state enable disable show igmp access_authentication ports all portlist Each command is listed in detail in the f...

Page 136: ...rval sec 1 65535 max_response_time sec 1 25 robustness_variable value 1 255 last_member_query_interval sec 1 25 state enable disable Description The config igmp_snooping querier command configures IGMP snooping querier Parameters vlan_name 32 The name of the VLAN for which IGMP snooping querier is to be configured query_interval sec 1 25 Specifies the amount of time in seconds between general quer...

Page 137: ...y packet Since it will not also send the multicast routing protocol packet the port will be timed out as a router port Restrictions Only Administrator level users can issue this command Example usage To configure IGMP snooping querier DES 3028P 4 config igmp_snooping querier vlan default query_interval 125 state enable Command config igmp_snooping querier vlan default query_interval 125 state enab...

Page 138: ...issue this command Example usage To set up forbidden router ports DES 3028P 4 config router_ports_forbidden default add 2 10 Command config router_ports_forbidden default add 2 10 Success DES 3028P 4 enable igmp_snooping Purpose Used to enable IGMP snooping on the Switch Syntax enable igmp_snooping forward_mcrouter_only Description This command allows users to enable IGMP snooping on the Switch If...

Page 139: ...er Entering this command without the parameter will disable igmp snooping on the Switch Restrictions Only Administrator level users can issue this command Example usage To disable IGMP snooping on the Switch DES 3028P 4 disable igmp_snooping Command disable igmp_snooping Success DES 3028P 4 Example usage To disable forwarding all multicast traffic to a multicast enabled router DES 3028P 4 disable ...

Page 140: ...rning Aged Out Disabled VLAN Name RG Query Interval 125 Max Response Time 10 CTRL C ESC q Quit SPACE n Next Page ENTER Next Entry a All show router_ports Purpose Used to display the currently configured router ports on the Switch Syntax show router_ports vlan vlan_name 32 static dynamic forbidden Description This command will display the router ports currently configured on the Switch Parameters v...

Page 141: ...display the current IGMP snooping configuration on the Switch Syntax show igmp_snooping group vlan vlan_name 32 data_driven Description This command will display the current IGMP setup currently configured on the Switch Parameters vlan_name 32 The name of the VLAN for which to view IGMP snooping group information data_driven hen the data driven learning is enabled the multicast filtering mode for ...

Page 142: ...0 0 9 MAC address 01 00 5E 00 00 09 Reports 1 Port Member 6 8 VLAN Name default Multicast group 234 5 6 7 MAC address 01 00 5E 05 06 07 Reports 1 Port Member 10 12 VLAN Name default Multicast group 236 54 63 75 MAC address 01 00 5E 36 3F 4B Reports 1 Port Member 14 16 VLAN Name default Multicast group 239 255 255 250 MAC address 01 00 5E 7F FF FA Reports 2 Port Member 18 20 VLAN Name default Multi...

Page 143: ...gnored so that the multicast packets will be forwarded to router ports Note that if a data driven group is created and IGMP member ports are learned later the entry will become an ordinary IGMP snooping entry The ageing out mechanism will follow the ordinary IGMP snooping entry Parameters vlan_name 32 specifies the vlan name to be configured all specifies all data driven entries aged_out Used to e...

Page 144: ...nistrator level users can issue this command Example usage To delete all the groups learned by data driven DES 3028P 4 clear igmp snooping data_driven_group all Command clear igmp snooping data_driven_group all Success DES 3028P 4 config igmp access_authentication Purpose Used to config IGMP Access Control port status Syntax config igmp access_authentication ports all portlist state enable disable...

Page 145: ... IGMP Access Control configuration Syntax show igmp access_authentication ports all portlist Description The show igmp access_authentication ports command displays the current IGMP Access Control configuration Parameters portlist specifies a range of ports to be displayed Restrictions None Example usage To display IGMP Access Control status for all ports DES 3028P 4 show igmp access_authentication...

Page 146: ...relay Purpose Used to configure the DHCP BOOTP relay feature of the switch Syntax config dhcp_relay hops value 1 16 time sec 0 65535 Description This command is used to configure the DHCP BOOTP relay feature Parameters hops value 1 16 Specifies the maximum number of relay agent hops that the DHCP packets can cross time sec 0 65535 If this time is exceeded the Switch will not relay the DHCP packet ...

Page 147: ...sers can issue this command Example usage To delete an IP destination from the DHCP relay table DES 3028P 4 config dhcp_relay delete ipif System 10 58 44 6 Command config dhcp_relay delete ipif System 10 58 44 6 Success DES 3028P 4 config dhcp_relay option_82 state Purpose Used to configure the state of DHCP relay agent information option 82 of the switch Syntax config dhcp_relay option_82 state e...

Page 148: ...lay option 82 state DES 3028P 4 config dhcp_relay option_82 state enable Command config dhcp_relay option_82 state enable Success DES 3028P 4 config dhcp_relay option_82 check Purpose Used to configure the checking mechanism of DHCP relay agent information option 82 of the switch Syntax config dhcp_relay option_82 check enable disable Description This command is used to configure the checking mech...

Page 149: ... Parameters replace The option 82 field will be replaced if the option 82 field already exists in the packet received from the DHCP client drop The packet will be dropped if the option 82 field already exists in the packet received from the DHCP client keep The option 82 field will be retained if the option 82 field already exists in the packet received from the DHCP client Restrictions Only Admin...

Page 150: ...and remote ID suboption The formats for the circuit ID suboption and the remote ID suboption are as following For the circuit ID suboption of a standalone switch the module field is always zero Remote ID suboption format 2 Using user defined string as remote ID 1 2 3 4 5 2 n 2 1 n User defined string 1 byte 1 byte 1 byte 1 byte 6 bytes 1 Suboption type 2 Length the string length of Remote ID subop...

Page 151: ...me Threshold 0 DHCP Relay Agent Information Option 82 State Disabled DHCP Relay Agent Information Option 82 Check Disabled DHCP Relay Agent Information Option 82 Policy Replace DHCP Relay Agent Information Option 82 Remote ID 00 19 5B EF 78 B5 Interface Server 1 Server 2 Server 3 Server 4 DES 3028P 4 Example usage To show a single IP destination of the DHCP relay configuration DES 3028P 4 show dhc...

Page 152: ...4 disable dhcp_relay Purpose Used to disable the DHCP BOOTP relay function on the Switch Syntax disable dhcp_relay Description This command is used to disable the DHCP BOOTP relay function on the Switch Parameters None Restrictions Only Administrator level users can issue this command Example usage To disable DHCP relay DES 3028P 4 disable dhcp_relay Command disable dhcp_relay Success DES 3028P 4 ...

Page 153: ...iod sec 1 65535 enable_reauth enable disable config 802 1x auth_protocol radius_eap local config 802 1x init port_based ports auth_portlist all mac_based ports auth_portlist all mac_address macaddr config 802 1x auth_mode port_based mac_based config 802 1x reauth port_based ports portlist all mac_based ports portlist all mac_address macaddr config radius add server_index 1 3 server_ip key passwd 3...

Page 154: ... auth_mode command Parameters None Restrictions Only Administrator level users can issue this command Example usage To enable 802 1X switch wide DES 3028P 4 enable 802 1x Command enable 802 1x Success DES 3028P 4 disable 802 1x Purpose Used to disable the 802 1X server on the Switch Syntax disable 802 1x Description The disable 802 1x command is used to disable the 802 1X Network Access control ap...

Page 155: ...whether a controlled Port that is unauthorized will exert control over communication in both receiving and transmitting directions or just the receiving direction OpenCtlDir Both In Shows whether a controlled Port that is unauthorized will exert control over communication in both receiving and transmitting directions or just the receiving direction Port Control ForceAuth ForceUnauth Auto Shows the...

Page 156: ...w 802 1x auth_state command is used to display the current authentication state of the 802 1X Port based or Host based Network Access Control application on the Switch Parameters auth_portlist Specifies a port or range of ports to be viewed The following details what is displayed Port number Shows the physical port number on the Switch Auth PAE State Initalize Disconnected Connecting Authenticatin...

Page 157: ...Auth Success Authorized 17 ForceAuth Success Authorized 18 ForceAuth Success Authorized 19 ForceAuth Success Authorized 20 ForceAuth Success Authorized CTRL C ESC q Quit SPACE n Next Page Enter Next Entry a All Example usage To display the 802 1X auth state for Host based 802 1X DES 3028P 4 show 802 1x auth_state Command show 802 1x auth_state Port Auth PAE State Backend State Port Status 1 ForceA...

Page 158: ...ge To configure 802 1X authentication by MAC address DES 3028P 4 config 802 1x auth_mode mac_based Command config 802 1x auth_mode mac_based Success DES 3028P 4 config 802 1x capability ports Purpose Used to configure the 802 1X capability of a range of ports on the Switch Syntax config 802 1x capability ports portlist all authenticator none Description The config 802 1x command has two capabiliti...

Page 159: ... direction port_control Configures the administrative control over the authentication process for the range of ports The user has the following authentication options force_auth Forces the Authenticator for the port to become authorized Network access is allowed auto Allows the port s status to reflect the outcome of the authentication process force_unauth Forces the Authenticator for the port to ...

Page 160: ...l radius_eap Success DES 3028P 4 config 802 1x init Purpose Used to initialize the 802 1X function on a range of ports Syntax config 802 1x init port_based ports auth_portlist all mac_based ports portlist all mac_address macaddr Description The config 802 1x init command is used to immediately initialize the 802 1X functions on a specified range of ports or for specified MAC addresses operating fr...

Page 161: ... addresses approved for re authorization can then be specified ports auth_portlist Specifies a port or range of ports to be re authorized all Specifies all of the ports on the Switch mac_address macaddr Enter the MAC address to be re authorized Restrictions Only Administrator level users can issue this command Example usage To configure 802 1X reauthentication for ports 1 18 DES 3028P 4 config 802...

Page 162: ...ication settings DES 3028P 4 config radius add 1 10 48 74 121 key dlink default Command config radius add 1 10 48 74 121 key dlink default Success DES 3028P 4 config radius delete Purpose Used to delete a previously entered RADIUS server configuration Syntax config radius delete server_index 1 3 Description The config radius delete command is used to delete a previously entered RADIUS server confi...

Page 163: ...2 acct_port udp_port_number 1 65535 The UDP port number for accounting requests The default is 1813 Restrictions Only Administrator level users can issue this command Example usage To configure the RADIUS settings DES 3028P 4 config radius 1 10 48 74 121 key dlink default Command config radius 1 10 48 74 121 key dlink default Success DES 3028P 4 config radius parameter Purpose Used to configure pa...

Page 164: ...re existing VLAN as a 802 1X Guest VLAN Syntax create 802 1x guest_vlan vlan_name 32 Description The create 802 1x guest_vlan command is used to configure a pre defined VLAN as a 802 1X Guest VLAN Guest 802 1X VLAN clients are those who have not been authorized for 802 1X or they haven t yet installed the necessary 802 1X software yet would still like to have limited access rights on the Switch Pa...

Page 165: ... using the create vlan command If the specific port state changes from an enabled state to a disabled state these ports will return to the default VLAN Example usage To configure the ports for a previously created 802 1X Guest VLAN as enabled DES 3028P 4 config 802 1x guest_vlan ports 1 5 state enable Command config 802 1x guest_vlan ports 1 5 state enable Success DES 3028P 4 show 802 1x guest_vla...

Page 166: ... limited access rights on the Switch Parameters vlan_name 32 Enter the VLAN name of the Guest 802 1X VLAN to be deleted Restrictions Only Administrator level users can issue this command Users must have already previously created a VLAN using the create vlan command Only one VLAN can be set as the 802 1X Guest VLAN Example usage To delete a previously created 802 1X Guest VLAN DES 3028P 4 delete 8...

Page 167: ...ntRetransmissions 0 radiusAccClientResponses 0 radiusAccClientMalformedResponses 0 radiusAccClientBadAuthenticators 0 radiusAccClientPendingRequests 0 radiusAccClientTimeouts 0 radiusAccClientUnknownTypes 0 radiusAccClientPacketsDropped 0 CTRL C ESC q Quit SPACE n Next Page Enter Next Entry a All show auth_client Purpose Used to display the current RADIUS authentication client Syntax show auth_cli...

Page 168: ... radiusAuthClientAccessChallenges 0 radiusAuthClientMalformedAccessResponses 0 radiusAuthClientBadAuthenticators 0 radiusAuthClientPendingRequests 0 radiusAuthClientTimeouts 0 radiusAuthClientUnknownTypes 0 radiusAuthClientPacketsDropped 0 CTRL C ESC q Quit SPACE n Next Page Enter Next Entry a All show auth_diagnostics Purpose Used to display the current authentication diagnostics Syntax show auth...

Page 169: ...Responses 0 BackendAccessChallenges 0 BackendOtherRequestsToSupplicant 0 BackendNonNakResponsesFromSupplicant 0 BackendAuthSuccesses 0 BackendAuthFails 0 CTRL C ESC q Quit SPACE n Next Page Enter Next Entry a All show auth_session_statistics Purpose Used to display the current authentication session statistics Syntax show auth_session_statistics ports auth_portlist all Description The show auth_se...

Page 170: ...tics Syntax show auth_statistics ports auth_portlist Description The show auth_statistics command is used to display the current authentication statistics of the Switch on a per port basis Parameters ports auth_portlist Specifies a range of ports Restrictions None Example usage To display the current authentication statistics for port 1 16 DES 3028P 4 show auth_statistics ports 1 Command show auth...

Page 171: ...password again for confirmation Success DES 3028P 4 show 802 1x user Purpose Used to display the 802 1X user accounts on the Switch Syntax show 802 1x user Description The show 802 1x user command is used to display the 802 1X Port based or Host based Network Access control local users currently configured on the Switch Parameters None Restrictions None Example usage To view 802 1X users currently...

Page 172: ... on the Switch Parameters username 15 A username can be as many as 15 alphanumeric characters Restrictions Only Administrator level users can issue this command Example usage To delete 802 1X users DES 3028P 4 delete 802 1x user dtremblett Command delete 802 1x user dtremblett Are you sure to delete the user y n Success DES 3028P 4 ...

Page 173: ...cmp igmp tcp src_port value 0 65535 dst_port value 0 65535 urg ack psh rst syn fin udp src_port value 0 65535 dst_port value 0 65535 protocol_id value 0 255 packet_content offset value 0 76 hex0x0 0xffffffff offset value 0 76 hex 0x0 0xffffffff offset value 0 76 hex 0x0 0xffffffff offset value 0 76 hex 0x0 0xffffffff offset value 0 76 hex 0x0 0xffffffff port portlist all permit priority value 0 7 ...

Page 174: ...e_mask match The default for an access profile on the Switch is to permit traffic flow If users want to restrict traffic users must use the deny parameter Now that an access profile has been created users must add the criteria the Switch will use to decide if a given frame should be forwarded or filtered We will use the config access_profile command to create a new rule that defines the criteria w...

Page 175: ...l examine the Ethernet type value in each frame s header ip Specifies that the Switch will examine the IP address in each frame s header vlan Specifies a VLAN mask source_ip_mask netmask Specifies an IP address mask for the source IP address destination_ip_mask netmask Specifies an IP address mask for the destination IP address dscp Specifies that the Switch will examine the DiffServ Code Point DS...

Page 176: ... between 1 to 256 Restrictions Only Administrator level users can issue this command Example usage To create an access list rules DES 3028P 4 create access_profile ip vlan source_ip_mask 20 0 0 0 destination_ip_mask 10 0 0 0 dscp icmp profile_id 101 Command create access_profile ip vlan source_ip_mask 20 0 0 0 destination_ip_mask 10 0 0 0 dscp icmp permit profile_id 101 Success DES 3028P 4 delete ...

Page 177: ...l be combined using a logical AND operational method with masks entered with the create access_profile command above Parameters profile_id value 1 256 Enter an integer used to identify the access profile that will be configured with this command This value is assigned to the access profile when it is created with the create access_profile command The profile ID sets the relative priority for the p...

Page 178: ... the Universal Datagram Protocol UDP field in each packet src_port value 0 65535 Specifies that the access profile will apply only to packets that have this UDP source port in their header dst_port value 0 65535 Specifies that the access profile will apply only to packets that have this UDP destination port in their header protocol_id value 0 255 Specifies that the Switch will examine the protocol...

Page 179: ...e configured with DSCP Example usage To configure the access profile with the profile ID of 1 to filter frames on port 7 that have IP addresses in the range between 10 42 73 0 to 10 42 73 255 DES 3028P 4 config access_profile profile_id 1 add access_id 1 ip source_ip 10 42 73 1 port 7 deny Command config access_profile profile_id 1 add access_id 1 ip source_ip 10 42 73 1 port 7 deny Success DES 30...

Page 180: ..._mask hex 0x0 0xffff dst_port_mask hex 0x0 0xffff protocol_id_mask hex 0x0 0xff user_define hex 0x0 0xffffffff packet_content_mask offset_0 15 hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff offset_16 31 hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff offset_32 47 hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff off...

Page 181: ... have flag bits associated with them which are parts of a packet that determine what to do with the packet The user may deny packets by denying certain flag bits within the packets The user may choose between all urg urgent ack acknowledgement psh push rst reset syn synchronize and fin finish udp Specifies that the switch will examine each frame s Universal Datagram Protocol UDP field src_port_mas...

Page 182: ... Manual 177 DES 3028P 4 create cpu access_profile profile_id 1 ip vlan source_ip_mask 20 0 0 0 destination_ip_mask 10 0 0 0 dscp icmp type code Command create cpu access_profile profile_id 1 ip vlan source_ip_mask 20 0 0 0 destination_ip_mask 10 0 0 0 dscp icmp type code Success DES 3028P 4 ...

Page 183: ...7 ethernet_type hex 0x0 0xffff ip vlan vlan_name 32 source_ip ipaddr destination_ip ipaddr dscp value 0 63 icmp type value 0 255 code value 0 255 igmp type value 0 255 tcp src_port value 0 65535 dst_port value 0 65535 urg ack psh rst syn fin udp src_port value 0 65535 dst_port value 0 65535 protocol_id value 0 255 user_define hex 0x0 0xffffffff packet_content offset_0 15 hex 0x0 0xffffffff hex 0x0...

Page 184: ...ss profile will apply only to packets that have this TCP source port in their TCP header dst_port value 0 65535 Specifies that the access profile will apply only to packets that have this TCP destination port in their TCP header protocol_id value 0 255 Specifies that the Switch will examine the Protocol field in each packet and if this field contains the value entered here apply the following rule...

Page 185: ...rameters profile_id value 1 3 Enter an integer between 1 and 3 that is used to identify the CPU access profile to be deleted with this command This value is assigned to the access profile when it is created with the create cpu access_profile command Restrictions Only Administrator level users can issue this command Example usage To delete the CPU access profile with a profile ID of 1 DES 3028P 4 d...

Page 186: ...and disable CPU interface filtering on the Switch Parameters None Restrictions Only Administrator level users can issue this command Example Usage To enable CPU interface filtering DES 3028P 4 enable cpu_interface_filtering Command enable cpu_interface_filtering Success DES 3028P 4 disable cpu_interface_filtering Purpose Used to disable CPU interface filtering on the Switch Syntax disable cpu_inte...

Page 187: ...o be used in conjunction with an access profile rule to determine a period of time when an access profile and an associated rule are to be enabled on the Switch Remember this time range can only be applied to one period of time and also it is based on the time set on the Switch Parameters range_name 32 Enter a name of no more than 32 alphanumeric characters that will be used to identify this time ...

Page 188: ...urs start_time 6 30 00 end_time 21 40 00 weekdays mon fri Success DES 3028P 4 show time_range Purpose To view the current configurations of the time range set on the Switch Syntax show time_range Description This command is used to display the currently configured time range s set on the Switch Parameters None Restrictions Only Administrator level users can issue this command Example usage To view...

Page 189: ...e 20 100 falling value 20 100 trap_log enable disable mode strict fuzzy show safeguard_engine Each command is listed in detail in the following sections config safeguard_engine Purpose To configure ARP storm control for system Syntax state enable disable utilization rising value 20 100 falling value 20 100 trap_log enable disable mode strict fuzzy Description Use this command to configure Safeguar...

Page 190: ... Success DES 3028P 4 show safeguard_engine Purpose Used to display current Safeguard Engine settings Syntax show safeguard_engine Description This will list the current status and type of the Safeguard Engine settings currently configured Parameters None Restrictions None Example usage To display the safeguard engine status DES 3028P 4 show safeguard_engine Command show safeguard_engine Safeguard ...

Page 191: ... forward_list Specifies a range of ports that will receive forwarded frames from the ports specified in the portlist above null No ports are specified portlist Specifies a range of ports for the forwarding list This list must be on the same Switch previously specified for traffic segmentation i e following the portlist specified above for config traffic_segmentation Restrictions Only Administrator...

Page 192: ...ame Switch Example usage To display the current traffic segmentation configuration on the Switch DES 3028P 4 show traffic_segmentation Command show traffic_segmentation Traffic Segmentation Table Port Forward Portlist 1 1 28 2 1 28 3 1 28 4 1 28 5 1 28 6 1 28 7 1 28 8 1 28 9 1 28 10 1 28 11 1 28 12 1 28 13 1 28 14 1 28 15 1 28 16 1 28 17 1 28 18 1 28 CTRL C ESC q Quit SPACE n Next Page ENTER Next ...

Page 193: ... hh mm e_date end_date 1 31 e_mth end_mth 1 12 e_time end_time hh mm offset 30 60 90 120 show time Each command is listed in detail in the following sections config sntp Purpose Used to setup SNTP service Syntax config sntp primary ipaddr secondary ipaddr poll interval int 30 99999 Description Use this command to configure SNTP service from an SNTP server SNTP must be enabled for this command to f...

Page 194: ...Example usage To display SNTP configuration information DES 3028P 4 show sntp Command show sntp Current Time Source System Clock SNTP Disabled SNTP Primary Server 10 1 1 1 SNTP Secondary Server 10 1 1 2 SNTP Poll Interval 30 sec DES 3028P 4 enable sntp Purpose To enable SNTP server support Syntax enable sntp Description This will enable SNTP support SNTP service must be separately configured see c...

Page 195: ...nd date settings Syntax config time date ddmmmyyyy time hh mm ss Description This will configure the system time and date settings These will be overridden if SNTP is configured and enabled Parameters date Express the date using two numerical characters for the day of the month three alphabetical characters for the name of the month and four numerical characters for the year For example 03aug2003 ...

Page 196: ...is will adjust system clock settings according to the time zone Time zone settings will adjust SNTP information accordingly Parameters operator Choose to add or subtract time to adjust for time zone relative to GMT hour Select the number of hours different from GMT min Select the number of minutes difference added or subtracted to adjust the time zone Restrictions Only Administrator level users ca...

Page 197: ...t week of October annual Using annual mode will enable DST seasonal time adjustment Annual mode requires that the DST beginning and ending date be specified concisely For example specify to begin DST on April 3 and end DST on October 14 s_week Configure the week of the month in which DST begins start_week 1 4 last The number of the week during the month in which DST begins where 1 is the first wee...

Page 198: ...e The possible offset times are 30 60 90 120 The default value is 60 Restrictions Only Administrator level users can issue this command Example usage To configure daylight savings time on the Switch DES 3028P 4 config dst repeating s_week 2 s_day tue s_mth 4 s_time 15 00 e_week 2 e_day wed e_mth 10 e_time 15 30 offset 30 Command config dst repeating s_week 2 s_day tue s_mth 4 s_time 15 00 e_week 2...

Page 199: ... Manual 194 DES 3028P 4 show time Command show time Current Time Source System Clock Current Time 1 Days 01 39 17 Time Zone GMT 02 30 Daylight Saving Time Repeating Offset in minutes 30 Repeating From Apr 2nd Tue 15 00 To Oct 2nd Wed 15 30 Annual From 29 Apr 00 00 To 12 Oct 00 00 DES 3028P 4 ...

Page 200: ...Switch s ARP table Parameters ipaddr The IP address of the end node or station macaddr The MAC address corresponding to the IP address above Restrictions Only Administrator level users can issue this command The Switch supports up to 255 static ARP entries Example Usage To create a static arp entry for the IP address 10 48 74 121 and MAC address 00 50 BA 00 07 36 DES 3028P 4 create arpentry 10 48 ...

Page 201: ... s ARP table Parameters ipaddr The IP address of the end node or station all Deletes all ARP entries Restrictions Only Administrator level users can issue this command Example Usage To delete an entry of IP address 10 48 74 121 from the ARP table DES 3028P 4 delete arpentry 10 48 74 121 Command delete arpentry 10 48 74 121 Success DES 3028P 4 config arp_aging time Purpose Used to configure the age...

Page 202: ...ARP table Restrictions None Example Usage To display the ARP table DES 3028P 4 show arpentry Command show arpentry ARP Aging Time 20 Interface IP Address MAC Address Type System 10 0 0 0 FF FF FF FF FF FF Local Broadcast System 10 6 51 15 00 1D 60 E7 B5 CD Dynamic System 10 22 8 50 00 80 C8 DF E8 EE Dynamic System 10 30 28 112 00 30 28 01 12 02 Dynamic System 10 39 77 24 08 00 01 43 00 00 Dynamic ...

Page 203: ... Syntax clear arptable Description This command is used to remove dynamic ARP table entries from the Switch s ARP table Static ARP table entries are not affected Parameters None Restrictions Only Administrator level users can issue this command Example Usage To remove dynamic entries in the ARP table DES 3028P 4 clear arptable Command clear arptable Success DES 3028P 4 ...

Page 204: ...arameters ipaddr The gateway IP address for the next hop router metric 1 65535 Allows the entry of a routing protocol metric entry representing the number of routers between the Switch and the IP address above The default setting is 1 Restrictions Only Administrator level users can issue this command Example usage To add the default static address 10 48 74 121 with a metric setting of 1 to the rou...

Page 205: ...ntax show iproute network_address static Description This command will display the Switch s current IP routing table Parameters network_address The network IP address static Select a static IP route Restrictions None Example usage To display the contents of the IP routing table DES 3028P 4 show iproute Command show iproute Routing Table IP Address Netmask Gateway Interface Hops Protocol 0 0 0 0 10...

Page 206: ...on on the Switch Syntax enable mac_notification Description This command is used to enable MAC address notification without changing configuration Parameters None Restrictions Only Administrator level users can issue this command Example usage To enable MAC notification without changing basic configuration DES 3028P 4 enable mac_notification Command enable mac_notification Success DES 3028P 4 disa...

Page 207: ...ddress table notification global settings DES 3028P 4 config mac_notification interval 1 historysize 500 Command config mac_notification interval 1 historysize 500 Success DES 3028P 4 config mac_notification ports Purpose Used to configure MAC address notification status settings Syntax config mac_notification ports portlist all enable disable Description MAC address notification is used to monito...

Page 208: ...val 1 History Size 1 DES 3028P 4 show mac_notification ports Purpose Used to display the Switch s MAC address table notification status settings Syntax show mac_notification ports portlist Description This command is used to display the Switch s MAC address table notification status settings Parameters portlist Specify a port or group of ports to be viewed Entering this command without the paramet...

Page 209: ... Layer 2 Fast Ethernet Switch CLI Reference Manual 204 10 Disabled 11 Disabled 12 Disabled 13 Disabled 14 Disabled 15 Disabled 16 Disabled 17 Disabled 18 Disabled 19 Disabled 20 Disabled CTRL C ESC q Quit SPACE n Next Page p Previous Page r Refresh ...

Page 210: ...d passwords for authentication the Switch contacts the TACACS XTACACS TACACS RADIUS server to verify and the server will respond with one of three messages A The server verifies the username and password and the user is granted normal user privileges on the Switch B The server will not accept the username and password and the user is denied access to the Switch C The server doesn t respond to the ...

Page 211: ...pplication console telnet ssh http all login enable default method_list_name string 15 show authen application create authen server_group string 15 config authen server_group tacacs xtacacs tacacs radius string 15 add delete server_host ipaddr protocol tacacs xtacacs tacacs radius delete authen server_group string 15 show authen server_group string 15 create authen server_host ipaddr protocol taca...

Page 212: ...ccess authentication policy Syntax disable authen_policy Description This command will disable the administrator defined authentication policy for users trying to access the Switch When disabled the Switch will access the local user account database for username and password verification In addition the Switch will now accept the local enable password as the authentication for normal users attempt...

Page 213: ...ministrator level users can issue this command Example usage To create the method list Trinity DES 3028P 4 create authen_login method_list_name Trinity Command create authen_login method_list_name Trinity Success DES 3028P 4 config authen_login Purpose Used to configure a user defined or default method list of authentication methods for user login Syntax config authen_login default method_list_nam...

Page 214: ... TACACS server hosts of the TACACS server group list radius Adding this parameter will require the user to be authenticated using the RADIUS protocol from the remote RADIUS server hosts of the RADIUS server group list server_group string 15 Adding this parameter will require the user to be authenticated using a user defined server group previously configured on the Switch local Adding this paramet...

Page 215: ...thod list with authentication methods XTACACS TACACS and local in that order DES 3028P 4 config authen_login default method xtacacs tacacs local Command config authen_login default method xtacacs tacacs local Success DES 3028P 4 delete authen_login method_list_name Purpose Used to delete a previously configured user defined method list of authentication methods for users logging on to the Switch S...

Page 216: ...ch security protocols are implemented per method list name Comment Defines the type of Method User defined Group refers to server group defined by the user Built in Group refers to the TACACS XTACACS TACACS and RADIUS security protocols which are permanently set in the Switch Keyword refers to authentication using a technique INSTEAD of TACACS XTACACS TACACS RADIUS which are local authentication t...

Page 217: ...nistrator level privileges using authentication methods on the Switch Once a user acquires normal user level privileges on the Switch he or she must be authenticated by a method on the Switch to gain administrator privileges on the Switch which is defined by the Administrator A maximum of eight 8 enable method lists can be implemented simultaneously on the Switch The sequence of methods implemente...

Page 218: ... method list tacacs Adding this parameter will require the user to be authenticated using the TACACS protocol from a remote TACACS server xtacacs Adding this parameter will require the user to be authenticated using the XTACACS protocol from a remote XTACACS server tacacs Adding this parameter will require the user to be authenticated using the TACACS protocol from a remote TACACS server radius Ad...

Page 219: ...or level users can issue this command Example usage To delete the user defined method list Permit DES 3028P 4 delete authen_enable method_list_name Permit Command delete authen_enable method_list_name Permit Success DES 3028P 4 show authen_enable Purpose Used to display the method list of authentication methods for promoting normal user level privileges to Administrator level privileges on the Swi...

Page 220: ...vileges to administrator level privileges DES 3028P 4 show authen_enable all Command show authen_enable all Method List Name Priority Method Name Comment Permit 1 tacacs Built in Group 2 tacacs Built in Group 3 Darren User defined Group 4 local Keyword default 1 tacacs Built in Group 2 local Keyword Total Entries 2 DES 3028P 4 config authen application Purpose Used to configure various application...

Page 221: ...d list Enter an alphanumeric string of up to 15 characters to define a previously configured method list Restrictions Only Administrator level users can issue this command Example usage To configure the default method list for the web interface DES 3028P 4 config authen application http login default Command config authen application http login default Success DES 3028P 4 show authen application P...

Page 222: ...arameter if the server host utilizes the TACACS protocol xtacacs Enter this parameter if the server host utilizes the XTACACS protocol tacacs Enter this parameter if the server host utilizes the TACACS protocol radius Enter this parameter if the server host utilizes the RADIUS protocol port int 1 65535 Enter a number between 1 and 65535 to define the virtual port number of the authentication proto...

Page 223: ...sed by the server host The user may choose one of the following tacacs Enter this parameter if the server host utilizes the TACACS protocol xtacacs Enter this parameter if the server host utilizes the XTACACS protocol tacacs Enter this parameter if the server host utilizes the TACACS protocol radius Enter this parameter if the server host utilizes the RADIUS protocol port int 1 65535 Enter a numbe...

Page 224: ...ilizes the TACACS protocol xtacacs Enter this parameter if the server host utilizes the XTACACS protocol tacacs Enter this parameter if the server host utilizes the TACACS protocol radius Enter this parameter if the server host utilizes the RADIUS protocol Restrictions Only Administrator level users can issue this command Example usage To delete a user defined TACACS authentication server host DES...

Page 225: ...tocol Port Timeout Retransmit Key 10 53 13 94 TACACS 49 5 2 No Use Total Entries 1 DES 3028P 4 create authen server_group Purpose Used to create a user defined authentication server group Syntax create authen server_group string 15 Description This command will create an authentication server group A server group is a technique used to group TACACS XTACACS TACACS RADIUS server hosts into user defi...

Page 226: ...e the built in TACACS server protocol on the Switch Only server hosts utilizing the TACACS protocol may be added to this group radius Use this parameter to utilize the built in RADIUS server protocol on the Switch Only server hosts utilizing the RADIUS protocol may be added to this group string 15 Enter an alphanumeric string of up to 15 characters to define the previously created server group Thi...

Page 227: ...3028P 4 show authen server_group Purpose Used to view authentication server groups on the Switch Syntax show authen server_group string 15 Description This command will display authentication server groups currently configured on the Switch This command will display the following fields Group Name The name of the server group currently configured on the Switch including built in groups and user de...

Page 228: ...lt value is 30 seconds Restrictions Only Administrator level users can issue this command Example usage To configure the response timeout for 60 seconds DES 3028P 4 config authen parameter response_timeout 60 Command config authen parameter response_timeout 60 Success DES 3028P 4 config authen parameter attempt Purpose Used to configure the maximum number of times the Switch will accept authentica...

Page 229: ...attempting to log in from the command line interface or telnet interface User attempts The maximum number of attempts the user may try to become authenticated by the Switch before being locked out Parameters None Restrictions None Example usage To view the authentication parameters currently set on the Switch DES 3028P 4 show authen parameter Command show authen parameter Response Timeout 60 secon...

Page 230: ..._enable Description This command will configure the locally enabled password for the enable admin command When a user chooses the local_enable method to promote user level privileges to administrator privileges he or she will be prompted to enter the password configured here that is set locally on the Switch Parameters password 15 After entering this command the user will be prompted to enter the ...

Page 231: ...sed Configure the encryption algorithm that SSH will use to encrypt and decrypt messages sent between the SSH Client and the SSH Server Finally enable SSH on the Switch using the enable ssh command After following the above steps users can configure an SSH Client on the remote PC and manage the Switch using secure in band communication The Secure Shell SSH commands in the Command Line Interface CL...

Page 232: ...S 3028P 4 disable ssh Purpose Used to disable SSH Syntax disable ssh Description This command allows users to disable SSH on the Switch Parameters None Restrictions Only Administrator level users can issue this command Usage example To disable SSH DES 3028P 4 disable ssh Command disable ssh Success DES 3028P 4 config ssh authmode Purpose Used to configure the SSH authentication mode setting Syntax...

Page 233: ...ws users to enable or disable SSH authentication on the Switch Restrictions Only Administrator level users can issue this command Example usage To enable the SSH authentication mode by password DES 3028P 4 config ssh authmode password enable Command config ssh authmode password enable Success DES 3028P 4 show ssh authmode Purpose Used to display the SSH authentication mode setting Syntax show ssh ...

Page 234: ...ll be disconnected and the user must reconnect to the Switch to attempt another login rekey 10min 30min 60min never Sets the time period that the Switch will change the security shell encryptions Restrictions Only Administrator level users can issue this command Usage example To configure the SSH server DES 3028P 4 config ssh server maxsession 2 contimeout 300 authfail 2 Command config ssh server ...

Page 235: ...an alphanumeric string of up to 32 characters identifying the remote SSH user hostname_IP domain_name 32 ipaddr Enter the hostname and the corresponding IP address of the SSH user password This parameter should be chosen to use an administrator defined password for authentication Upon entry of this command the Switch will prompt the user for a password and then to retype the password for confirmat...

Page 236: ...tion algorithm AES192 This parameter will enable or disable the Advanced Encryption Standard AES192 encryption algorithm AES256 This parameter will enable or disable the Advanced Encryption Standard AES256 encryption algorithm arcfour This parameter will enable or disable the Arcfour encryption algorithm blowfish This parameter will enable or disable the Blowfish encryption algorithm cast128 This ...

Page 237: ...tion This command will display the current SSH algorithm setting status Parameters None Restrictions None Usage Example To display SSH algorithms currently set on the Switch DES 3028P 4 show ssh algorithm Command show ssh algorithm Encryption Algorithm 3DES Enabled AES128 Enabled AES192 Enabled AES256 Enabled ARC4 Enabled Blowfish Enabled Cast128 Enabled Twofish128 Enabled Twofish192 Enabled Twofi...

Page 238: ...pports the 3DES_EDE encryption code defined by the Data Encryption Standard DES to create the encrypted text 3 Hash Algorithm This part of the ciphersuite allows the user to choose a message digest function which will determine a Message Authentication Code This Message Authentication Code will be encrypted with a sent message to provide integrity and prevent against replay attacks The Switch supp...

Page 239: ...mbines the RSA key exchange CBC Block Cipher 3DES_EDE encryption and the SHA Hash Algorithm DHE_DSS_with_3DES_EDE_CBC_SHA This ciphersuite combines the DSA Diffie Hellman key exchange CBC Block Cipher 3DES_EDE encryption and SHA Hash Algorithm RSA_EXPORT_with_RC4_40_MD5 This ciphersuite combines the RSA Export key exchange stream cipher RC4 encryption with 40 bit keys The ciphersuites are enabled ...

Page 240: ...RSA key exchange CBC Block Cipher 3DES_EDE encryption and the SHA Hash Algorithm 3 DHE_DSS_with_3DES_EDE_CBC_SHA This ciphersuite combines the DSA Diffie Hellman key exchange CBC Block Cipher 3DES_EDE encryption and SHA Hash Algorithm 4 RSA_EXPORT_with_RC4_40_MD5 This ciphersuite combines the RSA Export key exchange stream cipher RC4 encryption with 40 bit keys Restrictions Only Administrator leve...

Page 241: ...nd Example usage To set the SSL cachetimeout for 7200 seconds DES 3028P 4 config ssl cachetimeout timeout 7200 Command config ssl cachetimeout timeout 7200 Success DES 3028P 4 show ssl cachetimeout Purpose Used to show the SSL cache timeout Syntax show ssl cachetimeout Description Entering this command will allow the user to view the SSL cache timeout currently implemented on the Switch Parameters...

Page 242: ...rtificate file for the SSL function on the Switch Syntax download ssl certificate ipaddr certfilename path_filename 64 keyfilename path_filename 64 Description This command is used to download a certificate file for the SSL function on the Switch from a TFTP server The certificate file is a data record used for authenticating devices on the network It contains information on the owner keys for aut...

Page 243: ...net Switch CLI Reference Manual 238 DES 3028P 4 download ssl certificate 10 53 13 94 certfilename c cert der keyfilename c pkey der Command download ssl certificate 10 53 13 94 certfilename c cert der keyfilename c pkey der Certificate Loaded Successfully DES 3028P 4 ...

Page 244: ...nother Single IP group It is connected to the Member Switches through its management VLAN Member Switch MS This is a switch that has joined a single IP group and is accessible from the CS and it takes on the following characteristics It is not a CS or MS of another IP group It is connected to the CS through the CS management VLAN Candidate Switch CaS This is a switch that is ready to join a SIM gr...

Page 245: ...itch is still powered down if it has become the member of another group or if it has been configured to be a Commander Switch the rediscovery process cannot occur This version will support multiple switch upload and downloads for firmware configuration files and log files as follows Firmware The switch now supports multiple MS firmware downloads from a TFTP server Configuration Files This switch n...

Page 246: ... Syntax disable sim Description This command will disable SIM globally on the Switch Parameters None Restrictions Only Administrator level users can issue this command Example usage To disable SIM on the Switch DES 3028P 4 disable sim Command disable sim Success DES 3028P 4 show sim Purpose Used to view the current information regarding the SIM group on the Switch Syntax show sim candidates candid...

Page 247: ...is parameter will display information concerning members of the SIM group To view a specific member include that member s id number listed from 1 to 32 group commander_mac macaddr Entering this parameter will display information concerning the SIM group To view a specific group include the commander s MAC address of the group neighbor Entering this parameter will display neighboring devices of the...

Page 248: ... Man 2 00 55 55 00 55 00 DES 3028P L2 Switch 140 2 00 B23 default master Total Entries 2 DES 3028P 4 To show the member information in summary DES 3028P 4 show sim members Command show sim members ID MAC Address Platform Hold Firmware Device Name Capability Time Version 1 00 01 02 03 04 00 DES 3028P L2 Switch 40 2 00 B23 The Man 2 00 55 55 00 55 00 DES 3028P L2 Switch 140 2 00 B23 default master T...

Page 249: ...ES 3028P L2 Switch 140 1 00 B23 default master means commander switch DES 3028P 4 Example usage To view SIM neighbors DES 3028P 4 show sim neighbor Command show sim neighbor Neighbor Info Table Port MAC Address Role 23 00 35 26 00 11 99 Commander 23 00 35 26 00 11 91 Member 24 00 35 26 00 11 90 Candidate Total Entries 3 DES 3028P 4 reconfig Purpose Used to connect to a member switch through the co...

Page 250: ...to add candidates and delete members from the SIM group by ID number Parameters add candidate_id 1 100 password Use this parameter to change a candidate switch CaS to a member switch MS of a SIM group The CaS may be defined by its ID number and a password if necessary delete member_id 1 32 Use this parameter to delete a member switch of a SIM group The member switch should be defined by ID number ...

Page 251: ...in seconds that the Switch will send out discovery packets Returning information to the CS will include information about other switches connected to it Ex MS CaS The user may set the dp_interval from 30 to 90 seconds hold time 100 255 Using this parameter the user may set the time in seconds the Switch will hold information sent to it from other switches utilizing the discovery interval protocol ...

Page 252: ...to a specified device from a TFTP server Parameters firmware Specify this parameter to download firmware to members of a SIM group configuration Specify this parameter to download a switch configuration to members of a SIM group ipaddr Enter the IP address of the TFTP server path_filename Enter the path and the filename of the firmware or switch on the TFTP server members Enter this parameter to s...

Page 253: ... 03 Success DES 3028P 4 upload sim_ms Purpose User to upload a configuration file to a TFTP server from a specified member of a SIM group Syntax upload sim_ms configuration_to_tftp log_to_tftp ipaddr path_filename members mslist all Description This command will upload a configuration file to a TFTP server from a specified member of a SIM group Parameters ipaddr Enter the IP address of the TFTP se...

Page 254: ...al 249 DES 3028P 4 upload sim_ms configuration_to_tftp 10 55 47 1 D configuration txt 1 Command upload sim_ms configuration 10 55 47 1 D configuration txt 1 This device is upload configuration Please wait several minutes Upload Status ID MAC Address Result 1 00 A1 51 34 26 00 Success DES 3028P 4 ...

Page 255: ...SWITCH WILL SEND OUT E MAIL TO RECIPIENTS WHEN ONE OR MORE OF THE FOLLOWING EVENTS OCCUR When a cold start occurs on the Switch When a port enters a link down status When a port enters a link up status When SNMP authentication has been denied by the Switch When a switch configuration entry has been saved to the NVRAM by the Switch When an abnormality occurs on TFTP during a firmware download event...

Page 256: ...nable smtp Description This command in conjunction with the disable smtp command will enable and disable the Switch as a SMTP client without changing configurations Parameters None Restrictions Only Administrator level users can issue this command Example usage To enable SMTP on the Switch DES 3028 4 enable smtp Command enable smtp Success DES 3028 4 disable smtp Purpose Used to disable the Switch...

Page 257: ...ess can be configured for this Switch This string can be no more that 64 alphanumeric characters add mail_receiver mail_addr 64 Choose this parameter to add mail recipients to receive e mail messages from the Switch Up to 8 e mail addresses can be added per Switch delete mail_receiver index 1 8 Choose this parameter to delete mail recipients from the configured list receiving e mail messages from ...

Page 258: ...stmsg Purpose Used to send a test message to mail recipients configured on the Switch Syntax smtp send_testmsg Description This command is used to send test messages to all mail recipients configured on the Switch thus testing the configurations set and the reliability of the SMTP server Parameters None Restrictions Only Administrator level users can issue this command Example usage To send a test...

Page 259: ...e automatically disables the port if there is a short Other ports will remain active PDs receive power according to the following classification Class Max power used by PD 0 0 44 to 12 95W 1 0 44 to 3 84W 2 3 84 to 6 49W 3 6 49 to 12 95W PSE provides power according to the following classification Class Max power provided by PSE 0 15 4W 1 4 0W 2 7 0W 3 15 4W The PoE commands in the Command Line In...

Page 260: ...owest priority to shut down to allow high priority ports to power up The default setting is deny_next_port Restrictions Only Administrator level users can issue this command Example usage To config the PoE System on the Switch DES 3028P 4 config poe system power_limit 185 power_disconnect_method deny_next_port Command config poe system power_limit 185 power_disconnect_method deny_next_port Success...

Page 261: ... maximum is 16800mW The default setting is 15400mW The user may also choose to define a power class by which to set the power limit based on the PSE table at the beginning of this section class_0 Choosing this class will set the maximum port limit at 15 4W class_1 Choosing this class will set the maximum port limit at 4 0W class_2 Choosing this class will set the maximum port limit at 7 0W class_3...

Page 262: ...is portlist Enter a port or range of ports to be displayed for their PoE settings Restrictions None Example usage To display the power settings for the switch system DES 3028P 4 show poe system Command show poe system PoE System Information Power Limit 185 watts Power Consumption 0 watts Power Remained 185 watts Power Disconnection Method Deny Next Port If power disconnection method is set to deny...

Page 263: ... mA Status 1 Enabled Low 15400 User Defined 0 0 0 0 Off Interim state during line detection 2 Enabled Low 15400 User Defined 0 0 0 0 Off Interim state during line detection 3 Enabled Low 15400 User Defined 0 0 0 0 Off Interim state during line detection 4 Enabled Low 15400 User Defined 0 0 0 0 Off Interim state during line detection 5 Enabled Low 15400 User Defined 0 0 0 0 Off Interim state during...

Page 264: ... is link up the cable will not have the short or open problem When a port is in link down status the link down may be caused by many factors When the port has a normal cable connection but the remote partner is powered off the cable diagnosis can still diagnose the health of the cable as if the remote partner is powered on When the port does not have any cable connection the result of the test wil...

Page 265: ...specified vlan When DHCP local relay is enabled for the VLAN the DHCP packet will be relayed in broadcast way without change of the source MAC address and gateway address DHCP option 82 will be automatically added Parameters vlan_name 32 The name of the VLAN to be enabled DHCP local relay vidlist Specifies a range of VLAN IDs to be configured state Enable or disable DHCP local relay for specified ...

Page 266: ... Parameters None Restrictions Only Administrator level users can issue this command Example usage To disable DHCP local relay function DES 3028P 4 disable dhcp_local_relay Command disable dhcp_local_relay Success DES 3028P 4 show dhcp_local_relay Purpose Used to display the current DHCP local relay configuration Syntax show dhcp_local_relay Description The show dhcp_local_relay command displays th...

Page 267: ...nd ipif_status_up enable disable Description The command is used to enable disable sending of gratuitous ARP request packet while IPIF interface is up This is used to automatically announce the interface s IP address to other nodes By default the state is enabled and only one gratuitous ARP packet will be broadcast Parameters enable Enable sending of gratuitous ARP when IPIF status is up disable D...

Page 268: ...uitous_arp learning Purpose Used to enable disable learning of ARP entries in ARP cache based on the received gratuitous ARP packets Syntax config gratuitous_arp learning enable disable Description Normally the system will only learn the ARP reply packet or a normal ARP request packet that asks for the MAC address that corresponds to the system s IP address The command is used to enable disable le...

Page 269: ... interval 5 Success DES 3028P 4 enable gratuitous_arp trap and log Purpose Used to enable the gratuitous ARP trap and log Syntax enable gratuitous_arp ipif ipif_name 12 trap log Description The command is used to enable gratuitous ARP trap and log states The switch can trap and log the IP conflict event to inform the administrator By default the trap is disabled and event log is enabled Parameters...

Page 270: ...ratuitous ARP configuration Syntax show gratuitous_arp ipif ipif_name Description The show gratuitous_arp command is used to display gratuitous ARP configurations Parameters ipif_name 12 Interface name of L3 interface Restrictions Only Administrator level users can issue this command Example usage To display gratuitous ARP log and trap states DES 3028P 4 show gratuitous_arp Command show gratuitous...

Page 271: ...n Syntax enable vlan_trunk Description When the VLAN trunk function is enabled the VLAN trunk ports shall be able to forward all tagged frames with any VID Parameters None Restrictions Only Administrator level users can issue this command Example usage To enable the VLAN Trunk DES 3028P 4 enable vlan_trunk Command enable vlan_trunk Success DES 3028P 4 disable vlan_trunk Purpose Used to disable the...

Page 272: ... is applied to link aggregation member port excluding the master the command will be rejected The ports with different VLAN configurations are not allowed to form an aggregated link However if they are specified as VLAN trunk ports they are allowed to form an aggregated link For a VLAN trunk port the VLANs on which the packets can be by passed will not be advertised by GVRP on that particular port...

Page 273: ...configure a VLAN Trunk port if Port 6 is LA 1 member port port 7 is LA 1 master port DES 3028P 4 config vlan_trunk ports 6 7 state enable Command config vlan_trunk ports 6 7 state enable Success DES 3028P 4 To configure a VLAN Trunk port if Port 6 7 have the same VLAN configurations before enable VLAN trunking Port 6 is LA 1 member port port 7 is LA 1 master port DES 3028P 4 config vlan_trunk port...

Page 274: ...8G DES 3052 DES 3052P Layer 2 Fast Ethernet Switch CLI Reference Manual 269 Example usage To display VLAN Trunk information DES 3028P 4 show vlan_trunk Command show vlan_trunk VLAN Trunk Enable VLAN Trunk Port 1 5 7 DES 3028P 4 ...

Page 275: ...et to 88a8 All existing static VLANs will run as SP VLAN All dynamically learned L2 address will be cleared GVRP and STP need to be disabled manually If you need to run GVRP on the switch firstly enable GVRP manually The default setting of QinQ is disabled Parameters None Restrictions Only Administrator level users can issue this command Example usage To enable QinQ DES 3028P 4 enable qinq Command...

Page 276: ...lobal QinQ status DES 3028P 4 show qinq Command show qinq QinQ Status Enabled DES 3028P 4 configure qinq port Purpose Used to configure qinq ports Syntax config qinq ports portlist all role nni uni tpid hex 0x0 0xffff Description This command used to configure the QinQ VLAN mode for ports including The port role in double tag VLAN mode and port outer TPID This setting will not be effective when Qi...

Page 277: ...tus Syntax show qinq ports portlist Description The command used to show the qinq configuration for a port including port role in QinQ mode port outer TPID that is applied to the port Parameters portlist Specifies a range of ports to be displayed If no parameter is specified the system will display all port information Restrictions Only Administrator level users can issue this command Example usag...

Page 278: ... asymmetric_vlan Description This command enables the asymmetric VLAN function on the Switch Parameters None Restrictions Only Administrator level users can issue this command Example usage To enable asymmetric VLANs DES 3028P 4 enable asymmetric_vlan Command enable asymmetric_vlan Success DES 3028P 4 disable asymmetric_vlan Purpose Used to disable the asymmetric VLAN function on the Switch Syntax...

Page 279: ... asymmetric VLAN state on the Switch Syntax show asymmetric_vlan Description This command displays the asymmetric VLAN state on the Switch Parameters None Restrictions None Example usage To display the asymmetric VLAN state currently set on the Switch DES 3028P 4 show asymmetric_vlan Command show asymmetric_vlan Asymmetric VLAN Enabled DES 3028P 4 ...

Page 280: ...oping on the switch Syntax config mld_snooping vlan vlan_name 32 vlanid vlanid_list all node_timeout sec 1 16711450 router_timeout sec 1 16711450 done_timer sec 1 16711450 state enable disable fast_done enable disable Description The config mld_snooping command configures MLD snooping on the switch If the MLD version is configured with a lower version the higher version s MLD Report Leave messages...

Page 281: ...onfigure ports as router ports Syntax config mld_snooping mrouter_ports vlan_name 32 vlanid vlanid add delete portlist Description The config mld_snooping mrouter_ports command allows you to designate a range of ports as being connected to multicast enabled routers This will ensure that all packets with such a router as its destination will reach the multicast enabled router regardless of protocol...

Page 282: ...s a range of ports to be configured UnitID port number Restrictions Only Administrator level users can issue this command Example usage To set up port range 1 10 to forbidden router ports DES 3028P 4 config mld_snooping mrouter_ports_forbidden default add 1 10 Command config mld_snooping mrouter_ports_forbidden default add 1 10 Success DES 3028P 4 enable mld_snooping Purpose Used to enable MLD sno...

Page 283: ...nd Example usage To disable MLD snooping on the switch DES 3028P 4 disable mld_snooping Command disable mld_snooping Success DES 3028P 4 show mld_snooping Purpose Used to show the current status of MLD snooping on the switch Syntax show mld_snooping vlan vlan_name 32 vlanid vlanid_list Description The show mld_snooping will display the current MLD snooping configuration on the switch Parameters vl...

Page 284: ...Interval 1 Node Timeout 260 Router Timeout 260 Done Timer 2 Querier State Disabled Querier Router Behavior Non Querier State Disabled Version 1 Total Entries 2 DES 3028P 4 show mld_snooping group Purpose Used to display the current MLD snooping group configuration on the switch Syntax show mld_snooping group vlan vlan_name 32 vlanid vlanid_list Description The show mld_snooping group displays the ...

Page 285: ...s Purpose Used to display the currently configured router ports on the switch Syntax show mld_snooping mrouter_ports vlan vlan_name 32 vlanid vlanid_list static dynamic forbidden Description The show mld_snooping mrouter_ports command displays the currently configured router ports on the switch Parameters vlan_name 32 The name of the VLAN on which the router port resides static Displays router por...

Page 286: ...e Manual 281 DES 3028P 4 show mld_snooping mrouter_ports Command show mld_snooping mrouter_ports VLAN Name default Static mrouter port 1 10 Dynamic mrouter port Forbidden mrouter port VLAN Name vlan2 Static mrouter port Dynamic mrouter port Forbidden mrouter port Total Entries 2 DES 3028P 4 ...

Page 287: ...ooping multicat_vlan vlan_name 32 enable igmp_snooping multicast_vlan disable igmp_snooping multicast_vlan show igmp_snooping multicast_vlan vlan_name 32 Each command is listed in detail in the following sections create igmp_snooping multicast_vlan Purpose Used to create a multicast VLAN Syntax create igmp_snooping multicast_vlan vlan_name 32 vlanid 2 4094 Description The create igmp_snooping mult...

Page 288: ...ot overlap However the member port of one multicast VLAN can overlap with another multicast VLAN The multicast VLAN must be created first before configuration Parameters vlan_name The name of the VLAN to be created Each multicast VLAN is given a name that can be up to 32 characters member_port portlist A range of member ports to add to the multicast VLAN They will become the untagged member port o...

Page 289: ...N Parameters vlan_name 32 The name of the multicast VLAN to be configured each multicast VLAN is given a name that can be up to 32 characters mcast_address_list The list of multicast groups that will be learned with the specified multicast VLAN all All multicast groups will be selected from the specified multicast VLAN Restrictions Only Administrator level users can issue this command Example usag...

Page 290: ...trator level users can issue this command Example usage To delete an IGMP snoop multicast VLAN DES 3028P 4 delete igmp_snooping multicat_vlan v1 Command delete igmp_snooping multicat_vlan v1 Success DES 3028P 4 enable igmp_snooping multicast_vlan Purpose Used to enable the multicast VLAN function Syntax enable igmp_snooping multicast_vlan Description This command controls the multicast VLAN functi...

Page 291: ...p multicast VLAN DES 3028P 4 disable igmp_snooping multicast_vlan Command disable igmp_snooping multicast_vlan Success DES 3028P 4 show igmp_snooping multicast_vlan Purpose Used to show the information of multicast VLAN Syntax show igmp_snooping multicast_vlan vlan_name 32 Description The show igmp_snooping multicast_vlan command allows you to show the information of multicast VLAN Parameters vlan...

Page 292: ...1 24 profile_name name 1 32 config limited_multicast_addr ports portlist add delete profile_id value 1 24 profile_name name 1 32 show limited_multicast_addr ports portlist config max_mcast_group port portlist max_group value 1 256 show max_mcast_group ports portlist Each command is listed in detail in the following sections create mcast_filter_profile profile_id Purpose This command creates a mult...

Page 293: ...his command Example usage To configure an mcast filter profile DES 3028P 4 config mcast_filter_profile profile_id 2 add 225 1 1 1 225 1 1 1 Command config mcast_filter_profile profile_id 2 add 225 1 1 1 225 1 1 1 Success DES 3028P 4 delete mcast_filter_profile Purpose This command deletes a multicast address profile Syntax delete mcast_filter_profile profile_id value 1 24 all Description This comm...

Page 294: ...DES 3028P 4 show mcast_filter_profile Purpose This command displays the defined multicast address profiles Syntax show mcast_filter_profile profile_id value 1 24 profile_name name 1 32 Description This command displays the defined multicast address profiles Parameters profile_id ID of the profile profile_name Name of the profile If not specified all profiles will be displayed Restrictions None Exa...

Page 295: ...to be added to or deleted from the port Restrictions Only Administrator level users can issue this command Example usage To configure ports 1 3 to set the multicast address profile 2 DES 3028P 4 config limited_multicast_addr ports 1 3 add profile_id 2 Command config limited_multicast_addr ports 1 3 add profile_id 2 Success DES 3028P 4 show limited multicast address Purpose Used to show per port Li...

Page 296: ...rator level users can issue this command Example usage To configure the maximum number of multicast groups that a port can join DES 3028P 4 config max_mcast_group ports 1 3 max_group 100 Command config max_mcast_group ports 1 3 max_group 100 Success DES 3028P 4 show max_mcast_group Purpose This command displays the maximum number of multicast groups that a port can join Syntax show max_mcast_group...

Page 297: ...t_addr ipv4 ipaddr enable disable config lldp ports portlist all basic_tlvs all port_description system_name system_description system_capabilities enable disable config lldp ports portlist all dot1_tlv_pvid enable disable config lldp ports portlist all dot1_tlv_vlan_name vlan all vlan_name 32 vlanid vidlist enable disable config lldp ports portlist all dot1_tlv_ protocol_identity all eapol lacp g...

Page 298: ...the neighbor in the neighbor table The default state for LLDP is disabled Parameters None Restrictions Only Administrator level users can issue this command Example usage To enable LLDP DES 3028P 4 enable lldp Command enable lldp Success DES 3028P 4 disable lldp Purpose Used to disable LLDP operation on the switch Syntax disable lldp Description The switch will stop sending and receiving of LLDP a...

Page 299: ...tner switch when the time to Live for a given advertisement expires the advertised data is deleted from the neighbor switch s MIB Parameters message_tx_hold_multiplier The range is from 2 to 10 The default setting 4 Restrictions Only Administrator level users can issue this command Example usage To change the multiplier value DES 3028P 4 config lldp message_tx_hold_multiplier 3 Command config lldp...

Page 300: ...s The default setting 2 seconds Restrictions Only Administrator level users can issue this command Example usage To change the re initialization delay interval DES 3028P 4 config lldp reinit_delay 5 Command config lldp reinit_delay 5 Success DES 3028P 4 config lldp notification_interval Purpose Used to configure the timer of the notification interval used to send notifications to configured SNMP t...

Page 301: ...cation of LLDP data changes detected on advertisements received from neighbor devices The default notification state is disabled Restrictions Only Administrator level users can issue this command Example usage To change the port SNMP notification state DES 3028P 4 config lldp ports 1 5 notification enable Command config lldp ports 1 5 notification enable Success DES 3028P 4 config lldp admin_statu...

Page 302: ...er 3 devices each managed address can be individually specified The management addresses that are added in the list will be advertised in the LLDP from the specified interface associated with each management address The interface for that management address will be also advertised in the if index form Parameters portlist Specified a range of ports to be configured all To set all ports in the syste...

Page 303: ...pabilities This TLV optional data type indicates that the LLDP agent should transmit System Capabilities TLV The system capability will indicate whether the device provides repeater bridge or router functions and whether the provided functions are currently enabled The default state is disabled Restrictions Only Administrator level users can issue this command Example usage To configure the Switch...

Page 304: ...tted on the port If a port is associated with multiple VLANs those enabled VLAN IDs will be advertised The default state is disable Restrictions Only Administrator level users can issue this command Example usage To configure the VLAN name TLV from the outbound LLDP advertisements for all ports DES 3028P 4 config lldp ports all dot1_tlv_vlan_name vlanid 1 3 enable Command config lldp ports all dot...

Page 305: ...rpose Used to configure an individual port or group of ports to exclude one or more of IEEE 802 3 organization specific TLV data types from outbound LLDP advertisements Syntax config lldp ports portlist all dot3_tlvs all mac_phy_configuration_status link aggregation power_via_mdi maximum_frame_size enable disable Description Each Specific TLV in this extension can be enabled individually Parameter...

Page 306: ... Used to configure forwarding of lldpdu packet when LLDP is disabled Syntax config lldp forward_message enable disable Description When lldp is disabled and lldp forward_message is enabled the received LLDPDU packet will be forwarded The default state is disable Parameters None Restrictions Only Administrator level users can issue this command Example usage To configure the LLDP forward_lldpdu DES...

Page 307: ... Status Disable Message Tx Interval 30 Message Tx Hold Multiplier 4 ReInit delay 2 Tx Delay 2 Notification Interval 5 DES 3028P 4 show lldp mgt_addr Purpose Used to display the lldp management address information Syntax show lldp mgt_addr ipv4 ipaddr Description Displays the lldp management address information Parameters Ipv4 IP address of IPV4 Restrictions None Example usage To display the manage...

Page 308: ... Name Disable System Description Disable System Capabilities Disable Enabled Management Address NONE Port VLAN ID Disable Enabled VLAN Name NONE Enabled protocol_identity NONE MAC PHY Configuration Status Disable Link Aggregation Disable Maximum Frame Size Disable DES 3028P 4 show lldp local_ports Purpose Used to display the per port information currently available for populating outbound LLDP adv...

Page 309: ...s 1 mode detailed Port ID 1 Port Id Subtype LOCAL Port Id 1 1 Port Description RMON Port 1 on Unit 1 Port PVID 1 Management Address count 1 Subtype IPv4 Address 10 73 21 51 IF Type unknown OID 1 3 6 1 4 1 171 10 64 1 VLAN Name Entries count 1 Entry 1 Vlan id 1 Vlan name default Protocol Identity Entries count 1 Entry 1 Protocol index 4 Protocol id 00 27 42 42 03 00 00 02 CTRL C ESC q Quit SPACE n ...

Page 310: ...how lldp local_ports 1 mode brief Port ID 1 Port Id Subtype LOCAL Port Id 1 1 Port Description RMON Port 1 on Unit 1 DES 3028P 4 show lldp remote_ports Purpose Used to display the information learned from the neighbor Syntax show lldp remote_ports portlist mode brief normal detailed Description This command displays information learnt from the neighbor parameters Due to the memory limitations the ...

Page 311: ...ssis ID Subtype MAC Address Chassis ID 00 01 02 03 04 02 Port ID Subtype Local Port ID 1 4 Port Description RMON Port 1 on Unit 4 Port ID 2 Remote Entities Count 3 Entity 1 Chassis ID Subtype MAC Address Chassis ID 00 01 02 03 04 03 Port ID Subtype Local Port ID 2 1 Port Description RMON Port 2 on Unit 1 Entity 2 Chassis ID Subtype MAC Address Chassis ID 00 01 02 03 04 04 Port ID Subtype Local Por...

Page 312: ...s Count 5 VLAN Name Entries Count 3 Protocol Id Entries Count 2 MAC PHY Configuration Status See Detail Power Via MDI See Detail Link Aggregation See Detail Maximum Frame Size 1536 Unknown TLVs Count 2 Entity 2 Chassis ID Subtype MAC Address Chassis ID 00 01 02 03 04 02 Port ID Subtype Local Port ID 2 1 Port Description RMON Port 1 on Unit 2 System Name Switch2 System Description Stackable Etherne...

Page 313: ...r Bridge Management Address count 1 Entry 1 Subtype IPv4 Address 10 48 46 128 IF Type unknown OID 1 3 6 1 4 1 171 11 63 9 Port PVID 1 PPVID Entries count 0 None VLAN Name Entries count 1 Entry 1 Vlan id 1 Vlan name default Protocol ID Entries count 0 None MAC PHY Configuration Status Auto negotiation support supported Auto negotiation status enabled Auto negotiation advertised capability 0005 hex ...

Page 314: ...rameters None Restrictions None Example usage To display global statistics information DES 3028P 4 show lldp statistics Command show lldp statistics Last Change Time 6094 Number of Table Insert 1 Number of Table Delete 0 Number of Table Drop 0 Number of Table Ageout 0 DES 3028P 4 show lldp statistics ports Purpose Used to display the ports LLDP statistics information Syntax show lldp statistics po...

Page 315: ...tion of port 1 DES 3028P 4 show lldp statistics ports 1 Command show lldp statistics ports 1 Port ID 1 lldpStatsTxPortFramesTotal 27 lldpStatsRxPortFramesDiscardedTotal 0 lldpStatsRxPortFramesErrors 0 lldpStatsRxPortFramesTotal 27 lldpStatsRxPortTLVsDiscardedTotal 0 lldpStatsRxPortTLVsUnrecognizedTotal 0 lldpStatsRxPortAgeoutsTotal 0 DES 3028P 4 ...

Page 316: ... dos_type Purpose This command is used to discard the l3 control packets sent to CPU from specific ports Syntax config dos_prevention dos_type land_attack blat_attack smurf_attack tcp_null_scan tcp_xmascan tcp_synfin tcp_syn_srcport_less_1024 1 all action drop mirror port priority value 0 7 rx_rate no_limit value 64 1024000 state enable disable Description This command configures the prevention of...

Page 317: ...ack blat_attack state enable action drop Success DES 3028P 4 enable dos_prevention trap_log Purpose Used to enable dos_prevention trap log Syntax enable dos_prevention trap_log Description This command is used to send traps and logs when a DoS attack event occurs The event will be logged only when the action is specified as drop Parameters None Restrictions Only Administrator level users can issue...

Page 318: ...tack blat_attack smurf_attack tcp_null_scan tcp_xmascan tcp_synfin tcp_syn_srcport_less_1024 Description The show dos_prevention command displays DoS prevention information includes the type of DoS attack the prevention state the corresponding action if the prevention is enabled and the counter information of the DoS packet Parameters dos The type of DoS attack Possible values are as follows land_...

Page 319: ... information for Land Attack DES 3028P 4 show dos_prevention land_attack Command show dos_prevention land_attack DoS Type Land Attack State Enabled Action Mirror Port 7 Priority 5 Rx Rate Kbit sec 1024 Frame Counts 10000 DES 3028P 4 To display DoS prevention information for Blat Attack DES 3028P 4 show dos_prevention land_attack Command show dos_prevention land_attack DoS Type Blat Attack State En...

Page 320: ...ack Parameters dos The type of DoS attack Possible values are as follows land_attack blat_attack smurf_attack tcp_null_scan tcp_xmascan tcp_synfin tcp_syn_srcport_less_1024 Restrictions Only Administrator level users can issue this command Example usage To clear all counters of the prevention of each DoS attack DES 3028P 4 clear dos_prevention counters Command clear dos_prevention counters Success...

Page 321: ...Web The function is port based meaning a user can enable or disable the function on the individual port The IP MAC PORT Binding commands in the Command Line Interface CLI are listed along with the appropriate parameters in the following table Command Parameters create address_binding ip_mac ipaddress ipaddr mac_address macaddr ports portlist all config address_binding ip_mac ipaddress ipaddr mac_a...

Page 322: ...l be configured for address binding Restrictions Only Administrator level users can issue this command Example usage To create address binding on the Switch DES 3028P 4 create address_binding ip_mac ipaddress 10 1 1 3 mac_address 00 00 00 00 00 04 Command create address_binding ip_mac ipaddress 10 1 1 3 mac_address 00 00 00 00 00 04 Success DES 3028P 4 config address_binding ip_mac ipaddress Purpo...

Page 323: ...for the port The port will check ARP packets and IP packets by IP MAC PORT Binding entries The packet is found by the entry the MAC address will be set to dynamic If the packet is not found by the entry the MAC address will be set to block Other packets will be dropped The default mode is strict if not specified loose This mode provides a more loose way of control If the user chooses loose ARP pac...

Page 324: ...ding ip_mac ports Purpose Used to configure an IP MAC state to enable or disable for specified ports Syntax config address_binding ip_mac ports portlist all forward_dhcppkt enable disable Description This command will configure IP MAC state to enable or disable forward DHCP packet for specified ports Parameters portlist Specifies a port or range of ports all specifies all ports on the switch forwa...

Page 325: ...n be viewed by entering the physical and IP addresses of the device blocked Blocked address binding entries bindings between VLAN names and MAC addresses can be viewed by entering the VLAN name and the physical address of the device ports The number of enabled ports on a device Parameters all For IP_MAC binding all specifies all the IP MAC binding entries for Blocked Address Binding entries all sp...

Page 326: ...IP addresses of the device Toggling to all will delete all the Address Binding entries Blocked Blocked address binding entries bindings between VLAN names and MAC addresses can be deleted by entering the VLAN name and the physical address of the device To delete all the Blocked Address Binding entries toggle all Parameters ipaddr The IP address of the device where the IP MAC binding is made macadd...

Page 327: ... configuration set on the Switch Parameters None Restrictions Only Administrator level users can issue this command Example usage To enable sending of IP MAC Binding trap log messages on the Switch DES 3028P 4 enable address_binding trap_log Command enable address_binding trap_log Success DES 3028P 4 disable address_binding trap_log Purpose Used to disable the trap log for the IP MAC binding funct...

Page 328: ...dress_binding dhcp_snoop information Parameters portlist Specifies a port or range of ports ports Specifies ports on the device Restrictions None Example usage To show address_binding dhcp_snoop DES 3028P 4 show address_binding dhcp_snoop Command show address_binding dhcp_snoop DHCP_Snoop Enabled Success DES 3028P 4 To show address_binding dhcp_snoop entry DES 3028P 4 show address_binding dhcp_sno...

Page 329: ...4 5 5 5 6 5 7 5 8 5 9 5 10 5 11 5 12 5 13 5 14 5 15 5 16 5 17 5 18 5 19 5 20 5 21 5 22 5 23 5 24 5 25 5 26 5 DES 3028P 4 enable address_binding dhcp_snoop Purpose Used to enable address_binding dhcp_snoop Syntax enable address_binding dhcp_snoop Description This command is used to enable the function to allow entries to be created by the DHCP packet Parameters None Restrictions Only Administrator ...

Page 330: ...et Parameters None Restrictions Only Administrator level users can issue this command Example usage To disable address_binding dhcp_snoop DES 3028P 4 disable address_binding dhcp_snoop Command disable address_binding dhcp_snoop Success DES 3028P 4 clear address_binding dhcp_snoop binding_entry Purpose To clear the address binding entries learned for the specified ports Syntax clear address_binding...

Page 331: ...ng dhcp_snoop max_entry ports portlist all limit value 1 10 no_limit Description By default the per port max entry is 5 This command specifies the max number of entries which can be learned by the specified ports Parameters portlist Specifies the list of ports that you would like to set the maximum dhcp snoop learned entry limit Specifies the maximum number Restrictions Only Administrator level us...

Page 332: ...config loopdetect recover_timer value 0 value 60 1000000 interval 1 32767 Description Used to configure loopback detection on the switch Parameters recover_timer The time interval in seconds used by the Auto Recovery mechanism to decide how long to check if the loop status is gone The valid range is 60 to 1000000 Zero is a special value which means to disable the auto recovery mechanism The defaul...

Page 333: ...ct ports 1 5 state enable Command config loopdetect ports 1 5 state enable Success DES 3028P 4 enable loopdetect Purpose Used to globally enable loopback detection on the switch Syntax enable loopdetect Description Used to globally enable loopback detection on the switch Parameters None Restrictions Only Administrator level users can issue this command Example usage To enable loop back detection o...

Page 334: ... Example usage To show loopdetect DES 3028P 4 show loopdetect Command show loopdetect Loopdetect Global Settings Loopdetect Status Enabled Loopdetect Interval 20 Recover Time 60 DES 3028P 4 show loopdetect ports Purpose Used to display the current per port loopback detection settings on the switch Syntax show loopdetect ports portlist all Description Used to display the current per port loopback d...

Page 335: ...t Ethernet Switch CLI Reference Manual 330 DES 3028P 4 show loopdetect ports 1 3 Command show loopdetect ports 1 3 Port Loopdetect State Loop Status 1 Enabled Normal 2 Enabled Normal 3 Enabled Normal CTRL C ESC q Quit SPACE n Next Page p Previous Page r Refresh ...

Page 336: ...command is listed in detail in the following sections show tech_support Purpose Used to show the information for technical support Syntax show tech_support Description This command is especially used by the technical support personnel to dump the device s overall operation information The information is project dependent and includes the following information Basic System information system log Ru...

Page 337: ...Disabled GVRP Disabled IGMP Snooping Disabled 802 1x Disabled TELNET Enabled TCP 23 WEB Enabled TCP 80 RMON Disabled SSH Disabled SSL Disabled Syslog Global State Disabled Dual Image Supported Password Encryption Status Disabled CUP Utilization 3049620ms CPU Utilization Five Seconds 1 One Minute 1 Five Minutes 2 Connection Session Status 3049620ms ID Login Time Live Time From Level Name 8 0 00 00 ...

Page 338: ...d tech_support_to_TFTP command is used to upload the technical support information Parameters ipaddr Specifies the ipaddress of TFTP server path_filename Specifies the file path to store the information of technique s support in TFTP server Restrictions Only Administrator level users can issue this command Example usage To upload the technical support information DES 3028P 4 upload tech_support_to...

Page 339: ...istory Each command is listed in detail in the following sections Purpose Used to display all commands in the Command Line Interface CLI Syntax command Description This command will display all of the commands available through the Command Line Interface CLI Parameters command Entering the question mark with an appropriate command will list all the corresponding parameters for the specified comman...

Page 340: ...g 802 1x init config 802 1x reauth config access_profile profile_id CTRL C ESC q Quit SPACE n Next Page ENTER Next Entry a All To display the parameters for a specific command DES 3028P 4 config stp Command config stp Command config stp Usage maxage value 6 40 maxhops value1 20 hellotime value 1 10 forwarddelay value 4 30 txholdcount value 1 10 fbpdu enable disable lbd enable disable lbd_recover_t...

Page 341: ...nfig 802 1x reauth config access_profile profile_id config account config admin local_enable config arp_aging time config arpentry config authen application CTRL C ESC q Quit SPACE n Next Page ENTER Next Entry a All config command_history Purpose Used to configure the command history Syntax config command_history value 1 40 Description This command is used to configure the command history Paramete...

Page 342: ..._history Purpose Used to display the command history Syntax show command_history Description This command will display the command history Parameters None Restrictions None Example usage To display the command history DES 3028P 4 show command_history Command show command_history show show vlan show command history DES 3028P 4 ...

Page 343: ...ZX DEM 210 Single Mode 100BASE FX DEM 211 Multi Mode 100BASE FX WDM Transceivers Supported DEM 330T TX 1550 RX 1310nm up to 10km Single Mode DEM 330R TX 1310 RX 1550nm up to 10km Single Mode DEM 331T TX 1550 RX 1310nm up to 40km Single Mode DEM 331R TX 1310 RX 1550nm up to 40km Single Mode Standards CSMA CD Data Transfer Rates Ethernet Fast Ethernet Gigabit Ethernet Half duplex Full duplex 10 Mbps...

Page 344: ... 8 5cm fan and one 17cm fan DES 3052P one 5cm fan one 8 3cm fan and one 17cm fan Operating Temperature 0 40 C Storage Temperature 40 70 C Humidity 5 95 non condensing Dimensions DES 3028 DES 3028G 441 W x 207 D x 44 H mm DES 3028P 3052 3052P 441 W x 309 D x 44 H mm Weight DES 3028 2 36kg 5 20lbs DES 3028G 2 42kg 5 33lbs DES 3028P 4 5kg 9 9lbs DES 3052 3 85kg 8 48lbs DES 3052P 5 70kg 12 56lbs EMI C...

Page 345: ...the port current is over 350mA while other ports remain active Active circuit protection automatically disables the port if there is a short while other ports remain active PD should be able to receive the power following the classification below Class Usage Max power used by PD 0 Default 0 44 to 12 95W 1 Optional 0 44 to 3 84W 2 Optional 3 84 to 6 49W 3 Optional 6 49 to 12 95W 4 Not allowed Reser...

Page 346: ...d device is connected Blinking Port has detected a error condition LED Per 10 100 Mbps Port PoE only for DES 3028P DES 3052P Green Light off Powered Device may receive power from an AC power source or no 802 3af PD is found Solid Green When there is a secure 1000Mbps connection or link at any of the ports Blinking Green When there is reception or transmission i e Activity Act of data occurring at ...

Page 347: ...s Port Functions Feature Detailed Description Console Port DCE RS 232 DB 9 for out of band configuration of the software features 24 x 10 100BaseT ports 48 x 10 100BaseT ports Power over LAN support Compliant to following standards IEEE 802 3 compliance IEEE 802 3u compliance Support Half Full Duplex operations All ports support Auto MDI X MDI II cross over IEEE 802 3x Flow Control support for Ful...

Page 348: ...310 RX 1550nm up to 40km Single Mode Compliant to following standards IEEE 802 3z compliance IEEE 802 3u compliance 1000BASE T ports in the front panel 1000BASE T ports compliant to following standards 1 IEEE 802 3 compliance 2 IEEE 802 3u compliance 3 IEEE 802 3ab compliance 4 Support Full Duplex operations 5 IEEE 802 3x Flow Control support for Full Duplex mode back pressure when Half Duplex mod...

Page 349: ...0 00 00 while PC B s IP address will be written into the Target Protocol Address shown in Table 1 H W type Protocol type H W address length Protocol address length Operation ARP request Sender H W address 00 20 5C 01 11 11 Sender protocol address 10 10 10 1 Target H W address 00 00 00 00 00 00 Target protocol address 10 10 10 2 Table 1 ARP Payload The ARP request will be encapsulated into the Ethe...

Page 350: ...d shown in Table 3 The ARP reply will be then encapsulated into the Ethernet frame again and sent back to the sender The ARP reply is the form of a Unicast communication H W type Protocol type H W address length Protocol address length Operation ARP reply Sender H W address 00 20 5C 01 11 11 Sender protocol address 10 10 10 1 Target H W address 00 20 5C 01 22 22 Target protocol address 10 10 10 2 ...

Page 351: ...will be changed to PC B s MAC address see Table 4 Destination address 00 20 5C 01 11 11 Source address 00 20 5C 01 22 22 Ether type ARP FCS Table 4 Ethernet frame format The switch will also examine the Source Address of the Ethernet frame and if it finds that the address is not in the Forwarding Table the switch will learn PC B s MAC and update its Forwarding Table Port1 00 20 5C 01 11 11 Port2 0...

Page 352: ... ARPs that occur when a host sends an ARP request to resolve its own IP address Figure 4 shows a hacker within a LAN to initiate ARP spoofing attack Figure 4 In the Gratuitous ARP packet the Sender protocol address and Target protocol address are filled with the same source IP address itself The Sender H W Address and Target H W address are filled with the same source MAC address The destination M...

Page 353: ... nonexistent or any specified MAC address to the IP address of the network s default gateway The malicious attacker only needs to broadcast ONE Gratuitous ARP to the network claiming it is the gateway so that the whole network operation will be turned down as all packets sent through the Internet will be directed to the wrong node Likewise the attacker can either choose to forward the traffic to t...

Page 354: ...ontent in the first 20 bytes of an ARP packet up to 80 bytes in total at one time It utilizes offsets to match individual fields in the Ethernet Frame An offset contains 16 bytes and the switch supports 5 offsets with each offset being divided into a four 4 byte values in a HEX format The offset ranges from 0 76 Refer to the configuration example below for details In addition the configuration log...

Page 355: ...DES 3028 DES 3028P DES 3028G DES 3052 DES 3052P Layer 2 Fast Ethernet Switch CLI Reference Manual 350 Figure 6 ...

Page 356: ...config access_profile profile_id 2 add access_id 1 packet_content offset 12 0x08060000 Ethernet Type 2 byte ARP offset 28 0x0A5A5A5A Sdr IP 4 byte 10 90 90 90 port 1 28 deny Configure access profile 2 The rest ARP packets whose Sender IP claim they are the gateway s IP will be dropped Step 5 create access_profile packet_content_mask offset_0 15 0x0 0x0 0x0 0xFFFF0000 Vlan Tag 2 byte offset_16 31 0...

Page 357: ...onsole port of the device It is necessary for the user needs to attach a terminal or PC with terminal emulation to the console port of the switch 2 Power on the switch After the runtime image is loaded to 100 the Switch will allow 2 seconds for the user to press the hotkey Shift 6 to enter the Password Recovery Mode Once the Switch enters the Password Recovery Mode all ports on the Switch will be ...

Page 358: ... 3052P Layer 2 Fast Ethernet Switch CLI Reference Manual 353 Command Parameters username user If a username is not specified the password of all users will be reset show account The show account command displays all previously created accounts ...

Reviews:

No comments