manualshive.com logo in svg

D-Link DES-3528 - xStack Switch - Stackable, Cli Reference Manual

Share
Download
D-Link DES-3528 - xStack Switch - Stackable Cli Reference Manual Download Page 266

xStack® DES-3528/DES-3552 Series Layer 2 Managed Stackable Fast Ethernet Switch CLI Reference Guide 

266 

create access_profile 

The user may deny packets by denying certain flag bits within the packets. The user may 
choose between 

all, urg 

(urgent), 

ack 

(acknowledgement), 

psh

 (push), 

rst 

(reset),

 syn

 

(synchronize) and 

fin 

(finish). 

udp

 

 Specifies that the Switch will examine each frame’s User Datagram Protocol 

(UDP) field.  

src_port_mask <hex 0x0-0xffff>

 

 Specifies a UDP port mask for the source port.  

dst_port_mask <hex 0x0-0xffff>

 

 Specifies a UDP port mask for the destination port. 

protocol_id_mask <hex 0x0-0xff>

 

 Specifies that the Switch will examine the protocol field in 

each packet and if this field contains the value entered here, apply the following rules. 

user_define_mask <hex 0x0-0xffffffff>

 

 Specifies that the rule applies to the IP protocol ID 

and the mask options behind the IP header.

 

packet_content_mask 

– Allows users to examine up to 4 specified offset_chunk within a 

packet at one time and specifies that the Switch will mask the packet header beginning with 
the offset value specified as follows: 

packet_content_mask {offset_chunk_1 <value 0-31> <hex 0x0-0xffffffff> | 
offset_chunk_2 <value 0-31> <hex 0x0-0xffffffff> | offset_chunk_3 <value 0-31> <hex 
0x0-0xffffffff> | offset_chunk_4 <value 0-31> <hex 0x0-0xffffffff> } 

With this advanced unique Packet Content Mask (also known as Packet Content Access 
Control List - ACL), D-Link xStack Switch family can effectively mitigate some network 
attacks like the common ARP Spoofing attack that is wide spread today. This is the reason 
why Packet Content ACL is able to inspect any specified content of a packet in different 
protocol layers. 

profile_id <value 1-14>

 

 Sets the relative priority for the profile. Priority is set relative to 

other  

profiles where the lowest profile ID has the highest priority. The user may enter a profile ID  

number between 1-14, yet, remember only 14 access profiles can be created on the Switch. 

profile_name

 

 Specifies the name of the profile.  The maximum length is 32 characters. 

IPV6 

 

Denotes that IPv6 packets will be examined by the Switch for forwarding or filtering 

based on the rules configured in the 

config access_profile

 command for IPv6. 

 

class 

– Entering this parameter will instruct the Switch to examine the 

class

 field of the 

IPv6 header. This class field is a part of the packet header that is similar to the Type of 
Service (ToS) or Precedence bits field in IPv4. 

 

flowlabel 

– Entering this parameter will instruct the Switch to examine the 

flow label

 

field of the IPv6 header. This flow label field is used by a source to label sequences of 
packets such as non-default quality of service or real time service packets.

 

 

tcp – 

Specifies that the Switch will examine each frame’s Transmission Control 

Protocol (TCP) field. 

 

src_port_mask <hex 0x0-0xffff>

 

 Specifies a TCP port mask for the source port.

 

 

dst_port_mask <hex 0x0-0xffff>

 

 Specifies a TCP port mask for the destination port.

 

 

udp

 

 Specifies that the Switch will examine each frame’s User Datagram Protocol 

(UDP) field.

 

 

src_port_mask <hex 0x0-0xffff>

 

 Specifies a TCP port mask for the source port.

 

 

dst_port_mask <hex 0x0-0xffff>

 

 Specifies a TCP port mask for the destination port.

 

 

source_ipv6_mask <ipv6mask> 

 Specifies an IP address mask for the source IPv6 

address. 

 

destination_ipv6_mask <ipv6mask> 

 Specifies an IP address mask for the destination 

IPv6 address. 

Restrictions 

Only Administrator and Operator-level users can issue this command. 

Example usage: 

To create an access list rules: 

DES-3528:admin# create access_profile profile_id 5 profile_name 5 ethernet vlan 
source_mac 00-00-00-00-00-01 destination_mac 00-00-00-00-00-02 802.1p ethernet_type 
Command: create access_profile profile_id 5 profile_name 5 ethernet vlan source_mac 

Summary of Contents for DES-3528 - xStack Switch - Stackable

Page 1: ......

Page 2: ...se Commands 98 Traffic Control Commands 105 QoS Commands 110 Port Mirroring Commands 120 VLAN Commands 123 Voice VLAN Commands 140 Subnet based VLAN Commands 146 Asymmetric VLAN Commands 149 Link Aggregation Commands 151 IP MAC Port Binding IMPB Commands 156 Limited IP Multicast Address Commands 172 Basic IP Commands 177 Multicast VLAN Commands 183 IGMP MLD Snooping Commands 198 DHCP Relay Command...

Page 3: ...Commands 424 Web based Access Control Commands 435 Power over Ethernet PoE Commands 444 PPPoE Circuit ID Insertion Commands 449 DNS Relay Commands 451 Policy Route Commands 454 BPDU Attack Protection Commands 457 Ethernet OAM Commands 461 DHCP Server Commands 471 Cable Diagnostics Commands 484 Connectivity Fault Management Commands 485 Command History Commands 505 ARP Spoofing Prevention Commands ...

Page 4: ...mmands 560 Show Technical Support Commands 562 Trace Route Commands 565 VLAN Counter Commands 567 Power Saving Commands 570 Digital Diagnostic Monitoring DDM Commands 578 Command Logging Commands 585 UDP Helper Commands 587 Appendix A Password Recovery Procedure 591 Appendix B System Log Entries 592 Appendix C Trap Entries 598 Appendix D RADIUS Attributes Assignment 603 ...

Page 5: ...P Switches will be referred to as simply the Switch or the DES 3528 52 Series Accessing the Switch via the Serial Port The Switch s serial port s default settings are as follows 115200 baud no parity 8 data bits 1 stop bit A computer running a terminal emulation program capable of emulating a VT 100 terminal and a serial port configured as above are then connected to the Switch s serial port via a...

Page 6: ...xx yyy yyy yyy yyy Where the x s represent the IP address to be assigned to the IP interface named System and the y s represent the corresponding subnet mask 2 Alternatively users can enter config ipif System ipaddress xxx xxx xxx xxx z Where the x s represent the IP address to be assigned to the IP interface named System and the z represents the corresponding number of subnets in CIDR notation Th...

Page 7: ...running an ordinary terminal emulator program e g the HyperTerminal program included with the Windows operating system using an RS 232C serial cable Your terminal parameters will need to be set to VT 100 compatible 115200 baud 8 data bits No parity One stop bit No flow control Users can also access the same functions over a Telnet interface Once users have set an IP address for your Switch users c...

Page 8: ...mpt press the up arrow cursor key The previous command will appear at the command prompt DES 3528 admin config account Command config account Next possible completions username DES 3528 admin config account Command config account Next possible completions username DES 3528 admin In the above example the command config account was entered without the required parameter username the CLI returned the...

Page 9: ...flow_meter gratuitous_arp greeting_message gvrp hol_prevention igmp_snooping ipfdb ipif ipif_ipv6_link_local_auto iproute ipv6 ipv6route jumbo_frame jwac l2protocol_tunnel lacp_port limited_multicast_addr link_aggregation lldp local_route log log_save_timing log_software_module loopdetect mac_based_access_control mac_based_access_control_local mac_based_vlan mac_notification max_mcast_group mcast_...

Page 10: ...not type the angle brackets Example Command config command_history 20 square brackets Purpose Encloses a required value or set of required arguments One value or argument can be specified Syntax create account admin operator power_user user username 15 encrypt plain_text sha_1 password Description In the above syntax example users must specify either an admin operator power user or a user level ac...

Page 11: ...option to specify hops or time or both of them The 1 following the set of braces indicates at least one argument or value within the braces must be specified Do not type the parentheses Example command config dhcp_relay hops 3 Line Editing Key Usage Delete Deletes the character under the cursor and then shifts the remaining characters in the line to the left Backspace Deletes the character to the ...

Page 12: ...pages when multiple pages are to be displayed ESC Stops the display of remaining pages when multiple pages are to be displayed n Displays the next page p Displays the previous page q Stops the display of remaining pages when multiple pages are to be displayed r Refreshes the pages currently displayed a Displays the remaining pages without pausing between pages Enter Displays the next line or table...

Page 13: ...n disable password encryption show session show switch show device_status show serial_port config serial_port baud_rate 9600 19200 38400 115200 auto_logout never 2_minutes 5_minutes 10_minutes 15_minutes 1 enable clipaging disable clipaging telnet ipaddr tcp_port value 1 65535 enable telnet tcp_port_number 1 65535 disable telnet enable web tcp_port_number 1 65535 disable web save config config_id ...

Page 14: ...the password in plain text form sha_1 Select to specify the password in the SHA I encrypted form password The password for the user account The length for of password in plain text form and in encrypted form are different For the plain text form passwords must have a minimum of 0 character and can have a maximum of 15 characters For the encrypted form password the length is fixed to 35 bytes long ...

Page 15: ...form are different For the plain text form passwords must have a minimum of 0 character and can have a maximum of 15 characters For the encrypted form password the length is fixed to 35 bytes long The assword is case sensitive Restrictions Only Administrator level users can issue this command Usernames can be between 1 and 15 characters Passwords can be between 0 and 15 characters Example usage To...

Page 16: ...n Description The user account configuration information will be stored in the configuration file and can be applied to the system later If the password encryption is enabled the password will be in encrypted form When password encryption is diabled if the user specifies the password in plain text form the password will be in plain text form However if the user specifies the password in encrypted ...

Page 17: ...d encryption command the password will still be in the encrypted form It cannot be reverted to the plaintext Parameters None Restrictions Only Administrator level users can issue this command Example usage To disable password encryption DES 3528 admin disable password encryption Command disable password encryption Success DES 3528 admin show session Purpose Used to display a list of currently logg...

Page 18: ...rsion Build 3 00 012 Hardware Version A4 Serial Number P1UQ3A4000012 System Name System Location System Uptime 0 days 0 hours 3 minutes 58 seconds System Contact Spanning Tree Disabled GVRP Disabled IGMP Snooping Disabled MLD Snooping Disabled VLAN Trunk Disabled Telnet Enabled TCP 23 Web Enabled TCP 80 SNMP Disabled CTRL C ESC q Quit SPACE n Next Page ENTER Next Entry a All show device_status Pur...

Page 19: ...115200 Factory default setting is 115200 never No time limit on the length of time the console can be open with no user input 2_minutes The console will log out the current user if there is no user input for 2 minutes 5_minutes The console will log out the current user if there is no user input for 5 minutes 10_minutes The console will log out the current user if there is no user input for 10 minu...

Page 20: ...able clipaging Description This command is used to disable the pausing of the console screen at the end of each page when a command would display more than one screen of information Parameters None Restrictions Only Administrator and Operator level users can issue this command Example usage To disable pausing of the screen display when show command output reaches the end of the page DES 3528 admin...

Page 21: ...ecify the TCP or UDP port number the Switch will use to listen for Telnet requests Parameters tcp_port_number 1 65535 The TCP port number TCP ports are numbered between 1 and 65535 The well known TCP port for the Telnet protocol is 23 Restrictions Only Administrator and Operator level users can issue this command Example usage To enable Telnet and configure port number DES 3528 admin enable telnet...

Page 22: ...are on the Switch Syntax disable web Description This command disables the Web based management software on the Switch Parameters None Restrictions Only Administrator and Operator level users can issue this command Example usage To disable HTTP DES 3528 admin disable web Command disable web Success DES 3528 admin save Purpose Used to save changes in the Switch s configuration to non volatile RAM S...

Page 23: ...ig is specified all of the factory default settings are restored on the Switch including the IP address user accounts and the Switch history log The Switch will not save or reboot system If the keyword system is specified all of the factory default settings are restored on the Switch The Switch will save and reboot after the settings are changed to default Rebooting will clear all entries in the F...

Page 24: ...n procedure DES 3528 admin login Command login UserName logout Purpose Used to log out a user from the Switch s console Syntax logout Description This command terminates the current user s session on the Switch s console Parameters None Restrictions None Example usage To terminate the current user s console session DES 3528 admin logout clear Purpose The command is used to clear screen Syntax clea...

Page 25: ...th and save it the other section will not be effected unless it log out and then log in Parameters default The default setting of terminal width The default value is 80 value 80 200 The terminal width which will be configured The width is between 80 and 200 characters Restrictions None Example usage To configure the current terminal width DES 3528 admin config terminal width 120 Command config ter...

Page 26: ...trap state DES 3528 admin config temperature trap state enable Command config temperature trap state enable Success DES 3528 admin To enable the warning temperature log state DES 3528 admin config temperature log state enable Command config temperature log state enable Success DES 3528 admin config temperature threshold Purpose This command is used to configure the warning temperature high thresho...

Page 27: ...ture status Syntax show environment Description This command is used to display the device s internal and external power and internal temperature status Parameters None Restrictions None Example usage To display the switch hardware status DES 3528 admin show environment Command show environment Temperature Trap State Enabled Temperature Log State Enabled High Warning Temperature Threshold Celsius ...

Page 28: ...prompt string 16 username default Description This command is used to change the command prompt Parameters string 16 The command prompt can be changed by entering a new name of no more that 16 characters username The command prompt will be changed to the login username default The command prompt will reset to factory default command prompt Restrictions Only Administrator and Operator level users c...

Page 29: ...iginal setting Ctrl L Restrictions Only Administrator and Operator level users can issue this command Other restrictions include If the reset command is executed the modified banner will remain modified However the reset config reset system command will reset the modified banner to the original factory banner The capacity of the banner is 6 80 6 Lines and 80 characters per line Ctrl W will only sa...

Page 30: ...is command is used to view the currently configured greeting message on the Switch Parameters None Restrictions Only Administrator and Operator level users can issue this command Example usage To view the currently configured greeting message DES 3528 admin show greeting_message Command show greeting_message DES 3528 Fast Ethernet Switch Command Line Interface Firmware Build 3 00 012 Copyright C 2...

Page 31: ...figures the speed in Mbps for the specified range of ports Gigabit ports are statically set to 1000 When setting port speed to 1000_full user should specify master or slave mode for 1000 base TX interface and leave the 1000_full without any master or slave setting for other interfaces half full Configures the specified range of ports as either full duplex or half duplex flow_control enable disable...

Page 32: ... in the display err_disabled Use this to list disabled ports including connection status and reason for being disabled details Use this to show the detail information of ports media_type Specifies the media type used Restrictions None Example usage To display the configuration of all ports on a Switch DES 3528 admin show ports Command show ports Port State Settings Connection Address MDIX Speed Du...

Page 33: ...age To display disabled ports including connection status and reason for being disabled on a standalone Switch DES 3528 admin show ports err_disabled Command show ports err_disabled Port Port Connection Status Reason State DES 3528 admin Example usage To display detail information of ports on the Switch DES 3528 admin show ports details Command show ports details Port 1 Port Status Link Down Descr...

Page 34: ...sable jumbo_frame Purpose Used to disable the jumbo frame function on the Switch Syntax disable jumbo_frame Description This command will disable the jumbo frame function on the Switch Parameters None Restrictions Only Administrator and Operator level users can issue this command Example usage To disable the jumbo frame DES 3528 admin disable jumbo_frame Command disable jumbo_frame Success DES 352...

Page 35: ...x_lock_no 0 16384 lock_address_mode permanent deleteontimeout deleteonreset vlan vlan_name 32 vlanid vidlist max_learning_addr max_lock_no 0 16384 no_limit Description This command allows for the configuration of the port security feature Only the ports listed in the portlist are affected Parameters portlist Specifies a port or range of ports to be configured all Configure port security for all po...

Page 36: ...l users can issue this command Example usage To delete a port security entry DES 3528 admin delete port_security_entry vlan default mac_address 00 01 30 10 2C C7 Command delete port_security_entry vlan default mac_address 00 01 30 10 2C C7 Success DES 3528 admin clear port_security_entry Purpose Used to clear MAC address entries learned from a specified port for the port security function Syntax c...

Page 37: ...rt security configuration DES 3528 admin show port_security Command show port_security Port Security Trap Log Enabled System Maximum Address no_limit VLAN Configuration Only VLANs with limitation are displayed VID VLAN Name Max Learning Addr 1 default 2 DES 3528 admin enable port_security trap_log Purpose Used to enable the trap log for port security Syntax enable port_security trap_log Descriptio...

Page 38: ...cription There are four levels of limitations on the learned entry number for the entire system for a port for a VLAN and for a specific VLAN on a port If any limitation is exceeded the new entry will be discarded The setting for system level maximum learned users must be greater than the total of maximum learned users allowed on all ports Parameters max_learning_addr Specifies the maximum number ...

Page 39: ...nter the VLAN ID list here max_learning_addr Specifies the maximum number of port security entries that can be learned by this VLAN If this parameter is set to 0 it means that no user can be authorized on this VLAN If the setting is lower than the number of current learned entries on the VLAN the command will be rejected The default value is no_limit max_lock_no 0 16384 Enter the maximum number of...

Page 40: ...es the Switch being configured Range is 1 to 8 priority value 1 63 Assigns a priority value to the box A Lower number denotes a higher priority The valid priority range is 1 to 63 Restrictions Only Administrator and Operator and Power User level users can issue this command Usage example To configure box priority DES 3528 admin config box_priority current_box_id 1 priority 1 Command config box_pri...

Page 41: ...3 NOT_EXIST No 4 NOT_EXIST No 5 NOT_EXIST No 6 NOT_EXIST No 7 NOT_EXIST No 8 NOT_EXIST No DES 3528 admin config stacking_mode Purpose Used to configure the stacking mode Syntax config stacking_mode disable 0 enable 1 Description This command will enable or disable the stacking mode for the Switch When enabled the last two ports on the rear of the Switch will be enabled for stacking Parameters enab...

Page 42: ...and show stack_device Box ID Box Type H W Version Serial Number 1 DES XXXXS 0A1 1234567890123 3 DES XXXXS 0A1 2345678901234 DES 3528 admin config stacking force_master_role Purpose This command is used to enable or disable the force master role Syntax config stacking force_master_role state enable disable Description If state is enabled when device is in election state it still uses old priority s...

Page 43: ...3552 Series Layer 2 Managed Stackable Fast Ethernet Switch CLI Reference Guide 43 DES 3528 admin config stacking force_master_role state enable Command config stacking force_master_role state enable Success DES 3528 admin ...

Page 44: ...ed based on the CBC DES DES 56 standard The network management commands in the Command Line Interface CLI are listed along with the appropriate parameters in the following table Command Parameters create snmp user user_name 32 groupname 32 encrypted by_password auth md5 auth_password 8 16 sha auth_password 8 20 priv none des priv_password 8 16 by_key auth md5 auth_key 32 32 sha auth_key 40 40 priv...

Page 45: ...rkaddr add delete snmp telnet ssh http https ping all delete trusted_host ipaddr ipaddr ipv6address ipv6addr network network_address ipv6_prefix ipv6networkaddr all show trusted_host enable snmp traps enable snmp authenticate_traps show snmp traps linkchange_traps ports portlist disable snmp traps disable snmp authenticate_traps config snmp system_contact sw_contact config snmp system_location sw_...

Page 46: ...w This method is not recommended auth The user may also choose the type of authentication algorithms used to authenticate the snmp user The choices are md5 Specifies that the HMAC MD5 96 authentication level will be used md5 may be utilized by entering one of the following auth password 8 16 An alphanumeric string of between 8 and 16 characters that will be used to authorize the agent to receive p...

Page 47: ...identifies the SNMP user that will be deleted Restrictions Only Administrator level users can issue this command Example usage To delete a previously entered SNMP user on the Switch DES 3528 admin delete snmp user dlink Command delete snmp user dlink Success DES 3528 admin show snmp user Purpose Used to display information about each SNMP username in the SNMP group username table Syntax show snmp ...

Page 48: ... SNMP manager can access Restrictions Only Administrator level users can issue this command Example usage To create an SNMP view DES 3528 admin create snmp view dlinkview 1 3 6 view_type included Command create snmp view dlinkview 1 3 6 view_type included Success DES 3528 admin delete snmp view Purpose Used to remove an SNMP view entry previously created on the Switch Syntax delete snmp view view_...

Page 49: ...he SNMP view that will be displayed Restrictions None Example usage To display SNMP view configuration DES 3528 admin show snmp view Command show snmp view Vacm View Table Settings View Name Subtree View Type ReadView 1 Included WriteView 1 Included NotifyView 1 3 6 Included restricted 1 3 6 1 2 1 1 Included restricted 1 3 6 1 2 1 11 Included restricted 1 3 6 1 6 3 10 2 1 Included restricted 1 3 6...

Page 50: ...tring of up to 32 characters that is used to identify the group of MIB objects that a remote SNMP manager is allowed to access on the Switch read_only Specifies that SNMP community members using the community string created with this command can only read the contents of the MIBs on the Switch read_write Specifies that SNMP community members using the community string created with this command can...

Page 51: ...ntered SNMP community strings DES 3528 admin show snmp community Command show snmp community SNMP Community Table Community Name View Name Access Right dlink ReadView read_write private CommunityView read_write public CommunityView read_only Total Entries 3 DES 3528 admin config snmp engineID Purpose Used to configure a name for the SNMP engine on the Switch Syntax config snmp engineID snmp_engine...

Page 52: ...tion of the SNMP engine on the Switch Syntax show snmp engineID Description This command displays the identification of the SNMP engine on the Switch Parameters None Restrictions None Example usage To display the current name of the SNMP engine on the Switch DES 3528 admin show snmp engineID Command show snmp engineID SNMP Engine ID 0035636666 DES 3528 admin ...

Page 53: ...ty Ensures that packets have not been tampered with during transit Authentication Determines if an SNMP message is from a valid source Encryption Scrambles the contents of messages to prevent it being viewed by an unauthorized source noauth_nopriv Specifies that there will be no authorization and no encryption of packets sent between the Switch and a remote SNMP manager auth_nopriv Specifies that ...

Page 54: ...Switch The security model level and status of each group are also displayed Syntax show snmp groups Description This command displays the group names of SNMP groups currently configured on the Switch The security model level and status of each group are also displayed Parameters None Restrictions None Example usage To display the currently configured SNMP groups on the Switch DES 3528 admin show s...

Page 55: ...tures v3 Specifies that the SNMP version 3 will be used SNMP v3 provides secure access to devices through a combination of authentication and encrypting packets over the network SNMP v3 adds Message integrity ensures that packets have not been tampered with during transit Authentication determines if an SNMP message is from a valid source Encryption scrambles the contents of messages to prevent it...

Page 56: ...ost entry DES 3528 admin delete snmp host 10 48 74 100 Command delete snmp host 10 48 74 100 Success DES 3528 admin show snmp host Purpose Used to display the recipient of SNMP traps generated by the Switch s SNMP agent Syntax show snmp host ipaddr Description This command is used to display the IP addresses and configuration information of remote SNMP managers that are designated as recipients of...

Page 57: ...SNMPv3 User Name public Host IPv6 Address 3FFE 3 SNMP Version V3 a np Community Name SNMPv3 User Name user123 Host IPv6 Address 3FFE 3 SNMP Version V3 a p Community Name SNMPv3 User Name user234 Total Entries 5 DES 3528 admin create trusted_host Purpose Used to create the trusted host Syntax create trusted_host ipaddr ipv6addr network network_address ipv6_prefix ipv6networkaddr snmp telnet ssh htt...

Page 58: ... subnet prefix here add Add interfaces for that trusted host delete Delete interfaces for that trusted host snmp Optional Specifies trusted host for SNMP telnet Optional Specifies trusted host for TELENT ssh Optional Specifies trusted host for SSH http Optional Specifies trusted host for HTTP https Optional Specifies trusted host for HTTPs ping Optional Specifies trusted host for PING Restrictions...

Page 59: ...guration here network The network address of the trusted network network_address Enter the network address used for this configuration here ipv6_prefix The IPv6 subnet prefix address of the trusted network ipv6networkaddr Enter the IPv6 subnet profix address here all All trusted hosts will be deleted Restrictions Only Administrator and Operator level users can issue this command Example usage To d...

Page 60: ...st Description This command is used to view the SNMP traps support status currently configured on the Switch Parameters linkchange_traps Specifies to display the SNMP Linkchange Traps ports Specifies the list of ports to be displayed Restrictions None Example usage To view the current SNMP traps support DES 3528 admin show snmp traps Command show snmp traps SNMP Traps Enabled Authenticate Trap Ena...

Page 61: ...ers is allowed A NULL string is accepted if there is no contact Restrictions Only Administrator and Operator level users can issue this command Example usage To configure the Switch contact to MIS Department II DES 3528 admin config snmp system_contact MIS Department II Command config snmp system_contact MIS Department II Success DES 3528 admin config snmp system_location Purpose Used to enter a d...

Page 62: ...uccess DES 3528 admin enable snmp Purpose Used to enable the SNMP interface access function Syntax enable snmp Description This command is used to enable the SNMP function Parameters None Restrictions Only Administrator and Operator level users can issue this command Example usage To enable snmp on the Switch DES 3528 admin enable snmp Command enable snmp Success DES 3528 admin disable snmp Purpos...

Page 63: ...xStack DES 3528 DES 3552 Series Layer 2 Managed Stackable Fast Ethernet Switch CLI Reference Guide 63 DES 3528 admin disable snmp Command disable snmp Success DES 3528 admin ...

Page 64: ...d install new firmware or a Switch configuration file from a TFTP server Syntax download firmware_fromTFTP ipaddr ipv6addr src_file path_filename 64 image_id int 1 2 unit all unitid 1 8 cfg_fromTFTP ipaddr path_filename 64 config_id 1 2 increment Description This command is used to download a new firmware or a Switch configuration file from a TFTP server Parameters firmware_fromTFTP Download and i...

Page 65: ...ompt DES 3528 admin disable authen_policy Command disable authen_policy Success DES 3528 admin DES 3528 admin DES 3528 admin End of configuration file for DES 3528 DES 3528 admin DES 3528 admin config firmware Purpose Used to configure the firmware section as a boot up section or to delete the firmware section Syntax config firmware unit unit_id 1 8 image_id int 1 2 delete boot_up Description This...

Page 66: ...ware section information Parameters None Restrictions None Example usage To display the current firmware information on the Switch DES 3528 admin show firmware information Command show firmware information Image ID 1 Version 3 00 012 Size 4262112 Bytes Update Time 0 days 00 00 00 From Serial Port Prom User Serial Port Prom Image ID 2 Boot up firmware Version 2 60 B010 Size 4652268 Bytes Update Tim...

Page 67: ...ings as they are currently configured Use the keyboard to list settings one line at a time Enter one page at a time Space or view all a The configuration settings are listed by category in the following order 1 STACK 2 DEVICE 3 BASIC 4 DEBUG 5 STORM 6 LOOP_DETECT 7 GM 8 GM_H 9 MIRROR 10 QOS 11 SYSLOG 12 SSL 13 PORT 14 SFLOW 15 OAM 16 DDM 17 MANAGEMENT 18 TRAP 19 TR 20 VLAN 21 PORT_SECURITY 22 ACL ...

Page 68: ...value must be between 1 and 2 config_id Optional Specifies the configuration file ID filter_string 80 Optional A filter string is enclosed by symbol Thus the filter string itself cannot contain the character The filter string is case sensitive This value can be up to 80 characters long include Includes lines that contain the specified filter string exclude Excludes lines that contain the specified...

Page 69: ...up to 64 characters long config_id Specifies configuration ID in the system If it is not specified it refers to the boot up configuration ID unit Specifies which Switch unit s attack log will be uploaded if it is not specified it refers to the master unit path_filename 64 Specifies the location of the Switch configuration file on the TFTP server This file will be replaced by the uploaded file from...

Page 70: ...o delete the specific firmware or configure the specific firmware as boot up image Parameters config_id 1 2 Specifies the serial number of the indicated configuration boot_up Specifies the config is boot_up config delete Delete the configuration active Active specifies the configuration Restrictions You must have Administrator level privileges Example usage To configure the specific configuration ...

Page 71: ... ipaddress ipaddr ipv6addr severity emergency alert critical error warning notice informational debug level 0 7 facility local0 local1 local2 local3 local4 local5 local6 local7 udp_port udp_port_number state enable disable config syslog host index all severity emergency alert critical error warning notice informational debug level 0 7 facility local0 local1 local2 local3 local4 local5 local6 local...

Page 72: ...s Frames sec 64 0 0 65 127 0 0 128 255 0 0 256 511 0 0 512 1023 0 0 1024 1518 0 0 Unicast RX 0 0 Multicast RX 0 0 Broadcast RX 0 0 Frame Type Total Total sec RX Bytes 0 0 RX Frames 0 0 TX Bytes 0 0 TX Frames 0 0 CTRL C ESC q Quit SPACE n Next Page p Previous Page r Refresh show error ports Purpose Used to display the error statistics for a range of ports Syntax show error ports portlist Descriptio...

Page 73: ...e CPU ports Specifies a range of ports to be displayed Restrictions None Example usage To display the port utilization statistics DES 3528 admin show utilization ports Command show utilization ports Port TX sec RX sec Util Port TX sec RX sec Util 1 0 0 0 21 0 0 0 2 0 0 0 22 0 0 0 3 0 0 0 23 0 0 0 4 0 0 0 24 0 0 0 5 0 0 0 25 0 0 0 6 0 0 0 26 0 0 0 7 0 0 0 27 0 0 0 8 0 0 0 28 0 0 0 9 19 0 1 10 0 0 0...

Page 74: ...strictions None Example usage To display the DRAM utilization DES 3528 admin show utilization dram Command show utilization dram Unit 1 DRAM utilization Total DRAM 131072 KB Used DRAM 124596 KB Utilization 95 CTRL C ESC q Quit SPACE n Next Page p Previous Page r Refresh show utilization flash Purpose This command is used to display the flash utilization Syntax show utilization flash Description Th...

Page 75: ... will clear the counters used by the Switch to compile statistics Parameters portlist Specifies a port or range of ports to be cleared Restrictions Only Administrator and Operator level users can issue this command Example usage To clear the counters DES 3528 admin clear counters ports 2 9 Command clear counters ports 2 9 Success DES 3528 admin clear log Purpose Used to clear the Switch s history ...

Page 76: ...tice informational Specifies that the severity will be set to informational debug Specifies that the severity will be set to debug level_list 0 7 Enter the level list value here This value must be between 0 and 7 module Specifies the module list used module_list Enter the module list used here Restrictions None Example usage To display the Switch s history log DES 3528 admin show log index 1 5 Com...

Page 77: ... None Restrictions Only Administrator and Operator level users can issue this command Example usage To disable the syslog function on the Switch DES 3528 admin disable syslog Command disable syslog Success DES 3528 admin show syslog Purpose Used to display the syslog protocol status as enabled or disabled Syntax show syslog Description This command displays the syslog status as enabled or disabled...

Page 78: ...ch Numerical Severity Code 0 Emergency system is unusable 1 Alert action must be taken immediately 2 Critical critical conditions 3 Error error conditions 4 Warning warning conditions 5 Notice normal but significant condition 6 Informational informational messages 7 Debug debug level messages facility Some of the operating system daemons and processes have been assigned Facility values Processes a...

Page 79: ...20 from the list above local5 Specifies that local use 5 messages will be sent to the remote host This corresponds to number 21 from the list above local6 Specifies that local use 6 messages will be sent to the remote host This corresponds to number 22 from the list above local7 Specifies that local use 7 messages will be sent to the remote host This corresponds to number 23 from the list above ud...

Page 80: ... following Bold font indicates that the corresponding severity level is currently supported on the Switch Numerical Severity Code 0 Emergency system is unusable 1 Alert action must be taken immediately 2 Critical critical conditions 3 Error error conditions 4 Warning warning conditions 5 Notice normal but significant condition 6 Informational informational messages 7 Debug debug level messages fac...

Page 81: ... be sent to the remote host This corresponds to number 21 from the list above local6 Specifies that local use 6 messages will be sent to the remote host This corresponds to number 22 from the list above local7 Specifies that local use 7 messages will be sent to the remote host This corresponds to number 23 from the list above udp_port udp_port_number Specifies the UDP port number that the syslog p...

Page 82: ...e this command Example usage To delete a previously configured syslog host DES 3528 admin delete syslog host 4 Command delete syslog host 4 Success DES 3528 admin show syslog host Purpose This command is used to show syslog the host information Syntax show syslog host index 1 4 Description This command is used to display the syslog hosts that are currently configured on the Switch Parameters index...

Page 83: ... show log_save_timing Purpose Used to show the timing method to save log Syntax show log_save_timing Description This command is used to show method to save log Parameters None Restrictions None Example usage To show log_save_timing DES 3528 admin show log_save_timing Command show log_save_timing Saving Log Method On_demand DES 3528 admin show attack_log Purpose Used to show dangerous log messages...

Page 84: ... 6 3 DES 3528 admin clear attack_log Purpose Used to clear the Switch s dangerous log Syntax clear attack_log unit unit_id 1 8 Description This command clears the Switch s dangerous log Parameters unit Specifies the unit of which the attack_log will be cleared if it is not specified it refers to the master unit Restrictions Only Administrator and Operator level users can issue this command Example...

Page 85: ...ug level messages Parameters trap Specifies the severity level control for traps log Specifies the severity level control for the log all Specifies the severity level control for traps and the log emergency Severity level 0 alert Severity level 1 critical Severity level 2 error Severity level 3 warning Severity level 4 notice Severity level 5 information Severity level 6 debug Severity level 7 lev...

Page 86: ...xStack DES 3528 DES 3552 Series Layer 2 Managed Stackable Fast Ethernet Switch CLI Reference Guide 86 System Severity Trap information System Severity Log information DES 3528 admin ...

Page 87: ...ng the MSTP on a network will have a single MSTP configuration that will have the following three attributes a A configuration name defined by an alphanumeric string of up to 32 characters defined in the config stp mst_config_id command as name string b A configuration revision number named here as a revision_level and c A 4096 element table defined here as a vid_range which will associate each of...

Page 88: ...ning Tree Protocol to be globally disabled on the Switch Parameters None Restrictions Only Administrator and Operator and Power User level users can issue this command Example usage To disable STP on the Switch DES 3528 admin disable stp Command disable stp Success DES 3528 admin config stp version Purpose Used to globally set the version of STP on the Switch Syntax config stp version mstp rstp st...

Page 89: ...ds The default value is 20 maxhops value 6 40 The number of hops between devices in a spanning tree region before the BPDU bridge protocol data unit packet sent by the Switch will be discarded Each Switch on the hop count will reduce the hop count by one until the value reaches zero The Switch will then discard the BDPU packet and the information held for the port will age out The user may set a h...

Page 90: ... true false auto true designates the port as an edge port Edge ports cannot create loops however an edge port can lose edge port status if a topology change creates a potential for a loop An edge port normally should not receive BPDU packets If a BPDU packet is received it automatically loses edge port status false indicates that the port does not have edge port status auto Indicates that the port...

Page 91: ...5 externalCost 19 hellotime 2 migrate yes state enable Command config stp ports 1 5 externalCost 19 hellotime 2 migrate yes state enable Success DES 3528 admin create stp instance_id Purpose Used to create a STP instance ID for MSTP Syntax create stp instance_id value 1 15 Description This command allows the user to create a STP instance ID for the Multiple Spanning Tree Protocol There are 16 STP ...

Page 92: ...to the previously configured STP instance_id remove_vlan Along with the vid_range vidlist parameter this command will remove VIDs to the previously configured STP instance_id vidlist Specify the VID range from configured VLANs set on the Switch Supported VIDs on the Switch range from ID number 1 to 4094 Restrictions Only Administrator and Operator and Power User level users can issue this command ...

Page 93: ...ES 3528 admin config stp priority 4096 instance_id 2 Command config stp priority 4096 instance_id 2 Success DES 3528 admin config stp mst_config_id Purpose Used to update the MSTP configuration identification Syntax config stp mst_config_id revision_level int 0 65535 name string 1 Description This command will uniquely identify the MSTP configuration currently configured on the Switch Information ...

Page 94: ...ult setting is auto There are two options auto Selecting this parameter for the internalCost will set quickest route automatically and optimally for an interface The default value is derived from the media speed of the interface value 1 200000000 Selecting this parameter with a value in the range of 1 200000000 will set the quickest route when a loop occurs A lower internalCost represents a quicke...

Page 95: ...dge Global Settings STP Status Enabled STP Version MSTP Max Age 20 Forward Delay 15 Max Hops 20 TX Hold Count 6 Forwarding BPDU Disabled NNI BPDU Address dot1ad DES 3528 admin show stp ports Purpose Used to display the Switch s current STP ports configuration Syntax show stp ports portlist Description This command displays the STP ports settings for a specified port or group of ports one port at a...

Page 96: ...ings and the STP Instance Operational Status Parameters value 0 15 Enter a value defining the previously configured instance_id on the Switch An entry of 0 will display the STP configuration for the CIST internally set on the Switch Restrictions None Example usage To display the STP instance configuration for instance 0 the internal CIST on the Switch DES 3528 admin show stp instance 0 Command sho...

Page 97: ...Description This command displays the Switch s current MSTP configuration identification Parameters None Restrictions None Example usage To show the MSTP configuration identification currently set on the Switch DES 3528 admin show stp mst_config_id Command show stp mst_config_id Current MST Configuration Identification Configuration Name 00 22 B0 10 8A 00 Revision Level 0 MSTI ID VID List CIST 1 4...

Page 98: ...d_groups filter_unregistered_groups show multicast vlan_filtering_mode vlanid vidlist vlan vlan_name 32 Each command is listed in detail in the following sections create fdb Purpose Used to create a static entry to the unicast MAC address forwarding table database Syntax create fdb vlan_name 32 macaddr port port drop Description This command will make an entry into the Switch s unicast MAC address...

Page 99: ...strictions Only Administrator and Operator and Power User level users can issue this command Example usage To filter an unicast MAC DES 3528 admin create fdb default 00 00 00 33 01 02 drop Command create fdb default 00 00 00 33 01 02 drop Success DES 3528 admin create multicast_fdb Purpose Used to create a static entry to the multicast MAC address forwarding table database Syntax create multicast_...

Page 100: ...tabase Syntax config fdb aging_time sec 10 1000000 Description The aging time affects the learning process of the Switch Dynamic forwarding table entries which are made up of the source MAC addresses and their associated port numbers are deleted from the table if they are not accessed within the aging time The aging time can be from 10 to 1000000 seconds with a default value of 300 seconds A very ...

Page 101: ...ry DES 3528 admin delete fdb default 00 00 00 00 01 02 Command delete fdb default 00 00 00 00 01 02 Success DES 3528 admin clear fdb Purpose Used to clear the Switch s forwarding database of all dynamically learned MAC addresses Syntax clear fdb vlan vlan_name 32 port port all Description This command is used to clear dynamically learned entries to the Switch s forwarding database Parameters vlan_...

Page 102: ...ast MAC address forwarding database Syntax show fdb port port vlan vlan_name 32 vlanid vidlist mac_address macaddr static aging_time security Description This command will display the current contents of the Switch s forwarding database Parameters port port The port number corresponding to the MAC destination address vlan_name 32 The name of the VLAN on which the MAC address resides vlanid vidlist...

Page 103: ...ll multicast groups will be forwarded based on VLAN forward_unregistered_groups The registered group will be forwarded based on the register table The unregister group will be forwarded based on VLAN filter_unregistered_groups The registered group will be forwarded based on the register table The unregister group will be filtered Restrictions Only Administrator and Operator and Power User level us...

Page 104: ...28 DES 3552 Series Layer 2 Managed Stackable Fast Ethernet Switch CLI Reference Guide 104 100 Sales forward_all_groups 200 PM forward_all_groups 600 Customer filter unregistered groups Total Entries 3 DES 3528 admin ...

Page 105: ...e the packet threshold set below has been exceeded the Switch will shutdown the port to all incoming traffic with the exception of STP BPDU packets for a time period specified using the countdown field If the packet storm discontinues before the countdown timer expires the port will again allow all incoming traffic If this field times out and the packet storm continues the port will be placed in a...

Page 106: ...automatically when the auto recover time has expired If the value was set to 0 the port will not be auto recovered or the user manually resets the port using the config ports enable command Choosing this option obligates the user to configure the time_interval field as well which will provide packet count samplings from the Switch s chip to determine if a Packet Storm is occurring threshold value ...

Page 107: ... issue this command Example usage To configure the traffic log state on the Switch DES 3528 admin config traffic control log state enable Command config traffic control log state enable Success DES 3528 admin config traffic control auto_recover_time Purpose This command is used to configure the traffic auto recover time that allowed for a port to recover from shutdown forever status Syntax config ...

Page 108: ... Control Log Enabled Traffic Control Auto Recover Time 0 Minutes Port Thres Broadcast Multicast Unicast Action Count Time Shutdown hold Storm Storm Storm down Interval Forever 1 131072 Disabled Disabled Disabled drop 0 5 2 131072 Disabled Disabled Disabled drop 0 5 3 131072 Disabled Disabled Disabled drop 0 5 4 131072 Disabled Disabled Disabled drop 0 5 5 131072 Disabled Disabled Disabled drop 0 5...

Page 109: ...set as shutdown Parameters none No notification will be generated or sent when a packet storm control is occurred or cleared storm _occurred A notification will be generated and sent when a packet storm has been detected by the Switch storm_cleared A notification will be generated and sent when a packet storm has been cleared by the Switch both A notification will be generated and sent when a pack...

Page 110: ...st priority queue 0 Each hardware queue will transmit all of the packets in its buffer before permitting the next lower priority to transmit its packets When the lowest hardware priority queue has finished transmitting all of its packets the highest hardware priority queue will begin transmitting any packets it may have received The commands in the Command Line Interface CLI are listed along with ...

Page 111: ...s that there will be no limit on the rate of packets transmitted by the above specified ports value 64 1024000 Specifies the packet limit in Kbps that the above ports will be allowed to transmit Restrictions Only Administrator and Operator and Power User level users can issue this command Example usage To configure bandwidth control DES 3528 admin config bandwidth_control 1 10 tx_rate 64 Command c...

Page 112: ...he strict mode or in the wrr mode Parameters portlist Specifies a port or range of ports to be configured cos_id_list 0 6 Specifies a priority queue or range of priority queues to be configured min_rate Specifies one of the parameters below no_limit or value 64 1024000 that will be applied to the minimum rate at which the above specified class will be allowed to receive packets no_limit Specifies ...

Page 113: ... port per CoS queue bandwidth control setting Parameters portlist Specifies a port or range of ports to be viewed Restrictions None Example usage To display port per CoS bandwidth control table DES 3528 admin show per_queue bandwidth_control 10 Command show per_queue bandwidth_control 10 Queue Bandwidth Control Table On Port 10 Queue Min Rate Kbit sec Max Rate Kbit sec 0 No Limit No Limit 1 64 192...

Page 114: ...ty queue number 6 will be allowed to transmit 3 packets then the next lower hardware priority queue number 5 will be allowed to transmit 3 packets and so on until all of the queues have transmitted 3 packets The process will then repeat Parameters class_id 0 6 Specifies which of the seven hardware priority queues that the config scheduling command will apply to The seven hardware priority queues a...

Page 115: ... be displayed Restrictions None Example usage To display the current scheduling configuration DES 3528 admin show scheduling Command show scheduling QoS Output Scheduling On Port 1 Class ID Weight Class 0 1 Class 1 2 Class 2 3 Class 3 4 Class 4 5 Class 5 6 Class 6 7 QoS Output Scheduling On Port 2 Class ID Weight Class 0 1 Class 1 2 Class 2 3 Class 3 4 Class 4 5 Class 5 6 Class 6 7 CTRL C ESC q Qu...

Page 116: ...e priority queues 802 1p Hardware Queue Remark 0 2 Mid low 1 0 Lowest 2 1 Lowest 3 3 Mid low 4 4 Mid high 5 5 Mid high 6 6 Highest 7 6 Highest This mapping scheme is based upon recommendations contained in IEEE 802 1D Change this mapping by specifying the 802 1p user priority users want to map to the class_id 0 6 the number of the hardware queue Parameters portlist all Specifes a range of ports to...

Page 117: ...riority 3 Class 3 Priority 4 Class 4 Priority 5 Class 5 Priority 6 Class 6 Priority 7 Class 6 CTRL C ESC q Quit SPACE n Next Page ENTER Next Entry a All config 802 1p default_priority Purpose Used to configure the 802 1p default priority settings on the Switch If an untagged packet is received by the Switch the default priority configured with this command will be written to the packet s priority ...

Page 118: ...ts destination Parameters portlist Specifies a port or range of ports to be configured Restrictions None Example usage To display the current 802 1p default priority configuration on the Switch DES 3528 admin show 802 1p default_priority Command show 802 1p default_priority Port Priority Effective Priority 1 0 0 2 0 0 3 0 0 4 0 0 5 0 0 6 0 0 7 0 0 8 0 0 9 0 0 10 0 0 11 0 0 12 0 0 13 0 0 14 0 0 15 ...

Page 119: ...eters None Restrictions Only Administrator and Operator and Power User level users can issue this command Example usage To disable HOL prevention DES 3528 admin disable hol_prevention Command disable hol_prevention Success DES 3528 admin show hol_prevention Purpose Used to show the HOL prevention state Syntax show hol_prevention Description This command displays the HOL prevention state Parameters...

Page 120: ...t where mirrored packets will be received The target port must be operating at the same speed as the source port The target port and source port can reside in the same VLAN or different VLANs The mirrored packets may be discarded on an overflowed target port add delete Specifies if the user wishes to add or delete ports to be mirrored that are specified in the source ports parameter source ports T...

Page 121: ...ES 3528 admin disable mirror Purpose Used to disable a previously entered port mirroring configuration Syntax disable mirror Description This command combined with the enable mirror command above allows the user to enter a port mirroring configuration into the Switch and then turn the port mirroring on and off without having to modify the port mirroring configuration Parameters None Restrictions O...

Page 122: ...xStack DES 3528 DES 3552 Series Layer 2 Managed Stackable Fast Ethernet Switch CLI Reference Guide 122 Mirror Status Enabled Target Port 1 Mirrored Port RX 2 5 TX 2 5 DES 3528 admin ...

Page 123: ...sable gvrp show vlan vlan_name 32 vlanid vidlist ports portlist show port_vlan portlist create dot1v_protocol_group group_id id group_name name 32 config dot1v_protocol_group group_id id group_name name 32 add protocol ethernet_2 ieee802 3_snap ieee802 3_llc protocol_value delete protocol ethernet_2 ieee802 3_snap ieee802 3_llc protocol_value delete dot1v_protocol_group group_id id group_name name...

Page 124: ...t Optional Specify the VLAN as being able to be advertised out Restrictions Only Administrator and Operator and Power User level users can issue this command Example usage To create a VLAN v1 tag 2 DES 3528 admin create vlan v1 tag 2 Command create vlan v1 tag 2 Success DES 3528 admin create vlan vlanid Purpose Used to create multiple VLANs by VLAN ID list on the Switch Syntax create vlan vlanid v...

Page 125: ...n issue this command Example usage To remove the VLAN v1 DES 3528 admin delete vlan v1 Command delete vlan v1 Success DES 3528 admin delete vlan vlanid Purpose Used to delete multiple VLANs by VLAN ID on the Switch Syntax delete vlan vlanid vidlist Description This command deletes previously configured multiple VLANs on the Switch Parameters vidlist Specifies a range of multiple VLAN IDs to be del...

Page 126: ... which to add ports add Entering the add parameter will add ports to the VLAN There are three types of ports to add tagged Specifies the additional ports as tagged untagged Specifies the additional ports as untagged forbidden Specifies the additional ports as forbidden delete Deletes ports from the specified VLAN portlist A port or range of ports to add to or delete from the specified VLAN adverti...

Page 127: ... the VLAN that needs to be modified Parameters vidlist Specifies a range of multiple VLAN IDs to be configured tagged Specifies the additional ports as tagged untagged Specifies the additional ports as untagged forbidden Specifies the additional ports as forbidden portlist A range of ports to add to or delete from the VLAN advertisement Entering the advertisement parameter specifies if the VLAN sh...

Page 128: ...that will be accepted by the Switch for this function tagged_only implies that only VLAN tagged frames will be accepted while admit_all implies tagged and untagged frames will be accepted by the Switch pvid vlanid 1 4094 Specifies the default VLAN associated with the port Restrictions Only Administrator and Operator users can issue this command Example usage To set the ingress checking status the ...

Page 129: ...ist Description This command displays summary information about each VLAN including the VLAN ID VLAN name the Tagging Untagging status and the Member Non member Forbidden status of each port that is a member of the VLAN Parameters vlan_name 32 The VLAN name of the VLAN for which to display a summary of settings vidlist Specifies a list of VLANs by VLAN ID portlist Specifies the port to be displaye...

Page 130: ...s the GVRP status for a port list on the Switch Parameters portlist Specifies a range of ports to be displayed If no parameter specified system will display all ports GVRP information Restrictions None Example usage To display GVRP port status DES 3528 admin show port_vlan 1 10 Command show port_vlan 1 10 Port PVID GVRP Ingress Checking Acceptable Frame Type 1 1 Disabled Enabled All Frames 2 1 Dis...

Page 131: ... ieee802 3_snap ieee802 3_llc protocol_value delete protocol ethernet_2 ieee802 3_snap ieee802 3_llc protocol_value Description This command adds deletes a protocol to from a protocol group The selection of a protocol can be a pre defined protocol type or a user specified protocol type Parameters group_id The ID of protocol group which is used to identify a set of protocols group_name The name of ...

Page 132: ...1 Command delete dot1v_protocol_group group_id 1 Success DES 3528 admin show dot1v_protocol_group Purpose Used to display the protocols defined in a protocol group Syntax show dot1v_protocol_group group_id id group_name name 32 Description This command displays the protocols defined in protocol groups Parameters group_id Specifies the ID of the group to be displayed if group ID is not specified al...

Page 133: ...length is 32 characters vlan Vlan that is to be associated with this protocol group on this port vlan_id Specifies the VLAN ID priority Specifies the priority to be associated with the packet which has been classified to the specified VLAN by the protocol Restrictions Only Administrator and Operator and Power User level users can issue this command Example usage The example is to assign VLAN marke...

Page 134: ... list command PVID is updated with last item of VLAN list When user removes a port from the untagged membership of the PVID s VLAN the port s PVID will be assigned with default VLAN The default setting is enabled Parameters None Restrictions Only Administrator Operator and Power User level users can issue this command Example usage To enable the auto assign PVID DES 3528 admin enable pvid auto_ass...

Page 135: ...his command is used to set the GVRP s timer and its MAC address format for NNI ports when used in Q in Q mode The default value for Join time is 200 milliseconds for Leave time is 600 milliseconds for LeaveAll time is 10000 milliseconds Parameters join Specifies the Join time will be set leave Specifies the Leave time will be set leaveall Specifies the LeaveAll time will be set value The time valu...

Page 136: ...ose Used to enable the VLAN trunk function Syntax enable vlan_trunk Description This command enables the VLAN trunk function When enabled the VLAN trunk ports shall be able to forward all tagged frames with any VID Parameters None Restrictions Only Administrator level users can issue this command Example usage To enable the VLAN trunk DES 3528 admin enable vlan_trunk Command enable vlan_trunk Succ...

Page 137: ... port is a VLAN trunk port disable Specifies that the port is not a VLAN trunk port Restrictions Only Administrator level users can issue this command Example usage To configure VLAN trunk ports DES 3528 admin config vlan_trunk ports 1 5 state enable Command config vlan_trunk ports 1 5 state enable Success DES 3528 admin show vlan_trunk Purpose Used to display the VLAN trunk configuration Syntax s...

Page 138: ...ondary VLAN at the same time When a VLAN is associated with a primary VLAN as the secondary VLAN the promiscuous port of the primary VLAN will behave as the untagged member of the secondary VLAN and the trunk port of the primary VLAN will behave as the tagged member of the secondary VLAN A secondary VLAN cannot be specified with advertisement Only the primary VLAN can be configured as a layer 3 in...

Page 139: ...rivate VLAN The maximum length is 32 characters vlanid Optional Specify the VLAN ID of the private VLAN vidlist Specify the VLAN ID of the private VLAN Restrictions Only Administrator Operator users can issue this command Example usage To display private VLAN settings DES 3528 admin show private_vlan Command show private_vlan Primary VLAN 10 Promiscuous Ports 1 5 1 10 Trunk Ports 1 11 1 12 Communi...

Page 140: ... command is listed in detail in the following sections enable voice_vlan Purpose Used to enable the global voice VLAN function Syntax enable voice_vlan vlan_name 32 vlanid vlanid 1 4094 Description This command is used to enable the global voice VLAN function on the Switch To enable the voice VLAN the voice VLAN must be assigned to an existing static 802 1Q VLAN The VLAN with assigned voice VLAN c...

Page 141: ...n Command disable voice_vlan Success DES 3528 admin config voice_vlan priority Purpose Used to configure voice VLAN priority Syntax config voice_vlan priority int 0 7 Description This command is used to configure voice VLAN priority The voice VLAN priority will be the priority associated with the voice VLAN traffic so as to distinguish the QoS of the voice traffic from data traffic Parameters int ...

Page 142: ...o add a user defined OUI of Voice device DES 3528 admin config voice_vlan oui add 00 0A 0B 00 00 00 FF FF FF 00 00 00 Command config voice_vlan oui add 00 0A 0B 00 00 00 FF FF FF 00 00 00 Success DES 3528 admin config voice_vlan ports Purpose Used to enable or disable the voice VLAN function on ports Syntax config voice_vlan ports portlist all state enable disable mode auto manual Description This...

Page 143: ... config voice_vlan aging_time 60 Command config voice_vlan aging_time 60 Success DES 3528 admin config voice_vlan log state Purpose Used to configure the log state for voice VLAN Syntax config voice_vlan log state enable disable Description This command is used to configure the log state for voice VLAN If there is a new voice device detected or a port join leave the voice VLAN dynamically and the ...

Page 144: ... 00 00 FF FF FF 00 00 00 Siemens 00 03 6B 00 00 00 FF FF FF 00 00 00 Cisco 00 09 6E 00 00 00 FF FF FF 00 00 00 Avaya 00 0F E2 00 00 00 FF FF FF 00 00 00 Huawei 3COM 00 60 B9 00 00 00 FF FF FF 00 00 00 NEC Philips 00 D0 1E 00 00 00 FF FF FF 00 00 00 Pingtel 00 E0 75 00 00 00 FF FF FF 00 00 00 Veritel 00 E0 BB 00 00 00 FF FF FF 00 00 00 3COM Total Entries 8 DES 3528 admin show voice_vlan ports Purpo...

Page 145: ...tlist Description This command is used to show voice devices that are connected to the ports Parameters portlist A range of port to be displayed If not specified all voice devices learned ports will be displayed Restrictions None Example usage To display the voice devices that connected to the ports 1 5 DES 3528 admin show voice_vlan voice_device ports 1 5 Command show voice_vlan voice_device port...

Page 146: ...work ipv6networkaddr vlan vlan_name 32 vlanid vlanid 1 4094 priority value 0 7 Description This command is used to create a subnet based VLAN entry A subnet based VLAN entry is an IP subnet based VLAN classification rule If an untagged or priority tagged IP packet enters a Switch port its source IP address will be compared with the subnet based VLAN entries If the source IP matches the subnet entr...

Page 147: ... delete a subnet based VLAN entry DES 3528 admin delete subnet_vlan network 172 168 1 1 24 Command delete subnet_vlan network 172 168 1 1 24 Success DES 3528 admin show subnet_vlan Purpose Use to display subnet based VLAN information Syntax show subnet_vlan network network_address ipv6network ipv6networkaddr vlan vlan_name 32 vlanid vidlist Description This command is used to display subnet based ...

Page 148: ...based VLAN entry Parameters portlist Specifies a range of ports to be configured mac_based_vlan Specifies to precede subnet based VLAN classification subnet_vlan Specifies to precede MAC based VLAN classification Restrictions Only Administrator and Operator and Power User level users can issue this command Example usage To configure subnet based VLAN classification precedence on port 1 DES 3528 ad...

Page 149: ...ommand enables the asymmetric VLAN function on the Switch Parameters None Restrictions Only Administrator and Operator and Power User level users can issue this command Example usage To enable asymmetric VLANs DES 3528 admin enable asymmetric_vlan Command enable asymmetric_vlan Success DES 3528 admin disable asymmetric_vlan Purpose Used to disable the asymmetric VLAN function on the Switch Syntax ...

Page 150: ...ymmetric VLAN state on the Switch Syntax show asymmetric_vlan Description This command displays the asymmetric VLAN state on the Switch Parameters None Restrictions None Example usage To display the asymmetric VLAN state currently set on the Switch DES 3528 admin show asymmetric_vlan Command show asymmetric_vlan Asymmetric VLAN Enabled DES 3528 admin ...

Page 151: ...with a unique identifier Parameters value Specifies the group ID The Switch allows up to eight link aggregation groups to be configured The group number identifies each of the groups type Specify the type of link aggregation used for the group If the type is not specified the default type is static lacp This designates the port group as LACP compliant LACP allows dynamic adjustment to the aggregat...

Page 152: ...list state enable disable 1 Description This command allows users to configure a link aggregation group that was created with the create link_aggregation command above Parameters group _id value 1 8 Specifies the group ID The Switch allows up to 8 link aggregation groups to be configured The group number identifies each of the groups master_port port Master port ID Specifies which port by port num...

Page 153: ...h should examine the IP source address and the destination address Restrictions Only Administrator and Operator and Power User level users can issue this command Example usage To configure link aggregation algorithm for mac source dest DES 3528 admin config link_aggregation algorithm mac_source_dest Command config link_aggregation algorithm mac_source_dest Success DES 3528 admin show link_aggregat...

Page 154: ...devices must support LACP passive LACP ports that are designated as passive cannot process LACP control frames In order to allow the linked port group to negotiate adjustments and make changes dynamically at one end of the connection must have active LACP ports see above Restrictions Only Administrator and Operator and Power User level users can issue this command Example usage To configure LACP p...

Page 155: ...xStack DES 3528 DES 3552 Series Layer 2 Managed Stackable Fast Ethernet Switch CLI Reference Guide 155 DES 3528 admin ...

Page 156: ...ode is enabled an error message will be prompted to the user When the ACL Mode is enabled the Switch will only accept packets from a created entry in the IP MAC Port Binding Setting window All others will be discarded The function is port based meaning a user can enable or disable the function on the individual port NOTE When configuring the ACL mode function of the IP MAC Port Binding function pl...

Page 157: ... vlan_name mac_address macaddr delete address_binding ip_mac all ipaddress ipaddr mac_address macaddr ipv6address ipv6addr mac_address macaddr enable address_binding trap_log disable address_binding trap_log debug address_binding event dhcp all state enable disable no debug address_binding enable address_binding dhcp_snoop ipv6 all disable address_binding dhcp_snoop ipv6 all enable address_binding...

Page 158: ... 00 00 00 04 Success DES 3528 admin config address_binding ip_mac ipaddress Purpose Used to configure an IP MAC Port Binding entry Syntax config address_binding ip_mac ipaddress ipaddr mac_address macaddr ports portlist all mode arp acl Description This command is used to configure an IP MAC Port Binding entry Parameters ipaddr The IP address of the device where the IP MAC Port binding is made mac...

Page 159: ...00 00 11 Command create address_binding ip_mac ipv6address fe80 240 5ff fe00 28 mac_address 00 00 00 00 00 11 Success DES 3528 admin config address_binding ip_mac ipv6address Purpose Used to configure an IP MAC Port Binding entry Syntax config address_binding ip_mac ipv6address ipv6addr mac_address macaddr ports portlist all Description This command is used to configure an IP MAC Port Binding entr...

Page 160: ...ts it receives on that port with its IMPB entries If the IP MAC pair in the ARP packet does not match the IMPB white list the MAC address will be blocked and subsequent packets sent from this client will be dropped Parameters state Configures the address binding port state to enable or disable When the state is enabled the port will perform the binding check strict This state provides a stricter m...

Page 161: ...ally purge all blocked MAC entries on this port Traffic from legal MAC entries are still forwarded Entering 0 means no limit has been set and the port will keep learning illegal MAC addresses portlist Specifies a port or range of pors to be configured all Specifies all ports on the Switch Restrictions Only Administrator Operator and Power User level users can issue this command Example usage To en...

Page 162: ...tries Syntax show address_binding blocked all vlan_name vlan_name mac_address macaddr Description This command is used to display the IP MAC Port Binding blocked entries Parameters blocked Specifies the addresses in the database that the system has auto learned and blocked vlan_name Specifies the name of the VLAN to which the blocked MAC address belongs mac_address Specifies the MAC address of the...

Page 163: ...ES 3528 admin show address_binding dhcp_snoop Command show address_binding dhcp_snoop DHCP_Snoop IPv4 Disabled DHCP_Snoop IPv6 Disabled DES 3528 admin show address_binding dhcp_snoop binding_entry Purpose This command is used to display the DHCP snoop binding entries Syntax show address_binding dhcp_snoop binding_entry port port Description This command is used to display the DHCP snoop binding en...

Page 164: ...P MAC Port Binding entries DES 3528 admin show address_binding ip_mac all Command show address_binding ip_mac all M Mode D DHCP N ND S Static ST ACL Status A Active I Inactive IP Address MAC Address M ST Ports Total Entries 0 DES 3528 admin show address_binding nd_snoop Purpose This command is used to display the IP MAC Port Binding ND snooping Syntax show address_binding nd_snoop ports portlist D...

Page 165: ...me ST Status A Active I Inactive IP Address MAC Address LT sec Port ST Total Entries 0 DES 3528 admin delete address_binding blocked Purpose This command is used to delete IP MAC Port Binding blocked entries Syntax delete address_binding blocked all vlan_name vlan_name mac_address macaddr Description This command is used to delete IP MAC Port Binding blocked entries Parameters all Specifies that a...

Page 166: ..._log Purpose Used to enable the trap log for the IP MAC Port Binding function Syntax enable address_binding trap_log Description This command along with the disable address_binding trap_log will enable and disable the sending of trap log messages for IMPB When enabled the Switch will send a trap log message when an ARP packet is received that doesn t match the IMPB white list Parameters None Restr...

Page 167: ...le receives ARP IP packets dhcp The Switch will print out the debug messages when the IMPB module receives the DHCP packets all The Switch will print out all debugging messages state Specifies the state of the debug Restrictions Only Administrator level users can issue this command Example usage To open the debug event DES 3528 admin debug address_binding event state enable Command debug address_b...

Page 168: ...to another port if the DHCP snooping function has learned that the MAC address is moved to a different port In order to avoid conflict where both static entry and DHCP Snooping entry are the same DHCP Snooping entries will not be created if the IP MAC entry has already been statically configured Parameters ipv6 Specifies the IPv6 address used for this configuration all Specifies that all the addre...

Page 169: ...er level users can issue this command Example usage To disable the ND snooping function on the Switch DES 3528 admin disable address_binding nd_snoop Command disable address_binding nd_snoop Success DES 3528 admin clear address_binding dhcp_snoop binding_entry ports Purpose Used to clear DHCP snooping entries on specified ports Syntax clear address_binding dhcp_snoop binding_entry ports portlist a...

Page 170: ...ntry ports 1 3 Success DES 3528 admin config address_binding dhcp_snoop max_entry ports Purpose Used to specify the maximum number of entries which can be dynamically learned DHCP snooping by the specified ports Syntax config address_binding dhcp_snoop max_entry ports portlist all limit value 1 50 no_limit ipv6 Description This command is used to specify the maximum number of DHCP snooping entries...

Page 171: ...ons Only Administrator Operator and Power User level users can issue this command Example usage To set the maximum number of entries those ports 1 3 can learn up to 10 DES 3528 admin config address_binding nd_snoop ports 1 3 max_entry 10 Command config address_binding nd_snoop ports 1 3 max_entry 10 Success DES 3528 admin config address_binding recover_learning ports Purpose Use to recover a port ...

Page 172: ...dd delete profile_id value 1 24 profile_name name 1 32 access permit deny 1 show limited_multicast_addr ports portlist vlanid vidlist config max_mcast_group ports portlist vlanid vidlist max_group value 1 1024 infinite action drop replace 1 show max_mcast_group ports portlist vlanid vidlist Each command is listed in detail in the following sections create mcast_filter_profile profile_id Purpose Us...

Page 173: ...ig mcast_filter_profile profile_id 2 add 225 1 1 1 225 1 1 1 Success DES 3528 admin delete mcast_filter_profile profile_id Purpose Used to delete a multicast address profile Syntax delete mcast_filter_profile profile_id value 1 24 all Description This command deletes a multicast address profile Parameters profile_id ID of the profile all All multicast address profiles will be deleted Restrictions ...

Page 174: ... permit deny 1 Description This command is used to configure the multicast address filtering function on a port When there are no profiles assigned to a port or VLAN the filtering function is not effective When the function is configured on a port or VLAN it limits the multicast group that hosts can join through the operation of IGMP Parameters portlist A range of ports to config the multicast add...

Page 175: ...sses 1 customer 224 19 62 34 224 19 162 200 DES 3528 admin config max_mcast_group Purpose Used to configure the maximum number of multicast groups that a port can join Syntax config max_mcast_group ports portlist vlanid vidlist max_group value 1 1024 infinite action drop replace 1 Description This command configures the maximum number of multicast groups that a port can join Parameters portlist A ...

Page 176: ...ommand display the max number of multicast groups that a port can join Parameters portlist A range of ports to display the max number of multicast groups vidlist A range of VLAN IDs to display the max number of multicast groups Restrictions None Example usage To display the maximum number of multicast groups DES 3528 admin show max_mcast_group ports 1 3 Command show max_mcast_group ports 1 3 Port ...

Page 177: ...dress ipv6networkaddr state enable disable ipv4 state enable disable dhcpv6_client enable disable dhcp_option12 hostname hostname 63 clear_hostname state enable disable create ipif ipif_name 12 network_address vlan_name 32 state enable disable proxy_arp enable disable local enable disable delete ipif ipif_name 12 ipv6address ipv6networkaddr all show ipif ipif_name 12 enable ipif ipif_name 12 all d...

Page 178: ...o determine whether to reply The default setting is Disabled bootp Allows the selection of the BOOTP protocol for the assignment of an IP address to the Switch s System IP interface dhcp Allows the selection of the DHCP protocol for the assignment of an IP address to the Switch s System IP interface If users are using the autoconfig feature the Switch becomes a DHCP client automatically so it is n...

Page 179: ...e system will reply the ARP query destined for IP address located in a different IP subnet from the interface IP For ARP packets destined for IP address located in the same IP subnet as the interface IP the system will check this setting to determine whether to reply The default setting is Disabled Restrictions Only Administrator Operator and Power User level users can issue this command Example u...

Page 180: ...3528 admin enable ipif System Command enable ipif System Success DES 3528 admin disable ipif Purpose Used to disable the admin state for an interface Syntax disable ipif ipif_name 12 all Description This command disables the state for an ipif Parameters ipif_name 12 The name of the IP interface all Specifies all interfaces Restrictions Only Administrator Operator and Power User level users can iss...

Page 181: ...ally configured and IPv6 processing will be started Parameters ipif_name 12 Specifies the name of the IP interface used all Specifies that all the IP interfaces will be used Restrictions Only Administrator Operator and Power User level users can issue this command Example usage Enable the automatic configuration of link local address for an interface DES 3528 admin enable ipif_ipv6_link_local_auto...

Page 182: ...escription Display the link local address automatic configuration state Parameters ipif_name 12 Specifies the IP interface name used This name can be up to 12 characters long Restrictions Only Administrator Operator and Power User level users can issue this command Example usage Show interface s information DES 3528 admin show ipif_ipv6_link_local_auto Command show ipif_ipv6_link_local_auto IPIF S...

Page 183: ...e_name 1 32 config igmp_snooping multicast_vlan_group_profile profile_name 1 32 add delete mcast_address_list delete igmp_snooping multicast_vlan_group_profile profile_name profile_name 1 32 all show igmp_snooping multicast_vlan_group_profile profile_name 1 32 config igmp_snooping multicast_vlan_group vlan_name 32 add delete profile_name profile_name 1 32 show igmp_snooping multicast_vlan_group vl...

Page 184: ...icate with the VLAN entries in the existing 802 1Q VLAN database The ISM VLAN snooping function can co exist with the 1Q VLAN snooping function Parameters vlan_name The name of the VLAN to be created Each multicast VLAN is given a name that can be up to 32 characters vlanid The VLAN ID of the multicast VLAN to be create The range is 2 4094 remap_priority The remap priority value 0 to 7 is associat...

Page 185: ...ber_port Adds a range of member ports to the multicast VLAN They will become the untagged member port of the IGMP multicast VLAN source_port Adds a range of source ports to the multicast VLAN untag_source_port Adds a range of untagged source ports to the multicast VLAN tag_member_port Specifies the tagged member port of the IGMP multicast VLAN state enable or disable multicast VLAN for the chosen ...

Page 186: ...ted Restrictions Only Administrator and Operator and Power User level users can issue this command Example usage To delete an IGMP snoop multicast VLAN DES 3528 admin delete igmp_snooping multicast_vlan v1 Command delete igmp_snooping multicast_vlan v1 Success DES 3528 admin enable igmp_snooping multicast_vlan Purpose Used to enable the multicast VLAN function Syntax enable igmp_snooping multicast...

Page 187: ...uccess DES 3528 admin show igmp_snooping multicast_vlan Purpose Used to show the information of multicast VLAN Syntax show igmp_snooping multicast_vlan vlan_name 32 Description This command allows you to show the information of multicast VLAN Parameters vlan_name The name of the multicast VLAN to be shown Restrictions None Example usage To display IGMP snoop multicast VLAN DES 3528 admin show igmp...

Page 188: ... command Example usage To configure IGMP snooping multicast VLAN forward DES 3528 admin config igmp_snooping multicast_vlan forward_unmatched enable Command config igmp_snooping multicast_vlan forward_unmatched enable Success DES 3528 admin create igmp_snooping multicast_vlan_group_profile Purpose Used to create an IGMP multicast VLAN group profile on the Switch Syntax create igmp_snooping multica...

Page 189: ...them such as 225 1 1 1 225 1 1 18 225 1 1 20 Restrictions Only Administrator and Operator and Power User level users can issue this command Example usage To add IGMP multicast address or range to a profile DES 3528 admin config igmp_snooping multicast_vlan_group_profile g1 add 235 2 2 1 23 5 2 2 2 Command config igmp_snooping multicast_vlan_group_profile g1 add 235 2 2 1 235 2 2 2 Success DES 3528...

Page 190: ... binding profile will affect the group joined to the multicast VLAN Syntax config igmp_snooping multicast_vlan_group vlan_name 32 add delete profile_name profile_name 1 32 Description After binding a profile to a multicast VLAN when a multicast group attempt to join this multicast VLAN member port the group cannot join this multicast VLAN if the group does not belong to the range of binding profil...

Page 191: ..._snooping multicast_vlan_group VLAN Name VLAN ID Multicast Group Profiles mv1 2 g1 DES 3528 admin create mld_snooping multicast_vlan Purpose Used to create an MLD multicast VLAN Syntax create mld_snooping multicast_vlan vlan_name 32 vlanid 2 4094 Description This command will create a MLD multicast_vlan Multiple multicast VLANs can be configured When creating MLD multicast VLAN it cannot duplicate...

Page 192: ...ort Adds a range of untagged source ports to the multicast VLAN The PVID of the untag source port will be automatically changed to the multicast VLAN It shall be only one kind of source port tag or untag for an ISM VLAN tag_member_port Specifies the tagged member port of the MLD multicast VLAN state enable or disable multicast VLAN for the chosen VLAN replace_source_ip With the MLD snooping functi...

Page 193: ...es such as FF12 1 FF12 3 FF12 8 or a multicast address range such as FF12 1 FF12 12 or both of them such as FF12 1 FF12 18 FF12 20 Restrictions Only Administrator and Operator and Power User level users can issue this command Example usage To add 225 1 1 1 to 226 1 1 1 to MLD multicast VLAN group profile g1 DES 3528 admin config mld_snooping multicast_vlan_group_profile g1 add FF12 1 FF12 2 Comman...

Page 194: ...ng profile will affect the group joined to the multicast VLAN Syntax config mld_snooping multicast_vlan_group vlan_name 32 add delete profile_name profile_name 1 32 Description After binding a profile to a multicast VLAN when a multicast group attempt to join this multicast VLAN member port the group cannot join this multicast VLAN if the group does not belong to the range of binding profile NOTE ...

Page 195: ...oup Profiles mv1 2 g1 DES 3528 admin delete mld_snooping multicast_vlan Purpose Used to delete an MLD muticast VLAN Syntax delete mld_snooping multicat_vlan vlan_name 32 Description This command allows you to delete an MLD multicast VLAN Parameters vlan_name The name of the multicast VLAN to be deleted Restrictions Only Administrator and Operator and Power User level users can issue this command E...

Page 196: ...s can issue this command Example usage To enable MLD Multicast VLAN DES 3528 admin disable mld_snooping multicast_vlan Command disable mld_snooping multicast_vlan Success DES 3528 admin show mld_snooping multicast_vlan Purpose Used to show the information of MLD multicast VLAN Syntax show mld_snooping multicast_vlan vlan_name 32 Description This command allows you to show the information of an MLD...

Page 197: ... config mld_snooping multicast_vlan forward_unmatched disable enable Description When the Switch receives an MLD packet it will match the packet against the multicast profile to determine the MLD multicast VLAN to be associated with If the packet does not match any profiles the packet will be forwarded or dropped based on the setting By default the packet will be dropped Parameters enable The unma...

Page 198: ...oping data_driven_learning max_learned_entry value 1 1024 vlan_name vlan_name vlanid vlanid_list all state enable disable aged_out enable disable expiry_time sec 1 65535 1 show igmp_snooping vlan vlan_name 32 vlanid vlanid_list show igmp_snooping rate_limit ports portlist vlanid vlanid_list show igmp_snooping group vlan vlan_name 32 vlanid vlanid_list ports portlist ipaddr data_driven show igmp_sn...

Page 199: ... ipv6addr config mld_snooping data_driven_learning max_learned_entry value 1 1024 vlan_name vlan_name vlanid vlanid_list all state enable disable aged_out enable disable expiry_time sec 1 65535 1 clear mld_snooping data_driven_group all vlan_name vlan_name vlanid vlanid_list ipv6addr all show mld_snooping statistic counter vlan vlan_name vlanid vlanid_list ports portlist clear mld_snooping statist...

Page 200: ...nter enable to enable the IGMP snooping fast leave function If enabled the membership is immediately removed when the system receives the IGMP leave message disable Enter disable to disable the IGMP snooping fast leave function report_suppression When IGMP report suppression is enabled the default the Switch sends the first IGMP report from all hosts for a group to all the multicast routers The Sw...

Page 201: ...gured vlanid_list Enter the VLAN ID list here value 1 1000 Configure the rate of the IGMP control packet that the Switch can process on a specific port VLAN The rate is specified in packets per second The packets that exceed the limit will be dropped no_limit Configure the rate of the IGMP control packet to be unlimited that the Switch can process on a specific port VLAN The rate is specified in p...

Page 202: ...ustness variable is set to 2 You might want to increase this value if you expect a subnet to be loosely Group member interval Amount of time that must pass before a multicast router decides there are no more members of a group on a network This interval is calculated as follows robustness variable x query interval 1 x query response interval Other querier present interval Amount of time that must ...

Page 203: ...al 125 state enable Success DES 3528 admin config router_ports Purpose This command allows you to designate a range of ports as being connected to multicast enabled routers Syntax config router_ports vlan_name 32 vlanid vlanid_list add delete portlist Description This will ensure that all packets with such a router as its destination will reach the multicast enabled router regardless of protocol e...

Page 204: ... you to create an IGMP snooping static group Syntax create igmp_snooping static_group vlan vlan_name 32 vlanid vlanid_list ipaddr Description Member ports can be added to the static group The static member and the dynamic member port form the member ports of a group The static group will only take effect when IGMP snooping is enabled on the VLAN For those static member ports the device needs to em...

Page 205: ...oping static_group vlan default 239 1 1 1 Success DES 3528 admin config igmp_snooping static_group Purpose This command is used to configure the IGMP snooping static group Syntax config igmp_snooping static_group vlan vlan_name 32 vlanid vlanid_list ipaddr add delete portlist Description When a port is configured as a static member port the IGMP protocol will not operate on this port For example s...

Page 206: ...ame 32 vlanid vlanid_list ipaddr Description This command is used to display the IGMP snooping multicast group static members Parameters vlan Specify the name of the VLAN on which the static group resides vlan_name 32 Enter the VLAN name here The VLAN name can be up to 32 characters long vlanid Specify the ID of the VLAN on which the static group resides vlanid_list Enter the VLAN ID here ipaddr S...

Page 207: ...iven group is created and IGMP member ports are learned later the entry will become an ordinary IGMP snooping entry That is the aging out mechanism will follow the ordinary IGMP snooping entry Parameters vlan_name Specify the VLAN name to be configured vlan_name Enter the VLAN name here vlanid Specify the VLAN ID to be configured vlanid_list Enter the VLAN ID here all Specify all VLANs to be confi...

Page 208: ...xample usage To show IGMP snooping DES 3528 admin show igmp_snooping Command show igmp_snooping IGMP Snooping Global State Disabled Data Driven Learning Max Entries 128 VLAN Name default Query Interval 125 Max Response Time 10 Robustness Value 2 Last Member Query Interval 1 Querier State Disable Querier Role Non Querier Querier IP 0 0 0 0 Querier Expiry Time 0 secs State Disable Fast Leave Disable...

Page 209: ...e The VLAN name can be up to 32 characters long vlanid Optional Specify the ID of the VLAN for which you want to view IGMP snooping group information vlanid_list Enter the VLAN ID list here ports Optional Specify a list of ports for which you want to view IGMP snooping group information portlist Enter the list of ports here ipaddr Optional Specify the group IP address for which you want to view IG...

Page 210: ...ame VID default 1 Member Ports 3 UP Time 280 Expiry Time 120 Filter Mode EXCLUDE Source Group NULL 225 0 0 2 VLAN Name VID default 1 Member Ports 4 5 UP Time 280 Expiry Time 120 Filter Mode EXCLUDE VLAN Name default Multicast Group 225 0 0 15 Member Ports Router Ports UP Time 12 Expiry Time 248 Total Entries 4 DES 3528 admin show igmp_snooping group data_driven Command show igmp_snooping group dat...

Page 211: ...view IGMP snooping forwarding table information vlan_name 32 Enter the VLAN name here The VLAN name can be up to 32 characters long vlanid Optional Specify the ID of the VLAN for which you want to view IGMP snooping forwarding table information vlanid_list Enter the VLAN ID list here If no parameter is specified the system will display all current IGMP snooping forwarding table entries of the Swit...

Page 212: ...he router port resides vlanid_list Enter the VLAN ID list here static Optional Displays router ports that have been statically configured dynamic Optional Displays router ports that have been dynamically configured forbidden Optional Displays forbidden router ports that have been statically configured If no parameter is specified the system will display all currently configured router ports on the...

Page 213: ...t here ports Specify a list of ports to be displayed portlist Enter the list of port to be displayed here Restrictions None Example usage To display the IGMP snooping statistics counter DES 3528 admin show igmp_snooping statistics counter vlanid 1 Command show igmp_snooping statistics counter vlanid 1 VLAN Name default Group Number 10 Receive Statistics Query IGMP v1 Query 1 IGMP v2 Query 1 IGMP v...

Page 214: ...0 Dropped By Rate Limitation 0 Dropped By Max Group Limitation 90 Dropped By Group Filter 0 Dropped By Multicast VLAN 0 Transmit Statistics Query IGMP v1 Query 0 IGMP v2 Query 0 IGMP v3 Query 0 Total 0 Report Leave IGMP v1 Report 0 IGMP v2 Report 0 IGMP v3 Report 0 IGMP v2 Leave 0 Total 0 Total Entries 1 DES 3528 admin clear igmp_snooping statistics counter Purpose This command is used to clear th...

Page 215: ...he chosen VLAN fast_done Optional Enable or disable MLD snooping fast_leave function enable Enter enable here to enable MLD snooping fast_leave function If enable the membership is immediately removed when the system receive the MLD leave message disable Enter disable here to disable MLD snooping fast_leave function report_suppression Optional When MLD report suppression is enabled the default the...

Page 216: ...ed in calculating the following MLD message intervals value 1 7 Enter the robustness variable value here This value must be between 1 and 7 Group listener interval Amount of time that must pass before a multicast router decides there are no more listeners of a group on a network This interval is calculated as follows robustness variable query interval 1 query response interval Other querier presen...

Page 217: ...er_ports vlan vlan_name 32 vlanid vlanid_list add delete portlist Description This will ensure that all packets with such a router as its destination will reach the multicast enabled router regardless of protocol etc Parameters vlan Specify the name of the VLAN on which the router port resides vlan_name 32 Enter the VLAN name here The VLAN name can be up to 32 characters long vlanid Specify the ID...

Page 218: ...ions Only Administrator and Operator and Power User level users can issue this command Example usage To set up port range 1 10 to forbidden router ports of the default VLAN DES 3528 admin config mld_snooping mrouter_ports_forbidden vlan default add 1 10 Command config mld_snooping mrouter_ports_forbidden vlan default add 1 10 Success DES 3528 admin show mld_snooping Purpose This command will displ...

Page 219: ...e Switch Parameters vlan Optional Specify the name of the VLAN for which you want to view MLD snooping group information If VLAN and ports and IP address are not specified the system will display all current IGMP snooping group information vlan_name 32 Enter the VLAN name here The VLAN name can be up to 32 characters long vlanid Optional Specify the ID of the VLAN for which you want to view MLD sn...

Page 220: ...258 Filter Mode INCLUDE Source Group 2002 2 FE1E 1 VLAN Name VID default 1 Member Ports 3 UP Time 29 Expiry Time 247 Filter Mode EXCLUDE Source Group NULL FE1E 2 VLAN Name VID default 1 Member Ports 4 5 UP Time 40 Expiry Time 205 Filter Mode EXCLUDE Source Group NULL FF1E 5 VLAN Name VID default 1 Reports 0 Member Ports Router Ports 24 UP Time 100 Expiry Time 200 Filter Mode EXCLUDE Total Entries ...

Page 221: ...pecify the name of the VLAN for which you want to view MLD snooping forwarding table information vlan_name 32 Enter the VLAN name here The VLAN name can be up to 32 characters long vlanid Optional Specify the ID of the VLAN for which you want to view MLD snooping forwarding table information vlanid_list Enter the VLAN ID list here If no parameter is specified the system will display all current ML...

Page 222: ...outer port resides vlanid_list Enter the VLAN ID list here all Specify all VLANs on which the router port resides static Optional Displays router ports that have been statically configured dynamic Optional Displays router ports that have been dynamically configured forbidden Optional Displays forbidden router ports that have been statically configured If no parameter is specified the system will d...

Page 223: ...c group resides vlanid_list Enter the VLAN ID list here ipv6addr Specify the multicast group IPv6 address Restrictions Only Administrator and Operator and Power User level users can issue this command Example usage To create an MLD snooping static group for VLAN 1 group FF1E 1 DES 3528 admin create mld_snooping static_group vlan default FF1E 1 Command create mld_snooping static_group vlan default ...

Page 224: ...lete the member ports portlist Specify a range of ports to be configured Restrictions Only Administrator and Operator and Power User level users can issue this command Example usage To unset port range 9 10 from MLD snooping static member ports for group FF1E 1 on default VLAN DES 3528 admin config mld_snooping static_group vlan default FF1E 1 delete 2 9 2 10 Command create mld_snooping static_gro...

Page 225: ... driven group is created and MLD member ports are learned later the entry will become an ordinary MLD snooping entry That is the aging out mechanism will follow the ordinary MLD snooping entry Parameters vlan_name Specify the VLAN name to be configured vlan_name Enter the VLAN name here vlanid Specify the VLAN ID to be configured vlanid_list Enter the VLAN ID list here all Specify that all VLANs a...

Page 226: ...wer User level users can issue this command Example usage To delete all the groups learned by data driven DES 3528 admin clear mld_snooping data_driven_group all Command clear mld_snooping data_driven_group all Success DES 3528 admin show mld_snooping statistic counter Purpose This command displays the statistics counter for IGMP protocol packets that are received by the Switch since IGMP snooping...

Page 227: ...roup Filter 0 Dropped By Multicast VLAN 1 Transmit Statistics Query MLD v1 Query 1 MLD v2 Query 1 Total 2 Report Leave MLD v1 Report 0 MLD v2 Report 10 MLD v1 Done 1 Total 11 Total Entries 1 DES 3528 admin clear mld_snooping statistic counter Purpose This command is used to clear MLD snooping statistics counters Syntax clear mld_snooping statistics counter Description This command is used to clear...

Page 228: ...AN The rate is specified in packet per second The packets that exceed the limited rate will be dropped The default setting is no_limit Restrictions Only Administrator and Operator and Power User level users can issue this command Example usage To configure the MLD snooping per port rate limit DES 3528 admin config mld_snooping ports 1 rate_limit 100 Command config mld_snooping ports 1 rate_limit 1...

Page 229: ...e specified ports Restrictions Only Administrator Operator and Power User level users can issue this command Example usage To enable IGMP Access Control for all ports DES 3528 admin config igmp access_authentication ports all state enable Command config igmp access_authentication ports all state enable Success DES 3528 admin show igmp access_authentication ports Purpose This command is used to dis...

Page 230: ...and show igmp access_authentication ports all Port State 1 1 Enabled 1 2 Enabled 1 3 Enabled 1 4 Enabled 1 5 Enabled 1 6 Enabled 1 7 Enabled 1 8 Enabled 1 9 Enabled 1 10 Enabled 1 11 Enabled 1 12 Enabled 1 13 Enabled 1 14 Enabled 1 15 Enabled 1 16 Enabled 1 17 Enabled 1 18 Enabled 1 19 Enabled 1 20 Enabled CTRL C ESC q Quit SPACE n Next Page ENTER Next Entry a All ...

Page 231: ...p_relay option_60 state enable disable config dhcp_relay option_60 add string mutiword 255 relay ipaddr exact match partial match config dhcp_relay option_60 default relay ipaddr mode relay drop config dhcp_relay option_60 delete string mutiword 255 relay ipaddress ipaddress ipaddr all default ipaddr show dhcp_relay option_60 string mutiword 255 ipaddress ipaddr default config dhcp_relay option_61...

Page 232: ...x config dhcp_relay add ipif ipif_name 12 ipaddr Description This command adds an IP address as a destination to forward relay DHCP BOOTP relay packets to Parameters ipif_name 12 The name of the IP interface in which DHCP relay is to be enabled ipaddr The DHCP server IP address Restrictions Only Administrator and Operator and Power User level users can issue this command Example usage To add an IP...

Page 233: ... the relay agent removes the option 82 field and forwards the packet to the Switch port that connects to the DHCP client that sent the DHCP request disable If the field is toggled to disable the relay agent will not insert and remove DHCP relay information option 82 field in messages between DHCP servers and clients and the check and policy settings will have no effect The default setting is disab...

Page 234: ...et received from the DHCP client The default setting is replace Restrictions Only Administrator and Operator and Power User level users can issue this command Example usage To configure DHCP relay option 82 policy DES 3528 admin config dhcp_relay option_82 policy replace Command config dhcp_relay option_82 policy replace Success DES 3528 admin config dhcp_relay option_82 remote_id Purpose Used to ...

Page 235: ... Identifier Option 61 State Disabled DHCP Relay Agent Information Option 82 State Disabled DHCP Relay Agent Information Option 82 Check Disabled DHCP Relay Agent Information Option 82 Policy Replace DHCP Relay Agent Information Option 82 Remote ID 00 22 B0 10 8A 00 Interface Server 1 Server 2 Server 3 Server 4 Server VLAN ID List DES 3528 admin Example usage To show a single IP destination of the ...

Page 236: ...528 admin disable dhcp_relay Command disable dhcp_relay Success DES 3528 admin config dhcp_relay option_60 state Purpose This command is used to configure DHCP relay agent information option 60 state of the Switch Used to config dhcp_relay opton_60 state Syntax config dhcp_relay option_60 state enable disable Description This command decides whether DHCP relay will process the DHCP option 60 or no...

Page 237: ...atch Command config dhcp_relay option_60 add string abc relay 10 90 90 1 exact match Success DES 3528 admin config dhcp_relay option_60 default Purpose This command is used to configure dhcp_relay option_60 default relay servers Syntax config dhcp_relay option_60 default relay ipaddr mode relay drop Description When there are no matching servers found for the DHCP client request packet based on op...

Page 238: ...lay ipaddress if IP address is not specified Restrictions Only Administrator and Operator and Power User level users can issue this command Example usage To delete the DHCP relay option 60 DES 3528 admin config dhcp_relay option_60 delete all Command config dhcp_relay option_60 delete all Success DES 3528 admin show dhcp_relay option_60 Purpose This command is used to show dhcp_relay option_60 ent...

Page 239: ... configure the state of DHCP relay option 61 DES 3528 admin config dhcp_relay option_61 state enable Command config dhcp_relay option_61 state enable Success DES 3528 admin config dhcp_relay option_61 add Purpose This command is used to add a rule for dhcp_relay option_61 Syntax config dhcp_relay option_61 add mac_address macaddr string desc_long 255 relay ipaddr drop Description This command adds...

Page 240: ...ion_61 delete Purpose This command is used to delete an option 61 rule Syntax config dhcp_relay option_61 delete mac_address macaddr string desc_long 255 all Description This command is used to delete an option 61 rule Parameters mac_address The entry with the specified MAC address will be deleted string The entry with the specified string will be deleted all All rules excluding the default rule w...

Page 241: ...e or disable the DHCP local relay for a specified VLAN Restrictions Only Administrator and Operator and Power User level users can issue this command Example usage To enable DHCP local relay for the default VLAN DES 3528 admin config dhcp_local_relay vlan default state enable Command config dhcp_local_relay vlan default state enable Success DES 3528 admin enable dhcp_local_relay Purpose Used to en...

Page 242: ... admin show dhcp_local_relay Command show dhcp_local_relay DHCP BOOTP Local Relay Status Disabled DHCP BOOTP Local Relay VID List 1 DES 3528 admin config dhcp_relay vlanid Purpose Adds or deletes an IP destination address to the Switch s DHCP relay table Syntax config dhcp_relay add delete vlanid vlan_id_list ipaddr Description The config dhcp_relay add delete vlanid command adds or deletes an IP ...

Page 243: ...ation Option 82 Remote ID 00 80 11 00 11 22 Interface Server 1 Server 2 Server 3 Server 4 Server VLAN ID List 10 43 21 12 1 10 DES 3528 admin To delete DHCP BOOTP server 10 43 21 12 from VLAN 2 and VLAN 3 DES 3528 admin config dhcp_relay delete vlanid 2 3 10 43 21 12 Command config dhcp_relay delete vlanid 2 3 10 43 21 12 Success DES 3528 admin show dhcp_relay Command show dhcp_relay DHCP BOOTP Re...

Page 244: ...it config 802 1x auth_parameter ports portlist all default direction both in port_control force_unauth auto force_auth quiet_period sec 0 65535 tx_period sec 1 65535 supp_timeout sec 1 65535 server_timeout sec 1 65535 max_req value 1 10 reauth_period sec 1 65535 max_users value 1 448 no_limit enable_reauth enable disable 1 config 802 1x init port_based ports portlist all mac_based ports portlist a...

Page 245: ... Access control server application on the Switch Parameters None Restrictions Only Administrator and Operator level users can issue this command Example usage To enable 802 1X on the Switch globally DES 3528 admin enable 802 1x Command enable 802 1x Success DES 3528 admin disable 802 1x Purpose Used to disable the 802 1X server on the Switch Syntax disable 802 1x Description This command is used t...

Page 246: ...802 1x user Purpose Used to delete 802 1X user Syntax delete 802 1x user username 15 Description This command deletes specified user Parameters username 15 Specifies deleting user name Restrictions Only Administrator level users can issue this command Example usage To delete user test DES 3528 admin delete 802 1x user test Command delete 802 1x user test Success DES 3528 admin show 802 1x user Pur...

Page 247: ...otocol radius_eap Success DES 3528 admin config 802 1x fwd_pdu system Purpose Used to configure the forwarding of EAPOL PDU when 802 1X is disabled Syntax config 802 1x fwd_pdu system enable disable Description This is a global setting to control the forwarding of EAPOL PDU When 802 1X functionality is disabled globally or for a port if 802 1X fwd_pdu is enabled both globally and for the port a re...

Page 248: ... 1x authorization attributes radius disable Command config 802 1x authorization attributes radius disable Success DES 3528 admin config 802 1x fwd_pdu ports Purpose Used to configure if the port will flood EAPOL PDU when 802 1X functionality is disabled Syntax config 802 1x fwd_pdu ports portlilst all enable disable Description This is a per port setting to control the forwarding of EAPOL PDU When...

Page 249: ...t Based 802 1X Pri Priority Port MAC Address RX VID PAE State Backend State Status VID Pri 1 00 05 5D F9 16 76 3 Authenticated Idle A Total Authenticating Hosts 0 Total Authenticated Hosts 1 DES 3528 admin To display the 802 1X system level configurations DES 3528 admin show 802 1x Command show 802 1x 802 1X Disabled Authentication Protocol RADIUS_EAP Forward EAPOL PDU Disabled Max User no_limit R...

Page 250: ...gure the port capabilty DES 3528 admin config 802 1x capability ports 1 10 authenticator Command config 802 1x capability ports 1 10 authenticator Success DES 3528 admin config 802 1x max _users Purpose Used to configure the max number of users that can be learned through 802 1x authentication Syntax config 802 1x max users value 1 448 no_limit Description The setting is a global limitation on the...

Page 251: ...auto quiet_period It is the initialization value of the quietWhile timer The default value is 60 s and can be any value from 0 to 65535 tx_period It is the initialization value of the txWhen timer The default value is 30 s and can be any value among 1 to 65535 supp_timeout The initialization value of the aWhile timer when timing out the supplicant Its default value is 30 s and can be any value amo...

Page 252: ... 802 1x init port_based ports all Command config 802 1x init port_based ports all Success DES 3528 admin config 802 1x reauth Purpose Used to configure the 802 1X re authentication feature of the Switch Syntax config 802 1x reauth port_based ports portlist all mac_based ports portlist all mac_address macaddr Description This command is used to re authenticate a previously authenticated device base...

Page 253: ...X Guest VLAN for the Switch DES 3528 admin create 802 1x guest_vlan Trinity Command create 802 1x guest_vlan Trinity Success DES 3528 admin config 802 1x guest_vlan ports Purpose Used to configure ports for a pre existing 802 1X guest VLAN Syntax config 802 1x guest_vlan ports portlist all state enable disable Description This command is used to configure ports to be enabled or disabled for the 80...

Page 254: ...st_vlan Command show 802 1x guest_vlan Guest VLAN Setting Guest VLAN Trinity Enable Guest VLAN Ports 5 8 Success DES 3528 admin delete 802 1x guest_vlan Purpose Used to delete an 802 1X Guest VLAN Syntax delete 802 1x guest_vlan vlan_name 32 Description This command is used to delete an 802 1X Guest VLAN 802 1X Guest VLAN clients are those who have not been authorized for 802 1X or they haven t ye...

Page 255: ...t udp_port_number 1 65535 The UDP port number for authentication requests The default is 1812 acct_port udp_port_number 1 65535 The UDP port number for accounting requests The default is 1813 timeout int 1 255 The time in second for waiting for a server reply Default value is 5 seconds retransmit int 1 20 The count for re transmit Default value is 2 Restrictions Only Administrator and Operator lev...

Page 256: ...to 32 characters can be used auth_port udp_port_number 1 65535 The UDP port number for authentication requests The default is 1812 acct_port udp_port_number 1 65535 The UDP port number for accounting requests The default is 1813 timeout int 1 255 The time in second for waiting for a server reply Default value is 5 seconds retransmit int 1 20 The count for re transmit Default value is 2 Restriction...

Page 257: ...d show auth_statistics ports 1 Port number 1 Original RX VID 3 MAC Address 00 05 5D F9 16 76 EapolFramesRx 2 EapolFramesTx 3 EapolStartFramesRx 0 EapolReqIdFramesTx 1 EapolLogoffFramesRx 0 EapolReqFramesTx 1 EapolRespIdFramesRx 1 EapolRespFramesRx 1 InvalidEapolFramesRx 0 EapLengthErrorFramesRx 0 LastEapolFrameVersion 1 LastEapolFrameSource 00 05 5D F9 16 76 DES 3528 admin show auth_diagnostics Pu...

Page 258: ...onsesFromSupplicant 1 BackendAuthSuccesses 1 BackendAuthFails 0 DES 3528 admin show auth_session_statistics Purpose Used to display authenticator session statistics information Syntax show auth_session_statistics ports portlist all Description This command displays authenticator session statistics information Parameters portlist Specifies a range of ports to be shown all All port Restrictions None...

Page 259: ...sRequests 0 radiusAuthClientAccessRetransmissions 0 radiusAuthClientAccessAccepts 0 radiusAuthClientAccessRejects 0 radiusAuthClientAccessChallenges 0 radiusAuthClientMalformedAccessResponses 0 radiusAuthClientBadAuthenticators 0 radiusAuthClientPendingRequests 0 radiusAuthClientTimeouts 0 radiusAuthClientUnknownTypes 0 radiusAuthClientPacketsDropped 0 CTRL C ESC q Quit SPACE n Next Page p Previou...

Page 260: ...ault the service is disabled shell Accounting service for shell events When user login or logout the Switch via the console Telnet or SSH and when timeout occurs accounting information will be collected and sent to RADIUS server By default the service is disabled system Accounting service for system events reset reboot By default the service is disabled enable Enable the specified accounting servi...

Page 261: ...xStack DES 3528 DES 3552 Series Layer 2 Managed Stackable Fast Ethernet Switch CLI Reference Guide 261 Accounting Service Network Enabled Shell Enabled System Enabled DES 3528 admin ...

Page 262: ... entered into the access profile you can assign an access_id that both identifies the rule and establishes a priority within the list of rules A lower access_id gives the rule a higher priority In case of a conflict in the rules entered for an access profile the rule with the highest priority lowest access_id will take precedence The ip parameter instructs the Switch that this new rule will be app...

Page 263: ...interface_filteri ng disable cpu_interface_filteri ng create cpu access_profile profile_id value 1 5 ethernet vlan source_mac macmask destination_mac macmask 802 1p ethernet_type ip vlan source_ip_mask netmask destination_ip_mask netmask dscp icmp type code igmp type tcp src_port_mask hex 0x0 0xffff dst_port_mask hex 0x0 0xffff flag_mask all urg ack psh rst syn fin udp src_port_mask hex 0x0 0xffff...

Page 264: ...r value 0 1048576 cbs value 0 16384 pir value 0 1048576 pbs value 0 16384 conform permit replace_dscp value 0 63 counter enable disable exceed permit replace_dscp value 0 63 drop counter enable disable violate permit replace_dscp value 0 63 drop counter enable disable sr_tcm cir value 0 1048576 cbs value 0 16384 ebs value 0 16384 conform permit replace_dscp value 0 63 counter enable disable exceed...

Page 265: ...mand below Parameters ethernet Specifies that the Switch will examine the layer 2 part of each packet header vlan Specifies that the Switch will examine the VLAN part of each packet header source_mac macmask Specifies a MAC address mask for the source MAC address This mask is entered in a hexadecimal format destination_mac macmask Specifies a MAC address mask for the destination MAC address 802 1p...

Page 266: ...ofiles where the lowest profile ID has the highest priority The user may enter a profile ID number between 1 14 yet remember only 14 access profiles can be created on the Switch profile_name Specifies the name of the profile The maximum length is 32 characters IPV6 Denotes that IPv6 packets will be examined by the Switch for forwarding or filtering based on the rules configured in the config acces...

Page 267: ...o identify the access profile that will be deleted with this command This value is assigned to the access profile when it is created with the create access_profile command The user may enter a profile ID number between 1 and 14 yet remember only 14 access profiles can be created on the Switch profile_name Specifies the name of the profile The maximum length is 32 characters all Entering this param...

Page 268: ...7 replace_priority replace_dscp_with value 0 63 replace_tos_precedence_with value 0 7 counter enable disable mirror redirect egress_port port deny time_range range_name 32 delete access_id value 1 128 Description This command is used to configure an access profile on the Switch and to enter specific values that will be combined using a logical AND operational method with masks entered with the cre...

Page 269: ...CP control flag finish udp Specifies that the Switch will examine the User Datagram Protocol UDP field in each packet src_port value 0 65535 Specifies that the access profile will apply only to packets that have this UDP source port in their header dst_port value 0 65535 Specifies that the access profile will apply only to packets that have this UDP destination port in their header protocol_id val...

Page 270: ...packet on the previously specified port replace_dscp_with value 0 63 Allows users to specify a new value to be written to the DSCP field of an incoming packet on the previously specified port replace_tos_precedence_with value 0 7 Specifies the packets that match the access profile and that tos precedence values will be changed by the Switch deny Specifies the rule will deny access for incoming pac...

Page 271: ...e 1 14 profile_name name 1 32 Description This command is used to display the currently configured access profiles Parameters profile_id value 1 14 Specify the profile id to display only the access rules configuration for a single profile ID The user may enter a profile ID number between 1 and 14 yet remember only 14 access profiles can be created on the Switch profile_name name 1 32 Specifies the...

Page 272: ...et Specifies that the Switch will examine the layer 2 part of each packet header vlan Specifies that the Switch will examine the VLAN part of each packet header source_mac macmask Specifies to examine the source MAC address mask destination_mac macmask Specifies to examine the destination MAC address mask 802 1p Specifies that the Switch will examine the 802 1p priority value in the frame s header...

Page 273: ... 64 to byte 79 ipv6 Denotes that IPv6 packets will be examined by the Switch for forwarding or filtering based on the rules configured in the config cpu access_profile command for IPv6 class Entering this parameter will instruct the Switch to examine the class field of the IPv6 header This class field is a part of the packet header that is similar to the Type of Service ToS or Precedence bits fiel...

Page 274: ... 5 Enter an integer between 1 and 5 that is used to identify the CPU access profile to be deleted with this command This value is assigned to the access profile when it is created with the create cpu access_profile command all This will delete all previously configured cpu access_profiles Restrictions Only Administrator and Operator level users can issue this command Example usage To delete the CP...

Page 275: ...sing a logical AND operational method with masks entered with the config cpu access_profile command above Parameters profile_id value 1 5 Enter an integer used to identify the access profile that will be configured with this command This value is assigned to the access profile when it is created with the create cpu access_profile command The profile ID sets the relative priority for the profile an...

Page 276: ... in their header dst_port value 0 65535 Specifies that the access profile will apply only to packets that have this UDP destination port in their header protocol_id value 0 255 Specifies that the Switch will examine the protocol field in each packet and if this field contains the value entered here apply the following rules user_define_mask hex 0x0 0xffffffff Specifies that the rule applies to the...

Page 277: ...3 icmp type 11 code 32 port 1 deny Success DES 3528 admin show cpu access_profile Purpose Used to view the CPU access profile entry currently set in the Switch Syntax show cpu access_profile profile_id value 1 5 Description This command is used view the current CPU interface filtering entries set on the Switch Parameters profile_id value 1 5 Enter an integer between 1 and 5 that is used to identif...

Page 278: ...xample Usage To enable CPU interface filtering DES 3528 admin enable cpu_interface_filtering Command enable cpu_interface_filtering Success DES 3528 admin disable cpu_interface_filtering Purpose Used to disable CPU interface filtering on the Switch Syntax disable cpu_interface_filtering Description This command is used in conjunction with the enable cpu_interface_filtering command above to enable ...

Page 279: ...e peak burst size The green color packet will be treated as the conforming action the yellow color packet will be treated as the exceeding action and the red color packet will be treated as the violating action Parameters profile_id Specifies the profile ID value 1 14 Enter the profile ID here This value must be between 1 and 14 profile_name Specifies the name of the profile The maximum length is ...

Page 280: ...ifies the action when a packet is mapped to the red color permit Permits the packet replace_dscp Changes the DSCP of the packet value 0 63 Enter the replace DSCP value here drop Drops the packet counter Optional Specifies the ACL counter This is optional The default is disable The resource may be limited so that a counter cannot be turned on Counters will be cleared when the function is disabled e...

Page 281: ...er option will be disabled delete Deletes the specified flow_meter Restrictions Only Administrator and Operator level users can issue this command Example usage To configure the ACL flow meter on the Switch DES 3528 admin config flow_meter profile_id 1 access_id 1 tr_tcm cir 1000 cbs 200 pir 2000 pbs 2000 exceed permit replace_dscp 21 violate drop Command config flow_meter profile_id 1 access_id 1...

Page 282: ... the time range Note that the specified time range is based on SNTP time or configured time If this time is not available then the time range will not be met Parameters range_name Specifies the name of the time range settings start_time Specifies the starting time in a day 24 hr time For example 19 00 means 7PM 19 is also acceptable start_time must be smaller than end_time end_time Specifies the e...

Page 283: ...otal Entries 1 DES 3528 admin show current_config access_profile Purpose Used to display the ACL part of current configuration Syntax show current_config access_profile Description This command displays the ACL privilege of the current configuration in user level of privilege The overall current configuration can be displayed by show config command which is accessible in administrator level of pri...

Page 284: ...hrough the CPU Interface Filtering mechanism explained in the previous section Once the user configures these acceptable IP addresses other packets containing different IP addresses will be dropped by the Switch thus limiting the bandwidth of IP packets To keep the process moving fast be sure not to add many conditions on which to accept these acceptable IP addresses and their packets this limitin...

Page 285: ...messages to the device s SNMP agent and Switch log once the Safeguard Engine has been activated by a high CPU utilization rate mode strict fuzzy Used to select the type of Safeguard Engine to be activated by the Switch when the CPU utilization reaches a high rate The user may select strict If selected this function will stop accepting all ARP packets not intended for the Switch and will stop recei...

Page 286: ... 3528 DES 3552 Series Layer 2 Managed Stackable Fast Ethernet Switch CLI Reference Guide 286 CPU Utilization Information Rising Threshold 30 Falling Threshold 20 Trap Log State Enabled Mode Strict DES 3528 admin ...

Page 287: ...et the Server IP Address and Client MAC Address binding NetBIOS Filtering Setting When the NetBIOS filter is enabled all NetBIOS packets will be filtered from the specified port Enabling the NetBIOS filter will create one access profile and create three access rules per port UDP port numbers 137 and 138 and TCP port number 139 For Extensive NetBIOS Filter when it is enabled all NetBIOS packets ove...

Page 288: ... DHCP server to be filtered ipaddr Enter the DHCP server IP address here client_mac Optional The MAC address of the DHCP client macaddr Enter the DHCP client MAC address here ports The port number of filter DHCP server portlist Enter the list of ports to be configured here all Specifies that all the port will be used for this configuration state Specifies to enable or disable the filter DHCP serve...

Page 289: ...server Enabled Ports Trap Log State Disabled Illegal Server Log Suppress Duration 5 minutes Filter DHCP Server Client Table Server IP Address Client MAC Address Port 10 255 255 254 00 00 00 00 00 01 1 28 Total Entries 1 DES 3528 admin config filter netbios Purpose Used to configure the Switch to filter NetBIOS packets from specified ports Syntax config filter netbios portlist all state enable disa...

Page 290: ...in config filter extensive_netbios Purpose Used to configure the Switch to filter 802 3 frame NetBIOS packets from specified ports Syntax config filter extensive_netbios portlist all state enable disable Description This command will configure the Switch to filter 802 3 frame NetBIOS packets from the specified ports Parameters portlist The list of port numbers to which the NetBIOS filter will be a...

Page 291: ...tBIOS packets from specified ports Syntax show filter extensive_netbios Description This command will display the Switch settings to filter NetBIOS packets from the specified ports Parameters None Restrictions None Example usage To display the extensive NetBIOS filter status DES 3528 admin show filter extensive_netbios Command show filter extensive_netbios Enabled Ports 1 3 DES 3528 admin ...

Page 292: ...te enable disable Description This command is used to discard the l3 control packets sent to CPU from specific ports Parameters portlist Specifies the port list to filter control packet dvmrp Speficies that the filtered L3 control protocol as DVMRP pim Speficies that the filtered L3 control protocol as PIM igmp_query Speficies that the filtered L3 control protocol as IGMP query state Enable or dis...

Page 293: ...tack DES 3528 DES 3552 Series Layer 2 Managed Stackable Fast Ethernet Switch CLI Reference Guide 293 Port IGMP Query DVMRP PIM 1 1 Disabled Disabled Disabled 1 2 Disabled Disabled Disabled DES 3528 admin ...

Page 294: ...hat the auto recovery mechanism should be disabled When the auto recovery mechanism is disabled a user would need to manually recover a disabled port The default value for the recover timer is 60 seconds 0 0 is a special value that specifies that the auto recovery mechanism should be disabled When the auto recovery mechanism is disabled a user would need to manually recover a disabled port sec 60 ...

Page 295: ...rator and Operator and Power User level users can issue this command Example usage To set the loop detect state to enable DES 3528 admin config loopdetect ports 1 5 state enable Command config loopdetect ports 1 5 state enable Success DES 3528 admin config loopdetect trap Purpose Used to configure trap modes Syntax config loopdetect trap none loop_detected loop_cleared both Description This comman...

Page 296: ... admin disable loopdetect Purpose Used to globally disable loop back detection on the Switch Syntax disable loopdetect Description This command is used to globally disable loop back detection on the Switch Parameters None Restrictions Only Administrator and Operator and Power User level users can issue this command Example usage To disable loop back detection on the Switch DES 3528 admin disable l...

Page 297: ... Example usage To show loop detect ports DES 3528 admin show loopdetect ports 1 3 Command show loopdetect ports 1 3 Port LoopDetect State Loop Status 1 Enabled Normal 2 Enabled Normal 3 Enabled Normal CTRL C ESC q Quit SPACE n Next Page p Previous Page r Refresh config loopdetect log state Purpose This command is used to configure the log state for LBD Syntax config loopdetect log state enable dis...

Page 298: ...xStack DES 3528 DES 3552 Series Layer 2 Managed Stackable Fast Ethernet Switch CLI Reference Guide 298 DES 3528 admin ...

Page 299: ... in the portlist above null No ports are specified all All ports are specified portlist Specifies a range of ports for the forwarding list This list must be on the same Switch previously specified for traffic segmentation i e following the portlist specified above for config traffic_segmentation Restrictions Only Administrator and Operator and Power User level users can issue this command Example ...

Page 300: ... Stackable Fast Ethernet Switch CLI Reference Guide 300 1 1 26 2 1 26 3 1 26 4 1 26 5 1 26 6 1 26 7 1 26 8 1 26 9 1 26 10 1 26 11 1 26 12 1 26 13 1 26 14 1 26 15 1 26 16 1 26 17 1 26 18 1 26 CTRL C ESC q Quit SPACE n Next Page ENTER Next Entry a All ...

Page 301: ... ports portlist all interval disable sec 20 120 delete sflow counter_poller ports portlist all show sflow counter_poller create sflow analyzer_server value 1 4 owner name 16 timeout sec 1 2000000 infinite collectoraddress ipaddr collectorport udp_port_number 1 65535 maxdatagramsize value 300 1400 config sflow analyzer_server value 1 4 timeout sec 1 2000000 infinite collectoraddress ipaddr collecto...

Page 302: ...Operator level users can issue this command Example usage To disable sflow DES 3528 admin disable sflow Command disable sflow Success DES 3528 admin show sflow Purpose Used to display the sFlow function Syntax show sflow Description This command displays the sFlow function settings on the Swicth Parameters None Restrictions None Example usage To display sflow DES 3528 admin show sflow Command show...

Page 303: ...command Example usage To create sflow flow_sampler DES 3528 admin create sflow flow_sampler ports all analyzer_server_id 1 rate 10 maxheadersize 100 Command create sflow flow_sampler ports all analyzer_server_id 1 rate 10 maxheadersize 100 Success DES 3528 admin config sflow flow_sampler ports Purpose Used to configure the sflow flow_sampler parameters Syntax config sflow flow_sampler ports portli...

Page 304: ...ess DES 3528 admin show sflow flow_sampler Purpose Used to show the sflow flow_sampler information of ports which have been created Syntax show sflow flow_sampler Description This command is used to show the sFlow flow_sampler which has been configured for ports The actual value rate is 256 times the displayed rate value There are two types of rates Configure rate is configed by the user In order ...

Page 305: ...is entry If interval is not specified its default value is disable Restrictions Only Administrators and Operator level users can issue this command Example usage To create the sflow counter_poller DES 3528 admin create sflow counter_poller ports 1 analyzer_server_id 2 interval 40 Command create sflow counter_poller ports 1 analyzer_server_id 2 interval 40 Success DES 3528 admin config sflow counte...

Page 306: ...Example usage To delete the sflow counter_poller DES 3528 admin delete sflow counter_poller ports 1 Command delete sflow counter_poller ports 1 Success DES 3528 admin show sflow counter_poller Purpose Used to show the sflow counter_poller information of ports which have been created Syntax show sflow counter_poller Description This command is used to show the sflow counter_pollers which have been ...

Page 307: ... Administrator and Operator level users can issue this command Example usage To create the sflow analyzer_server DES 3528 admin create sflow analyzer_server 1 owner monitor Command create sflow analyzer_server 1 owner monitor Success DES 3528 admin config sflow analyzer_server Purpose Used to configure the analyzer_server information Syntax config sflow analyzer_server value 1 4 timeout sec 1 2000...

Page 308: ...zer_server 2 Success DES 3528 admin show sflow analyzer_server Purpose Used to show the sflow analyzer_server information Syntax show sflow analyzer_server Description This command is used to show the sflow analyzer_server information The Timeout field specifies the time configured by user The Current countdown times is the current time remaining before the server timesout Parameters None Restrict...

Page 309: ... offset 30 60 90 120 show time Each command is listed in detail in the following sections config sntp Purpose Used to setup SNTP service Syntax config sntp primary ipaddr secondary ipaddr poll interval int 30 99999 1 Description This command is used to configure SNTP service from an SNTP server SNTP must be enabled for this command to function See enable sntp Parameters primary This is the primary...

Page 310: ...6addr Enter the IP address used for this configuration here Restrictions Only Administrator Operator and Power User level users can issue this command Example usage To configure SNTP DES 3528 admin config sntp ipv6server primary 1000 1 secondary 1000 2 Command config sntp ipv6server primary 1000 1 secondary 1000 2 Success DES 3528 admin show sntp Purpose Used to display the SNTP information Syntax...

Page 311: ... sntp Parameters None Restrictions Only Administrator and Operator level users can issue this command Example usage To disable SNTP support DES 3528 admin disable sntp Command disable sntp Success DES 3528 admin config time Purpose Used to manually configure system time and date settings Syntax config time date ddmmmyyyy time hh mm ss Description This command configures the system time and date se...

Page 312: ... Description This command adjusts system clock settings according to the time zone Time zone settings will adjust SNTP information accordingly Parameters operator Choose to add or subtract time to adjust for time zone relative to GMT hour Select the number of hours different from GMT min Select the number of minutes difference added or subtracted to adjust the time zone Restrictions Only Administr...

Page 313: ...k 1 4 last The number of the week during the month in which DST begins where 1 is the first week 2 is the second week and so on last is the last week of the month e_week Configure the week of the month in which DST ends Parameters end_week 1 4 last The number of the week during the month in which DST ends where 1 is the first week 2 is the second week and so on last is the last week of the month s...

Page 314: ...how time Purpose Used to display the current time settings and status Syntax show time Description This command displays system time and date configuration as well as display current system time Parameters None Restrictions None Example usage To show the time currently set on the Switch s System clock DES 3528 admin show time Command show time Current Time Source System Clock Boot Time 29 May 2013...

Page 315: ..._name 12 trap log 1 config gratuitous_arp send periodically ipif ipif_name 12 interval value 0 65535 show gratuitous_arp ipif ipif_name 12 Each command is listed in detail in the following sections create arpentry Purpose Used to make a static entry into the ARP table Syntax create arpentry ipaddr macaddr Description This command is used to enter an IP address and the corresponding MAC address int...

Page 316: ... This command is used to delete a static ARP entry made using the create arpentry command above by specifying either the IP address of the entry or all Specifying all clears the Switch s ARP table Parameters ipaddr The IP address of the end node or station all Deletes all ARP entries Restrictions Only Administrator and Operator and Power User level users can issue this command Example Usage To del...

Page 317: ... Restrictions None Example Usage To display the ARP table DES 3528 admin show arpentry Command show arpentry ARP Aging Time 20 Interface IP Address MAC Address Type System 10 0 0 0 FF FF FF FF FF FF Local Broadcast System 10 1 1 164 00 50 BA 70 E4 65 Dynamic System 10 1 1 254 00 03 09 18 10 01 Dynamic System 10 1 104 222 00 04 00 00 00 00 Dynamic System 10 2 87 62 00 50 BA 66 77 56 Dynamic System ...

Page 318: ...sable the sending of gratuitous ARP requests while the IP interface status comes up Syntax config gratuitous_arp send ipif_status_up enable disable Description The command is used to enable disable sending of gratuitous ARP request packets while the IPIF interface comes up This is used to automatically announce the interface s IP address to other nodes By default the state is disabled Parameters e...

Page 319: ...mand Example Usage To enable send a gratuitous ARP request when a duplicate IP is detected DES 3528 admin config gratuitous_arp send duplicate_ip_detected enable Command config gratuitous_arp send duplicate_ip_detected enable Success DES 3528 admin config gratuitous_arp learning Purpose Used to enable disable the learning of ARP entries in the ARP cache based on the received gratuitous ARP packets...

Page 320: ...are disabled the Switch won t trap and log IP conflict events to inform the administrator Parameters ipif ipif_name 12 The name of the IP interface the end node or station for which the ARP table entry was made resides on trap log Select gratuitous ARP trap and or log state Restrictions Only Administrator and Operator and Power User level users can issue this command Example Usage To disable the s...

Page 321: ... This command is used to display gratuitous ARP configuration Parameters ipif_name 12 The interface name of the Layer 3 device Restrictions None Example usage To display gratuitous ARP log and trap state DES 3528 admin show gratuitous_arp Command show gratuitous_arp Send on IPIF Status Up Disabled Send on Duplicate_IP_Detected Disabled Gratuitous ARP Learning Disabled IP Interface Name System Grat...

Page 322: ...presenting the number of routers between the Switch and the IP address above The default setting is 1 primary Specifies that this route will be set as the primary route backup Specifies that this route will be set as the backup route Restrictions Only Administrator and Operator and Power User level users can issue this command Example usage To add the default static address 10 48 74 121 with a met...

Page 323: ...mand will display the Switch s current IP routing table Parameters network_address Enter the network address used here ipaddr Enter the IP address used here static Specifies to display all the static routes Restrictions None Example usage To display the contents of the IP routing table DES 3528 admin show iproute Command show iproute Routing Table IP Address Netmask Gateway Interface Cost Protocol...

Page 324: ...nable mac_notification Description This command is used to enable MAC address notification without changing configuration Parameters None Restrictions Only Administrator and Operator level users can issue this command Example usage To enable MAC notification without changing basic configuration DES 3528 admin enable mac_notification Command enable mac_notification Success DES 3528 admin disable ma...

Page 325: ...ication ports Purpose Used to configure MAC address notification status settings Syntax config mac_notification ports portlist all enable disable Description This command is used to monitor MAC addresses learned and entered into the FDB Parameters portlist Specify a port or range of ports to be configured all Entering this command will set all ports on the system enable disable These commands will...

Page 326: ... to display the Switch s MAC address table notification status settings Parameters portlist Specify a port or group of ports to be viewed Entering this command without the parameter will display the MAC notification table for all ports Restrictions None Example usage To display the MAC address table notification status settings for ports 1 7 DES 3528 admin show mac_notification ports 1 7 Command s...

Page 327: ...itch to enter usernames and passwords for authentication the Switch contacts the TACACS XTACACS TACACS RADIUS server to verify and the server will respond with one of three messages A The server verifies the username and password and the user is granted normal user privileges on the Switch B The server will not accept the username and password and the user is denied access to the Switch C The serv...

Page 328: ... 15 show authen_enable default method_list_name string 15 all config authen application console telnet ssh http all login enable default method_list_name string 15 show authen application create authen server_group string 15 config authen server_group tacacs xtacacs tacacs radius string 15 add delete server_host ipaddr protocol tacacs xtacacs tacacs radius delete authen server_group string 15 show...

Page 329: ...s command will disable the administrator defined authentication policy for users trying to access the Switch When disabled the Switch will access the local user account database for username and password verification In addition the Switch will now accept the local enable password as the authentication for normal users attempting to access administrator level privileges Parameters None Restriction...

Page 330: ...a list for authentication techniques for user login The Switch can support up to eight method lists but one is reserved as a default and cannot be deleted Multiple method lists must be created and configured separately Parameters string 15 Enter an alphanumeric string of up to 15 characters to define the given method list Restrictions Only Administrator level users can issue this command Example u...

Page 331: ...hentication methods tacacs Adding this parameter will require the user to be authenticated using the TACACS protocol from the remote TACACS server hosts of the TACACS server group list xtacacs Adding this parameter will require the user to be authenticated using the XTACACS protocol from the remote XTACACS server hosts of the XTACACS server group list tacacs Adding this parameter will require the ...

Page 332: ...n Example usage To configure the default method list with authentication methods XTACACS TACACS and local in that order DES 3528 admin config authen_login default method xtacacs tacacs local Command config authen_login default method xtacacs tacacs local Success DES 3528 admin delete authen_login method_list_name Purpose Used to delete a user defined method list of authentication methods for user ...

Page 333: ...hod list protocols will be queried for authentication when a user attempts to log on to the Switch Priority ranges from 1 highest to 4 lowest Method Name Defines which security protocols are implemented per method list name Comment Defines the type of Method User defined Group refers to server group defined by the user Built in Group refers to the TACACS XTACACS TACACS and RADIUS security protocol...

Page 334: ...al user level privileges on the Switch he or she must be authenticated by a method on the Switch to gain administrator privileges on the Switch which is defined by the Administrator A maximum of eight enable method lists can be implemented on the Switch Parameters string 15 Enter an alphanumeric string of up to 15 characters to define the given enable method list to create Restrictions Only Admini...

Page 335: ...p to four 4 of the following authentication methods tacacs Adding this parameter will require the user to be authenticated using the TACACS protocol from the remote TACACS server hosts of the TACACS server group list xtacacs Adding this parameter will require the user to be authenticated using the XTACACS protocol from the remote XTACACS server hosts of the XTACACS server group list tacacs Adding ...

Page 336: ...min Example usage To configure the default method list with authentication methods XTACACS TACACS and local in that order DES 3528 admin config authen_enable default method xtacacs tacacs local Command config authen_enable default method xtacacs tacacs local Success DES 3528 admin delete authen_enable method_list_name Purpose Used to delete a user defined method list of authentication methods for ...

Page 337: ...onfigured method list name Priority Defines which order the method list protocols will be queried for authentication when a user attempts to log on to the Switch Priority ranges from 1 highest to 4 lowest Method Name Defines which security protocols are implemented per method list name Comment Defines the type of Method User defined Group refers to server groups defined by the user Built in Group ...

Page 338: ...d method list enable Use this parameter to configure an application for upgrading a normal user level to administrator privileges using a previously configured method list default Use this parameter to configure an application for user authentication using the default method list method_list_name string 15 Use this parameter to configure an application for user authentication using a previously co...

Page 339: ...wing tacacs Enter this parameter if the server host utilizes the TACACS protocol xtacacs Enter this parameter if the server host utilizes the XTACACS protocol tacacs Enter this parameter if the server host utilizes the TACACS protocol radius Enter this parameter if the server host utilizes the RADIUS protocol port int 1 65535 Enter a number between 1 and 65535 to define the virtual port number of ...

Page 340: ... TACACS protocol xtacacs Enter this parameter if the server host utilizes the XTACACS protocol tacacs Enter this parameter if the server host utilizes the TACACS protocol radius Enter this parameter if the server host utilizes the RADIUS protocol port int 1 65535 Enter a number between 1 and 65535 to define the virtual port number of the authentication protocol on a server host The default port nu...

Page 341: ...ommand delete authen server_host 10 1 1 121 protocol tacacs Success DES 3528 admin show authen server_host Purpose Used to show the authentication server hosts Syntax show authen server_host Description This command is used to view user defined authentication server hosts previously created on the Switch The following parameters are displayed IP Address The IP address of the authentication server ...

Page 342: ...ACACS XTACACS TACACS RADIUS server hosts into user defined categories for authentication using method lists The user may add up to eight authentication server hosts to this group using the config authen server_group command Parameters string 15 Enter an alphanumeric string of up to 15 characters to define the newly created server group Restrictions Only Administrator level users can issue this com...

Page 343: ...utilize the built in TACACS server protocol on the Switch Only server hosts utilizing the TACACS protocol may be added to this group radius Use this parameter to utilize the built in RADIUS server protocol on the Switch Only server hosts utilizing the RADIUS protocol may be added to this group string 15 Enter an alphanumeric string of up to 15 characters to define the previously created server gro...

Page 344: ...play authentication server groups currently configured on the Switch This command will display the following fields Group Name The name of the server group currently configured on the Switch including built in groups and user defined groups IP Address The IP address of the server host Protocol The authentication protocol used by the server host Parameters string 15 Enter an alphanumeric string of ...

Page 345: ...response_timeout 60 Success DES 3528 admin config authen parameter attempt Purpose Used to configure the maximum attempts for user s trying to login or promote the privilege Syntax config authen parameter attempt int 1 255 Description This command will configure the maximum number of times the Switch will accept authentication attempts Users failing to be authenticated after the set amount of atte...

Page 346: ...0 seconds User Attempts 3 DES 3528 admin enable admin Purpose Used to promote normal user s privilege to administrator s Syntax enable admin Description This command is for users who have logged on to the Switch with the normal user privilege and can be Switched to the admin privilege After logging on to the Switch users will have only user level privileges To gain access to administrator level pr...

Page 347: ... the password configured here that is set locally on the Switch Parameters password 15 After entering this command the user will be prompted to enter the old password then a new password in an alphanumeric string of no more than 15 characters and finally prompted to enter the new password again for confirmation See the example below Restrictions Only Administrator level users can issue this comman...

Page 348: ...e ssh command After following the above steps users can configure an SSH Client on the remote PC and manage the Switch using secure in band communication The Secure Shell SSH commands in the Command Line Interface CLI are listed along with the appropriate parameters in the following table Command Parameters enable ssh disable ssh config ssh authmode password publickey hostbased enable disable show...

Page 349: ...meters password This parameter may be chosen if the administrator wishes to use a locally configured password for authentication on the Switch publickey This parameter may be chosen if the administrator wishes to use a publickey configuration set on a SSH server for authentication hostbased This parameter may be chosen if the administrator wishes to use a host computer for authentication This para...

Page 350: ...1 8 Allows the user to set the number of users that may simultaneously access the Switch The default setting is 8 contimeout sec 30 600 Allows the user to set the connection timeout The user may set a time between 30 and 600 seconds The default is 120 seconds authfail int 2 20 Allows the administrator to set the maximum number of attempts that a user may try to logon utilizing SSH authentication A...

Page 351: ...me of no more than 15 characters to identify the SSH user authmode Specifies the authentication mode of the SSH user wishing to log on to the Switch The administrator may choose between hostbased This parameter should be chosen if the user wishes to use a remote SSH server for authentication purposes Choosing this parameter requires the user to input the following information to identify the SSH u...

Page 352: ... and Operator and Power User level users can issue this command Example usage To display the SSH user DES 3528 admin show ssh user authmode Command show ssh user authmode Current Accounts User Name Authentication Host Name Host IP newuser1 Password Total Entries 1 DES 3528 admin NOTE To configure the SSH user the administrator must create a user account on the Switch For information concerning con...

Page 353: ...e Cast128 encryption algorithm twofish128 This parameter will enable or disable the twofish128 encryption algorithm twofish192 This parameter will enable or disable the twofish192 encryption algorithm MD5 This parameter will enable or disable the MD5 Message Digest encryption algorithm SHA1 This parameter will enable or disable the Secure Hash Algorithm encryption RSA This parameter will enable or...

Page 354: ...ide 354 AES192 Enabled AES256 Enabled Arcfour Enabled Blowfish Enabled Cast128 Enabled Twofish128 Enabled Twofish192 Enabled Twofish256 Enabled Data Integrity Algorithm MD5 Enabled SHA1 Enabled Public Key Algorithm RSA Enabled DSA Enabled CTRL C ESC q Quit SPACE n Next Page ENTER Next Entry a All ...

Page 355: ...Switch supports the 3DES_EDE encryption code defined by the Data Encryption Standard DES to create the encrypted text 3 Hash Algorithm This part of the ciphersuite allows the user to choose a message digest function which will determine a Message Authentication Code This Message Authentication Code will be encrypted with a sent message to provide integrity and prevent against replay attacks The Sw...

Page 356: ...mbines the RSA key exchange CBC Block Cipher 3DES_EDE encryption and the SHA Hash Algorithm DHE_DSS_with_3DES_EDE_CBC_SHA This ciphersuite combines the DSA Diffie Hellman key exchange CBC Block Cipher 3DES_EDE encryption and SHA Hash Algorithm RSA_EXPORT_with_RC4_40_MD5 This ciphersuite combines the RSA Export key exchange stream cipher RC4 encryption with 40 bit keys The ciphersuites are enabled ...

Page 357: ...RC4 encryption with 40 bit keys Restrictions Only Administrator level users can issue this command Example usage To disable the SSL status on the Switch DES 3528 admin disable ssl Command disable ssl Success DES 3528 admin To disable ciphersuite RSA_EXPORT_with_RC4_40_MD5 only DES 3528 admin disable ssl ciphersuite RSA_EXPORT_with_RC4_40_MD5 Command disable ssl ciphersuite RSA_EXPORT_with_RC4_40_M...

Page 358: ... certificate file status on the Switch Syntax show ssl Description This command is used to view the SSL status on the Switch Parameters None Restrictions None Example usage To view the SSL status on the Switch DES 3528 admin show ssl Command show ssl SSL status Enabled RSA_WITH_RC4_128_MD5 Enabled RSA_WITH_3DES_EDE_CBC_SHA Enabled DHE_DSS_WITH_3DES_EDE_CBC_SHA Enabled RSA_EXPORT_WITH_RC4_40_MD5 En...

Page 359: ... client must have consistent certificate files for optimal use of the SSL function The Switch only supports certificate files with der file extensions Parameters ipaddr Enter the IP address of the TFTP server certfilename path_filename 64 Enter the path and the filename of the certificate file users wish to download keyfilename path_filename 64 Enter the path and the filename of the key exchange f...

Page 360: ...itch of another Single IP group It is connected to the Member Switches through its management VLAN Member Switch MS This is a Switch that has joined a single IP group and is accessible from the CS and it takes on the following characteristics It is not a CS or MS of another IP group It is connected to the CS through the CS management VLAN Candidate Switch CaS This is a Switch that is ready to join...

Page 361: ...s still powered down if it has become the member of another group or if it has been configured to be a Commander Switch the rediscovery process cannot occur This version will support multiple Switch upload and downloads for firmware configuration files and log files as follows Firmware The Switch now supports multiple MS firmware downloads from a TFTP server Configuration Files This Switch now sup...

Page 362: ...arameters None Restrictions Only Administrator level users can issue this command Example usage To enable SIM on the Switch DES 3528 admin enable sim Command enable sim Success DES 3528 admin disable sim Purpose Used to disable Single IP Management SIM on the Switch Syntax disable sim Description This command will disable SIM globally on the Switch Parameters None Restrictions Only Administrator l...

Page 363: ...pping it or utilizing it Parameters candidates candidate_id 1 100 Entering this parameter will display information concerning candidates of the SIM group To view a specific candidate include that candidate s ID number listed from 1 to 100 members member_id 1 32 Entering this parameter will display information concerning members of the SIM group To view a specific member include that member s id nu...

Page 364: ...dress Platform Hold Firmware Device Name Capability Time Version 1 00 01 02 03 04 00 DES 3528 L2 Switch 40 3 00 012 The Man 2 00 55 55 00 55 00 DES 3528 L2 Switch 140 3 00 012 default master Total Entries 2 DES 3528 admin To show other groups information in summary if group is specified DES 3528 admin show sim group Command show sim group SIM Group Name remote ID MAC Address Platform Hold Firmware...

Page 365: ...Use this parameter to delete a member Switch of a SIM group The member Switch should be defined by ID number Restrictions Only Administrator level users can issue this command Example usage To add a member DES 3528 admin config sim_group add 2 Command config sim_group add 2 Please wait for ACK SIM Configure Success Success DES 3528 admin To delete a member DES 3528 admin config sim_group delete 1 ...

Page 366: ...he user may set the hold time from 100 to 255 seconds candidate Used to change the role of a CS commander to a CaS candidate dp_interval 30 90 The user may set the discovery protocol interval in seconds that the Switch will send out discovery packets Returning information to the CS will include information about other Switches connected to it Ex MS CaS The user may set the dp_interval from 30 to 9...

Page 367: ...ter this parameter to specify the members to which the user prefers to download firmware or Switch configuration files The user may specify a member or members by adding one of the following mslist Enter a value or values to specify which members of the SIM group will receive the firmware or Switch configuration all Add this parameter to specify all members of the SIM group will receive the firmwa...

Page 368: ... path and file name on the TFTP server so as to upload configuration files members Enter this parameter to specify the members to which the user prefers to upload the Switch configuration or log files The user may specify a member or members by adding one of the following mslist Enter a value or values to specify which members of the SIM group will upload the Switch configuration or log all Add th...

Page 369: ...onfig jwac quarantine_server_url string 128 clear_quarantine_server_url config jwac update_server add delete ipaddress network_address tcp_port port_number 1 65535 udp_port port_number 1 65535 config jwac switch_http_port tcp_port_number 1 65535 http https config jwac ports portlist all state enable disable max_authenticating_host value 0 50 aging_time infinite min 1 1440 idle_time infinite min 1 ...

Page 370: ...e first stage is to do the authentication with the Quarantine Server and the second stage is the authentication with the Switch For the second stage the authentication is similar to WAC except that there is no port VLAN membership change by JWAC after a host passes authentication The RADIUS server will share the server configuration defined by the 802 1X command set Parameters None Restrictions On...

Page 371: ...ble jwac redirect Description This command only allows an unauthenticated host access to the quarantine server and the JWAC login page all other web access will be denied Parameters None Restrictions Only Administrator and Operator and Power User level users can issue this command Example usage To disable JWAC redirect DES 3528 admin disable jwac redirect Command disable jwac redirect Success DES ...

Page 372: ...ring function Syntax enable jwac udp_filtering Description This command is used to drop all UDP and ICMP packets except DHCP and DNS packets from unauthenticated hosts Parameters None Restrictions Only Administrator and Operator and Power User level users can issue this command Example usage To enable JWAC udp_filtering DES 3528 admin enable jwac udp_filtering Command enable jwac udp_filtering Suc...

Page 373: ...se Used to disable JWAC quarantine server monitor Syntax disable jwac quarantine_server_monitor Description This command is used to disable JWAC quarantine server monitor Parameters None Restrictions Only Administrator and Operator and Power User level users can issue this command Example usage To disable JWAC quarantine server monitor DES 3528 admin disable jwac quarantine_server_monitor Command ...

Page 374: ...ge To configure JWAC redirect DES 3528 admin config jwac redirect destination jwac_login_page delay_time 5 Command config jwac redirect_ destination jwac_login_page delay_time 5 Success DES 3528 admin config jwac virtual_ip Purpose Used to configure JWAC virtual IPaddress used to accept authentication requests from an unauthenticated host Syntax config jwac virtual_ip ipaddr url string 128 clear D...

Page 375: ...ke it access the Quarantine Server with the configured URL When the PC connects to the specified URL the quarantine server will request the PC user to input the user name and password to do authentication Parameters quarantine_server_url Specifies the JWAC quarantine server URL used string 128 Enter the JWAC quarantine server URL used here This value can be up to 128 characters long clear_quaranti...

Page 376: ...resses of update microsoft com and of Anti Virus software companies are needed to be added to the Switch Parameters add To add a network address to which the traffic will not be blocked You can add five network addresses at the most delete To delete a network address to which the traffic will not be blocked ipaddress To specify the network address to add or delete To set a specific IP address plea...

Page 377: ...e and password If not specified the default port number is 80 If no protocol is specified the protocol is HTTP Parameters tcp_port_number 1 65535 A TCP port which the JWAC Switch listens to and uses to finish the authenticating process http To specify the JWAC runs HTTP protocol on this TCP port https To specify the JWAC runs HTTPS protocol on this TCP port Restrictions The HTTP cannot run at TCP ...

Page 378: ...ed state To specify the port state of JWAC max_authenticating_host Max number of host process authentication on each port at the same time The max authenticating hosts depends on a specific project aging_time A time period during which an authenticated host will keep an authenticated state infinite indicates never to age out the authenticated host on the port idle_time If there is no traffic durin...

Page 379: ...make sure the RADIUS server added by the config radius command supports the protocol Only Administrator and Operator and Power User level users can issue this command Example usage To configure JWAC radius_protocol DES 3528 admin config jwac radius_protocol ms_chapv2 Command config jwac radius_protocol ms_chapv2 Success DES 3528 admin create jwac user Purpose Used to create JWAC users into local D...

Page 380: ... Enter a case sensitive new password Enter the new password again for confirmation Success DES 3528 admin delete jwac user Purpose Used to delete JWAC users from the local DB Syntax delete jwac user username 15 all_users Description This command deletes JWAC users from the local DB Parameters user To specify the user name to be deleted all_users All user accouts in local DB will be deleted Restric...

Page 381: ...lete a specified host with this MAC Restrictions Only Administrator and Operator and Power User level users can issue this command Example usage To delete all blocked hosts on all ports DES 3528 admin clear jwac auth_state ports all blocked Command clear jwac auth_state ports all blocked Success DES 3528 admin show jwac Purpose Used to display the configuration of JWAC Syntax show jwac Description...

Page 382: ...ating that packets with SA 00 00 00 00 00 03 will be droped no matter which VLAN these packets are from 4 MAC 00 00 00 00 00 04 attempts to start authentication the VID field will be shown as until authentication completed If port 2 is in port based mode 1 MAC 00 00 00 00 00 10 is the mac which made port 2 pass authentication mac address with P in the end indicats that this authentication is from ...

Page 383: ..._title desc 32 notification_line value 1 5 desc 128 Description This command allows the administrator to customize the JWAC authentication page Parameters japanese Specifies that the page will change to Japanese english Specifies that the page will change to English default Specifies to reset the page element back to default page_title Specifies the title of the authentication page login_window_ti...

Page 384: ...ictions Only Administrator and Operator and Power User level users can issue this command Example usage To enable the accepting of authorized configuration DES 3528 admin config jwac authorization attributes radius enable Command config jwac authorization attributes radius enable Success DES 3528 admin config jwac authenticate_page Purpose Used to choose authenticate page Syntax config jwac authen...

Page 385: ...e Japanese Version English page element Page Title Login Window Title Authentication Login User Name Title User Name Password Title Password Login Out Window Title Logout from the network Japanese page element Page Title Login Windown Title 社内 LAN 認証ログイン User Name Title ユーザ ID Password Title パスワード Login Out Windown Title 社内 LAN 認証ログアウト DES 3528 admin ...

Page 386: ...ts portlist all dot1_tlv_pvid enable disable config lldp ports portlist all dot1_tlv_protocol_vid vlan all vlan_name 32 vlanid vidlist enable disable config lldp ports portlist all dot1_tlv_vlan_name vlan all vlan_name 32 vlanid vidlist enable disable config lldp ports portlist all dot1_tlv_ protocol_identity all eapol lacp gvrp stp 1 enable disable config lldp ports portlist all dot3_tlvs all mac...

Page 387: ...Switch announces the information to its neighbor through ports For the receiving of LLDP packets the Switch will learn the information from the LLDP packets advertised from the neighbor in the neighbor table The default state for LLDP is disabled Parameters None Restrictions Only Administrator and Operator and Power User level users can issue this command Example usage To enable LLDP DES 3528 admi...

Page 388: ...0 Command config lldp message_tx_interval 30 Success DES 3528 admin config lldp Purpose Used to configure the message hold multiplier Syntax config lldp message_tx_hold_multiplier 2 10 Description This command is a multiplier on the msgTxInterval that is used to compute the TTL value of txTTL in an LLDPDU TheTTL will be carried in the LLDPDU packet The lifetime will be the minimum of 65535 and mes...

Page 389: ...se Change the minimum time of the reinitialization delay interval Syntax config lldp reinit_delay sec 1 10 Description An re enabled LLDP port will wait for reinit_delay after last disable command before reinitializing Parameters reinit_delay The range is from 1 second to 10 seconds The default setting is 2 seconds Restrictions Only Administrator and Operator and Power User level users can issue t...

Page 390: ...ue this command Example usage To change the SNMP notification state of ports 1 to 5 to enable DES 3528 admin config lldp ports 1 5 notification enable Command config lldp ports 1 5 notification enable Success DES 3528 admin config lldp ports Purpose Used to configure per port transmit and receive modes Syntax config lldp ports portlist all admin_status tx_only rx_only tx_and_rx disable Description...

Page 391: ...esses that are added in the list will be advertised in the LLDP from the specified interface associated with each management address The interface for that management address will be also advertised in the if index Form Parameters portlist Use this parameter to define ports to be configured all Use this parameter to set all ports in the system ipv4 The IP address of IPv4 ipv6 Specifies the IPv6 ad...

Page 392: ...stem_capabilities This TLV optional data type indicates that LLDP agent should transmit System Capabilities TLV The system capability will indicate whether the device provides repeater bridge or router function and whether the provided functions are currently enabled The default state is disabled Restrictions Only Administrator and Operator and Power User level users can issue this command Usage E...

Page 393: ...ts for all ports DES 3528 admin config lldp ports all dot1_tlv_protocol_vid vlanid 1 3 enable Command config lldp ports all dot1_tlv_protocol_vid vlanid 1 3 enable Success DES 3528 admin config lldp port Purpose Used to configure an individual port or group of ports to exclude one or more of IEEE 802 1 Organizationally VLAN name TLV data types from outbound LLDP advertisements Syntax config lldp p...

Page 394: ...ding Local System s Protocol Identity instance will be transmitted on the port The Protocol Identity TLV provides a way for stations to advertise protocols that are important to the operation of the network Such as Spanning Tree Protocol the Link Aggregation Control Protocol and numerous vendor proprietary variations are responsible for maintaining the topology and connectivity of the network If E...

Page 395: ...on whether the port is aggregated in a aggregated link and the aggregated port ID The default state is disabled power_via_mdi This TLV optional data type indicates that the LLDP agent should transmit Power via MDI TLV Three IEEE 802 3 PMD implementations 10BASE T 100BASE TX and 1000BASE T allow power to be supplied over the link for connected non powered systems The Power Via MDI TLV allows networ...

Page 396: ...Interval 30 Message Tx Hold Multiplier 4 ReInit Delay 2 Tx Delay 2 Notification Interval 5 DES 3528 admin show lldp mgt_addr Purpose Used to display the LLDP management address information Syntax show lldp mgt_addr ipv4 ipaddr ipv6 ipv6addr Description This command displays the LLDP management address information Parameters ipv4 Optional Specify the IPv4 address used for the display ipaddr Optiona...

Page 397: ...Port_and_Protocol_VLAN_ID None Enabled VLAN Name None Enabled Protocol_Identity None MAC PHY Configuration Status Disabled Link Aggregation Disabled Maximum Frame Size Disabled CTRL C ESC q Quit SPACE n Next Page ENTER Next Entry a All show lldp local_ports Purpose Used to display the per port information currently available for populating outbound LLDP advertisements Syntax show lldp local_ports ...

Page 398: ...information learned from the neighbor parameters Parameters portlist Use this parameter to define ports to be configured mode Choose from three options brief Display the information in brief mode normal Display the information in normal mode This is the default display mode detailed Display the information in detailed mode Restrictions None Example usage To display remote table in brief mode DES 3...

Page 399: ...geout 0 DES 3528 admin show lldp statistics ports Purpose Used to display the ports LLDP statistics information Syntax show lldp statistics ports portlist Description This command displays per port LLDP statistics Parameters portlist Use this parameter to define ports to be configured When portlist is not specified information for all ports will be displayed Restrictions None Usage Example To disp...

Page 400: ...tor and Operator and Power User level users can issue this command Usage Example To configure a LLDP MED fast start repeat count of 5 DES 3528 admin config lldp_med fast_start repeat_count 5 Command config lldp_med fast_start repeat_count 5 Success DES 3528 admin config lldp_med log state Purpose This command is used to configure the log state of LLDP MED events Syntax config lldp_med log state en...

Page 401: ... 1 2 state enable Success DES 3528 admin config lldp_med ports Purpose This command is used to enable or disable transmitting LLDP MED TLVs Syntax config lldp_med ports portlist all med_transmit_capabilities all capabilities network_policy power_pse inventory state enable disable Description It effectively disables LLDP MED on a per port basis by disabling transmission of TLV capabilities In this ...

Page 402: ... A5 Firmware Revision 1 00 B008 Software Revision 3 00 005 Serial Number PVZU1BB000141 Manufacturer Name D Link Model Name DES 3528 Fast Ethernet Switch Asset ID PoE Device Type PSE Device PoE PSE Power Source Primary LLDP MED Configuration Fast Start Repeat Count 5 LLDP MED Log State Enabled DES 3528 admin show lldp_med local_ports Purpose This command is used to display the per port LLDP MED inf...

Page 403: ... to be displayed Restrictions None Usage Example To display LLDP MED configuration information for port 1 DES 3528 admin show lldp_med ports 1 1 Command show lldp_med ports 1 1 Port ID 1 1 Topology Change Notification Status Enabled LLDP MED Capabilities TLV Enabled LLDP MED Network Policy TLV Enabled LLDP MED Extended Power Via MDI PSE TLV Enabled LLDP MED Inventory TLV Enabled DES 3528 admin sho...

Page 404: ...es Enabled Capabilities Enabled Network Policy Enabled Location Identification Enabled Extended Power Via MDI Enabled Inventory Enabled Network Policy Application Type Voice VLAN ID Priority DSCP Unknown True Tagged Application Type Softphone Voice VLAN ID 200 Priority 7 DSCP 5 Unknown False Tagged True Location Identification Location Subtype CoordinateBased Location Information Location Subtype ...

Page 405: ...ll cvid vidlist show vlan_translation ports portlist cvid vidlist Each command is listed in detail in the following sections enable qinq Purpose Used to enable Q in Q mode Syntax enable qinq Description This command enables Q in Q mode When enable Q in Q all network port roles will be NNI port and their outer TPID will be set to 88a8 All existed static VLAN will run as SP VLAN All dynamically lear...

Page 406: ...er User level users can issue this command Example usage To disable Q in Q DES 3528 admin disable qinq Command disable qinq Success DES 3528 admin show qinq Purpose Used to show global Q in Q Syntax show qinq Description This command is used to show the global Q in Q status Parameters None Restrictions None Example usage To show global Q in Q status DES 3528 admin show qinq Commands show qinq QinQ...

Page 407: ...ble C VLAN based SP VLAN assignment miss drop outer_tpid Allows the interoperation with devices on a public network by specifying ports use_inner_priority Specifies whether to use the priority in the C VLAN tag as the priority in the SP VLAN tag add_inner_tag Specifies whether to add inner tag for ingress untagged packets If set the inner tag will be added for the ingress untagged packets and thus...

Page 408: ...d to configure the system s inner TPID Syntax config qinq inner_tpid hex 0x1 0xffff Description The command is used to configure the inner TPID of the system The inner TPID is used to decide whether the ingress packet is c tagged Inner tag TPID is per system configurable This command is for projects that support per system TPID configuration Parameters None Restrictions Only Administrator and Oper...

Page 409: ...eived C VLAN tagged packets on these ports all Specfies that all the ports will be included in this configuration add The action indicates to add a tag for the assigned SP VLAN before the C VLAN tag replace The action indicates to replace the C VLAN tag with the SP VLAN cvid C VLAN ID to match svid SP VLAN ID priority The priority of the s tag Restrictions Only Administrator and Operator and Power...

Page 410: ... VLAN based SP VLAN assignment rules Parameters ports A range of ports which the rules will be displayed If no parameters are specified all rules will be displayed cvid Specifies C VLAN range which the rules will be displayed Restrictions None Example usage To show vlan_translation rules in the system DES 3528 admin show vlan_translation Commands show vlan_translation Port CVID SPVID Action Priori...

Page 411: ...cket travels from the Switch where the monitored packet is received through an intermediate Switch then to the Switch where the sniffer is attached The first Switch is also named the source Switch To make the RSPAN work for the source Switch the RSPAN VLAN source setting must be configured For the intermediate and the last Switch the RSPAN VLAN redirect setting must be configured NOTE RSPAN VLAN m...

Page 412: ...s Only Administrator and Operator level users can issue this command Example usage To create a RSPAN VLAN DES 3528 admin create rspan vlan vlan_name v3 Command create rspan vlan vlan_name v3 Success DES 3528 admin delete rspan vlan Purpose Used to delete a RSPAN VLAN Syntax delete rspan vlan vlan_name vlan_name vlan_id value 1 4094 Description This command is used to delete RSPAN VLANs Parameters ...

Page 413: ...oved The redirect function will only work when RSPAN is enabled Multiple RSPAN VLANs can be configured with redirect settings at the same time NOTE If RSPAN is enabled the packets mirrored to the destination port are always added with an RSPAN VLAN tag If mirror is enabled but RSPAN is disabled the packets mirrored to the destination port may be in tagged form or in untagged form NOTE Only one RSP...

Page 414: ... vlan_id vlanid 1 4094 Description This command displays the RSPAN configuration Parameters vlan_name Specify the RSPAN VLAN by VLAN name vlan_id Specify the RSPAN VLAN by VLAN ID Restrictions None Example usage To display special setting DES 3528 admin show rspan vlan_id 63 Command show rspan vlan_id 63 RSPAN Enabled RSPAN VLAN ID 63 Source Ports RX 2 5 TX 2 5 Total RSPAN VLAN 1 DES 3528 admin ...

Page 415: ...serviced under the specified VLAN regardless of the authentiucation function operated on this port There is a global limitation of the maximum entries up to 1024 for the static MAC based entry Parameters mac_address The MAC address vlan The VLAN to be associated with the MAC address vlanid Specifies the VLAN by VLAN ID Restrictions Only Administrator and Operator and Power User level users can iss...

Page 416: ...s used to display the static or dynamic MAC Based VLAN entry If the MAC address and VLAN is not specified all static and dynamic entries will be displayed Parameters mac The MAC address vlan The VLAN to be associated with the MAC address vlanid Specifies the VLAN by VLAN ID Restrictions None Example usage To display the static or dynamic MAC based VLAN entry DES 3528 admin show mac_based_vlan Comm...

Page 417: ...o green red yellow show dscp map portlist dscp_priotity dscp_dscp dscp_color dscp dscp_list config 802 1p map portlist all 1p_color priority_list to green red yellow show 802 1p map 1p_color portlist Each command is listed in detail in the following sections enable sred Purpose Used to enable the simple RED function Syntax enable sred Description This command is usded to enable the sRED function B...

Page 418: ...s 0 to 100 drop_rate See below low Specifies the probabilistic drop rate if above the low threshold By default the value is 1 high Specifies the probabilistic drop rate if above the high threshold By default the value is 1 drop_green See below disable Specifies the probabilistic drop red colored packets if the queue depth is above the low threshold and probabilistic drop yellow colored packets if ...

Page 419: ...60 80 1 1 1 1 Disabled 60 80 1 1 1 2 Disabled 60 80 1 1 1 3 Disabled 60 80 1 1 1 4 Disabled 60 80 1 1 1 5 Disabled 60 80 1 1 1 6 Disabled 60 80 1 1 1 7 Disabled 60 80 1 1 2 0 Disabled 60 80 1 1 2 1 Disabled 60 80 1 1 2 2 Disabled 60 80 1 1 2 3 Disabled 60 80 1 1 2 4 Disabled 60 80 1 1 2 5 Disabled 60 80 1 1 2 6 Disabled 60 80 1 1 2 7 Disabled 60 80 1 1 3 0 Disabled 60 80 1 1 CTRL C ESC q Quit SPAC...

Page 420: ...e Enable disable to trust DSCP By default DSCP trust is disabled Restrictions Only Administrator and Operator and Power User level users can issue this command Example usage This config dscp trust DES 3528 admin config dscp trust 1 8 state enable Command config dscp trust 1 8 state enable Success DES 3528 admin show dscp trust Purpose Used to display DSCP trust state Syntax show dscp trust portlis...

Page 421: ...to be mapped to a specific priority priority Specifies the result priority of mapping The default mapping are DSCP 0 7 8 15 16 23 24 31 32 39 40 47 48 55 56 63 priority 0 1 2 3 4 5 6 7 dscp_dscp Specifies a list of DSCP value to be mapped to a specific dscp dscp Specifies the result DSCP of mapping dscp_color Specifies a list of DSCP value to be mapped to a specific color color Specifies the resul...

Page 422: ...level users can issue this command Example usage This config 802 1p map DES 3528 admin config 802 1p map 1 8 1p_color 1 to red Command config 802 1p map 1 8 1p_color 1 to red Success DES 3528 admin show 802 1p map Purpose Used to display the 1p to color mapping Syntax show 802 1p map 1p_color portlist Description This command is used to display the 1p to color mapping Parameters portlist A range o...

Page 423: ...reen Green Green Green Green Green Green Green 14 Green Green Green Green Green Green Green Green 15 Green Green Green Green Green Green Green Green 16 Green Green Green Green Green Green Green Green 17 Green Green Green Green Green Green Green Green 18 Green Green Green Green Green Green Green Green CTRL C ESC q Quit SPACE n Next Page ENTER Next Entry a All ...

Page 424: ...ate mac_based_access_control guest_vlan vlan_name 32 guest_vlanid vlanid 1 4094 delete mac_based_access_control guest_vlan vlan_name 32 guest_vlanid vlanid 1 4094 clear mac_based_access_control auth_state ports all portlist mac_addr macaddr create mac_based_access_control_local mac macaddr vlan vlan_name 32 vlanid vlanid 1 4094 config mac_based_access_control_local mac macaddr vlan vlan_name 32 vl...

Page 425: ...s None Restrictions Only Administrator and Operator and Power User level users can issue this command Example usage To disable MAC based AC function DES 3528 admin disable mac_based_access_control Command disable mac_based_access_control Success DES 3528 admin config mac_based_access_control password Purpose Used to configure the password of the MAC based AC Syntax config mac_based_access_control ...

Page 426: ..._access_control guest_vlan ports Purpose Use to configure the MAC based AC guest VLAN membership Syntax Config mac_based_access_control guest_vlan ports portlist Description This command is used to put the specified port in guest VLAN mode For those ports that are not contained in the port list they are in non guest VLAN mode For detailed information about operation of guest VLAN mode refer to the...

Page 427: ...e removed from the member port of the guest VLAN and become a member port of the original VLAN Parameters ports A range of ports enable or disable mac_based_access_control function state Specifies whether MAC based AC function is enabled or disabled aging_time A time period during which an authenticated host will be kept in authenticated state When the aging time is time out the host will be moved...

Page 428: ...ess Control DES 3528 admin config mac_based_access_control log state disable Command config mac_based_access_control log state disable Success DES 3528 admin create mac_based_access_control Purpose Used to create MAC based access control guest VLAN Syntax create mac_based_access_control guest_vlan vlan_name 32 guest_vlanid vlanid 1 4094 Description This command is used to create the guest VLAN Par...

Page 429: ...d delete mac_based_access_control guest_vlan default Success DES 3528 admin clear mac_based_access_control auth_state Purpose Used to reset the current state of a user The re authentication will be started after the user traffic is received again Syntax clear mac_based_access_control auth_state ports all portlist mac_addr macaddr Description This command is used to clear the authentication state o...

Page 430: ...trol_local mac 00 00 00 00 00 01 vlan default Command create mac_based_access_control_local mac 00 00 00 00 00 01 vlan default Success DES 3528 admin config mac_based_access_control_local mac Purpose Used to configure the local database entry Syntax config mac_based_access_control_local mac macaddr vlan vlan_name 32 vlanid vlanid 1 4094 Description This command is used to modify a database entry P...

Page 431: ...c_based_access_control_local mac 00 00 00 00 00 01 Success DES 3528 admin To delete the local database entry by vlan name DES 3528 admin delete mac_based_access_control_local vlan default Command delete mac_based_access_control_local vlan default Success DES 3528 admin show mac_based_access_control Purpose Used to display mac_based_access_control setting Syntax show mac_based_access_control ports ...

Page 432: ...le usage To display MAC based Access Control local database entries DES 3528 admin show mac_based_access_control_local Command show mac_based_access_control_local MAC Address VID 00 00 00 00 00 01 1 00 00 00 00 00 02 123 00 00 00 00 00 03 123 00 00 00 00 00 04 1 Total Entries 4 DES 3528 admin To display MAC based Access Control local database entry by MAC address DES 3528 admin show mac_based_acce...

Page 433: ...onfig mac_based_access_control authorization attributes radius enable disable local enable disable 1 Description This command is used to enable or disable the accepting of authorized configuration When the authorization is enabled for MAC AC s radius the authorized data assigned by the RADUIS server will be accepted if the global authorization network is enabled When the authorization is enabled f...

Page 434: ...igure the type of RADIUS authentication password for MAC based Access Control Syntax config mac_based_access_control password_type manual_string client_mac_address Description This command is used to configure the type of RADIUS authentication password for MAC based Access Control Parameters manual_string Specifies to use the same string as password for all clients do RADIUS authentication the str...

Page 435: ...c switch_http_port tcp_port_number 1 65535 http https config wac user username 15 vlan vlan_name 32 vlanid vlanid 1 4094 clear_vlan config wac virtual_ip ipaddr ipv6addr show wac auth_state ports portlist create wac user username 15 vlan vlan_name 32 vlanid vlanid 1 4094 delete wac user user username 15 all_user show wac show wac ports portlist show wac user clear wac auth_state ports portlist all...

Page 436: ...ase will be accepted Parameters radius If enabled the authorized data assigned by the RADUIS server will be accepted if the global authorization network is enabled The default state is enabled local If specified to enable the authorized data assigned by the local database will be accepted if the global authorization network is enabled The default state is enabled Restrictions Only Administrator an...

Page 437: ...trictions Only Administrator and Operator and Power User level users can issue this command Example usage To configure the WAC default redirect path DES 3528 admin config wac default_redirpath http 2 3 2 3 Command config wac default_redirpath http 2 3 2 3 Success DES 3528 admin config wac method Purpose To configure the WAC method Syntax config wac method local radius Description This command conf...

Page 438: ...ons Only Administrator and Operator and Power User level users can issue this command Example usage To configure port WAC state DES 3528 admin config wac ports 1 8 state enable Command config wac ports 1 8 state enable Success DES 3528 admin config wac switch_http_port Purpose Used to configure the TCP port that the WAC Switch listens to Syntax config wac switch_http_port tcp_port_number 1 65535 h...

Page 439: ...ddress used to accept authentication requests from an unauthenticated host Syntax config wac virtual_ip ipaddr ipv6addr Description When the virtual IP is specified the TCP packet sent to the virtual IP will get a reply If the virtual IP is enabled TCP packets sent to the virtual IP or physical IPIF s IP address will both get the reply When the virtual IP is set 0 0 0 0 the function of virtual IP ...

Page 440: ... start authentication the VID field will be shown as until authentication completed If port 2 is in port based mode 1 MAC 00 00 00 00 00 10 is the MAC which made port 2 pass authentication MAC address with P in the end indicats that this authentication is from a port in port based mode If port 3 is in port based mode 1 MAC 00 00 00 00 00 20 attempts to start authentication MAC address with P in th...

Page 441: ...sword Enter the new password again for confirmation Success DES 3528 admin delete wac user Purpose Used to delete the account for Web based Access Control Syntax delete wac user user username 15 all_user Description This command allows you to delete an account Parameters username User account for Web based Access Control all_users To delete all the users Restrictions Only Administrator and Operato...

Page 442: ...usage To display WAC ports DES 3528 admin show wac ports 1 8 Command show wac ports 1 1 1 8 Port State Aging Time Idle Time Block Time Minutes Minutes Seconds 1 1 Enabled 1440 Infinite 60 1 2 Enabled 1440 Infinite 60 1 3 Enabled 1440 Infinite 60 1 4 Enabled 1440 Infinite 60 1 5 Enabled 1440 Infinite 60 1 6 Enabled 1440 Infinite 60 1 7 Enabled 1440 Infinite 60 1 8 Enabled 1440 Infinite 60 DES 3528 ...

Page 443: ... port will be reset Parameters portlist Specifies the list of ports whose WAC state will be cleared all Specifies all the ports whose WAC state will be cleared authenticated Specifies to delete the host in this state authenticating Specifies to delete the host in this state blocked Specifies to delete the host in this state macaddr Specifies the MAC address used macaddr Enter the MAC address used ...

Page 444: ...stem The range which can be specified is determined by the system Normally the minimum setting is 37W and the maximum setting is 370W The actual range will depend on power supply capabilities power_disconnect_method Configure the disconnection method that will be used when the power budget is running out When the system attempts to supply power to a new port if the power budget is insufficient to ...

Page 445: ...le Fast Ethernet Switch CLI Reference Guide 445 DES 3528P admin config poe system power_limit 250 power_disconnect_method deny_low_priority_port Command config poe system power_limit 250 power_disconnect_method deny_low_priority_port Success DES 3528P admin ...

Page 446: ...ge and supply power to ports power_limit Configure the per port power limit If a port exceeds its power limit it will be shut down Based on 802 3af at there are 5 kinds of PD classes Class 0 0 44 12 95W Class 1 0 44 3 84W Class 2 3 84 6 49W Class 3 6 49 12 95W Class 4 12 95W 25 5W The following is the power limit applied to the port for these five classes For each class the power limit is a little...

Page 447: ...Unit 1 PoE System Information Power Limit 370 Watts Power Consumption 0 Watts Power Remained 351 Watts Power Disconnection Method Deny Next Port Detection Legacy PD Disabled CTRL C ESC q Quit SPACE n Next Page p Previous Page r Refresh show poe ports Purpose Used to display the settings and actual values of the PoE ports Syntax show poe ports portlist Description This command displays the settings...

Page 448: ...0 OFF Interim state during line detection 4 Enabled Critical 4200 Class 1 0 0 0 0 OFF Interim state during line detection 5 Enabled Critical 4200 Class 1 0 0 0 0 OFF Interim state during line detection 6 Enabled Critical 4200 Class 1 0 0 0 0 OFF Interim state during line detection CTRL C ESC q Quit SPACE n Next Page p Previous Page r Refresh ...

Page 449: ...circuit ID tag to the received PPPoE discover request and also the request packet if the tag is absent While enabled it will remove the circuit ID tag from the received PPPoE offer and session confirmation packet The circuit ID will contain the following information Client MAC address Switch IP address and port number The setting is disabled by default Parameters None Restrictions Only Administrat...

Page 450: ...to encode the circuit ID option ip The Switch s IP address will be used to encode the circuit ID option This is the default udf A user specified string to be used to encode the circuit ID option string 32 Enter a string with the maximum length of 32 Restrictions Only Administrator level users can issue this command Example usage To enable port 5 PPPoE circuit ID insertion function DES 3528 admin c...

Page 451: ...erver does not exist the secondary server will be used nameserver ipaddr Specifies the IP address of primary or secondary name server domain_name 32 ipaddr Specifies the name of the server and IP address of the corresponding in DNS Static Table in DNS server Restrictions Only Administrator and Operator and Power User level users can issue this command Example usage To configure the DNS relay DES 3...

Page 452: ...r level users can issue this command Example usage To disable the DNS relay DES 3528 admin disable dnsr cache Command disable dnsr cache Success DES 3528 admin show dnsr Purpose Used to display the current DNS relay static table Syntax show dnsr static Description This command is used to display the current DNS relay static table Parameters static The DNS Static Table in DNS server with the name o...

Page 453: ...o encode the circuit ID option ip The Switch s IP address will be used to encode the circuit ID option This is the default udf A user specified string to be used to encode the circuit ID option string 32 Enter a string with the maximum length of 32 Restrictions Only Administrator level users can issue this command Example usage To enable port 5 PPPoE circuit ID insertion function DES 3528 admin co...

Page 454: ... show policy_route Each command is listed in detail in the following sections create policy_route name Purpose Used to add policy route rule Syntax create policy_route name policyroute_name 32 Description This command allows you to create policy route and define this rule name The ACL rule that is linked to the policy route command could not be deleted via ACL command Parameters policyroute_name 3...

Page 455: ...me of police rule profile_id Specifies the ACL profile ID access_id Specifies the ACL access ID nexthop Specifies the next hop IP address state Enables or disables the rule Restrictions Only Administrator and Operator level users can issue this command Example usage To config a policy route DES 3528 admin config policy_route name engineer acl profile_id 1 access_id 1 nexthop 20 1 1 100 state enabl...

Page 456: ...y policy route rule Syntax show policy_route Description This command is used to display policy route rule Parameters None Restrictions None Example usage To show available policy routes DES 3528 admin show policy_route Command show policy_route Policy Routing Table Name Profile ID Access ID Next Hop State pname Total Entries 1 DES 3528 admin ...

Page 457: ...orts portlist all state enable disable mode drop block shutdown 1 Description This command is used to setup the BPDU Attack Protection function for the ports on the Switch Parameters portlist Specifies a range of ports to be configured all In order to set all ports in the system you may use the all parameter state Specifies the state of BPDU Attack Protection The default state is disable enable En...

Page 458: ...otection recovery timer to 120 seconds for the entire Switch DES 3528 admin config bpdu_protection recovery_timer 120 Command config bpdu_protection recovery_timer 120 Success DES 3528 admin config bpdu_protection Purpose Used to configure the trap or log state of BPDU Attack Protection Syntax config bpdu_protection trap log none attack_detected attack_cleared both Description This command is used...

Page 459: ...y disabled on the Switch Parameters None Restrictions Only Administrator and Operator level users can issue this command Example usage To disable the BPDU Attack Protection function globally for the entire Switch DES 3528 admin disable bpdu_protection Command disable bpdu_protection Success DES 3528 admin show bpdu_protection Purpose Used to display BPDU Attack Protection status Syntax show bpdu_p...

Page 460: ...uide 460 To display the BPDU Attack Protection status for ports 1 4 of the Switch DES 3528 admin show bpdu_protection ports 1 4 Command show bpdu_protection ports 1 4 Port State Mode Status 1 Enabled Drop Normal 2 Disabled Drop Normal 3 Disabled Drop Normal 4 Disabled Drop Normal DES 3528 admin ...

Page 461: ...ts portlist status configuration statistics event_log index value_list clear ethernet_oam ports portlist all event_log statistics Each command is listed in detail in the following sections config ethernet_oam ports mode Purpose Used to configure Ethernet OAM mode Syntax config ethernet_oam ports portlist all mode active passive Description This command is used to configure ports Ethernet OAM to op...

Page 462: ...67295 window millisecond 1000 60000 notify_state enable disable 1 Description This command is used to configure ports Ethernet OAM link monitoring error symbols The link monitoring function provides a mechanism to detect and indicate link faults under a variety of conditions OAM monitors the statistics on the number of frame errors as well as the number of coding symbol errors When the number of s...

Page 463: ...2 window 1000 notify_state enable Command config ethernet_oam ports 1 link_monitor error_frame threshold 2 window 1000 notify_state enable Success DES 3528 admin config ethernet_oam ports link_monitor error_frame_seconds Purpose Used to configure Ethernet OAM link monitoring error frame seconds Syntax config ethernet_oam ports portlist all link_monitor error_frame_seconds threshold range 1 900 win...

Page 464: ...ater than the specified threshold in a period and the event notification state is enabled it generates an error frame period event to notify the remote OAM Parameters portlist Specifies a range of ports to be configured Use all to specify all ports threshold Specifies the number of error frame seconds in the period that are required to be equal to or greater than in order for the event to be gener...

Page 465: ...ical_link_event dying_gasp notify_state enable Command config ethernet_oam ports 1 critical_link_event dying_gasp notify_state enable Success DES 3528 admin config ethernet_oam ports remote_loopback Purpose Used to start or stop Ethernet OAM remote loop back Syntax config ethernet_oam ports portlist all remote_loopback start stop Description This command is used to start or stop the remote peer to...

Page 466: ...l not be processed Ignoring received remote loop back command will prevent the port from entering remote loop back mode Parameters portlist Specifies a range of ports to be configured Use all to specify all ports received_remote_loopback Specifies whether to process or to ignore the received Ethernet OAM remote loop back command The default method is ignore Restrictions Only Administrator and Oper...

Page 467: ...plex operation 3 OAM mode passive or active 4 Maximum OAMPDU size The largest OAMPDU that the OAM entity supports OAM entities exchange maximum OAMPDU sizes and negotiate to use the smaller of the two maximum OAMPDU sizes between the peers 5 OAM configuration revision The configuration revision of the OAM entity as reflected in the latest OAMPDU sent by the OAM entity The config revision is used b...

Page 468: ...on This command is used to show port s Ethernet OAM configurations Parameters portlist Specifies a range of ports to display Restrictions Only Administrator and Operator level users can issue this command Example usage To show Ethernet OAM configuration on port 1 2 DES 3528 admin show ethernet_oam ports 1 2 configuration Command show ethernet_oam ports 1 2 configuration Port 1 OAM Enabled Mode Pas...

Page 469: ...x 0 Variable Request OAMPDU Rx 0 Variable Response OAMPDU Tx 0 Variable Response OAMPDU Rx 0 Organization Specific OAMPDUs Tx 0 Organization Specific OAMPDUs Rx 0 Unsupported OAMPDU Tx 0 Unsupported OAMPDU Rx 0 Frames Lost Due To OAM 0 DES 3528 admin show ethernet_oam event_log Purpose Used to show the Ethernet OAM event log Syntax show ethernet_oam portlist event_log index value_list Description ...

Page 470: ...tatistics information Parameters portlist Specifies a range of ports to clear the statistics Restrictions Only Administrator and Operator level users can issue this command Example usage To clear port 1 OAM statistics DES 3528 admin clear ethernet_oam ports 1 statistics Command clear ethernet_oam ports 1 statistics Success DES 3528 admin clear ethernet_oam ports event_log Purpose Used to clear Eth...

Page 471: ...pool netbios_name_server pool_name 12 ipaddr ipaddr ipaddr config dhcp pool netbios_node_type pool_name 12 broadcast peer_to_peer mixed hybrid config dhcp pool default_router pool_name 12 ipaddr ipaddr ipaddr config dhcp pool lease pool_name 12 day 0 365 hour 0 23 minute 0 59 infinite config dhcp pool boot_file pool_name 12 file_name 64 config dhcp pool next_server pool_name 12 ipaddr create dhcp ...

Page 472: ...dmin delete dhcp excluded_address Purpose Used to specify the IP addresses that the DHCP server will not assign to DHCP client to be deleted Syntax delete dhcp excluded_address begin_address ipaddr end_address ipaddr Description The DHCP server assumes that all IP addresses in a DHCP pool subnet are available for assigning to DHCP clients This command is used to specify the IP address that the DHC...

Page 473: ...ed is 4 Parameters pool name 12 Specifies the name of the pool Restrictions Only Administrator and Operator and Power User level users can issue this command Example usage To create DHCP pool entry DES 3528 admin create dhcp pool accounting Command create dhcp pool accounting Success DES 3528 admin delete dhcp pool Purpose Used to delete a DHCP pool entry Syntax delete dhcp pool pool name 12 all D...

Page 474: ...arameters pool name 12 Spcifies the name of the pool network address Specifies the IP address that the DHCP server may assign to clients Restrictions Only Administrator and Operator and Power User level users can issue this command Example usage To configure the address range of the DHCP address pool DES 3528 admin config dhcp pool network_addr accounting 10 10 10 0 24 Command config dhcp pool net...

Page 475: ... 10 1 Success DES 3528 admin config dhcp pool netbios_name_server Purpose Used to specify the NetBIOS WINS server that is available to a Microsoft DHCP client Up to three IP addresses can be specified in one command line Syntax config dhcp pool netbios_name_server pool_name 12 ipaddr ipaddr ipaddr Description Windows Internet Naming Service WINS is a name resolution service that Microsoft DHCP cli...

Page 476: ...ol netbios_node_type accounting hybrid Success DES 3528 admin config dhcp pool default_router Purpose Used to specify the IP address of the default router for a DHCP client Up to three IP addresses can be specified in one command line Syntax config dhcp pool default_router pool_name 12 ipaddr ipaddr ipaddr Description After a DHCP client has booted the client begins sending packets to its default ...

Page 477: ...ig dhcp pool lease accounting infinite Command config dhcp pool lease accounting infinite Success DES 3528 admin config dhcp pool boot_file Purpose Used to specify the name of the file that is used as a boot image Syntax config dhcp pool boot_file pool_name 12 file_name 64 Description The boot file is used to store the boot image for the client The boot image is generally the operating system the ...

Page 478: ... the DHCP server sends to an IP address before assigning this address to a requesting client Syntax config dhcp ping_packets number 0 10 Description By default the DHCP server pings a pool address twice before assigning the address to a DHCP client If the ping is unanswered the DHCP server assumes with a high probability that the address is not in use and assigns the address to the requesting clie...

Page 479: ...ed then the type will be defaulted to ethernet For the match operation the hardward type and the hardware address field in the protocol fields will be used to match against the entry The IP address specified in the manual binding entry must be a range within the network used by the DHCP pool If the user specifies a conflict IP address an error message will be returned If a number of manual binding...

Page 480: ...nting 10 10 10 1 Command delete dhcp pool manual_binding accounting 10 10 10 1 Success DES 3528 admin clear dhcp binding Purpose Used to clear all the dynamic binding entries for a pool or all pools Syntax clear dhcp binding pool_name 12 ipaddr all all Description This command clears a specific pool s binding entries or all binding entries in all pools NOTE This command will not clear the dynamic ...

Page 481: ...ies DES 3528 admin show dhcp pool manual_binding Command show dhcp pool manual_binding Pool Name IP Address Hardware Address Type p1 192 168 0 1 00 08 C8 08 13 88 Ethernet p1 192 168 0 2 00 80 C8 08 13 99 Etherent Total Entries 2 DES 3528 admin show dhcp pool Purpose Used to display the information for DHCP pool Syntax show dhcp pool pool_name 12 Description If the name is not specified informatio...

Page 482: ..._server Purpose Used to disable the DHCP server function Syntax disable dhcp_server Description This command disables the DHCP server function Parameters None Restrictions Only Administrator and Operator and Power User level users can issue this command Example usage To disable the dhcp_server DES 3528 admin disable dhcp_server Command disable dhcp_server Success DES 3528 admin show dhcp_server Pu...

Page 483: ...ar dhcp conflict_ip 10 20 3 4 Success DES 3528 admin show dhcp conflict_ip Purpose Used to display the IP address that has been identified as being in conflict Syntax show dhcp conflict_ip ipaddr Description The DHCP server will use PING packets to determine whether an IP address is in conflict with other hosts before binding it s IP The IP address which has been identified as in conflict will be ...

Page 484: ...ag ports portlist all Description When a port is in link up status the diagnostics will obtain the distance of the cable Since the status is link up the cable will not have any problem Since this diagnostic is for copper cable the port with fiber cable will be skipped from the diagnostics If the link is up the abnormal results won t be shown and the cable length item indicates the length of the ca...

Page 485: ...me centiseconds 250 1000 alarm_reset_time centiseconds 250 1000 1 delete cfm mep mepname string 32 mepid int 1 8191 md string 22 ma string 22 delete cfm ma string 22 md string 22 delete cfm md string 22 enable cfm disable cfm config cfm ports portlist state enable disable show cfm ports portlist show cfm md string 22 ma string 22 mepid int 1 8191 mepname string 32 show cfm remote_mep mepname strin...

Page 486: ...8191 period 1sec 1min level int 0 7 state enable disable Each command is listed in detail in the following sections create cfm md Purpose Used to create a maintenance domain Syntax create cfm md string 22 level int 0 7 Description Different maintenance domains should have different names Parameters md Specifies the maintenance domain name level Specifies the maintenance domain level Restrictions O...

Page 487: ...is MD sender_id Specifies and control the information to be advertised none Specifies that there is no information to be advertised This is the default value chassis Advertises the Chassis ID information manage Advertises the Management Address information chassis_manage Advertises both Management Address and Chassis ID information Restrictions Only Administrator and Operator and Power User level ...

Page 488: ...y if the next existent lower level has a MEP configured on that port and that port is not configured with a MEP of this MA defer Inherit the settings configured for the maintenance domain that this MA is associated with This is the default value sender_id Specifies and control the information to be advertised none Specifies that there is no information to be advertised This is the default value ch...

Page 489: ...MEP name It s unique among all MEPs configured on the device mepid Specifies the MEP MEPID It should be configured in MA s MEPID list md Specifies the maintenance domain name ma Specifies the maintenance association name direction Specifies the MEP direction inward Specifies the inward facing up MEP outward Specifies the outward facing down MEP port Specifies the port number This port should be a ...

Page 490: ...ult value ccm Specifies the CCM transmission state enable CCM transmission enabled disable CCM transmission disabled This is the default value pdu_priority Specifies the 802 1p priority to be set in CCMs and LTMs messages transmitted by the MEP The default value is 7 fault_alarm Control types of fault alarms sent by the MEP all Specifies that all types of fault alarms will be sent mac_status Only ...

Page 491: ...n delete cfm ma Purpose Used to delete a created maintenance association Syntax delete cfm ma string 22 md string 22 Description All MEPs created in the maintenance association will be deleted automatically Parameters md Specifies the maintenance domain name ma Specifies the maintenance association name Restrictions Only Administrator and Operator and Power User level users can issue this command ...

Page 492: ...age To disable cfm DES 3528 admin disable cfm Command disable cfm Success DES 3528 admin config cfm ports Purpose Used to enable or disable CFM function on per port basis Syntax config cfm ports portlist state enable disable Description By default CFM function is disabled on all ports If CFM is disabled on a port MIPs are never created on that port MEPs can still be created on that port and the co...

Page 493: ...ow cfm ports 3 6 Port State 3 Enabled 4 Enabled 5 Enabled 6 Disabled DES 3528 admin show cfm Purpose Used to show CFM information Syntax show cfm md string 22 ma string 22 mepid int 1 8191 mepname string 32 Description This command is used to show CFM information Parameters md Specifies the maintenance domain name ma Specifies the maintenance association name mepid Specifies the MEP MEPID mepname ...

Page 494: ...ime 250 centisecond 1 100 s Alarm Reset Time 1000 centisecond 1 100 s Highest Fault None AIS State Disabled AIS Period 1 Second AIS Client Level Invalid AIS Status Not Detected LCK State Disabled LCK Period 1 Second LCK Client Level Invalid LCK Status Not Detected Out of Sequence CCMs 0 received Cross connect CCMs 0 received Error CCMs 0 received Normal CCMs 0 received Port Status CCMs 0 received ...

Page 495: ...p mepname mep1 remote_mepid 2 Command show cfm remote_mep mepname mep1 remote_mepid 2 Remote MEPID 2 MAC Address 00 22 B0 7A 24 B9 Status OK RDI No Port Status Defect Up Interface Status Defect No Last CCM Serial Number 59 Sender Chassis ID None Sender Management Address None Detect Time 2013 11 16 09 50 52 DES 3528 admin show cfm fault Purpose Used to show fault MEPs Syntax show cfm fault md stri...

Page 496: ...dentifier If not specified all VLANs are shown Restrictions None Example usage To display cfm ports DES 3528 admin show cfm port 1 Command show cfm port 1 MAC Address 10 10 90 08 80 12 MD Name MA Name MEPID Level Direction VID op_domain op1 1 2 inward 2 cust_domain cust1 8 4 inward 2 serv_domain serv2 MIP 3 2 DES 3528 admin show cfm mipccm Purpose Used to show MIPCCM database entries Syntax show c...

Page 497: ...iority The 802 1p priority to be set in the transmitted LTM If not specified it uses the same priority as CCMs sent by the MA Restrictions None Example usage To create a cfm linktrace DES 3528 admin cfm linktrace 00 01 02 03 04 05 mep mep1 Command cfm linktrace 00 01 02 03 04 05 mep mep1 Transaction ID 26 Success DES 3528 admin show cfm linktrace Purpose Used to show linktrace responses Syntax sho...

Page 498: ...0 00 00 00 00 00 00 00 35 28 46 01 Yes FDB 2 3 00 25 3C 11 2B E9 00 25 3C 11 2B F3 No Hit DES 3528 admin delete cfm linktrace Purpose Used to delete received linktrace responses Syntax delete cfm linktrace md string 22 ma string 22 mepid int 1 8191 mepname string 32 Description This command deletes the stored link trace response data that is initiated by the specified MEP Parameters mepname Specif...

Page 499: ... ccm_fwd hardware Success DES 3528 admin cfm loopback Purpose Used to transmit a CFM loopback message Syntax cfm loopback macaddr mepname string 32 mepid int 1 8191 md string 22 ma string 22 num int 1 65535 length int 0 1500 pattern string 1500 pdu_priority int 0 7 Description The MAC address represents that the destination MEP or MIP which can be reached by this MAC address The MEP represents the...

Page 500: ...own ccm Shows the CCM transmission state Restrictions None Example usage The following example displays the statistics for CFM packets VidDrop The packets dropped due to invalid VID OpcoDrop The packets dropped due to unrecognized CFM opcode DES 3528 admin show cfm pkt_cnt Command show cfm pkt_cnt CFM RX Statistics Port CCM LBR LBM LTR LTM VidDrop OpcoDrop Sum 1 0 0 0 0 0 0 0 0 2 254 0 0 0 0 0 0 2...

Page 501: ...528 admin config cfm mp_ltr_all Purpose Used to configure the CFM mp linktrace on the Switch Syntax config cfm mp_ltr_all enable disable Description This command configures the CFM mp linktrace on the Switch Parameters enable Used to enable the CFM mp linktrace disable Used to disable the CFM mp linktrace Restrictions Only Administrator and Operator and Power User level users can issue this comman...

Page 502: ...sociation name string 22 Enter the maintenance association name here This name can be up to 22 characters long mepid The MEP ID in the MD which sends LCK frame int 1 8191 Enter the MEP ID value here This value must be between 1 and 8191 remote_mepid The peer MEP is the target of management action int 1 8191 Enter the remote MEP ID used here This value must be between 1 and 8191 action Specifies to...

Page 503: ...transmitting interval of the AIS PDU 1sec Specifies that the transmitting interval period will be set to 1 second 1min Specifies that the transmitting interval period will be set to 1 minute level Optional Specifies the client level ID to which the MEP sends AIS PDU The default client MD level is the MD level that the most immediate client layer MIPs and MEPs exist on int 0 7 Enter the client leve...

Page 504: ...transmitting interval of the LCK PDU 1sec Specifies that the transmitting interval period will be set to 1 second 1min Specifies that the transmitting interval period will be set to 1 minute level Optional Specifies the client level ID to which the MEP sends LCK PDU The default client MD level is the MD level that the most immediate client layer MIPs and MEPs exist on int 0 7 Enter the client leve...

Page 505: ...mands having the same words in the command Restrictions None Example usage To display all of the commands in the CLI DES 3528 admin cable_diag ports cfm linktrace cfm loopback clear clear address_binding dhcp_snoop binding_entry ports clear address_binding nd_snoop binding_entry ports clear arptable clear attack_log clear cfm pkt_cnt clear counters clear dhcp binding clear dhcp conflict_ip clear e...

Page 506: ... 1 40 The number of previously executed commands maintained in the buffer Up to 40 of the latest executed commands may be viewed Restrictions None Example usage To configure the command history show command_history Purpose Used to display the command history Syntax show command_history Description This command will display the command history Parameters None Restrictions None Example usage To disp...

Page 507: ...poofing prevention entry gateway_ip Specifies a gateway IP address to be configured ipaddr Enter the IP address used for this configuration here gateway_mac Specifies a gateway MAC address to be configured macaddr Enter the MAC address used for this configuration here ports Specifies a range of ports to be configured portlist Enter a list of ports used for the configuration here all Specifies all ...

Page 508: ...ference Guide 508 To display the ARP spoofing prevention entries DES 3528 admin show arp_spoofing_prevention Command show arp_spoofing_prevention ARP Spoofing Prevention Table Gateway IP Address Gateway MAC Address Port 192 168 69 1 00 11 11 11 11 11 1 28 Total Entries 1 DES 3528 admin ...

Page 509: ...To enable autoconfig DES 3528 admin enable autoconfig Command enable autoconfig Success DES 3528 admin When autoconfig is enabled and the Switch is rebooted the normal login screen will appear for a few moments while the autoconfig request i e download configuration is initiated The console will then display the configuration parameters as they are loaded from the configuration file specified in t...

Page 510: ...iguration file for DES 3528 Saving configurations and logs to NV RAM Done Logout disable autoconfig Purpose This command is used to disable the auto configuration function Syntax disable autoconfig Description This command is used to disable autoconfig This instructs the Switch not to accept autoconfiguration instruction from the DHCP server This does not change the IP settings of the Switch The i...

Page 511: ...d to display if the auto configuration is enabled or disabled Syntax show autoconfig Description This command is used to display if the auto configuration is enabled or disabled Parameters None Restrictions None Example usage To show autoconfig status DES 3528 admin show autoconfig Command show autoconfig Autoconfig State Disabled DES 3528 admin ...

Page 512: ...rization attributes disable authorization attributes show authorization config authentication server failover local permit block show authentication show authentication mac_format Each command is listed in detail in the following sections create authentication guest_vlan Purpose This command allows the user to assign a static VLAN to be guest VLAN Syntax create authentication guest_vlan vlan vlan_...

Page 513: ...st_vlan Purpose This command is used to configure security port s as specified guest VLAN member Syntax config authentication guest_vlan vlan vlan_name 32 vlanid vlanid 1 4094 add delete ports portlist all Description This command is used to configure security port s as specified guest VLAN member Parameters vlan Assigned a VLAN as guest VLAN The VLAN must be an existed static VLAN vlan_name 32 En...

Page 514: ...tion username will be formatted as AA BB CC DD EE FF delimiter Optional Specifies the delimiter format used hyphen Specifies using the as delimiter the format is AA BB CC DD EE FF colon Specifies using the as delimiter the format is AA BB CC DD EE FF dot Specifies using the as delimiter the format is AA BB CC DD EE FF none Specifies not using any delimiter the format is AABBCCDDEEFF number Optiona...

Page 515: ...e specified VID list as authentication VLAN s disable Remove the specified VID list from authentication VLAN s If vlanid is not specified or all VLANs is disabled means do not care which VLAN the client comes from the client will be authenticated if the client s MAC not care the VLAN is not authenticated After the client is authenticated the client will not be re authenticated when received from o...

Page 516: ... to display authentication setting on port s Syntax show authentication ports portlist Description This command is used to display authentication setting on port s Parameters ports Optional Display compound authentication on specified port s portlist Enter the list of ports to be shown here If not specify the port list displays compound authentication setting of all ports Restrictions None Example...

Page 517: ...mand is used to disable authorization Syntax disable authorization attributes Description This command is used to disable authorization Parameters None Restrictions Only Administrator and Operator level users can issue this command Example usage This example sets authorization global state disabled DES 3528 admin disable authorization attributes Command disable authorization attributes Success DES...

Page 518: ...ig authentication server failover local Success DES 3528 admin show authentication Purpose This command is used to display authentication global configuration Syntax show authentication Description This command is used to display authentication global configuration Parameters None Restrictions None Example usage To show authentication global configuration DES 3528 admin show authentication Command...

Page 519: ...Series Layer 2 Managed Stackable Fast Ethernet Switch CLI Reference Guide 519 DES 3528 admin show authentication mac_format Command show authentication mac_format Case Uppercase Delimiter None Delimiter Number 5 DES 3528 admin ...

Page 520: ...P server Syntax debug error_log dump clear upload_toTFTP ipaddr ipv6addr domain_name 255 path_filename 64 Description Use this command to dump clear or upload the software error log to a TFTP server Parameters dump Display the debug message of the debug log clear Clear the debug log upload_toTFTP Upload the debug log to a TFTP server specified by IP address ipaddr Specifies the IPv4 address of the...

Page 521: ... to show the debug buffer s state or dump clear or upload the debug buffer to a TFTP server Parameters utilization Display the debug buffer s state dump Display the debug message in the debug buffer clear Clear the debug buffer upload_toTFTP Upload the debug buffer to a TFTP server specified by IP address ipaddr Specifies the IPv4 address of the TFTP server ipv6addr Specifies the IPv6 address of t...

Page 522: ...les buffer Direct the debug message of the module output to debug buffer default console Direct the debug message of the module output to local console Restrictions Only Administrator and Operator level users can issue this command Example usage To set all module debug message outputs to local console DES 3528 admin debug output all console Command debug output all console Success DES 3528 admin d...

Page 523: ...y Administrator and Operator level users can issue this command Example usage To set the Switch to not need a reboot when a fatal error occurs DES 3528 admin debug config error_reboot disable Command debug config error_reboot disable Success DES 3528 admin debug status show Purpose Show the debug handler state and the specified module s debug status Syntax debug status show module module_list Desc...

Page 524: ...istrator and Operator level users can issue this command Example usage To set the debug state to disabled DES 3528 admin debug config state disable Command debug config state disable Success DES 3528 admin debug error_reboot show state Purpose Use the command to show the error reboot status Syntax debug error_reboot show state Description Use the command to show the error reboot status Parameters ...

Page 525: ...pv6 ipv6address ipv6networkaddr state enable disable ipv4 state enable disable dhcpv6_client enable disable Description The command is used to configure the DHCPv6 client state for one interface Parameters dhcpv6_client Specifies that DHCPv6 will be enabled or disabled enable Specifies that DHCPv6 will be enabled disable Specifies that DHCPv6 will be disabled Restrictions Only Administrator Operat...

Page 526: ... Success DES 3528 admin debug dhcpv6_client packet Purpose Used to enable or disable debug information flag for DHCPv6 client packet including packet receiving and sending Syntax debug dhcpv6_client packet all receiving sending state enable disable Description Used to enable or disable debug information flag for DHCPv6 client packet including packet receiving and sending Parameters all Optional Se...

Page 527: ...eiving sending state enable disable debug dhcpv6_relay hop_count state enable disable Each command is listed in detail in the following sections config dhcpv6_relay hop_count Purpose Configure the DHCPv6 relay hop_count of the Switch Syntax config dhcpv6_relay hop_count value 1 32 Description Configure the DHCPv6 relay hop_count of the Switch Parameters hop_count Specifies the number of relay agen...

Page 528: ... DHCPv6 server to the relay table DES 3528 admin config dhcpv6_relay add ipif System 2001 DB8 1234 0 218 FEFF FEFB CC0E Command config dhcpv6_relay add ipif System 2001 DB8 1234 0 218 FEFF FEFB CC0E Success DES 3528 admin enable dhcpv6_relay Purpose This command is used to enable the DHCPv6 relay function Syntax enable dhcpv6_relay Description This command is used to enable the DHCPv6 relay functi...

Page 529: ...nistrator and Operator and Power User level users can issue this command Example usage To configure the DHCPv6 relay state of the System interface to enable DES 3528 admin config dhcpv6_relay ipif System state enable Command config dhcpv6_relay ipif System state enable Success DES 3528 admin show dhcpv6_relay Purpose This command will display the current DHCPv6 relay configuration of all interface...

Page 530: ... 4 IP Interface System DHCPv6 Relay Status Enabled Server Address DES 3528 admin debug dhcpv6_relay state Purpose Use this command to enable or disable DHCPv6 relay Debug function Syntax debug dhcpv6_relay state enable disable Description Use this command to enable or disable DHCPv6 relay Debug function Parameters state Specifies if the DHCPv6 relay debug function will be enabled or disabled enabl...

Page 531: ...g for DHCPv6 relay packet including packet receiving and sending Parameters all Optional Set packet receiving and sending debug flags receiving Optional Set packet receiving debug flag sending Optional Set packet sending debug flag state Specifies if the designated flags function will be enabled or disabled enable Enable the designated flags disable Disable the designated flags Restrictions Only A...

Page 532: ... DES 3552 Series Layer 2 Managed Stackable Fast Ethernet Switch CLI Reference Guide 532 DES 3528 admin debug dhcpv6_relay hop_count state enable Command debug dhcpv6_relay hop_count state enable Success DES 3528 admin ...

Page 533: ...ask to detect the link status Parameters ports Specify a range of ports to be used portlist Enter the list of ports used for this configuration here state Optional Specifies these ports unidirectional link detection status The default state is disabled enable Specifies that the unidirectional link detection status will be enabled disable Specifies that the unidirectional link detection status will...

Page 534: ...o be displayed here If no ports are specified all the ports will be displayed Restrictions None Example usage To show ports 1 4 unidirectional link detection information DES 3528 admin config duld ports 1 2 4 state enable Commands config duld ports 1 2 4 state enable Success DES 3528 admin show duld ports 1 4 Commands show duld ports 1 4 port Admin State Oper Status Mode Link Status Discovery Time...

Page 535: ...how erps raps_vlan vlanid sub_ring config erps trap enable disable config erps raps_vlan vlanid state enable disable config erps raps_vlan vlanid add delete sub_ring raps_vlan vlanid config erps raps_vlan vlanid sub_ring raps_vlan vlanid tc_propagation state enable disable Each command is listed in detail in the following sections enable erps Purpose This command is used to enable the global ERPS ...

Page 536: ...er R APS messages Note that the R APS VLAN must already have been created by the create vlan command Parameters raps_vlan Specifies the VLAN which will be the R APS VLAN vlanid Enter the VLAN ID used here Restrictions Only Administrator Operator and Power User level users can issue this command Example usage To create an R APS VLAN DES 3528 admin create erps raps_vlan 4094 Command create erps raps...

Page 537: ...re the MEL of the ERPS ring for a specific R APS VLAN DES 3528 admin config erps raps_vlan 4094 ring_mel 2 Command config erps raps_vlan 4094 ring_mel 2 Success DES 3528 admin config erps raps_vlan ring_port Purpose This command is used to configure the port that participates in the ERPS ring Syntax config erps raps_vlan vlanid ring_port west port virtual_channel east port virtual_channel Descript...

Page 538: ...L port on this node By default the node has no RPL port Restrictions Only Administrator Operator and Power User level users can issue this command Example usage To configure the RPL port for a specific R APS VLAN DES 3528 admin config erps raps_vlan 4094 rpl_port west Command config erps raps_vlan 4094 rpl_port west Success DES 3528 admin config erps raps_vlan rpl_owner Purpose This command is use...

Page 539: ...cted VLAN can be one that has already been created Parameters raps_vlan Specifies the R APS VLAN used vlanid Enter the VLAN ID used here protected_vlan Specifies to add or delete the protected VLAN group add Add VLANs to the protected VLAN group delete Delete VLANs from the protected VLAN group vlanid Specifies the VLAN ID to be removed or added vidlist Enter the VLAN ID list here Restrictions Onl...

Page 540: ...hich one R APS message circles around the ring WTR timer WTR timer is used to prevent frequent operation of the protection Switch due to an intermittent defect This timer is used during the protection Switching process when a link failure recovers It is only used by the RPL owner When the RPL owner in protection state receives R APS PDU with an NR flag it will start the WTR timer The RPL owner wil...

Page 541: ... that traffic is blocked by ERPS and a signal failure is not detected on the port Signal Fail indicates that a signal failure is detected on the port and traffic is blocked by ERPS The RPL owner administrative state could be configured to Enabled or Disabled But the RPL owner operational state may be different from the RPL owner administrative state for example the RPL owner conflict occurs Active...

Page 542: ...4092 Sub Ring R APS VLAN TC Propagation State 4093 Enable DES 3528 admin config erps trap Purpose This command is used to configure trap state of ERPS events Syntax config erps trap enable disable Description This command is used to configure trap state of ERPS events Parameters trap Specifies to enable or disable the ERPS trap state enable Enter enable to enable the trap state disable Enter disab...

Page 543: ...d ring enable Enable the state of the specified ring disable Disable the state of the specified ring The default value is disabled Restrictions Only Administrator Operator and Power User level users can issue this command Example usage To configure the ring state of the ERPS DES 3528 admin config erps raps_vlan 4094 state enable Command config erps raps_vlan 4094 state enable Success DES 3528 admi...

Page 544: ...eing configured raps_vlan Specifies the R APS VLAN vlanid Enter the VLAN ID used here tc_propagation Specifies that the topology propagation state will be configured state Specifies the topology propagation state enable Enable the propagation state of topology change for the sub ring disable Disable the propagation state of topology change for the sub ring The default value is disabled Restriction...

Page 545: ...v6 nd ipif ipif_name 12 Each command is listed in detail in the following sections create ipv6 neighbor_cache Purpose Add a static neighbor on an IPv6 interface Syntax create ipv6 neighbor_cache ipif ipif_name 12 ipv6addr macaddr Description Add a static neighbor on an IPv6 interface Parameters ipif Specifies the interface s name ipif_name 12 Enter the IP interface name here This name can be up to...

Page 546: ...evel users can issue this command Example usage Delete a neighbor cache entry on IP interface System DES 3528 admin delete ipv6 neighbor_cache ipif System 3ffc 1 Command delete ipv6 neighbor_cache ipif System 3FFC 1 Success DES 3528 admin show ipv6 neighbor_cache Purpose Display the neighbor cache entry for the specified interface Syntax show ipv6 neighbor_cache ipif ipif_name 12 all ipv6address i...

Page 547: ...eachable state S means Stale state D means Delay state P means Probe state T means Static state DES 3528 admin config ipv6 nd ns ipif retrans_time Purpose This command is used to configure the IPv6 ND neighbor solicitation retransmit time Syntax config ipv6 nd ns ipif ipif_name 12 retrans_time millisecond 0 4294967295 Description Configure the IPv6 ND neighbor solicitation retransmit time which is...

Page 548: ...how ipv6 nd ipif ipif_name 12 Description Used to display information regarding neighbor detection on the Switch Parameters ipif Optional The name of the interface ipif_name 12 Enter the IP interface name here This name can be up to 12 characters long If no IP interface is specified it will show the IPv6 ND related configuration of all interfaces Restrictions None Example usage To show IPv6 ND rel...

Page 549: ... the interface name must be specified Parameters default Specifies the default route ipv6networkaddr Specify the destination network for the route ipif_name 12 Specifies the interface for the route This name can be up to 12 characters long ipv6addr Specify the next hop address for this route ipv6addr Specify the next hop address for this route metric 1 65535 Enter the metric value here The default...

Page 550: ...ess for the default route all Specifies that all static created routes will be deleted Restrictions Only Administrator Operator and Power User level users can issue this command Example usage Delete an IPv6 static route DES 3528 admin delete ipv6route default 3ffc 1 Command delete ipv6route default 3ffc 1 Success DES 3528 admin show ipv6route Purpose This command is used to display IPv6 routes Syn...

Page 551: ...01 05 5D 00 00 10 and for protocol MAC 01 00 0C CC CC CD is 01 05 5D 00 00 11 When QinQ is enabled an S TAG will be added to the Layer 2 PDU too The S TAG is assigned according QinQ VLAN configuration Parameters ports Specify the ports on which the Layer 2 protocol tunneling will be configured portlist Enter a list of ports to be configured here all Specify to use this configuration on all the por...

Page 552: ... detail information Restrictions None Example usage To show Layer 2 protocol tunneling information summary DES 3528 admin show l2protocol_tunnel Command show l2protocol_tunnel Global State Enabled UNI Ports 1 2 NNI Ports 3 4 DES 3528 admin To show Layer 2 protocol tunneling detail information on UNI ports DES 3528 admin show l2protocol_tunnel uni Command show l2protocol_tunnel uni UNI Tunneled Thr...

Page 553: ...ge To enable the Layer 2 protocol tunneling function DES 3528 admin enable l2protocol_tunnel Command enable l2protocol_tunnel Success DES 3528 admin disable l2protocol_tunnel Purpose Used to disable the Layer 2 protocol tunneling function Syntax disable l2protocol_tunnel Description Used to disable the Layer 2 protocol tunneling function Parameters None Restrictions Only Administrator and Operator...

Page 554: ...itch The default setting IPv4 is enabled IPv6 is disabled Parameters ipv4 Enable IPv4 local route ipv6 Enable IPv6 local route Restrictions Only Administrator level users can issue this command Example usage To enable IPv4 local route DES 3528 admin enable local_route ipv4 Command enable local_route ipv4 Success DES 3528 admin disable local_route Purpose This command is used to disable the local r...

Page 555: ...oute State Disabled DES 3528 admin show ipfdb Purpose This command is used to display the current network address forwarding database Syntax show ipfdb ip_address ipaddr interface ipif_name 12 port port Description The show ipfdb command displays the current IP address in forwarding database Parameters ip_address Displays the specified host IP address interface Specifies an IP interface port Speci...

Page 556: ...state_machine all state disable brief detail Description This command used to configure per port STP debug level on the specified ports Parameters ports Specifies the STP port range to debug portlist Enter the list of port used for this configuration here all Specifies to debug all ports on the Switch event Debug the external operation and event processing bpdu Debug the BPDU s that have been rece...

Page 557: ...FOR Port 18 FOR Port 19 FOR Port 20 FOR Port 21 FOR Port 22 FOR Port 23 FOR Port 24 FOR Port 25 FOR Port 26 FOR Port 27 FOR Port 28 FOR Root Priority And Times Instance 0 Designated Root Bridge 200 08 02 01 95 1D A3 External Root Cost 1768165632 Regional Root Bridge 64 8C 08 C0 00 04 05 Internal Root Cost 461162904 Designated Bridge 17713 97 43 08 06 82 04 CTRL C ESC q Quit SPACE n Next Page ENTER...

Page 558: ... show counter ports portlist all Description This command used to display the STP counters Parameters ports Optional Specifies the STP ports for display portlist Enter the list of port used for this configuration here all Display all port s counters If no parameter is specified display the global counters Restrictions Only Administrator and Operator level users can issue this command Example usage...

Page 559: ... admin debug stp clear counter ports all Command debug stp clear counter ports all Success DES 3528 admin debug stp state Purpose This command is used to enable or disable the STP debug state Syntax debug stp state enable disable Description This command is used to enable or disable the STP debug state Parameters state Specifies the STP debug state enable Enable the STP debug state disable Disable...

Page 560: ...he IP address of the host times Optional The number of individual ICMP echo messages to be sent A value of 0 will send an infinite ICMP echo messages The maximum value is 255 The default is 0 indicating infinity Press the CTRL C to break the ping test value 1 255 Enter the number of individual ICMP echo messages to be sent here This value must be between 1 and 255 timeout Optional Defines the time...

Page 561: ...s the CTRL C to break the ping test value 1 255 Enter the number of individual ICMP echo messages to be sent here This value must be between 1 and 255 size Optional Size of the test packet value 1 6000 Enter the size of the test packet here This value must be between 1 and 6000 timeout Optional Defines the time out period while waiting for a response from the remote device A value of 1 to 10 secon...

Page 562: ...h_support Purpose This command is especially used by the technical support personnel to dump the device overall operation information Syntax show tech_support Description The information is project dependent and includes the following information Basic System information System log Running configuration Layer 1 information Layer 2 information Layer 3 information Application OS status Controller s ...

Page 563: ...KING 2000 1 4 22 36 24 Topology Information Stable Topology My Box ID 1 Role Master Box Cnt 1 Topology Type Duplex Chain Unit Prio Device Runtime Stacking ID rity Role MAC Type option version version 1 32 32 Master 00 22 B0 10 8A 00 DES 3528 0x0000 2 60 017 2 0 1 2 NOT EXIST 3 NOT EXIST 4 NOT EXIST 5 NOT EXIST 6 NOT EXIST 7 NOT EXIST 8 NOT EXIST S means static box ID Temporary Topology Stable Cnt ...

Page 564: ...mation Layer 3 information Application OS status Controller s status This command can be interrupted by Ctrl C or ESC when it is executing Parameters ipaddr Specifies the IP address of TFTP server path_filename 64 Specifies the file name to store the information of technique s support in TFTP server The max size of the file name is 64 Restrictions Only Administrator and Operator level users can is...

Page 565: ...routers that a trace route packet can pass The traceroute command will cross while seeking the network path between two devices The range for the TTL is 1 to 60 hops value 1 60 Enter the time to live value here This value must be between 1 and 60 port Optional The port number The value range is from 30000 to 64900 value 30000 64900 Enter the port number here This value must be between 30000 and 64...

Page 566: ...lue 30000 64900 Enter the port number here This value must be between 30000 and 64900 timeout Optional Defines the timeout period while waiting for a response from the remote device A value of 1 to 65535 seconds can be specified The default is 5 seconds sec 1 65535 Enter the timeout period value here This value must be between 1 and 65535 seconds probe Optional The number of probing The range is f...

Page 567: ...ter vlan vlan_name vlanid vidlist ports portlist all all_frame broadcast multicast unicast packet byte Description This command is used to create control entries to count statistics for specific VLANs or to count statistics for specific ports on specific VLANs The statistics can be either byte count or packet count The statistics can be counted for different frame types Parameters vlan_name Specif...

Page 568: ... to stop counting at packet level byte Specifies to stop counting at byte level Restrictions Only Administrator and Operator level users can issue this command Example usage To stop counting packet levels for all packets on VLAN 1 DES 3528 admin delete vlan_counter vlanid 1 all Command delete vlan_counter vlanid 1 all Success DES 3528 admin clear vlan_counter statistics Purpose Used to clear stati...

Page 569: ...2 VLAN ID Ports Packet Type Counter Type 1 Broadcast Packet DES 3528 admin show vlan_counter statistics Purpose Displays the VLAN level receives packets or receive byte statistics Syntax show vlan_counter statistics vlan vlan_name vlanid vidlist port portlist Description This command displays the VLAN level receives packet or receive byte statistics Parameters vlan_name Specifies the VLAN name vla...

Page 570: ... media The power is saved by the following mechanisms When the port has no link partner the port automatically turns off and wakes up once a second to send a single link pulse When the port is turned off a simple receive energy detect circuit is continuously monitoring energy on the cable At the moment when energy is detected the port turns on fully per IEEE specification requirements The power sa...

Page 571: ...unctionality telnet ping etc will not work and only the console connection will work via the RS232 port Parameters add Specifies to add a time range delete Specifies to delete a time range time_range Specifies the name of the time range used range_name 32 Enter the name of the time range used here This name can be up to 32 characters long clear_time_range Specifies to clear all the time ranges of ...

Page 572: ...t s LED will be turned off even device s LED working on PoE mode Parameters add Specifies to add a time range here delete Specifies to delete a time range here time_range Specifies the name of the time range used range_name 32 Enter the name of the time range used here This name can be up to 32 characters long clear_time_range Specifies to clear all the time ranges of system hibernation Restrictio...

Page 573: ... for the configuration portlist Enter the list of ports used for this configuration here all Specifies that all the ports will be used add Specifies to add a time range here delete Specifies to delete a time range here time_range Specifies the name of the time range used range_name 32 Enter the name of the time range used here This name can be up to 32 characters long clear_time_range Specifies to...

Page 574: ...ed on the port for a shorter cable the power consumption will be reduced by lowering the signal amplitude since the signal attenuation is proportional to the cable length The port will adjust the power based on the cable length and still maintain error free applications from both sides of the link This mechanism is only available using the hardware support cable diagnostics function If the power s...

Page 575: ...on of power saving link_detection Display the link detection configuration of power saving led Display the port LED configuration of power saving port Display the port configuration of power saving hibernation Display the system hibernation configuration of power saving Restrictions None Example usage To display all power saving configurations DES 3528 admin show power_saving Command show power_sa...

Page 576: ...in To display power saving configuration on port LED DES 3528 admin show power_saving led Command show power_saving led Power Saving Configuration On Port LED State Disabled Time Range range_1 DES 3528 admin To display the power saving configuration on port DES 3528 admin show power_saving port Command show power_saving port Power Saving Configuration On Port State Enabled Port Time Range 1 1 rang...

Page 577: ...tus by the LED status of PoE or by the LED power saving schedule Parameters enable Specifies that the LED admin state will be enabled disable Specifies that the LED admin state will be disabled Restrictions Only Administrator and Operator level users can issue this command Example usage To enable the LED admin state DES 3528 admin config led state enable Command config led state enable Success DES...

Page 578: ...w_or_dbm high_warning mw_or_dbm low_warning mw_or_dbm state enable disable shutdown alarm warning none reload_threshold config ddm power_unit mw dbm show ddm show ddm ports portlist status configuration Each command is listed in detail in the following sections config ddm Purpose The command configures the DDM log and trap action when encountering an exceeding alarm or warning thresholds event Syn...

Page 579: ...one parameter shall be specified for this threshold high_alarm Optional Specify the high threshold for the alarm When the operating parameter rises above this value the action associated with the alarm is taken degrees Enter the high threshold alarm value used here low_alarm Optional Specify the low threshold for the alarm When the operating parameter falls below this value the action associated w...

Page 580: ...igh_warning Optional Specify the high threshold for the warning When the operating parameter rises above this value the action associated with the warning is taken mw_or_dbm Enter the high threshold warning value here low_warning Optional Specify the low threshold for the warning When the operating parameter falls below this value the action associated with the warning is taken mw_or_dbm Enter the...

Page 581: ... Managed Stackable Fast Ethernet Switch CLI Reference Guide 581 config ddm ports reload_threshold Specify to reload the DDM threshold configuration Restrictions Only Administrator and Operator level users can issue this command Example usage ...

Page 582: ...4 high_warning 0 5 low_warning 0 008 Command config ddm ports 1 25 bias_current_threshold high_alarm 7 25 low_alarm 0 004 high_warning 0 5 low_warning 0 008 Success DES 3528 admin To configure the port 25 s transmit power threshold DES 3528 admin config ddm ports 1 25 tx_power_threshold high_alarm 0 625 low_alarm 0 006 high_warning 0 55 low_warning 0 008 Command config ddm ports 1 25 tx_power_thre...

Page 583: ... configure the unit of DDM TX and RX power Parameters mw Specify the DDM TX and RX power unit as mW dbm Specify the DDM TX and RX power unit as dBm Restrictions Only Administrator and Operator level users can issue this command Example usage To configure the DDM TX and RX power unit as dBm DES 3528 admin config ddm power_unit dbm Command config ddm power_unit dbm Success DES 3528 admin show ddm Pu...

Page 584: ...ld For the optic port when a particular threshold was configured by user it will be shown in this command with a tag indicating that it is a threshold that user configured else it would be the threshold read from the optic module that is being inserted Parameters portlist Optional Enter the range of ports to be displayed here status Specifies that the operating parameter will be displayed configur...

Page 585: ...ecute immediately all configuration commands should not be logged When the user is under AAA authentication the user name should not changed if user uses enable admin command to replace its privilege Parameters None Restrictions Only Administrator level users can issue this command Example usage To enable the command logging function DES 3528 admin enable command logging Command enable command log...

Page 586: ...tion status Syntax show command logging Description This command displays the switch s general command logging configuration status Parameters None Restrictions Only Administrator and Operator level users can issue this command Example usage To show the command logging configuration status DES 3528 admin show command logging Command show command logging Command Logging State Disabled DES 3528 admi...

Page 587: ...This command is used to add a UDP helper server address for specific interface of the Switch Parameters ipif_name 12 Enter the name of the IP interface that receives UDP broadcast ipaddr Enter the UDP helper server IP address Restrictions Only Administrator Operator and Power User level users can issue this command Example usage To add a server address for System interface DES 3528 admin config ud...

Page 588: ...rts are reserved for DHCP function Restrictions Only Administrator Operator and Power User level users can issue this command Example usage To add a UDP port DES 3528 admin config udp_helper udp_port add 55 Command config udp_helper udp_port add 55 Success DES 3528 admin config udp_helper udp_port delete Purpose This command is used to delete a UDP port for UDP helper function on the Switch Syntax...

Page 589: ...DP helper function on the Switch Syntax disable udp_helper Description This command is used to disable the UDP helper function on the Switch Parameters None Restrictions Only Administrator Operator and Power User level users can issue this command Example usage To disable the UDP helper function DES 3528 admin disable udp_helper Command disable udp_helper Success DES 3528 admin show udp_helper Pur...

Page 590: ...Layer 2 Managed Stackable Fast Ethernet Switch CLI Reference Guide 590 DES 3528 admin show udp_helper Command show udp_helper UDP Helper Status Enabled Application UDP Port User App1 55 Interface Server System 20 0 0 90 DES 3528 admin ...

Page 591: ...eds to attach a terminal or PC with terminal emulation to the console port of the switch 2 Power on the Switch After the UART init is loaded to 100 the Switch will allow 2 seconds for the user to press the hotkey Shift 6 to enter the Password Recovery Mode Once the Switch enters the Password Recovery Mode all ports on the Switch will be disabled Boot Procedure V1 00 B008 Power On Self Test 100 MAC...

Page 592: ...Username username Informational Configuration download was unsuccessful Configuration download by console was unsuccessful Username username Warning Configuration successfully uploaded Configuration successfully uploaded by console Username username Informational Configuration upload was unsuccessful Configuration upload by console was unsuccessful Username username Warning Log message successfull...

Page 593: ...od Login failed through Console authenticated by AAA local method Username username Warning Successful login through Web authenticated by AAA local method Successful login through Web from userIP authenticated by AAA local method Username username Informational Login failed through Web authenticated by AAA local method Login failed failed through Web from userIP authenticated by AAA local method U...

Page 594: ...serverIP Username username Informational Login failed through SSH authenticated by AAA server Login failed through SSH from userIP authenticated by AAA server serverIP Username username Warning Successful Enable Admin through Console authenticated by AAA local_enable method Successful Enable Admin through Console authenticated by AAA local_enable method Username username Informational Enable Admin...

Page 595: ...r configuration Username username Warning Login failed through Web from user due to AAA server timeout or improper configuration Login failed through Web from userIP due to AAA server timeout or improper configuration Username username Warning Enable Admin failed through Web from user due to AAA server timeout or improper configuration Enable Admin failed through Web from userIP due to AAA server ...

Page 596: ...om IMPB block state Informational CTP LBD loop occurred Port portNum LBD loop occurred Port blocked Critical LBD port recovered Loop detection restarted Port portNum LBD port recovered Loop detection restarted Informational LBD loop occurred Packet discard begun Port portNum VID vid LBD loop occurred Packet discard begun Critical LBD recovered Loop detection restarted Port portNum VID vid LBD reco...

Page 597: ...g Hot insert Unit unitID MAC macaddr Hot insert Informational Hot remove Unit unitID MAC macaddr Hot remove Informational Firmware upgraded to SLAVE successfully Firmware upgraded to SLAVE by console successfully Username username Informational Firmware upgraded to SLAVE unsuccessfully Firmware upgraded to SLAVE by console unsuccessfully Username username Warning Stacking topology change Stacking ...

Page 598: ...11 105 1 2 100 1 2 0 1 swL2macNotifyInfo 1 3 6 1 4 1 171 11 105 1 2 100 1 2 1 1 L2MGMT MIB Warning swL2PortSecurityViolationTrap 1 3 6 1 4 1 171 11 105 1 2 100 1 2 0 2 swL2PortSecurityPortIndex 1 3 6 1 4 1 171 11 105 1 2 7 1 1 1 swL2PortSecurityViolationMac 1 3 6 1 4 1 171 11 105 1 2 100 1 2 1 2 L2MGMT MIB Warning swSafeGuardChgToNormal 1 3 6 1 4 1 171 12 19 4 1 0 2 swSafeGuardCurrentStatus 1 3 6 ...

Page 599: ... 1 1 1 swMacBasedAuthVID 1 3 6 1 4 1 171 12 35 11 1 1 1 Mac Based Authentication MIB Warning swMacBasedAccessControlLoggedFail 1 3 6 1 4 1 171 12 35 11 1 0 2 swMacBasedAuthInfoMacIndex 1 3 6 1 4 1 171 12 35 2 1 1 2 swMacBasedAuthInfoPortIndex 1 3 6 1 4 1 171 12 35 2 1 1 1 swMacBasedAuthVID 1 3 6 1 4 1 171 12 35 11 1 1 1 Mac Based Authentication MIB Warning swMacBasedAccessControlAgesOut 1 3 6 1 4 ...

Page 600: ... 4 0 1 swERPSNodeId 1 3 6 1 4 1 171 12 78 4 2 1 ERPS MIB Warning swERPSSFClearedTrap 1 3 6 1 4 1 171 12 78 4 0 2 swERPSNodeId 1 3 6 1 4 1 171 12 78 4 2 1 ERPS MIB Warning swERPSRPLOwnerConflictTrap 1 3 6 1 4 1 171 12 78 4 0 3 swERPSNodeId 1 3 6 1 4 1 171 12 78 4 2 1 ERPS MIB Warning swHighTemperature 1 3 6 1 4 1 171 12 11 2 2 4 0 1 swTemperatureUnitIndex 1 3 6 1 4 1 171 12 11 1 8 1 1 swTemperSenso...

Page 601: ...1 7 1 1 1 CFMEXTENSION MIB Warning swCFMExtAISCleared 1 3 6 1 4 1 171 12 86 100 0 2 dot1agCfmMdIndex 1 3 111 2 802 1 1 8 1 5 2 1 1 dot1agCfmMaIndex 1 3 111 2 802 1 1 8 1 6 1 1 1 dot1agCfmMepIdentifier 1 3 111 2 802 1 1 8 1 7 1 1 1 CFMEXTENSION MIB Warning swCFMExtLockOccurred 1 3 6 1 4 1 171 12 86 100 0 3 dot1agCfmMdIndex 1 3 111 2 802 1 1 8 1 5 2 1 1 dot1agCfmMaIndex 1 3 111 2 802 1 1 8 1 6 1 1 1...

Page 602: ... MIB Warning swSingleIPMSAuthFail 1 3 6 1 4 1 171 12 8 6 0 15 swSingleIPMSID 1 3 6 1 4 1 171 12 8 1 3 1 1 swSingleIPMSMacAddr 1 3 6 1 4 1 171 12 8 1 3 1 3 SINGLE IP MIB Warning swSingleIPMSnewRoot 1 3 6 1 4 1 171 12 8 6 0 16 swSingleIPMSID 1 3 6 1 4 1 171 12 8 1 3 1 1 swSingleIPMSMacAddr 1 3 6 1 4 1 171 12 8 1 3 1 3 SINGLE IP MIB Warning swSingleIPMSTopologyChange 1 3 6 1 4 1 171 12 8 6 0 17 swSin...

Page 603: ...of a port Unit Kbits Required If the user has configured the bandwidth attribute of the RADIUS server for example ingress bandwidth 1000Kbps and the 802 1X authentication is successful the device will assign the bandwidth according to the RADIUS server to the port However if the user does not configure the bandwidth attribute and authenticates successfully the device will not assign any bandwidth ...

Page 604: ...col s to be used in the case of a tunnel initiator or the tunneling protocol in use in the case of a tunnel terminatior 13 VLAN Required Tunnel Medium Type This attribute indicates the transport medium being used 6 802 Required Tunnel Private Group ID This attribute indicates group ID for a particular tunneled session A string VID Required A summary of the Tunnel Private Group ID Attribute format ...

Page 605: ...Attribute are RADIUS Tunnel Attribute Description Value Usage Vendor ID Defines the vendor 171 DLINK Required Vendor Type Defines the attribute 12 for ACL profile 13 for ACL rule Required Attribute Specific Field Used to assign the ACL profile or rule ACL Command For example ACL profile create access_profile profile_id 100 profile_name 100 ethernet vlan 0xFFF ACL rule config access_profile profile...

Reviews:

No comments

Brands by name

Popular brands

Load more brands