manualshive.com logo in svg

D-Link DES-3828 - xStack Switch - Stackable, Cli Manual

The D-Link DES-3828 is a stackable xStack Switch designed to optimize network performance. Easily configure and manage this switch using the comprehensive CLI manual available to download for free from manualshive.com. Harness the power of this product with detailed instructions conveniently at your fingertips.

Share
Download
background image

xStack DES-3800 Series Layer 3 Stackable Fast Ethernet Managed Switch CLI Manual

 

 

258

 

show authen_login  

Purpose 

Used to display a previously configured user defined method list of 
authentication methods for users logging on to the Switch. 

Syntax 

show authen_login [default | method_list_name <string 15> | all] 

Description 

This command is used to show a list of authentication methods for 
user login.  

Parameters 

default

 – Entering this parameter will display the default method list 

for users logging on to the Switch. 

method_list_name <string 15>

 - Enter an alphanumeric string of up to 

15 characters to define the given 

method list 

to view. 

all 

– Entering this parameter will display all the authentication login 

methods currently configured on the Switch. 
The window will display the following parameters: 

ƒ

  Method List Name – The name of a previously configured 

method list name. 

ƒ

  Priority – Defines which order the method list protocols will 

be queried for authentication when a user attempts to log on 
to the Switch. Priority ranges from 1(highest) to 4 (lowest). 

ƒ

  Method Name – Defines which security protocols are 

implemented, per method list name.  

ƒ

  Comment – Defines the type of Method. 

User-defined Group

 

refers to server group defined by the user. 

Built-in Group

 

refers to the TACACS, XTACACS,  and RADIUS 
security protocols which are permanently set in the Switch.

 

Keyword

 refers to authentication using a technique 

INSTEAD of TACACS / XTACACS /  / RADIUS 
which are local (authentication through the user account on 
the Switch) and none (no authentication necessary to access 
any function on the Switch). 

Restrictions 

None. 

Example usage: 

To view the authentication login method list named Trinity: 

DES-3800:admin#show authen_login method_list_name Trinity 

Command: show authen_login method_list_name Trinity 
 
Method List Name Priority Method Name  Comment 
---------------- -------- ------------ --------------- 
Trinity          1              Built-in Group 
                 2        tacacs       Built-in Group 
                 3        Darren       User-defined Group 
                 4        local        Keyword 
 

DES-3800:admin# 

 

Summary of Contents for DES-3828 - xStack Switch - Stackable

Page 1: ...CLI Manual ProductModel DES 3800 Series Layer3StackableFastEthernet Managed Switch Release 4 5 Copyright 2008 All rights reserved ...

Page 2: ...July 2008 651ES3800055G RECYCLABLE ...

Page 3: ...ION COMMANDS 119 IGMP SNOOPING COMMANDS 123 802 1X COMMANDS INCLUDING GUEST VLANS 131 ACCESS CONTROL LIST ACL COMMANDS 144 TRAFFIC SEGMENTATION COMMANDS 164 COMMAND LIST HISTORY 166 BASIC IP COMMANDS FOR LAYER 3 169 ARP COMMANDS 174 ROUTING TABLE COMMANDS 178 ROUTE REDISTRIBUTION COMMANDS 181 RIP COMMANDS 187 IGMP COMMANDS 191 AUTO CONFIG COMMANDS V3 195 DNS RELAY COMMANDS 197 DVMRP COMMANDS 201 I...

Page 4: ...NNER COMMANDS 344 SAFEGUARD ENGINE 347 WRED COMMAND LIST 349 WEB BASED ACCESS CONTROL WAC COMMANDS 353 DOUBLE VLAN COMMAND LIST 359 LIMITED MULTICAST IP ADDRESS COMMANDS 364 ROUTE PREFERENCE COMMANDS 369 MAC BASED ACCESS CONTROL COMMANDS 372 PIM COMMANDS 381 LOOPBACK INTERFACE COMMANDS 398 DHCP SERVER COMMAND LIST 401 MLD SNOOPING COMMANDS 417 LOOPBACK DETECTION COMMANDS 424 PASSWORD RECOVERY COMM...

Page 5: ...he Switch s serial port s default settings are as follows 9600 baud no parity 8 data bits 1 stop bit A computer running a terminal emulation program capable of emulating a VT 100 terminal and a serial port configured as above is then connected to the Switch s serial port via an RS 232 DB 9 cable With the serial port properly connected to a management computer the following screen should be visible...

Page 6: ...P address to be assigned to the IP interface named System and the y s represent the corresponding subnet mask 2 Alternatively you can enter config ipif System ipaddress xxx xxx xxx xxx z Where the x s represent the IP address to be assigned to the IP interface named System and the z represents the corresponding number of subnets in CIDR notation The IP interface named System on the Switch can be a...

Page 7: ...rent configuration will then be retained in the Switch s NV RAM and reloaded when the Switch is rebooted If the Switch is rebooted without using the save command the last configuration saved to NV RAM will be loaded Connecting to the Switch The console interface is used by connecting the Switch to a VT100 compatible terminal or a computer running an ordinary terminal emulator program e g the Hyper...

Page 8: ...ial Console Screen after logging in Commands are entered at the command prompt DES 3800 admin There are a number of helpful features included in the CLI Entering the command will display a list of all of the top level commands Figure 2 2 The Command When you enter a command without its required parameters the CLI will prompt you with a Next possible completions message 4 ...

Page 9: ...l appear at the command prompt Figure 2 4 Using the Up Arrow to Re enter a Command In the above example the command config account was entered without the required parameter username the CLI returned the Next possible completions username prompt The up arrow cursor control key was pressed to re enter the previous command config account at the command prompt Now the appropriate username can be ente...

Page 10: ... or more parameters to narrow the top level command This is equivalent to show what or config what Where the what is the next parameter For example if you enter the show command with no additional parameters the CLI will then display all of the possible next parameters Figure 2 6 Next possible completions Show Command In the above example all of the possible next parameters for the show command ar...

Page 11: ...the ipif_name space a VLAN name in the vlan_name 32 space and the network address including the netmask in the network_address ip_addr netmask space Do not type the angle brackets Example Command create ipif Engineering 10 24 22 5 255 0 0 0 Design square brackets Purpose Encloses a required value or set of required arguments One value or argument can be specified Syntax create account admin operat...

Page 12: ...o the right Left Arrow Moves the cursor to the left Right Arrow Moves the cursor to the right Up Arrow Repeats the previously entered command Each time the up arrow is pressed the command previous to that displayed appears This way it is possible to review the command history for the current session Use the down arrow to progress sequentially forward through the command history list Down Arrow The...

Page 13: ...port config serial_port baud_rate 9600 19200 38400 115200 auto_logout never 2_minutes 5_minutes 10_minutes 15_minutes enable clipaging disable clipaging enable telnet tcp_port_number 1 65535 disable telnet enable web tcp_port_number 1 65535 disable web enable snmp disable snmp save config config_id1 2 reboot reset config system login logout show config current_config config_in_nvram config_ id 1 2...

Page 14: ...eter to create a operator level user account for the Switch Operator level users will have rights to switch configurations network monitoring commands community strings and trap stations and system utilities All security commands user account commands and the factory reset command will be denied from this privilege level user Select this parameter to create a user level account on the Switch User ...

Page 15: ...per Command create account operator oper Enter a case sensitive new password Enter the new password again for confirmation Success DES 3800 admin To create an user level user account with the username system DES 3800 admin create account user system Command create account user system Enter a case sensitive new password Enter the new password again for confirmation Success DES 3800 admin ...

Page 16: ...ommand prompt will display the level of privilege assigned DES 3800 admin DES 3800 oper DES 3800 user For more information regarding user accounts see the DES 3800 Series Layer 3 Stackable Fast Ethernet Managed Switch User Manual config account Purpose Used to configure user accounts Syntax config account username Description The config account command configures a user account that has been creat...

Page 17: ... Username Access Level dlink Admin Total Entries 1 DES 3800 admin delete account Purpose Used to delete an existing account Syntax delete account username force_agree Description The delete account command deletes an existing account Parameters username Name of the user who will be deleted force_agree When force_agree is specified the delete account command will be executed immediatedly without fu...

Page 18: ...isplays a list of all the users that are logged in at the time the command is issued Parameters None Restrictions Only Administrator or Operator level users can issue this command Example usage To display the way that the users are logged in DES 3800 admin show session Command show session ID Login Time Live Time From Level Name 0 2008 06 19 09 15 00 0 4 45 300 10 11 22 33 5 Anonymous 8 DES 3800 a...

Page 19: ...Name default Subnet Mask 255 0 0 0 Default Gateway 0 0 0 0 Boot PROM Version Build 0 00 010 Firmware Version Build 4 50 B10 Hardware Version A2 Serial Number N A Power Status Main Abnormal Redundant Not Present System Name System Location System Contact Spanning Tree Enabled GVRP Disabled IGMP Snooping Disabled TELNET Enabled TCP 23 SSH Enabled TCP 22 WEB Enabled TCP 80 RMON Disabled RIP Disabled ...

Page 20: ...auto_logout never 2_minutes 5_minutes 10_minutes 15_minutes Restrictions Only Administrator level users can issue this command Example usage To configure baud rate DES 3800 admin config serial_port baud_rate 9600 Command config serial_port baud_rate 9600 Success DES 3800 admin enable clipaging Purpose Used to enable the feature that pauses the scrolling of the console screen when the show command ...

Page 21: ...in disable clipaging Command disable clipaging Success DES 3800 admin enable telnet Purpose This feature enables the Switch to be managed via TELNET based management software and also allows you to specify the port number that will be used to manage the Switch via TELNET Syntax enable telnet tcp_port_number 1 65535 Description This command is used to enable the Telnet protocol on the Switch The us...

Page 22: ...his command is used to enable the Web based management software on the Switch The user can specify the TCP port number the Switch will use to listen for Telnet requests Parameters tcp_port_number 1 65535 The TCP port number TCP ports are numbered between 1 and 65535 The well known port for the Web based management software is 80 Restrictions Only Administrator or Operator level users can issue thi...

Page 23: ...snmp command enables SNMP Parameters None Restrictions Only Administrator or Operator level users can issue this command Example usage To enable SNMP DES 3800 admin enable snmp Command enable snmp Success DES 3800 admin disable snmp Purpose Used to disable SNMP on the switch Syntax disable snmp Description The disable snmp command disables SNMP Parameters None Restrictions Only Administrator or Op...

Page 24: ...ration file Restrictions Only Administrator or Operator level users can issue this command Example usage To save the Switch s current configuration to non volatile RAM DES 3800 admin save Command save Saving all configurations to NV RAM Done DES 3800 admin Example usage To save the Switch s current configuration to config_id 1 in the non volatile RAM DES 3800 admin save config 1 Command save Savin...

Page 25: ... will be reset to default settings except the IP address user account and history log But device will not save or reboot force_agree When force_agree is specified the reset command will be executed immediatedly without further confirmation Restrictions Only Administrator level users can issue this command Example usage To restore all of the Switch s parameters to its default values DES 3800 admin ...

Page 26: ...initiate the login procedure The user will be prompted for a Username and Password Parameters None Restrictions None Example usage To initiate the login procedure DES 3800 admin login Command login UserName logout Purpose Used to log out a user from the Switch s console Syntax logout Description This command terminates the current user s session on the Switch s console Parameters None Restrictions...

Page 27: ...as CLI configuration command Parameters current_config config_in_nvram config_id 1 2 information Restrictions None Example usage To show all system configurations from DRAM database DES 3800 admin show config config_in_nvram Command show config config_in_nvram BASIC config serial_port baud_rate 9600 auto_logout never enable telnet 23 enable web 80 disable jumbo_frame STP config stp maxage 20 hello...

Page 28: ...nfig_id 1 2 active delete boot_up Restrictions Only Administrator level users can issue this command Example usage To activate configuration 1 DES 3800 admin config configuration 1 active Command config configuration 1 active Success DES 3800 admin Example usage To delete configuration 2 DES 3800 admin config configuration 2 delete Command config configuration 2 delete Success DES 3800 admin Examp...

Page 29: ... 10 53 13 99 tcp_port 23 Command telnet 10 53 13 99 tcp_port 23 config terminal line Purpose Used to configure the number of rows which can be displayed at a screen Syntax config terminal_line default value 20 80 Description Used to configure the number of rows which can be displayed on the screen Default value is 24 Parameters None Restrictions Only Administrator or Operator level users can issue...

Page 30: ...atus Purpose Used to display the current status of the hardware of the Switch Syntax show device_status Description This command displays the current status of the Switch s physical elements Parameters None Restrictions None Example usage To show the current hardware status of the Switch DES 3800 admin show device_status Command show device_status Internal Power External power Side Fan Back Fan Ac...

Page 31: ...s are combo ports This is an optional parameter for configuring the medium type of the combo port For non combo ports the user does not need to specify the medium_type in the command speed Allows the user to adjust the speed for a port or range of ports The user has a choice of the following auto Enables auto negotiation for the specified range of ports 10_half Configures the specified range of po...

Page 32: ...tion err_disabled Description This command is used to display the current configuration of a range of ports Parameters portlist Specifies a port or range of ports to be displayed description Adding this parameter to the show ports command indicates that a previously entered port description will be included in the display err_disabled Choosing this parameter will display ports that have been disco...

Page 33: ... Link Down Enabled 17 Enabled Auto Enabled Link Down Enabled 18 Enabled Auto Disabled Link Down Enabled 19 Enabled Auto Disabled Link Down Enabled 20 Enabled Auto Disabled Link Down Enabled CTRL C ESC q Quit SPACE n Next Page p Previous Page r Refresh Example usage To display the configuration of all ports on the switch with their descriptions DES 3800 admin show ports description Command show por...

Page 34: ...l 30 DES 3800 admin show ports err_disabled Command show ports err_disabled Port Port Connection status Reason State 2 Enabled Err disabled Storm control Desc Port 2 8 Enabled Err disabled Storm control Desc Port 8 20 Enabled Err disabled Storm control Desc Port 20 DES 3800 admin ...

Page 35: ... 32 show snmp user show snmp groups create snmp view view_name 32 oid view_type included excluded delete snmp view view_name 32 all oid show snmp view view_name 32 create snmp community community_string 32 view view_name 32 read_only read_write delete snmp community community_string 32 show snmp community community_string 32 config snmp engineID snmp_engineID show snmp engineID create snmp group g...

Page 36: ...me of the group to which the user is associated The range is 1 to 32 encrypted Specifies that the password appears in encrypted form by_password Indicates the input password for authentication and privacy auth md5 sha Indicates an authentication level setting session The options are md5 The HMAC MD5 96 authentication level sha The HMAC SHA 96 authentication level auth_password An authentication st...

Page 37: ...sue this command Example usage To delete a user from an SNMP group DES 3800 admin delete snmp user dlink Command delete snmp user dlink Success DES 3800 admin show snmp user Purpose Used to display information on every SNMP username in the group username table Syntax show snmp user Description The show snmp user command displays information on every SNMP username in the group username table Parame...

Page 38: ...o show all snmp groups setup on the switch DES 3800 admin show snmp groups Command show snmp groups Vacm Access Table Settings Group Name public ReadView Name CommunityView WriteView Name Notify View Name CommunityView Securiy Model SNMPv1 Securiy Level NoAuthNoPriv Group Name public ReadView Name CommunityView WriteView Name Notify View Name CommunityView Securiy Model SNMPv2 Securiy Level NoAuth...

Page 39: ...1 Securiy Level NoAuthNoPriv Group Name ReadGroup ReadView Name CommunityView WriteView Name Notify View Name CommunityView Securiy Model SNMPv1 Securiy Level NoAuthNoPriv Group Name ReadGroup ReadView Name CommunityView WriteView Name Notify View Name CommunityView Securiy Model SNMPv2 Securiy Level NoAuthNoPriv Group Name WriteGroup ReadView Name CommunityView WriteView Name CommunityView Notify...

Page 40: ...strings to limit which MIB objects the SNMP manager can access Parameters view_name View name to be created oid Object Identified tree MIB tree view_type Specifies the access type of the MIB tree in this view The view_type options are as follows included Include this object in the view excluded Exclude this object in the view Restrictions Only Administrator or Operator level users can issue this c...

Page 41: ...rameters view_name 32 SNMP View name to be deleted There are two options for deleting a view record all Specifies that all view records should be deleted oid Specifies that the specified Object Identified tree MIB tree should be deleted Restrictions Only Administrator or Operator level users can issue this command Example usage To delete an SNMP view DES 3800 admin delete snmp view dlinkview all C...

Page 42: ... user who likes to show Restrictions None Example usage To show the SNMP view DES 3800 admin show snmp view Command show snmp view Vacm View Table Settings View Name restricted Subtree 1 3 6 1 2 1 1 View Type Included View Mask View Name restricted Subtree 1 3 6 1 2 1 11 View Type Included View Mask View Name restricted Subtree 1 3 6 1 6 3 10 2 1 View Type Included View Mask View Name restricted S...

Page 43: ...ion The create snmp community command creates an SNMP community string Parameters community_string Communtiy string Max string length is 32 view_name View name A MIB view Max length is 32 read_only read_write Read and write or read only permission Restrictions Only Administrator or Operator level users can issue this command Example usage To create an SNMP community string DES 3800 admin create sn...

Page 44: ...Administrator or Operator level users can issue this command Example usage To display the snmp community string configurations DES 3800 admin show snmp community Command show snmp community SNMP Community Table Community Name View Name Access Right private CommunityView read_write Index public Community Name View Name Access Right public CommunityView read_only Total Entries 2 DES 3800 admin confi...

Page 45: ...irst four octets are set to the binary equivalent of the agent s SNMP management private enterprise number as assigned by IANA D_Link is 171 The fifth octet is 03 to indicates the rest is the MAC address of this device The 6th 11th octets is MAC address Parameters None Restrictions None Example usage To show the snmp engine id DES 3800 admin show snmp engineID Command show snmp engineID SNMP Engin...

Page 46: ...mmunityView write_view CommunityView notify_view CommunityView Command create snmp group D Link_group v3 auth_priv read_view CommunityView write_view CommunityView notify_view CommunityView Success DES 3800 admin delete snmp group Purpose Used to remove a SNMP group Syntax delete snmp group groupname Description The delete snmp group command removes a SNMP group Parameters groupname The name of th...

Page 47: ...n and encrypting auth_string Authentication string Restrictions Only Administrator or Operator level users can issue this command Example usage To create a new SNMP host DES 3800 admin create snmp host 10 48 74 100 v3 noauth_nopriv initial Command create snmp host 10 48 74 100 v3 noauth_nopriv initial Success DES 3800 admin delete snmp host Purpose Used to delete a recipient of an SNMP trap operat...

Page 48: ...e Example usage To display the SNMP hosts DES 3800 admin show snmp host Command show snmp host SNMP Host Table Host IP Address SNMP Version Community Name SNMPv3 User Name 10 48 76 100 V3 noauthnopriv initial 10 51 17 1 V2c public Total Entries 2 DES 3800 admin show snmp traps Purpose Used to display the status of snmp trap and authentication traps Syntax show snmp traps Description The show snmp ...

Page 49: ... power consumption exceeds the per port power limit The active circuit protection feature automatically disables the port if there is a short Other ports will remain active PDs receive power according to the following classification Class Max power used by PD 0 0 44 to 12 95W 1 0 44 to 3 84W 2 3 84 to 6 49W 3 6 49 to 12 95W PSE provides power according to the following classification Class Max pow...

Page 50: ...been exceeded the next port attempting to power up is denied regardless of its priority deny_low_priority_port After the power budget has been exceeded the next port attempting to power up causes the port with the lowest priority to shut down to allow high priority ports to power up The default setting is deny_next_port Restrictions Only Administrator or Operator level users can issue this command...

Page 51: ...hod chosen in the config poe system command is deny_low_priority_port power_limit Allows the user to configure the per port power limit If a port exceeds its power limit the PoE system will shut down that port The minimum user defined setting is 1000mW and maximum is 16800mW The default setting is 15400mW The user may also choose to define a power class by which to set the power limit based on the...

Page 52: ...s set to deny next port then no additional port will be connected DES 3800 admin show poe ports Purpose Used to display the settings and the actual values of the PoE ports Syntax show poe ports portlist Description Display the settings actual values and port configuration of the whole PoE system Parameters portlist Enter a port or range of ports to be display their PoE settings Restrictions None E...

Page 53: ...Switch CLI Manual 49 OFF Interim state during line detection 5 Enabled Low 15400 User defined OFF Interim state during line detection 6 Enabled Low 15400 User defined OFF Interim state during line detection CTRL C ESC q Quit SPACE n Next Page ENTER Next Entry a All ...

Page 54: ... Community String Community String is used for authentication NoAuthNoPriv v3 Username Username is used for authentication NoAuthNoPriv v3 MD5 or SHA Authentication is based on the HMAC MD5 or HMAC SHA algorithms AuthNoPriv v3 MD5 DES or SHA DES Authentication is based on the HMAC MD5 or HMAC SHA algorithms AuthPriv DES 56 bit encryption is added based on the CBC DES DES 56 standard The SNMP comma...

Page 55: ...s is xxx xxx xxx xxx y Restrictions Only Administrator or Operator level users can issue this command Example usage To create the trusted host DES 3800 admin create trusted_host 10 48 74 121 Command create trusted_host 10 48 74 121 Success DES 3800 admin delete trusted_host Purpose Used to delete a trusted host entry made using the create trusted_host command above Syntax ipaddr network ip_addr ne...

Page 56: ...rusted_host Management Stations IP Address 10 53 13 94 Total Entries 1 DES 3800 admin enable snmp traps Purpose Used to enable SNMP trap support Syntax enable snmp traps Description The enable snmp traps command is used to enable SNMP trap support on the Switch Parameters None Restrictions Only Administrator or Operator level users can issue this command Example usage To enable SNMP trap support o...

Page 57: ...ed to view the SNMP trap support status currently configured on the Switch Parameters None Restrictions None Example usage To view the current SNMP trap support DES 3800 admin show snmp traps Command show snmp traps SNMP Traps Enabled Authenticate Traps Enabled DES 3800 admin disable snmp traps Purpose Used to disable SNMP trap support on the Switch Syntax disable snmp traps Description This comma...

Page 58: ...command is used to enter the name and or other information to identify a contact person who is responsible for the Switch A maximum of 255 character can be used Parameters sw_contact A maximum of 255 characters is allowed A NULL string is accepted if there is no contact Restrictions Only Administrator or Operator level users can issue this command Example usage To configure the Switch contact to M...

Page 59: ...w_name A maximum of 255 characters is allowed A NULL string is accepted if no name is desired Restrictions Only Administrator or Operator level users can issue this command Example usage To configure the Switch name for DES 3828 Switch DES 3800 admin config snmp system_name DES 3828 Switch Command config snmp system_name DES 3828 Switch Success DES 3800 admin enable rmon Purpose Used to enable RMO...

Page 60: ...nmp Purpose Used to enable SNMP on the Switch Syntax enable snmp Description This command is used in conjunction with the disable snmp command below to enable and disable SNMP on the Switch Parameters None Restrictions Only Administrator or Operator level users can issue this command Example usage To enable SNMP DES 3800 admin enable snmp Command enable snmp Success DES 3800 admin disable snmp Pur...

Page 61: ...xStack DES 3800 Series Layer 3 Stackable Fast Ethernet Managed Switch CLI Manual 57 DES 3800 admin disable snmp Command disable snmp Success DES 3800 admin ...

Page 62: ...new firmware or a Switch configuration file from a TFTP server Syntax download firmware_fromTFTP ipaddr path_filename 64 image_id 1 n configuration ipaddr path_filename 64 config_id 1 2 increment Description This command is used to download a new firmware or a Switch configuration file from a TFTP server Parameters firmware_fromTFTP download and install new firmware on the switch from a TFTP serve...

Page 63: ... Used to configure the firmware section as a boot up section or to delete the firmware section Syntax config firmware image_id int 1 2 delete boot_up Description This command is used to configure the firmware section The user may choose to remove the firmware section or use it as a boot up section Parameters image_id Specifies the working section The Switch can hold two firmware versions for the u...

Page 64: ... this command Example usage To display the current firmware information on the Switch DES 3800 admin show firmware information Command show firmware information ID Version Size B Update Time From User 1 2 00 B20 1360471 00000 days 00 00 00 Serial Port Anonymous 2 1 00 B21 2052372 00000 days 00 00 56 10 53 13 94 admin Anonymous means boot up section T means firmware update thru TELNET S means firmw...

Page 65: ...tatus 2 storm control 3 IP group management 4 syslog 5 QoS 6 port mirroring 7 traffic segmentation 8 port 9 port lock 10 8021x 11 SNMPv3 12 management SNMP traps RMON 13 vlan 14 FDB forwarding data base 15 MAC address table notification 16 STP 17 SSH 18 SSL 19 ACL 20 SNTP 21 IP route 22 LACP 23 ARP 24 IP 25 IGMP snooping 26 access authentication control TACACS etc Parameters current_config Enterin...

Page 66: ...ormation ID Version Size B Update Time From User 1 4 05 B08 12961 2006 08 30 09 36 10 Local Saved 2 empty Note indicates the next boot up configuration T means configuration update through TELNET S means configuration update through SNMP W means configuration update through WEB DES 3800 admin config configuration Purpose Used to configure the configuration section as a boot up section or to delete...

Page 67: ...Description This command is used to upload either the Switch s current settings or the Switch s history log to a TFTP server Parameters log_toTFTP Specifies that the switch history log will be uploaded to the TFTP server ipaddr The IP address of the TFTP server The TFTP server must be on the same IP subnet as the Switch path_filename 64 Specifies the location of the Switch configuration file on th...

Page 68: ...d local configuration file present in Switch memory will be loaded Only Administrator or Operator level users can issue this command NOTE Dual purpose DHCP TFTP server utility software may require entry of the configuration file name and path within the user interface Alternatively the DHCP software may require creating a separate ext file with the configuration file name and path in a specific di...

Page 69: ...ownload configuration 10 41 44 44 c cfg setting txt Connecting to server Done Download configuration Done The very end of the autoconfig process including the logout appears like this 65 DES 3800 admin disable authen_policy Command disable authen_policy Success DES 3800 admin DES 3800 admin DES 3800 admin End of configuration file for DES 3828 DES 3800 admin Logout NOTE With autoconfig enabled the...

Page 70: ...00 admin show autoconfig Purpose Used to display the current autoconfig status of the Switch Syntax show autoconfig Description This will list the current status of the autoconfiguration function Parameters None Restrictions Only Administrator or Operator level users can issue this command Example usage To upload an autoconfiguration DES 3800 admin show autoconfig Command show autoconfig Autoconfi...

Page 71: ...een the Switch and a destination endstation Syntax traceroute ipaddr ttl value 1 60 port value 30000 64900 timeout sec 1 65535 probe value 1 9 Description The traceroute command will trace a route between the Switch and a give host on the network Parameters ipaddr Specifies the IP address of the host ttl value 1 60 The time to live value of the trace route request This is the maximum number of rou...

Page 72: ... disable this feature the device will not respond to traceroute packets Parameters state enable disable Enables or disables forwarding the packet to CPU Restrictions Only Administrator level users can issue this command Example usage To enable the forwarding packet to the CPU DES 3800 admin config pkt_to_cpu zero_ttl_ip state enable Command config pkt_to_cpu zero_ttl_ip state enable Success DES 38...

Page 73: ...cal6 local7 udp_port udp_port_number state enable disable config syslog host all index 1 4 severity informational warning all facility local0 local1 local2 local3 local4 local5 local6 local7 udp_port udp_port_number ipaddress ipaddr state enable disable delete syslog host index 1 4 all show syslog host index 1 4 config system_severity trap log all critical warning information show system_severity ...

Page 74: ...tlist Description This command will display all of the packet error statistics collected and logged by the Switch for a given port list Parameters portlist Specifies a port or range of ports to be displayed Restrictions None Example usage To display the errors of the port 3 of module 1 DES 3800 admin show error ports 3 Command show error ports 3 Port number 1 RX Frames TX Frames CRC Error 19 Exces...

Page 75: ...range of ports to be displayed Restrictions None Example usage To display the port utilization statistics DES 3800 admin show utilization ports Command show utilization ports Port TX sec RX sec Util Port TX sec RX sec Util 1 0 0 0 22 0 0 0 2 0 0 0 23 0 0 0 3 0 0 0 24 0 0 0 4 0 0 0 25 0 26 1 5 0 0 0 26 0 0 0 6 0 0 0 27 0 0 0 7 0 0 0 28 0 0 0 8 0 0 0 9 0 0 0 10 0 0 0 11 0 0 0 12 0 0 0 13 0 0 0 14 0 ...

Page 76: ...Switch to compile statistics Parameters portlist Specifies a port or range of ports to be displayed Restrictions Only Administrator or Operator level users can issue this command Example usage To clear the counters DES 3800 admin clear counters ports 2 9 Command clear counters ports 2 9 Success DES 3800 admin clear log Purpose Used to clear the Switch s history log Syntax clear log Description Thi...

Page 77: ...in show log index 5 Command show log index 5 Index Time Log Text 5 2008 06 19 09 36 37 Port 23 link up 100Mbps FULL duplex 4 2008 06 19 09 36 37 Redundant Power failed 3 2008 06 19 09 36 37 Spanning Tree Protocol is disabled 2 2008 06 19 09 36 37 System cold start 1 2008 06 19 09 36 10 Configuration saved to flash Username Anonymous DES 3800 admin enable syslog Purpose Used to enable the system lo...

Page 78: ...users can issue this command Example usage To disable the syslog function on the Switch DES 3800 admin disable syslog Command disable syslog Success DES 3800 admin show syslog Purpose Used to display the syslog protocol status as enabled or disabled Syntax show syslog Description The show syslog command displays the syslog status as enabled or disabled Parameters None Restrictions None Example usa...

Page 79: ... Informational informational messages 7 Debug debug level messages informational Specifies that informational messages will be sent to the remote host This corresponds to number 6 from the list above warning Specifies that warning messages will be sent to the remote host This corresponds to number 4 from the list above all Specifies that all of the currently supported syslog messages that are gene...

Page 80: ...This corresponds to number 20 from the list above local5 Specifies that local use 5 messages will be sent to the remote host This corresponds to number 21 from the list above local6 Specifies that local use 6 messages will be sent to the remote host This corresponds to number 22 from the list above local7 Specifies that local use 7 messages will be sent to the remote host This corresponds to numbe...

Page 81: ...ical Severity Code 0 Emergency system is unusable 1 Alert action must be taken immediately 2 Critical critical conditions 3 Error error conditions 4 Warning warning conditions 5 Notice normal but significant condition 6 Informational informational messages 7 Debug debug level messages Parameters informational Specifies that informational messages will be sent to the remote host This corresponds to...

Page 82: ...ges will be sent to the remote host This corresponds to number 18 from the list above local3 Specifies that local use 3 messages will be sent to the remote host This corresponds to number 19 from the list above local4 Specifies that local use 4 messages will be sent to the remote host This corresponds to number 20 from the list above local5 Specifies that local use 5 messages will be sent to the r...

Page 83: ...log host Purpose Used to remove a syslog host that has been previously configured from the Switch Syntax delete syslog host index 1 4 all Description The delete syslog host command is used to remove a syslog host that has been previously configured from the Switch Parameters index 1 4 Specifies that the command will be applied to an index of hosts There are four available indexes numbered 1 throug...

Page 84: ...escription This command is used to configure the system severity levels on the Switch When an event occurs on the Switch a message will be sent to the SNMP agent trap the Switch s log or both Events occurring on the Switch are separated into three main categories these categories are NOT precisely the same as the parameters of the same name see below Information Events classified as information ar...

Page 85: ...ated above will instruct the switch to send informational warning and critical events to the Switch s log or SNMP agent Restrictions Only Administrator or Operator level users can issue this command Example usage To configure the system severity settings for critical traps only DES 3800 admin config system_severity trap critical Command config system_severity trap critical Success DES 3800 admin s...

Page 86: ...mac_address macaddr static aging_time show multicast port_filtering_mode portlist Each command is listed in detail in the following sections create fdb Purpose Used to create a static entry to the unicast MAC address forwarding table database Syntax create fdb vlan_name 32 macaddr port port Description This command will make an entry into the Switch s unicast MAC address forwarding database Parame...

Page 87: ...dmin create multicast_fdb default 01 00 00 00 00 01 Command create multicast_fdb default 01 00 00 00 00 01 Success DES 3800 admin config multicast_fdb Purpose Used to configure the Switch s multicast MAC address forwarding database Syntax config multicast_fdb vlan_name 32 macaddr add delete portlist Description This command configures the multicast MAC address forwarding table Parameters vlan_name...

Page 88: ... time can be from 10 to 1000000 seconds with a default value of 300 seconds A very long aging time can result in dynamic forwarding table entries that are out of date or no longer exist This may cause incorrect packet forwarding decisions by the Switch If the aging time is too short however many entries may be aged out too soon This will result in a high percentage of received packets whose source...

Page 89: ... the Multicast Table the frames are forwarded according to the VLAN rule filter_unregistered_groups In this mode frames destined for group MAC addresses are forwarded only if this type of forwarding is explicitly permitted by a Group Address entry in the Multicast Table In other words if the Group MAC address does not exist in the Multicast table the packets are dropped Restrictions Only Administr...

Page 90: ...l Description This command is used to clear dynamically learned entries to the Switch s forwarding database Parameters vlan_name 32 The name of the VLAN on which the MAC address resides port port The port number corresponding to the MAC destination address The Switch will always forward traffic to the specified device through this port all Clears all dynamic entries to the Switch s forwarding data...

Page 91: ...s 01 00 5E 00 00 00 Egress Ports 1 5 Mode Static Total Entries 1 DES 3800 admin show fdb Purpose Used to display the current unicast MAC address forwarding database Syntax show fdb port port vlan vlan_name 32 mac_address macaddr static aging_time Description This command will display the current contents of the Switch s forwarding database Parameters port port The port number corresponding to the ...

Page 92: ...10 Dynamic 1 default 00 00 F8 7C 1C 29 10 Dynamic 1 default 00 01 02 03 04 05 10 Dynamic 1 default 00 01 30 10 2C C7 10 Dynamic 1 default 00 01 30 FA 5F 00 10 Dynamic 1 default 00 02 3F 63 DD 68 10 Dynamic CTRL C ESC q Quit SPACE n Next Page ENTER Next Entry a All show multicast port_filtering_mode Purpose Used to show the multicast packet filtering mode for ports Syntax show multicast port_filter...

Page 93: ..._mode Port Multicase Filter Mode 1 forward_all_groups 2 forward_all_groups 3 forward_all_groups 4 forward_all_groups 5 forward_unregistered_groups 6 forward_unregistered_groups 7 forward_unregistered_groups 8 forward_unregistered_groups 9 forward_unregistered_groups 10 forward_unregistered_groups 11 filter_unregistered_groups 12 filter_unregistered_groups DES 3800 admin ...

Page 94: ...coup it using the Port Configuration window in the Administration folder and selecting the disabled port and returning it to an Enabled status To utilize this method of Storm Control choose the Shutdown option of the Action field in the window below The broadcast storm control commands in the Command Line Interface CLI are listed along with the appropriate parameters in the following table Command...

Page 95: ...at which the specified traffic control is switched on The value is the number of broadcast multicast Unicast packets in packets per second pps received by the Switch that will trigger the storm traffic control measures The default setting is 128000 time_interval The Interval will set the time between Multicast and Broadcast packet counts sent from the Switch s chip to the Traffic Control function ...

Page 96: ...guration on the Switch Parameters all Used to specify all ports for which to display traffic control settings portlist Used to specify port or list of ports for which to display traffic control settings The beginning and end of the port list range are separated by a dash Restrictions None Example usage To display traffic control setting for ports 1 4 DES 3800 admin show traffic control 1 4 Command...

Page 97: ... shutdown Parameters none No notification will be generated or sent when a packet storm control is detected by the Switch storm _occurred A notification will be generated and sent when a packet storm has been detected by the Switch storm_cleared A notification will be generated and sent when a packet storm has been cleared by the Switch both A notification will be generated and sent when a packet ...

Page 98: ...es stated above The Switch will empty the eight hardware priority queues in order beginning with the highest priority queue 7 to the lowest priority queue 0 Each hardware queue will transmit all of the packets in its buffer before permitting the next lower priority to transmit its packets When the lowest hardware priority queue has finished transmitting all of its packets the highest hardware prio...

Page 99: ... indicates the limitation in kbits sec The switch will choose the closest value but it must NOT be greater than the value in order to work Restrictions Only Administrator or Operator level users can issue this command Example usage To configure the port bandwidth DES 3800 admin config bandwidth_control 1 10 tx_rate 640 Command config bandwidth_control 1 10 tx_rate 640 Success DES 3800 admin show b...

Page 100: ...ity queue can transmit before allowing the next lowest hardware priority queue to begin transmitting its packets A value between 0 and 15 can be specified For example if a value of 3 is specified then the highest hardware priority queue number n will be allowed to transmit 3 packets then the next lowest hardware priority queue number n 1 will be allowed to transmit 3 packets and so on until all of...

Page 101: ...perator level users can issue this command Example usage To configure the traffic scheduling mechanism for each COS queue DES 3800 admin config scheduling_mechanism strict Command config scheduling_mechanism strict Success DES 3800 admin show scheduling Purpose Used to display the current traffic scheduling parameters in use on the switch Syntax show scheduling Description The show scheduling comm...

Page 102: ...l map an incoming packet based on its 802 1p user priority to one of the eight available hardware priority queues on the switch The switch s default setting is to map the incoming 802 1p user priority values to the eight hardware priority queues This product supports 8 CoS queues You can change this mapping by specifying the 802 1p user priority you want by specifying the number of the hardware qu...

Page 103: ...ority command allows you to specify default priority handling of untagged packets received by the switch The priority value entered with this command will be used to determine which of the four hardware priority queues the packet will be forwarded to Parameters portlist This specifies a range of ports for which the default priority is to be configured That is a range of ports for which all untagge...

Page 104: ...ault_priority portlist Description The show 802 1p default_priority command displays the current default priority settings on the switch Parameters portlist Specified a range of ports to be displayed If no parameter specified the system will display all ports configured with 802 1p default_priority Restrictions None Example usage To display 802 1p default priority DES 3800 admin show 802 1p defaul...

Page 105: ...xStack DES 3800 Series Layer 3 Stackable Fast Ethernet Managed Switch CLI Manual 101 21 0 0 22 0 0 23 0 0 24 0 0 25 0 0 26 0 0 27 0 0 28 0 0 DES 3800 admin ...

Page 106: ...ion you can specify that only traffic received by or sent by one or both is mirrored to the Target port Parameters port This specifies the Target port the port where mirrored packets will be received The target port must be configured in the same VLAN and must be operating at the same speed a s the source port If the target port is operating at a lower speed the source port will be forced to drop ...

Page 107: ... source 2 4 Success DES 3800 admin enable mirror Purpose Used to enable a previously entered port mirroring configuration Syntax enable mirror Description This command combined with the disable mirror command below allows you to enter a port mirroring configuration into the Switch and then turn the port mirroring on and off without having to modify the port mirroring configuration Parameters None ...

Page 108: ...Parameters None Restrictions Only Administrator or Operator level users can issue this command Example usage To disable mirroring configurations DES 3800 admin disable mirror Command disable mirror Success DES 3800 admin show mirror Purpose Used to show the current port mirroring configuration on the Switch Syntax show mirror Description This command displays the current port mirroring configurati...

Page 109: ... so the packet is then routed through this provider VLAN which contains smaller VLANs with similar configurations to ensure speedy and guaranteed routing destination of the packet The VLAN commands in the Command Line Interface CLI are listed along with the appropriate parameters in the following table Command Parameters create vlan vlan_name 32 tag vlanid 1 4094 advertisement show vlan vlan_name ...

Page 110: ...an issue this command Each VLAN name can be up to 32 characters If the VLAN is not given a tag it will be a port based VLAN Up to 4k static VLANs may be created per configuration Example usage To create a VLAN v1 tag 2 DES 3800 admin create vlan v1 tag 2 Command create vlan v1 tag 2 Success DES 3800 admin show vlan Purpose Used to display the current VLAN configuration on the Switch Syntax show vl...

Page 111: ...ing or forbidden The default is to assign the ports as untagging Parameters vlan_name 32 The name of the VLAN to which to add ports add Entering the add parameter will add ports to the VLAN There are three types of ports to add tagged Specifies the additional ports as tagged untagged Specifies the additional ports as untagged forbidden Specifies the additional ports as forbidden delete Deletes por...

Page 112: ...800 admin delete vlan v1 Command delete vlan v1 Success DES 3800 admin create vlan vlanid Purpose Used to create VLANs by VLAN ID list on the switch Syntax create vlan vlanid vidlist advertisement Description The create VLAN by vlanid command allows the creation of multiple VLANs on the switch Parameters vidlist Specifies a range of VLAN IDs to be created advertisement Specifies to join GVRP or no...

Page 113: ...s to a previously configured VLAN Syntax config vlan vlanid vidlist add tagged untagged forbidden delete portlist advertisement enable disable name name Description The config vlan vlanid command allows you to add or delete ports of the port list of previously configured VLAN s You can specify the additional ports as being tagged untagged or forbidden The same port is allowed to be an untagged mem...

Page 114: ...id 2 3 add tagged 4 8 Success DES 3800 admin Example usage To enable the VLAN ID 2 and VLAN ID 3 advertisment DES 3800 admin config vlan vlanid 2 3 advertisement enable Command config vlan vlanid 2 3 advertisement enable Success DES 3800 admin Example usage To modify the name of VLAN ID 2 DES 3800 admin config vlan vlanid 2 name vlan_2 Command config vlan vlanid 2 name vlan_2 Success DES 3800 admi...

Page 115: ...or disables GVRP for the ports specified in the port list ingress_checking enable disable Enables or disables ingress checking for the specified port list acceptable_frame tagged_only admit_all This parameter states the frame type that will be accepted by the Switch for this function tagged_only implies that only VLAN tagged frames will be accepted while admit_all implies tagged and untagged frame...

Page 116: ...rpose Used to disable GVRP on the Switch Syntax disable gvrp Description This command along with enable gvrp is used to enable and disable GVRP on the Switch without changing the GVRP configuration on the Switch Parameters None Restrictions Only Administrator or Operator level users can issue this command Example usage To disable the Generic VLAN Registration Protocol GVRP DES 3800 admin disable g...

Page 117: ...abled All Frames 16 1 Disabled Enabled All Frames 17 1 Disabled Enabled All Frames 18 1 Disabled Enabled All Frames 19 1 Disabled Enabled All Frames 20 1 Disabled Enabled All Frames 21 1 Disabled Enabled All Frames 22 1 Disabled Enabled All Frames 23 1 Disabled Enabled All Frames 24 1 Disabled Enabled All Frames 25 1 Disabled Enabled All Frames 26 1 Disabled Enabled All Frames 27 1 Disabled Enable...

Page 118: ...t is 0x0 to 0xffff For ethernet II this is a 16 bit 2 octet hex value Example Ipv4 is 800 ipv6 is 86dd ARP is 806 and so on For IEEE802 3 SNAP this is this is a 16 bit 2 octet hex value Example Ipv4 is 800 ipv6 is 86dd ARP is 806 and so on For IEEE802 3 LLC this is the 2 octet IEEE 802 2 Link Service Access Point LSAP pair first octet for Destination Service Access Point DSAP and second octet for ...

Page 119: ...pe Protocol Value 100 EthernetII 0x86DD DES 3800 admin config port dot1v ports Purpose Assign the VLAN for untagged packets ingress from the portlist based on the protocol group configured Syntax config port dot1v ports portlist all add protocol_group group_id id vlan vlan_name 32 delete protocol_group group_id id all Description Assigns the VLAN for untagged packets ingress from the portlist base...

Page 120: ...p Syntax show port dot1v ports portlist Description Display the VLAN to be associated with untagged packet ingressed from a port based on the protocol group Parameters portlist Specifies a range of ports to be displayed If not specified information for all ports will be displayed Restrictions None Example usage The example display the protocol VLAN information for ports 1 2 DES 3800 admin show por...

Page 121: ...with default VLAN Parameters None Restrictions Only Administrator or Operator level users can issue this command Example usage To enable the enable the auto assignment of pvid DES 3800 admin enable pvid auto_assign Command enable pvid auto_assign Success DES 3800 admin disable pvid auto_assign Purpose Used to disable auto assignment of pvid Syntax disable pvid auto_assign Description This command ...

Page 122: ...sign Purpose Used to display the PVID auto assignment state Syntax show pvid auto_assign Description This command is used to display the PVID auto assignment state Parameters None Restrictions None DES 3800 admin show pvid auto_assign Command show pvid auto_assign Auto assign pvid enabled DES 3800 admin ...

Page 123: ...rs value Specifies the group ID The Switch allows up to 32 link aggregation groups to be configured The group number identifies each of the groups type Specify the type of link aggregation used for the group If the type is not specified the default type is static lacp This designates the port group as LACP compliant LACP allows dynamic adjustment to the aggregated port group LACP compliant ports m...

Page 124: ...ation group that was created with the create link_aggregation command above The DES 3800 supports link aggregation cross box which specifies that link aggregation groups may be spread over multiple switches in the switching stack Parameters group _id value 32 Specifies the group ID The Switch allows up to 32 link aggregation groups to be configured The group number identifies each of the groups ma...

Page 125: ...itch should examine the MAC source address mac_destination Indicates that the Switch should examine the MAC destination address mac_source_dest Indicates that the Switch should examine the MAC source and destination addresses ip_source Indicates that the Switch should examine the IP source address ip_destination Indicates that the Switch should examine the IP destination address ip_source_dest Ind...

Page 126: ...arameters value 1 32 Specifies the group ID The Switch allows up to 32 link aggregation groups to be configured The group number identifies each of the groups algorithm Allows you to specify the display of link aggregation by the algorithm in use by that group Restrictions None Example usage To display Link Aggregation configuration DES 3800 admin show link_aggregation Command show link_aggregatio...

Page 127: ...6711450 leave_timer sec 0 16711450 state enable disable fast_leave enable disable Description This command allows users to configure IGMP snooping on the Switch Parameters vlan_name 32 The name of the VLAN for which IGMP snooping is to be configured host_timeout sec 1 16711450 Specifies the maximum amount of time a host can be a member of a multicast group without the Switch receiving a host membe...

Page 128: ...hich IGMP snooping querier is to be configured query_interval sec 1 65535 Specifies the amount of time in seconds between general query transmissions The default setting is 125 seconds max_response_time sec 1 25 Specifies the maximum time in seconds to wait for reports from members The default setting is 10 seconds robustness_variable value 1 255 Provides fine tuning to allow for expected packet l...

Page 129: ...terval 125 state enable Command config igmp_snooping querier default query_interval 125 state enable Success DES 3800 admin config router_ports Purpose Used to configure ports as router ports Syntax config router_ports vlan_name 32 add delete portlist Description This command allows designation of a range of ports as being connected to multicast enabled routers This will ensure that all packets wi...

Page 130: ...n the Switch DES 3800 admin enable igmp_snooping Command enable igmp_snooping Success DES 3800 admin disable igmp_snooping Purpose Used to disable IGMP snooping on the Switch Syntax disable igmp_snooping forward_mcrouter_only Description This command disables IGMP snooping on the Switch IGMP snooping can be disabled only if IP multicast routing is not being used Disabling IGMP snooping allows all ...

Page 131: ...of the VLAN for which to view the IGMP snooping configuration Restrictions None Example usage To show IGMP snooping DES 3800 admin show igmp_snooping Command show igmp_snooping IGMP Snooping Global State Disabled Multicast router Only Disabled VLAN Name default Query Interval 125 Max Response Time 10 Robustness Value 2 Last Member Query Interval 1 Host Timeout 260 Route Timeout 260 Leave Timer 2 Q...

Page 132: ...tion information Restrictions None Example usage To show IGMP snooping group DES 3800 admin show igmp_snooping group Command show igmp_snooping group VLAN Name default Multicast group 224 0 0 2 MAC address 01 00 5E 00 00 02 Reports 1 Port Member 2 5 VLAN Name default Multicast group 224 0 0 9 MAC address 01 00 5E 00 00 09 Reports 1 Port Member 6 8 VLAN Name default Multicast group 234 5 6 7 MAC ad...

Page 133: ...outer_ports vlan vlan_name 32 static dynamic Description This command will display the router ports currently configured on the Switch Parameters vlan_name 32 The name of the VLAN on which the router port resides static Displays router ports that have been statically configured dynamic Displays router ports that have been dynamically configured Restrictions None Example Usage To display the router...

Page 134: ... IGMP snooping forwarding table entries currently configured on the Switch Parameters vlan_name 32 The name of the VLAN for which to view IGMP snooping forwarding table information Restrictions None Example usage To view the IGMP snooping forwarding table for VLAN Trinity DES 3800 admin show igmp_snooping forwarding vlan Trinity Command show igmp_snooping forwarding vlan Trinity VLAN Name Trinity ...

Page 135: ..._unauth auto force_auth quiet_period sec 0 65535 tx_period sec 1 65535 supp_timeout sec 1 65535 server_timeout sec 1 65535 max_req value 1 10 reauth_period sec 1 65535 enable_reauth enable disable config 802 1x init port_based ports portlist all mac_based ports portlist all mac_address macaddr config 802 1x auth_mode port_based mac_based config 802 1x reauth port_based ports portlist all mac_based...

Page 136: ...sue this command Example usage To enable 802 1x switch wide DES 3800 admin enable 802 1x Command enable 802 1x Success DES 3800 admin disable 802 1x Purpose Used to disable the 802 1x server on the Switch Syntax disable 802 1x Description The disable 802 1x command is used to disable the 802 1x Network Access control server application on the Switch To select between port based or MAC based use th...

Page 137: ...d None AdminCtlDir Both In Shows whether a controlled Port that is unauthorized will exert control over communication in both receiving and transmitting directions or just the receiving direction OpenCtlDir Both In Shows whether a controlled Port that is unauthorized will exert control over communication in both receiving and transmitting directions or just the receiving direction Port Control For...

Page 138: ...2 1x Port based or MAC based Network Access Control server application on the Switch Parameters ports portlist Specifies a port or range of ports to be viewed The following details what is displayed Port number Shows the physical port number on the Switch Auth PAE State Initialize Disconnected Connecting Authenticating Authenticated Held ForceAuth ForceUnauth Shows the current state of the Authent...

Page 139: ...Entry a All Example usage To display the 802 1x auth state for MAC based 802 1x DES 3800 admin show 802 1x auth_state Command show 802 1x auth_state Port number 1 Index MAC Address Auth PAE State Backend State Port Status 1 00 08 02 4E DA FA Authenticated Idle Authorized 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 CTRL C ESC q Quit SPACE n Next Page Enter Next Entry a All config 802 1x auth_mode Purpose ...

Page 140: ...mmand has four capabilities that can be set for each port Authenticator Supplicant Authenticator and Supplicant and None Parameters portlist Specifies a port or range of ports to be configured all Specifies all of the ports on the Switch authenticator A user must pass the authentication process to gain access to the network none The port is not controlled by the 802 1x functions Restrictions Only ...

Page 141: ... the following authentication options force_auth Forces the Authenticator for the port to become authorized Network access is allowed auto Allows the port s status to reflect the outcome of the authentication process force_unauth Forces the Authenticator for the port to become unauthorized Network access will be blocked quiet_period sec 0 65535 Configures the time interval between authentication f...

Page 142: ...addr Enter the MAC address to be initialized Restrictions Only Administrator or Operator level users can issue this command Example usage To initialize the authentication state machine of all ports DES 3800 admin config 802 1x init port_based ports all Command config 802 1x init port_based ports all Success DES 3800 admin config 802 1x reauth Purpose Used to configure the 802 1x re authentication ...

Page 143: ...Parameters server_index 1 3 Assigns a number to the current set of RADIUS server settings Up to 3 groups of RADIUS server settings can be entered on the Switch server_ip The IP address of the RADIUS server key Specifies that a password and encryption key will be used between the Switch and the RADIUS server passwd 32 The shared secret key used by the RADIUS server and the Switch Up to 32 character...

Page 144: ...ddress server_ip key passwd 32 auth_port udp_port_number 1 65535 acct_port udp_port_number 1 65535 Description The config radius command is used to configure the Switch s RADIUS settings Parameters server_index 1 3 Assigns a number to the current set of RADIUS server settings Up to 3 groups of RADIUS server settings can be entered on the Switch ipaddress server_ip The IP address of the RADIUS serv...

Page 145: ...uest_vlan vlan_name 32 Description The create 802 1x guest_vlan command is used to configure a pre defined VLAN as a 802 1x Guest VLAN Guest 802 1X VLAN clients are those who have not been authorized for 802 1x or they haven t yet installed the necessary 802 1x software yet would still like limited access rights on the Switch Parameters vlan_name 32 Enter an alphanumeric string of no more than 32 ...

Page 146: ...te changes from an enabled state to a disabled state these ports will return to the default VLAN Example usage To configure the ports for a previously created 802 1x Guest VLAN as enabled DES 3800 admin config 802 1x guest_vlan ports 1 5 state enable Command config 802 1x guest_vlan ports 1 5 state enable Success DES 3800 admin show 802 1x guest_vlan Purpose Used to view the configurations for a 8...

Page 147: ...those who have not been authorized for 802 1x or they haven t yet installed the necessary 802 1x software yet would still like limited access rights on the Switch Parameters vlan_name 32 Enter the VLAN name of the Guest 802 1x VLAN to be deleted Restrictions Only Administrator or Operator level users can issue this command This VLAN is only supported for port based 802 1x and must have already bee...

Page 148: ...dscp value 0 63 icmp type value 0 255 code value 0 255 igmp type value 0 255 tcp src_port value 0 65535 dst_port value 0 65535 flag_mask all urg ack psh rst syn fin udp src_port value 0 65535 dst_port value 0 65535 protocol_id value 0 255 user_define hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff packet_content_mask offset_0 15 hex 0x0 0xffffffff hex...

Page 149: ...ffset_64 79 hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff permit deny delete access_id value 1 65535 enable cpu interface_filtering disable cpu_interface_filtering show cpu_interface_filtering show cpu access_profile profile_id value 1 5 access_id value 1 65535 Access profiles allow you to establish criteria to determine whether or not the Switch will forward packets ...

Page 150: ...o be better understood by the user and therefore simpler for the user to configure The beginning of this section displays the create access_profile and config access_profile commands in their entirety The following table divides these commands up into the defining features necessary to properly configure the access profile Remember these are not the total commands but the easiest way to implement ...

Page 151: ... 200 rules for ports 17 to 24 Up to 100 rules may be configured for each Gigabit Ethernet port The tabled below provide a summary of the maximum ACL profile rule limits DES 3828 DES 3828DC DES 3828P DES 3852 Port Numbers Maximum ACL Profile Rules per Port Group 1 8 200 9 16 200 17 24 200 25 32 200 33 40 200 41 48 200 49 Gigabit 100 50 Gigabit 100 51 Gigabit 100 52 Gigabit 100 Total Rules 800 Port ...

Page 152: ...macmask Specifies a MAC address mask for the destination MAC address in the following format 000000000000 FFFFFFFFFFFF 802 1p Specifies that the Switch will examine the 802 1p priority value in the frame s header ethernet_type Specifies that the Switch will examine the Ethernet type value in each frame s header profile_id value 1 255 Specifies an index number between 1 and 255 that will identify t...

Page 153: ... packets with this 802 1p priority value ethernet_type hex 0x0 0xffff Specifies that the access profile will apply only to packets with this hexadecimal 802 1Q Ethernet type value in the packet header port portlist The access profile for Ethernet may be defined for each port on the Switch by entering a port or range of ports here Up to 65535 rules may be configured for each port permit Specifies t...

Page 154: ...ort_mask hex 0x0 0xffff flag_mask all urg ack psh rst syn fin udp src_port_mask hex 0x0 0xffff dst_port_mask hex 0x0 xffff protocol_id_mask user_define_mask hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff profile_id value 1 255 Description This command will allow the user to create a profile for packets that may be accepted denied or mirrored by the S...

Page 155: ...ach frame s Protocol ID field user_define_mask hex 0x0 0xfffffff Enter a hexidecimal value that will identify the protocol to be discovered in the packet header profile_id value 1 255 Specifies an index number between 1 and 255 that will identify the access profile being created with this command Restrictions Only Administrator or Operator level users can issue this command Example usage To config...

Page 156: ...ies that the access profile will apply to only packets with this destination IP address dscp value 0 63 Specifies that the access profile will apply only to packets that have this value in their Type of Service DiffServ code point DSCP field in their IP packet header icmp Specifies that the Switch will examine the Internet Control Message Protocol ICMP field within each packet type value 0 255 Spe...

Page 157: ...llows you to specify a value to be written to the DSCP field of an incoming packet that meets the criteria specified in the first part of the command This value will over write the value in the DSCP field of the packet deny Specifies that packets that match the access profile are not permitted to be forwarded by the Switch and will be filtered mirror Selecting mirror specifies that packets that ma...

Page 158: ... from byte 48 to byte 63 offset_64 79 Enter a value in hex form to mask the packet from byte 64 to byte 79 With this advanced unique Packet Content Mask also known as Packet Content Access Control List ACL D Link xStack switch family can effectively mitigate some network attacks like the common ARP Spoofing attack widely spreading today This is for the reason that Packet Content ACL is able to ins...

Page 159: ...sk the packet header beginning with the offset value specified as follows offset_0 15 Enter a value in hex form to mask the packet from the beginning of the packet to the 15th byte offset_16 31 Enter a value in hex form to mask the packet from byte 16 to byte 31 offset_32 47 Enter a value in hex form to mask the packet from byte 32 to byte 47 offset_48 63 Enter a value in hex form to mask the pack...

Page 160: ...ontent access profile Restrictions Only Administrator or Operator level users can issue this command Example usage To create an access profile by packet content mask DES 3800 admin config access_profile profile_id 3 add access_id 1 packet_content offset_0 15 0x11111111 0x11111111 0x11111111 0x11111111 offset_16 31 0x11111111 0x11111111 0x11111111 0x11111111 port 1 deny Command config access_profil...

Page 161: ... profile being created with this command ipv6 Denotes that IPv6 packets will be examined by the Switch for forwarding or filtering based on the rules configured in the config access_profile command for IPv6 IPv6 packets may be identified by the following class Entering this parameter will instruct the Switch to examine the class field of the IPv6 header This class field is a part of the packet hea...

Page 162: ... access profile when it is created with the create access_profile command The lower the profile ID the higher the priority the rule will be given add access_id value 1 65535 Adds an additional rule to the above specified access profile The value specifies the relative priority of the additional rule Up to 65535 different rules may be configured for the IPv6 access profile ipv6 Specifies that the S...

Page 163: ...er this parameter to re write the 802 1p default priority of a packet to the value entered in the Priority field which meets the criteria specified previously in this command before forwarding it on to the specified CoS queue Otherwise a packet will have its incoming 802 1p user priority re written to its original value before being forwarded by the Switch deny Specifies that packets that match th...

Page 164: ...file ID of 1 DES 3800 admin delete access_profile profile_id 1 Command delete access_profile profile_id 1 Success DES 3800 admin show access_profile Purpose Used to display the currently configured access profiles on the Switch Syntax show access_profile profile_id value 1 255 Description The show access_profile command is used to display the currently configured access profiles Parameters profile...

Page 165: ... 0 15 0xFFFFFFFF 0xFFFFFFFF 0xFFFFFFFF 0xFFFFFFFF Offset 16 31 0x0000FFFF 0xFFFF0000 0x0000000F 0x0F000000 Access ID 1 Mode Deny Owner ACL Port 10 Access Profile ID 10 TYPE IPV6 Owner ACL Masks Class Flow Label Source IPv6 FFFF FFFF Dst Ipv6 Mask FFFF FFFF Access ID 1 Mode Permit Owner ACL Port 10 100 0x1234 1122 3344 5566 7788 ACL Free System 796 Port 1 8 200 Port 9 16 196 Port 17 24 200 Port 25 ...

Page 166: ...5 access_id value 1 65535 rate value 0 999936 rate_exceed drop set_drop_precedence Description This command is used to configure the flow based metering function users may set the preferred bandwidth for this rule in Kbps and once the bandwidth has been exceeded overflow packets will be either dropped or be set for a drop precedence depending on user configuration The set_drop_precedence function ...

Page 167: ... rate_exceed drop Success DES 3800 admin show flow_meter Purpose Used to display the flow based metering configuration Syntax show flow_meter profile_id value 1 255 access_id access_id Description This command displays the flow meter configuration Parameters Profile_id Specifies the profile_ID access_id Specifies the access_ID Restrictions None Example usage To display the flow meter DES 3800 admi...

Page 168: ...config traffic_segmentation command is used to configure traffic segmentation on the Switch Parameters portlist Specifies a port or range of ports that will be configured for traffic segmentation forward_list Specifies a range of ports that will receive forwarded frames from the ports specified in the portlist above null No ports are specified portlist Specifies a range of ports for the forwarding...

Page 169: ...ge of ports for which the current traffic segmentation configuration on the Switch will be displayed Restrictions None The port lists for segmentation and the forward list must be on the same Switch Example usage To display the current traffic segmentation configuration on the Switch DES 3800 admin show traffic_segmentation Command show traffic_segmentation Traffic Segmentation Table Port Forward ...

Page 170: ...n appropriate command will list all the corresponding parameters for the specified command along with a brief description of the commands function and similar commands having the same words in the command Restrictions None Example usage To display all of the commands in the CLI DES 3800 admin clear clear arptable clear counters clear fdb clear log clear port_security_entry port config 802 1p defau...

Page 171: ...isplay all commands in the Command Line Interface CLI Syntax dir Description This command will display all of the commands available through the Command Line Interface CLI Parameters None Restrictions None Example usage To display all commands DES 3800 admin dir clear clear arptable clear counters clear fdb clear log clear port_security_entry port config 802 1p default_priority config 802 1p user_...

Page 172: ...mmands may be viewed Restrictions Only Administrator level users can issue this command Example usage To configure the command history DES 3800 admin config command_history 20 Command config command_history 20 Success DES 3800 admin show command_history Purpose Used to display the command history Syntax show command_history Description This command will display the command history Parameters None ...

Page 173: ...roblems may include The Switch may use extra resources to process packets for multiple IP interfaces The amount of broadcast data such as RIP update packets and PIM hello packets will be increased The IP interface commands in the Command Line Interface CLI are listed along with the appropriate parameters in the following table Each command is listed in detail in the following sections Command Para...

Page 174: ...Trinity DES 3800 admin create ipif p1 1 ipaddress 12 1 1 1 Trinity secondary state enable Command create ipif p1 1 ipaddress 12 1 1 1 Trinity secondary state enable Success DES 3800 admin config ipif Purpose Used to configure an IP interface set on the Switch Syntax config ipif ipif_name 12 ipaddress network_address vlan vlan_name 32 state enable disable proxy_arp enable disable bootp dhcp Descrip...

Page 175: ...s 10 48 74 122 8 Command config ipif System ipaddress 10 48 74 122 8 Success DES 3800 admin enable ipif Purpose Used to enable an IP interface on the Switch Syntax enable ipif ipif_name 12 all Description This command will enable the IP interface function on the Switch Parameters ipif_name 12 The name of a previously configured IP interface to enable Enter an alphanumeric entry of up to twelve cha...

Page 176: ...e on the Switch Parameters ipif_name 12 The name of the IP interface to delete all Entering this parameter will delete all the IP interfaces currently configured on the Switch Restrictions Only Administrator or Operator level users can issue this command Example usage To delete the IP interface named s2 interface named s2 DES 3800 admin delete ipif s2 Command delete ipif s2 Success DES 3800 admin ...

Page 177: ...122 MANUAL Subnet Mask 255 0 0 0 VLAN Name default Admin State Enabled Proxy ARP Disabled Link Status Link UP Member Ports 1 28 Total Entries 1 DES 3800 admin NOTE In the IP Interface Settings table shown above the Secondary field will have two displays FALSE denotes that the IP interface is a primary IP interface while TRUE denotes a secondary IP interface 173 ...

Page 178: ...ry Purpose Used to make a static entry into the ARP table Syntax create arpentry ipaddr macaddr Description This command is used to enter an IP address and the corresponding MAC address into the Switch s ARP table Parameters ipaddr The IP address of the end node or station macaddr The MAC address corresponding to the IP address above Restrictions Only Administrator or Operator level users can issu...

Page 179: ... 10 48 74 12 and MAC address 00 50 BA 00 07 36 DES 3800 admin config arpentry 10 48 74 12 00 50 BA 00 07 36 Command config arpentry 10 48 74 12 00 50 BA 00 07 36 Success DES 3800 admin delete arpentry Purpose Used to delete a static entry into the ARP table Syntax delete arpentry ipaddr all Description This command is used to delete a static ARP entry made using the create arpentry command above b...

Page 180: ...me 30 Command config arp_aging time 30 Success DES 3800 admin show arpentry Purpose Used to display the ARP table Syntax show arpentry ipif ipif_name 12 ipaddress ipaddr static Description This command is used to display the current contents of the Switch s ARP table Parameters ipif ipif_name 12 The name of the IP interface the end node or station for which the ARP table entry was made resides on ...

Page 181: ...able Description This command is used to remove dynamic ARP table entries from the Switch s ARP table Static ARP table entries are not affected Parameters None Restrictions Only Administrator or Operator level users can issue this command Example usage To remove dynamic entries in the ARP table DES 3800 admin clear arptable Command clear arptable Success DES 3800 admin ...

Page 182: ...itch s IP routing table Parameters network_address IP address and netmask of the IP interface that is the destination of the route The address and mask information can be specified using the traditional format for example 10 1 2 3 255 0 0 0 or in CIDR format 10 1 2 3 8 ipaddr The gateway IP address for the next hop router metric 1 65535 Allows the entry of a routing protocol metric entry represent...

Page 183: ...ntries cannot have the same Gateway Restrictions Only Administrator or Operator level users can issue this command Example usage To delete a backup static address 10 48 75 121 mask 255 0 0 0 and gateway ipaddr entry of 10 1 1 254 from the routing table DES 3800 admin delete iproute 10 48 74 121 8 10 1 1 254 Command delete iproute 10 48 74 121 8 10 1 1 254 Success DES 3800 admin show iproute Purpos...

Page 184: ...fig iproute ospf ecmp Purpose Used to control the OSPF ECMP function Syntax config iproute ospf ecmp Description This command is used to enable or disable the ECMP function Parameters enable Enables ECMP disable Disables ECMP Restrictions Only Administrator or Operator level users can issue this command Example usage To config the iproute ospf ecmp command DES 3800 admin config iproute ospf ecmp e...

Page 185: ...ribute dst ospf src static rip local mettype 1 2 metric value 0 16777214 Description This command will redistribute routing information between the OSPF and RIP routing protocols to all routers on the network that are running OSPF or RIP Routing information entered into the Static Routing Table on the local xStack switch is also redistributed Parameters src static rip local Allows for the selectio...

Page 186: ...the Static Routing Table on the local xStack switch is also redistributed Parameters src Allows the selection of the protocol of the source device as being either local static or OSPF After selecting the source device the user may set the following parameters for that source device from the following options all Specifies both internal an external internal Specifies the internal protocol of the so...

Page 187: ...te dst ospf src static rip local mettype 1 2 metric value 0 16777214 Description Route redistribution allows routers on the network that are running different routing protocols to exchange routing information This is accomplished by comparing the routes stored in the various router s routing tables and assigning appropriate metrics This information is then exchanged among the various routers accor...

Page 188: ...1 inter e2 metric value 0 16 Description Route redistribution allows routers on the network that are running different routing protocols to exchange routing information This is accomplished by comparing the routes stored in the various router s routing tables and assigning appropriate metrics This information is then exchanged among the various routers according to the individual routers current r...

Page 189: ...f src rip mettype type_1 metric 2 Success DES 3800 admin delete route redistribute Purpose Used to delete an existing route redistribute configuration on the Switch Syntax delete route redistribute dst rip ospf src rip static local ospf Description This command will delete the route redistribution settings on this switch Parameters dst rip ospf Allows the selection of the protocol on the destinati...

Page 190: ...ers src rip static local ospf Allows the selection of the routing protocol on the source device The user may choose between RIP static local or OSPF dst rip ospf Allows the selection of the routing protocol on the destination device The user may choose between RIP and OSPF Restrictions None Example usage To display route redistributions DES 3800 admin show route redistribute Command show route red...

Page 191: ...nterface all To configure all RIP receiving mode for all IP interfaces authentication enable disable Enables or disables authentication for RIP on the Switch password 16 Allows the specification of a case sensitive password tx_mode Determines how received RIP packets will be interpreted as RIP version V1 only V2 Only or V1 Compatible V1 and V2 This entry specifies which version of the RIP protocol...

Page 192: ... System rx_mode v1_only Success DES 3800 admin enable rip Purpose Used to enable RIP Syntax enable rip Description This command is used to enable RIP on the Switch Parameters None Restrictions Only Administrator or Operator level users can issue this command Example usage To enable RIP DES 3800 admin enable rip Command enable rip Success DES 3800 admin disable rip Purpose Used to disable RIP Synta...

Page 193: ...pires the route is marked invalid but is retained until the garbage collection timer expires The default value is 180 garbage_collect_interval The garbage collection interval in seconds for the garbage collection timer When the timeout timer for a route entry expires this route entry has a garbage collection timer associated with it When the garbage collection timer expires this route is deleted T...

Page 194: ...ctions None Example usage To display RIP configuration DES 3800 admin show rip Command show rip RIP Global State Disabled Update Interval 30 seconds Timeout Interval 180 seconds Garbage collection Interval 120 seconds RIP Interface Settings Interface IP Address Netmask TX Mode RX Mode Authen State State tication System 10 41 44 33 8 V2 Only V1 or V2 Disabled Disabled Total Entries 1 DES 3800 admin...

Page 195: ...nts of IGMPv3 over version 2 include The introduction of the SSM or Source Specific Multicast In previous versions of IGMP the host would receive all packets sent to the multicast group Now a host will receive packets only from a specific source or sources This is done through the implementation of include and exclude filters used to accept or deny traffic from these specific sources In IGMPv2 Mem...

Page 196: ...neral query transmissions in seconds max_response_time sec 1 25 Enter the maximum time in seconds that the Switch will wait for reports from members robustness_variable value 1 255 This value states the permitted packet loss that guarantees IGMP last_member_query_interval value 1 25 The Max Response Time inserted into Group Specific Queries and Group and Source specific queries sent in response to...

Page 197: ...d the command will display the IGMP configuration for that IP interface Parameters ipif_name 12 The name of the IP interface for which the IGMP configuration will be displayed Restrictions None Example usage To display IGMP configurations DES 3800 admin show igmp Command show igmp IGMP Interface Configurations QI Query Interval MRT Maximum Response Time RV Robustness Value LMQI Last Member Query I...

Page 198: ...o be displayed ipif_name 12 The name of the IP interface of which the IGMP group is a member Restrictions None Example usage To display IGMP group table DES 3800 admin show igmp group Command show igmp group Interface Multicast Group Last Reporter IP Querier IP Expire System 224 0 0 2 10 42 73 111 10 48 74 122 260 System 224 0 0 9 10 20 53 1 10 48 74 122 260 System 224 0 1 24 10 18 1 3 10 48 74 12...

Page 199: ...ax enable autoconfig Description When this function is enabled the system ip interface will be changed to DHCP mode immediately After rebooting the system it will try to get the configuration file from the TFTP server whose information is configured in the DHCP server When the system gets the configuration file from the TFTP server it will apply the configuration to the system If the system fails ...

Page 200: ...Administrator or Operator level users can issue this command Example usage To disable autoconfig DES 3800 admin disable autoconfig Command disable autoconfig Success DES 3800 admin show autoconfig Purpose Shows the auto configuration settings Syntax show autoconfig Description Shows the current auto config setting Parameters None Restrictions Only Administrator or Operator level users can issue th...

Page 201: ...NS relay function on the Switch Parameters primary Indicates that the IP address below is the address of the primary DNS server secondary Indicates that the IP address below is the address of the secondary DNS server nameserver ipaddr The IP address of the DNS nameserver add delete Indicates whether to add or delete the DNS relay function domain_name 32 The domain name of the entry ipaddr The IP a...

Page 202: ...lay on the Switch Parameters cache This parameter will allow the user to enable the cache lookup for the DNS rely on the Switch static This parameter will allow the user to enable the static table lookup for the DNS rely on the Switch Restrictions Only Administrator or Operator level users can issue this command Example usage To enable status of DNS relay DES 3800 admin enable dnsr Command enable ...

Page 203: ...lay on the Switch static This parameter will allow the user to disable the static table lookup for the DNS relay on the Switch Restrictions Only Administrator or Operator level users can issue this command Example usage To disable status of DNS relay DES 3800 admin disable dnsr Command disable dnsr Success DES 3800 admin Example usage To disable cache lookup for DNS relay DES 3800 admin disable dn...

Page 204: ...static entries into the DNS relay table If this parameter is omitted the entire DNS relay table will be displayed Restrictions None Example usage To display DNS relay status DES 3800 admin show dnsr Command show dnsr DNSR Status Disabled Primary Name Server 0 0 0 0 Secondary Name Server 0 0 0 0 DNSR Cache Status Disabled DNSR Static Cache Table Status Disabled DNS Relay Static Table Domain Name IP...

Page 205: ...for which DVMRP is to be configured all Specifies that DVMRP is to be configured for all IP interfaces on the Switch metric value 1 31 Allows the assignment of a DVMRP route cost to the above IP interface A DVMRP route cost is a relative number that represents the real cost of using this route in the construction of a multicast delivery tree It is similar to but not defined as the hop count in RIP...

Page 206: ...mand below is used to enable and disable DVMRP on the Switch Parameters None Restrictions Only Administrator or Operator level users can issue this command Example usage To enable DVMRP DES 3800 admin enable dvmrp Command enable dvmrp Success DES 3800 admin disable dvmrp Purpose Used to disable DVMRP Syntax disable dvmrp Description This command is used in combination with the enable dvmrp command...

Page 207: ...vmrp routing_table DVMRP Routing Table Source Address Netmask Upstream Neighbor Metric Learned Interface Expire 10 0 0 0 8 10 90 90 90 2 Local System 20 0 0 0 8 20 1 1 1 2 Local ip2 117 30 0 0 0 8 30 1 1 1 2 Dynamic ip3 106 Total Entries 3 DES 3800 admin show dvmrp neighbor Purpose Used to display the DVMRP neighbor table Syntax show dvmrp neighbor ipif ipif_name 12 ipaddress network_address Descr...

Page 208: ...P routing next hop table Parameters ipif_name 12 The name of the IP interface for which to display the current DVMRP routing next hop table ipaddress network_address The IP address and netmask of the destination The address and mask information can be specified using the traditional format for example 10 1 2 3 255 0 0 0 or in CIDR format 10 1 2 3 8 Restrictions None Example usage To display DVMRP ...

Page 209: ...current DVMRP routing table Parameters ipif_name 12 This parameter will allow the user to display DVMRP settings for a specific IP interface Restrictions None Example usage To show DVMRP configurations DES 3800 admin show dvmrp Command show dvmrp DVMRP Global State Disabled Interface IP Address Neighbor Timeout Probe Metric State System 10 90 90 90 8 35 10 1 Disabled Trinity 12 1 1 1 8 35 10 1 Ena...

Page 210: ...w ipmc cache group group ipaddress network_address Description This command will display the current IP multicast forwarding cache Parameters group group The multicast group IP address ipaddress network_address The IP address and netmask of the source The address and mask information can be specified using the traditional format for example 10 1 2 3 255 0 0 0 or in CIDR format 10 1 2 3 8 Restricti...

Page 211: ...play only those entries that are related to the DVMRP protocol pim Specifying this parameter will display only those entries that are related to the PIM protocol Restrictions None Usage example To display the current IP multicast interface table by DVMRP entry DES 3800 admin show ipmc protocol dvmrp Command show ipmc protocol dvmrp Interface Name IP Address Multicast Routing System 10 90 90 90 DVM...

Page 212: ...5 Dynamic v101 100 0 1 100 21 Dynamic v101 100 0 1 101 21 Dynamic v102 100 0 2 101 21 Dynamic v103 100 0 3 100 21 Dynamic v103 100 0 3 101 21 Dynamic v104 100 0 4 100 21 Dynamic v104 100 0 4 101 21 Dynamic v105 100 0 5 100 21 Dynamic v105 100 0 5 101 21 Dynamic v106 100 0 6 100 21 Dynamic v106 100 0 6 101 21 Dynamic v107 100 0 7 100 21 Dynamic v107 100 0 7 101 21 Dynamic v108 100 0 8 100 21 Dynami...

Page 213: ...ID The user may enter a key ranging from 1 to 255 password An MD5 password of up to 16 bytes Restrictions Only Administrator or Operator level users can issue this command Usage example To create an entry in the MD5 key table DES 3800 admin create md5 key 1 dlink Command create md5 key 1 dlink Success DES 3800 admin config md5 key Purpose Used to enter configure the password for an MD5 key Syntax ...

Page 214: ...and Usage example To delete an entry in the MD5 key table DES 3800 admin delete md5 key 1 Command delete md5 key 1 Success DES 3800 admin show md5 Purpose Used to display an MD5 key table Syntax show md5 key key_id 1 255 Description This command will display the current MD5 key table Parameters key_id 1 255 The MD5 key ID to be displayed Restrictions Only Administrator or Operator level users can ...

Page 215: ..._address lsdb_type summary config ospf aggregation area_id network_address lsdb_type summary advertise enable disable show ospf aggregation area_id show ospf lsdb area area_id advertise_router ipaddr type rtrlink netlink summary assummary asextlink show ospf neighbor ipaddr show ospf virtual_neighbor area_id neighbor_id config ospf ipif ipif ipif_name 12 all area area_id priority value hello_inter...

Page 216: ... 74 122 Success DES 3800 admin enable ospf Purpose Used to enable OSPF on the Switch Syntax enable ospf Description This command in combination with the disable ospf command below is used to enable and disable OSPF on the Switch Parameters None Restrictions Only Administrator or Operator level users can issue this command Usage example To enable OSPF on the Switch DES 3800 admin enable ospf Comman...

Page 217: ...Area Aggregation settings OSPF Host Route settings Parameters None Restrictions None Usage example To show OSPF state DES 3800 admin show ospf Command show ospf OSPF Router ID 10 1 1 2 State Enabled Default Information Originate Enabled Not Always Metric Type 1 Metric Value 20 OSPF Interface Settings Interface IP Address Netmask Area ID State Link Metric Status System 10 90 90 90 8 0 0 0 0 Disable...

Page 218: ...metric value 0 65535 Description This command is used to create an OSPF area and configure its settings Parameters area_id The OSPF area ID The user may enter a 32 bit number in the form of an IP address xxx xxx xxx xxx that uniquely identifies the OSPF area in the OSPF domain type normal stub The OSPF area mode of operation stub or normal stub_summary enable disable Enables or disables the OSPF a...

Page 219: ...metric value 0 65535 Description This command is used to configure an OSPF area s settings Parameters area_id The OSPF area ID The user may enter a 32 bit number in the form of an IP address xxx xxx xxx xxx that uniquely identifies the OSPF area in the OSPF domain type normal stub Allows the specification of the OSPF mode of operation stub or normal stub_summary enable disable Allows the OSPF area...

Page 220: ... Syntax create ospf host_route ipaddr area area_id metric value 1 65535 Description This command is used to configure the OSPF host route settings Parameters ipaddr The host s IP address area_id A 32 bit number in the form of an IP address xxx xxx xxx xxx that uniquely identifies the OSPF area in the OSPF domain metric value 1 65535 A metric between 1 and 65535 which will be advertised Restriction...

Page 221: ...a_id A 32 bit number in the form of an IP address xxx xxx xxx xxx that uniquely identifies the OSPF area in the OSPF domain value A metric between 1 and 65535 that will be advertised for the route Restrictions Only Administrator or Operator level users can issue this command Usage example To configure an OSPF host route DES 3800 admin config ospf host_route 10 48 74 122 area 10 1 1 1 metric 2 Comm...

Page 222: ...strator or Operator level users can issue this command Usage example To create an OSPF area aggregation DES 3800 admin create ospf aggregation 10 1 1 1 10 48 76 122 16 lsdb_type summary advertise enable Command create ospf aggregation 10 1 1 1 10 48 76 122 16 lsdb_type summary advertise enable Success DES 3800 admin delete ospf aggregation Purpose Used to delete an OSPF area aggregation configurat...

Page 223: ... to the OSPF Area lsdb_type summary Specifies the type of address aggregation advertise enable disable Allows for the advertisement trigger to be enabled or disabled Restrictions Only Administrator or Operator level users can issue this command Usage example To configure the OSPF area aggregation settings DES 3800 admin config ospf aggregation 10 1 1 1 10 48 76 122 16 lsdb_type summary advertise e...

Page 224: ... The type of link Restrictions None NOTE When this command displays a a star symbol in the OSPF LSDB table for the area_id or the Cost this is interpreted as no area ID for external LSAs and as no cost given for the advertised link Usage example To display the link state database of OSPF DES 3800 admin show ospf lsdb Command show ospf lsdb Area LSDB Advertising Link State Cost Sequence ID Type Rou...

Page 225: ...ber in the form of an IP address xxx xxx xxx xxx that uniquely identifies the OSPF area in the OSPF domain neighbor_id The OSPF router ID for the neighbor This is a 32 bit number in the form of an IP address xxx xxx xxx xxx that uniquely identifies the remote area s Area Border Router Restrictions None Usage example To display the current OSPF virtual neighbor table DES 3800 admin show ospf virtua...

Page 226: ...terface metric 1 to 65535 Entering a 0 will allow automatic calculation of the metric authentication Enter the type of authentication preferred The user may choose between none Choosing this parameter will require no authentication simple password 8 Choosing this parameter will set a simple authentication which includes a case sensitive password of no more than 8 characters md5 key_id 1 255 Choosi...

Page 227: ...rval 40 Transmit Delay 1 Retransmit Time 5 Authentication None Total Entries 1 DES 3800 admin show ospf all Purpose Used to display the current OSPF settings of all the OSPF interfaces on the Switch Syntax show ospf all Description This command will display the current OSPF settings for all OSPF interfaces on the Switch Parameters None Restrictions Only Administrator or Operator level users can is...

Page 228: ...etween the transmission of OSPF Hello packets in seconds Between 1 and 65535 seconds can be specified The Hello Interval Dead Interval Authorization Type and Authorization Key should be the same for all routers on the same network dead_interval sec 1 65535 Allows the specification of the length of time between the receipt of Hello packets from a neighbor router before the selected area declares th...

Page 229: ... Interval Authorization Type and Authorization Key should be the same for all routers on the same network dead_interval sec 1 65535 Allows the specification of the length of time between the receipt of Hello packets from a neighbor router before the selected area declares that router down An interval between 1 and 65535 seconds can be specified The Dead Interval must be evenly divisible by the Hel...

Page 230: ...delete ospf virtual_link 10 1 12 20 1 1 1 Success DES 3800 admin show ospf virtual_link Purpose Used to display the current OSPF virtual interface configuration Syntax show ospf virtual_link area_id neighbor_id Description This command will display the current OSPF virtual interface configuration Parameters area_id A 32 bit number in the form of an IP address xxx xxx xxx xxx that uniquely identifi...

Page 231: ... enable If the advertising router already has a default route advertise it into OSPF Otherwise generate a default route and advertise it into OSPF disable The default route will only be advertised when the default route exists in the redistributed routes mettype Specifies the type of AS external route metric Specifies the cost of the default route to be advertised into OSPF The range is from 0 to ...

Page 232: ...e end_date 1 31 e_mth end_mth 1 12 e_time end_time hh mm offset 30 60 90 120 show time Each command is listed in detail in the following sections config sntp Purpose Used to setup SNTP service Syntax config sntp primary ipaddr secondary ipaddr poll interval int 30 99999 Description Use this command to configure SNTP service from an SNTP server SNTP must be enabled for this command to function See ...

Page 233: ...To display SNTP configuration information DES 3800 admin show sntp Command show sntp Current Time Source System Clock SNTP Disabled SNTP Primary Server 10 1 1 1 SNTP Secondary Server 10 1 1 2 SNTP Poll Interval 30 sec DES 3800 admin enable sntp Purpose To enable SNTP server support Syntax enable sntp Description This will enable SNTP support SNTP service must be separately configured see config sn...

Page 234: ...e settings Syntax config time date ddmmmyyyy time hh mm ss Description This will configure the system time and date settings These will be overridden if SNTP is configured and enabled Parameters date Express the date using two numerical characters for the day of the month three alphabetical characters for the name of the month and four numerical characters for the year For example 03aug2003 time E...

Page 235: ...or level users can issue this command Example usage To configure time zone settings DES 3800 admin config time_zone operator hour 2 min 30 Command config time_zone operator hour 2 min 30 Success DES 3800 admin config dst Purpose Used to enable and configure time adjustments to allow for the use of Daylight Savings Time DST Syntax config dst disable repeating s_week start_week 1 4 last s_day start_...

Page 236: ...figure the day of the week in which DST begins start_day sun sat The day of the week in which DST begins expressed using a three character abbreviation sun mon tue wed thu fri sat e_day Configure the day of the week in which DST ends end_day sun sat The day of the week in which DST ends expressed using a three character abbreviation sun mon tue wed thu fri sat s_mth Configure the month in which DS...

Page 237: ...splay the current time settings and status Syntax show time Description This will display system time and date configuration as well as display current system time Parameters None Restrictions None Example usage To show the time currently set on the Switch s System clock DES 3800 admin show time Command show time Current Time Source System Clock Boot Time 0 Days 00 00 00 Current Time 1 Days 01 39 ...

Page 238: ...le max_learning_addr max_lock_no 0 16 lock_address_mode Permanent DeleteOnTimeout DeleteOnReset Description This command allows for the configuration of the port security feature Only the ports listed in the portlist are affected Parameters portlist Specifies a port or range of ports to be configured all Configure port security for all ports on the Switch admin_state enable disable Enable or disab...

Page 239: ...ss previously learned by the port which the user wishes to delete port port Enter the port number which has learned the previously entered MAC address Restrictions Only Administrator or Operator level users can issue this command Example usage To delete a port security entry DES 3800 admin delete port_security_entry vlan_name default mac_address 00 01 30 10 2C C7 port 6 Command delete port_securit...

Page 240: ... ports 1 5 Command show port_security ports 1 5 Port Admin State Max Learning Addr Lock Address Mode 1 Disabled 1 DeleteOnReset 2 Disabled 1 DeleteOnReset 3 Disabled 1 DeleteOnReset 4 Disabled 1 DeleteOnReset 5 Disabled 1 DeleteOnReset CTRL C ESC q Quit SPACE n Next Page p Previous Page r Refresh enable port_security trap_log Purpose Used to enable the trap log for port security Syntax enable port...

Page 241: ...with the enable port_security trap_log will enable and disable the sending of log messages to the Switch s log and SNMP agent when the port security of the Switch has been triggered Parameters None Restrictions Only Administrator or Operator level users can issue this command Example usage To enable the port security trap log setting DES 3800 admin enable port_security trap_log Command enable port...

Page 242: ...table notification on the Switch Syntax enable mac_notification Description This command is used to enable MAC address notification without changing configuration Parameters None Restrictions Only Administrator or Operator level users can issue this command Example usage To enable MAC notification without changing basic configuration DES 3800 admin enable mac_notification Command enable mac_notifi...

Page 243: ...sage To configure the Switch s MAC address table notification global settings DES 3800 admin config mac_notification interval 1 historysize 500 Command config mac_notification interval 1 historysize 500 Success DES 3800 admin config mac_notification ports Purpose Used to configure MAC address notification status settings Syntax config mac_notification ports portlist all enable disable Description ...

Page 244: ...terval 1 History Size 1 DES 3800 admin show mac_notification ports Purpose Used to display the Switch s MAC address table notification status settings Syntax show mac_notification ports portlist Description This command is used to display the Switch s MAC address table notification status settings Parameters portlist Specify a port or group of ports to be viewed Entering this command without the p...

Page 245: ...t Ethernet Managed Switch CLI Manual 241 9 Disabled 10 Disabled 11 Disabled 12 Disabled 13 Disabled 14 Disabled 15 Disabled 16 Disabled 17 Disabled 18 Disabled 19 Disabled 20 Disabled CTRL C ESC q Quit SPACE n Next Page p Previous Page r Refresh ...

Page 246: ... the SSH Server 4 Finally enable SSH on the Switch using the enable ssh command After following the above steps you can configure an SSH Client on the remote PC and manage the Switch using secure in band communication The Secure Shell SSH commands in the Command Line Interface CLI are listed along with the appropriate parameters in the following table Command Parameters enable ssh disable ssh conf...

Page 247: ...e the SSH authentication mode for users attempting to access the Switch Parameters password This parameter may be chosen if the administrator wishes to use a locally configured password for authentication on the Switch publickey This parameter may be chosen if the administrator wishes to use a publickey configuration set on a SSH server for authentication hostbased This parameter may be chosen if ...

Page 248: ...ion int 1 8 timeout sec 120 600 authfail int 2 20 rekey 10min 30min 60min never Description This command allows you to configure the SSH server Parameters maxsession int 1 8 Allows the user to set the number of users that may simultaneously access the Switch The default setting is 8 contimeout sec 120 600 Allows the user to set the connection timeout The user may set a time between 120 and 600 sec...

Page 249: ... DES 3800 admin config ssh user Purpose Used to configure the SSH user Syntax config ssh user username authmode hostbased hostname domain_name hostname_IP domain_name ipaddr password publickey Description This command allows configuration of the SSH user authentication method Parameters username Enter a username of no more than 15 characters to identify the SSH user authmode Specifies the authenti...

Page 250: ...h user Trinity authmode Password Success DES 3800 admin show ssh user Purpose Used to display the SSH user setting Syntax show ssh user Description This command allows you to display the current SSH user setting Parameters None Restrictions Only Administrator level users can issue this command Example usage To display the SSH user DES 3800 admin show ssh user Command show ssh user Current Accounts...

Page 251: ...rameter will enable or disable the Arcfour encryption algorithm blowfish This parameter will enable or disable the Blowfish encryption algorithm cast128 This parameter will enable or disable the Cast128 encryption algorithm twofish128 This parameter will enable or disable the twofish128 encryption algorithm twofish192 This parameter will enable or disable the twofish192 encryption algorithm MD5 Th...

Page 252: ... ssh algorithm Encryption Algorithm 3DES Enabled AES128 Enabled AES192 Enabled AES256 Enabled arcfour Enabled blowfish Enabled cast128 Enabled twofish128 Enabled twofish192 Enabled twofish256 Enabled Data Integrity Algorithm MD5 Enabled SHA1 Enabled Public Key Algorithm RSA Enabled DSA Enabled DES 3800 admin config ssh regenerate hostkey Purpose Used to regenerate the host key for the SSH algorith...

Page 253: ...xStack DES 3800 Series Layer 3 Stackable Fast Ethernet Managed Switch CLI Manual 249 DES 3800 admin config ssh regenerate hostkey Command config ssh regenerate hostkey Success DES 3800 admin ...

Page 254: ...nable jumbo_frame Purpose Used to enable the jumbo frame function on the Switch Syntax enable jumbo_frame Description This command will allow ethernet frames larger than 1536 bytes to be processed by the Switch The maximum size of the jumbo frame may not exceed 9220 bytes Parameters None Restrictions Only Administrator or Operator level users can issue this command Example usage To enable the jumb...

Page 255: ..._frame Purpose Used to show the status of the jumbo frame function on the Switch Syntax show jumbo_frame Description This command will show the status of the jumbo frame function on the Switch Parameters None Restrictions None Usage Example To show the jumbo frame status currently configured on the Switch DES 3800 admin show jumbo_frame Command show jumbo_frame Off DES 3800 admin ...

Page 256: ...ord and the user is granted normal user privileges on the Switch B The server will not accept the username and password and the user is denied access to the Switch C The server doesn t respond to the verification query At this point the Switch receives the timeout from the server and then moves to the next method of verification configured in the method list The Switch has four built in server gro...

Page 257: ...ault method_list_name string 15 method tacacs xtacacs tacacs radius server_group string 15 local_enable none delete authen_enable method_list_name string 15 show authen_enable default method_list_name string 15 all config authen application console telnet ssh http all login enable default method_list_name string 15 show authen application create authen server_group string 15 config authen server_g...

Page 258: ... Example usage To enable the system access authentication policy DES 3800 admin enable authen_policy Command enable authen_policy Success DES 3800 admin disable authen_policy Purpose Used to disable system access authentication policy Syntax disable authen_policy Description This command will disable the administrator defined authentication policy for users trying to access the Switch When disable...

Page 259: ...uthentication techniques for user login The Switch can support up to eight method lists but one is reserved as a default and cannot be deleted Multiple method lists must be created and configured separately Parameters string 15 Enter an alphanumeric string of up to 15 characters to define the given method list Restrictions Only Administrator level users can issue this command Example usage To crea...

Page 260: ...ticated using the XTACACS protocol from the remote XTACACS server hosts of the XTACACS server group list tacacs Adding this parameter will require the user to be authenticated using the TACACS protocol from the remote TACACS server hosts of the TACACS server group list radius Adding this parameter will require the user to be authenticated using the RADIUS protocol from the remote RADIUS server hos...

Page 261: ...uthentication methods XTACACS TACACS and local in that order DES 3800 admin config authen_login default method xtacacs tacacs local Command config authen_login default method xtacacs tacacs local Success DES 3800 admin delete authen_login method_list_name Purpose Used to delete a previously configured user defined method list of authentication methods for users logging on to the Switch Syntax dele...

Page 262: ... Defines which order the method list protocols will be queried for authentication when a user attempts to log on to the Switch Priority ranges from 1 highest to 4 lowest Method Name Defines which security protocols are implemented per method list name Comment Defines the type of Method User defined Group refers to server group defined by the user Built in Group refers to the TACACS XTACACS TACACS ...

Page 263: ...defined method list of authentication methods for promoting normal user level privileges to Administrator level privileges on the Switch Syntax config authen_enable default method_list_name string 15 method tacacs xtacacs tacacs radius server_group string 15 local_enable none Description This command is used to promote users with normal level privileges to Administrator level privileges using auth...

Page 264: ... local user account database on the Switch none Adding this parameter will require no authentication to access the Switch method_list_name Enter a previously implemented method list name defined by the user create authen_enable The user may add one or a combination of up to four 4 of the following authentication methods to this method list tacacs Adding this parameter will require the user to be a...

Page 265: ...cs tacacs local Success DES 3800 admin delete authen_enable method_list_name Purpose Used to delete a user defined method list of authentication methods for promoting normal user level privileges to Administrator level privileges on the Switch Syntax delete authen_enable method_list_name string 15 Description This command is used to delete a user defined method list of authentication methods for p...

Page 266: ...sly configured method list name Priority Defines which order the method list protocols will be queried for authentication when a user attempts to log on to the Switch Priority ranges from 1 highest to 4 lowest Method Name Defines which security protocols are implemented per method list name Comment Defines the type of Method User defined Group refers to server groups defined by the user Built in G...

Page 267: ... Shell login method http Choose this parameter to configure the web interface login method all Choose this parameter to configure all applications console telnet ssh web login method login Use this parameter to configure an application for normal login on the user level using a previously configured method list enable Use this parameter to configure an application for upgrading a normal user level...

Page 268: ...65535 key key_string 254 none timeout int 1 255 retransmit 1 255 Description This command will create an authentication server host for the TACACS XTACACS TACACS RADIUS security protocols on the Switch When a user attempts to access the Switch with authentication protocol enabled the Switch will send authentication packets to a remote TACACS XTACACS TACACS RADIUS server host on a remote host The T...

Page 269: ...10 1 1 121 protocol tacacs port 1234 timeout 10 retransmit 5 Command create authen server_host 10 1 1 121 protocol tacacs port 1234 timeout 10 retransmit 5 Success DES 3800 admin config authen server_host Purpose Used to configure a user defined authentication server host Syntax create authen server_host ipaddr protocol tacacs xtacacs tacacs radius port int 1 65535 key key_string 254 none timeout ...

Page 270: ...ion request when the server does not respond This field is inoperable for the TACACS protocol Restrictions Only Administrator level users can issue this command Example usage To configure a TACACS authentication server host with port number 4321 a timeout value of 12 seconds and a retransmit count of 4 DES 3800 admin config authen server_host 10 1 1 121 protocol tacacs port 4321 timeout 12 retrans...

Page 271: ... address of the authentication server host Protocol The protocol used by the server host Possible results will include TACACS XTACACS TACACS or RADIUS Port The virtual port number on the server host The default value is 49 Timeout The time in seconds the Switch will wait for the server host to reply to an authentication request Retransmit The value in the retransmit field denotes how many times th...

Page 272: ... will configure an authentication server group A server group is a technique used to group TACACS XTACACS TACACS RADIUS server hosts into user defined categories for authentication using method lists The user may define the type of server group by protocol or by previously defined server group Up to eight 8 authentication server hosts may be added to any particular group Parameters server_group Th...

Page 273: ...s parameter to define the protocol if the server host is using the RADIUS authentication protocol Restrictions Only Administrator level users can issue this command Example usage To add an authentication host to server group group_1 DES 3800 admin config authen server_group group_1 add server_host 10 1 1 121 protocol tacacs Command config authen server_group group_1 add server_host 10 1 1 121 prot...

Page 274: ...tly set on the Switch DES 3800 admin show authen server_group Command show authen server_group Group Name IP Address Protocol Darren 10 53 13 2 TACACS tacacs 10 53 13 94 TACACS tacacs This group has no entry xtacacs This group has no entry Total Entries 4 DES 3800 admin config authen parameter response_timeout Purpose Used to configure the amount of time the Switch will wait for a user to enter au...

Page 275: ... Administrator level users can issue this command Example usage To set the maximum number of authentication attempts at 5 DES 3800 admin config authen parameter attempt 5 Command config authen parameter attempt 5 Success DES 3800 admin show authen parameter Purpose Used to display the authentication parameters currently configured on the Switch Syntax show authen parameter Description This command...

Page 276: ...ers None Restrictions Only when user logins the device successfully though TACACS XTACACS TACACS server or none method can use this command to promote privileges Example usage To enable administrator privileges on the Switch DES 3800 admin enable admin Password DES 3800 admin config admin local_enable Purpose Used to configure the local enable password for administrator level privileges Syntax con...

Page 277: ...lling Station ID NAS Identifier This command is dependant on the configuration of a RADIUS server both on the Switch and remotely so that the RADIUS server has the proper configurations to both collect and process the information that is being relayed to it by the Switch Parameters type Choose the type of accounting that the Switch will use The user may choose one of the following two choices exec...

Page 278: ...ccount Session ID Account Session Time Account Status Type Username Account Terminate Cause Service Type Account Authentic NAS IP Address Account Delay Time Calling Station ID NAS Identifier This feature is dependant on the configuration of a RADIUS server both on the Switch and remotely so that the RADIUS server has the proper configurations to both collect and process the information that is bei...

Page 279: ...han one hop away from the CS The SIM group is a group of switches that are managed as a single entity The DES 3800 Series may take on three different roles Commander Switch CS This is a switch that has been manually configured as the controlling device for a group and takes on the following characteristics It has an IP Address It is not a Commander Switch or Member Switch of another Single IP grou...

Page 280: ...ad its MAC address and password saved to the CS s database if a reboot occurs in the MS the CS will keep this MS information in its database and when a MS has been rediscovered it will add the MS back into the SIM tree automatically No configuration will be necessary to rediscover these switches There are some instances where pre saved MS switches cannot be rediscovered For example if the Switch i...

Page 281: ...se Used to disable Single IP Management SIM on the Switch Syntax disable sim Description This command will disable SIM globally on the Switch Parameters None Restrictions Only Administrator level users can issue this command Example usage To disable SIM on the Switch DES 3800 admin disable sim Command disable sim Success DES 3800 admin show sim Purpose Used to view the current information regardin...

Page 282: ...umber listed from 1 to 100 members member_id 1 32 Entering this parameter will display information concerning members of the SIM group To view a specific member include that member s id number listed from 1 to 32 group commander_mac macaddr Entering this parameter will display information concerning the SIM group To view a specific group include the commander s MAC address of the group neighbor En...

Page 283: ...ber 1 ID MAC Address Platform Hold Firmware Device Name Capability Time Version 1 00 01 02 03 04 00 DES 3828 L3 Switch 40 3 00 B15 The Man Total Entries 2 DES 3800 admin To show other groups information in summary DES 3800 admin show sim group Command show sim group SIM Group Name default ID MAC Address Platform Hold Firmware Device Name Capability Time Version 1 00 01 02 03 04 00 DES 3828 L3 Swit...

Page 284: ... managing the commander switch Restrictions Only Administrator level users can issue this command Example usage To connect to the MS with member ID 2 through the CS using the command line interface DES 3800 admin reconfig member_id 2 Command reconfig member_id 2 DES 3800 admin Login config sim_group Purpose Used to add candidates and delete members from the SIM group Syntax config sim_group add ca...

Page 285: ...e name of the group Enter an alphanumeric string of up to 64 characters to rename the SIM group dp_interval 30 90 The user may set the discovery protocol interval in seconds that the Switch will send out discovery packets Returning information to the CS will include information about other switches connected to it Ex MS CaS The user may set the dp_interval from 30 to 90 seconds hold time sec 100 2...

Page 286: ..._interval 40 Command config sim commander dp_interval 40 Success DES 3800 admin To change the hold time of the discovery protocol DES 3800 admin config sim hold_time 120 Command config sim hold_time 120 Success DES 3800 admin To transfer the CS commander to be a CaS candidate DES 3800 admin config sim candidate Command config sim candidate Success DES 3800 admin To transfer the Switch to be a CS D...

Page 287: ...he firmware or switch on the TFTP server members Enter this parameter to specify the members the user prefers to download firmware or switch configuration files to The user may specify a member or members by adding one of the following mslist 1 32 Enter a value or values to specify which members of the SIM group will receive the firmware or switch configuration all Add this parameter to specify al...

Page 288: ... to upload a switch configuration to members of a SIM group log_to_tftp Specify this parameter to download a switch log to members of a SIM group ipaddr Enter the IP address of the TFTP server to upload a configuration file to path_filename Enter a user defined path and file name on the TFTP server to which to upload configuration files members Enter this parameter to specify the members the user ...

Page 289: ...spective spanning trees Each switch utilizing the MSTP on a network will have a single MSTP configuration that will have the following three attributes a A configuration name defined by an alphanumeric string of up to 32 characters defined in the config stp mst_config_id command as name string b A configuration revision number named here as a revision_level and c A 4096 element table defined here ...

Page 290: ...trictions Only Administrator or Operator level users can issue this command Example usage To enable STP globally on the Switch DES 3800 admin enable stp Command enable stp Success DES 3800 admin disable stp Purpose Used to globally disable STP on the Switch Syntax disable stp Description This command allows the Spanning Tree Protocol to be globally disabled on the Switch Parameters None Restrictio...

Page 291: ...witch All commands here will be implemented for the STP version that is currently set on the Switch Parameters maxage value 6 40 This value may be set to ensure that old information does not endlessly circulate through redundant paths in the network preventing the effective propagation of the new information Set by the Root Bridge this value will aid in determining that the Switch has spanning tre...

Page 292: ...e true false p2p true false auto state enable disable fbpdu enable disable Description This command is used to create and configure STP for a group of ports Parameters portlist Specifies a range of ports to be configured The beginning and end of the port list range are separated by a dash For example 1 4 specifies all of the ports between port 1 and port 4 externalCost This defines a metric that i...

Page 293: ...cannot maintain this status for example if the port is forced to half duplex operation the p2p status changes to operate as if the p2p value were false The default setting for this parameter is auto state enable disable Allows STP to be enabled or disabled for the ports specified in the port list The default is enable fbpdu enable disable Allows the forwarding of STP BPDU packets from other networ...

Page 294: ...nstance_id must be mapped identically and have the same configuration revision_level number and the same name Parameters value 1 4 Enter a number between 1 and 4 to define the instance_id The Switch supports 16 STP regions with one unchangeable default instance ID set as 0 add_vlan Along with the vid_range vidlist parameter this command will add VIDs to the previously configured STP instance_id re...

Page 295: ...o update the STP instance configuration settings on the Switch The MSTP will utilize the priority in selecting the root bridge root port and designated port Assigning higher priorities to STP regions will instruct the Switch to give precedence to the selected instance_id for forwarding packets The lower the priority value set the higher the priority Parameters priority value 0 61440 Select a value...

Page 296: ...e To configure the MSTP region of the Switch with revision_level 10 and the name Trinity DES 3800 admin config stp mst_config_id revision_level 10 name Trinity Command config stp mst_config_id revision_level 10 name Trinity Success DES 3800 admin config stp mst_ports Purpose Used to update the port configuration for a MSTP instance Syntax config stp mst_ports portlist instance_id value 0 4 interna...

Page 297: ... A higher priority will designate the interface to forward packets first A lower number denotes a higher priority Restrictions Only Administrator or Operator level users can issue this command Example usage To designate ports 1 to 2 on with instance ID 1 to have an auto internalCost and a priority of 0 DES 3800 admin config stp mst_ports 1 2 instance_id 1 internalCost auto priority 0 Command confi...

Page 298: ...ntax show stp ports portlist Description This command displays the STP Instance Settings and STP Instance Operational Status currently implemented on the Switch Parameters portlist Specifies a range of ports to be configured The beginning and end of the port list range are separated by a dash For example 1 4 specifies all of the ports between port 1 and port 4 Restrictions None Example usage To sh...

Page 299: ...nce_id 0 Command show stp instance_id 0 STP Instance Settings Instance Type CIST Instance Status Enabled Instance Priority 32768 bridge priority 32768 sys ID ext 0 STP Instance Operational Status Designated Root Bridge 32766 00 90 27 39 78 E2 External Root Cost 200012 Regional Root Bridge 32768 00 53 13 1A 33 24 Internal Root Cost 0 Designated Bridge 32768 00 50 BA 71 20 D6 Root Port 1 Max Age 20 ...

Page 300: ...3800 Series Layer 3 Stackable Fast Ethernet Managed Switch CLI Manual 296 Current MST Configuration Identification Configuration Name 00 10 20 33 45 00 Revision Level 0 MSTI ID Vid list CIST 1 4094 DES 3800 admin ...

Page 301: ...ncryption Standard DES to create the encrypted text 3 Hash Algorithm This part of the ciphersuite allows the user to choose a message digest function which will determine a Message Authentication Code This Message Authentication Code will be encrypted with a sent message to provide integrity and prevent against replay attacks The Switch supports two hash algorithms MD5 Message Digest 5 and SHA Sec...

Page 302: ...hange CBC Block Cipher 3DES_EDE encryption and the SHA Hash Algorithm DHE_DSS_with_3DES_EDE_CBC_SHA This ciphersuite combines the DSA Diffie Hellman key exchange CBC Block Cipher 3DES_EDE encryption and SHA Hash Algorithm RSA_EXPORT_with_RC4_40_MD5 This ciphersuite combines the RSA Export key exchange stream cipher RC4 encryption with 40 bit keys The ciphersuites are enabled by default on the Swit...

Page 303: ..._RC4_128_MD5 This ciphersuite combines the RSA key exchange stream cipher RC4 encryption with 128 bit keys and the MD5 Hash Algorithm RSA_with_3DES_EDE_CBC_SHA This ciphersuite combines the RSA key exchange CBC Block Cipher 3DES_EDE encryption and the SHA Hash Algorithm DHE_DSS_with_3DES_EDE_CBC_SHA This ciphersuite combines the DSA Diffie Hellman key exchange CBC Block Cipher 3DES_EDE encryption ...

Page 304: ...hange ID stays valid before the SSL module will require a new full SSL negotiation for connection The default cache timeout is 600 seconds Restrictions None Example usage To set the SSL cachetimeout for 7200 seconds DES 3800 admin config ssl cachetimeout timeout 7200 Command config ssl cachetimeout timeout 7200 Success DES 3800 admin show ssl cachetimeout Purpose Used to show the SSL cache timeout...

Page 305: ...nformation on the Switch DES 3800 admin show ssl certificate Command show ssl certificate Loaded with RSA Certificate DES 3800 admin download certificate_fromTFTP Purpose Used to download a certificate file for the SSL function on the Switch Syntax download certificate_fromTFTP ipaddr certfilename path_filename 64 keyfilename path_filename 64 Description This command is used to download a certific...

Page 306: ...e file you wish to download Restrictions Only Administrator or Operator level users can issue this command Example usage To download a certificate file and key file to the Switch DES 3800 admin DES 3800 admin download certificate_fromTFTP 10 53 13 94 certfilename c cert der keyfilename c pkey der Command download certificate_fromTFTP 10 53 13 94 certfilename c cert der keyfilename c pkey der Certi...

Page 307: ...every VLAN and therefore IP interface on the Switch VRRP routers within the same VRRP group must be consistent in configuration settings for this protocol to function optimally The VRRP commands in the Command Line Interface CLI are listed along with the appropriate parameters in the following table Command Parameters enable vrrp ping disable vrrp ping create vrrp vrid vrid 1 255 ipif ipif_name 12...

Page 308: ...e the VRRP function on the Switch Parameters ping Adding this parameter to the command will stop the virtual IP address from being pinged from other host end nodes to verify connectivity This will only disable the ping connectivity check function To disable the VRRP protocol on the Switch omit this parameter Restrictions Only Administrator or Operator level users can issue this command Example usa...

Page 309: ...e highest physical IP address as the Master router The default value is 100 The value of 255 is reserved for the router that owns the IP address associated with the virtual router and is therefore set automatically advertisement_interval int 1 255 Enter a time interval value in seconds for sending VRRP message packets This value must be consistent with all routers participating within the same VRR...

Page 310: ...p vrid 1 ipif Darren ipaddress 11 1 1 1 state enable priority 200 advertisement_interval 1 preempt true critical_ip 10 53 13 224 critical_ip_state enable Command create vrrp vrid 1 ipif Darren ipaddress 11 1 1 1 state enable priority 200 advertisement_interval 1 preempt true critical_ip 10 53 13 224 critical_ip_state enable Success DES 3800 admin ...

Page 311: ...dress ipaddr Enter the virtual IP address that will be assigned to the VRRP entry This IP address is also the default gateway that will be statically assigned to end hosts and must be set for all routers that participate in this group advertisement_interval int 1 255 Enter a time interval value in seconds for sending VRRP message packets This value must be consistent with all routers participating...

Page 312: ...terface Parameters ipif Specify the name of interface vrid Specify the ID of Virtual Router Ipaddress The virtual router s IP address state Enable disable the virtual router function priority Specify the priority to be used for the Virtual Router master election process advertisement_interval The time interval in seconds between sending advertisement messages preempt Controls whether a higher prio...

Page 313: ...ring this parameter indicates that VRRP protocol exchanges will not be authenticated simple authdata string 8 This parameter along with an alphanumeric string of no more than eight characters to set a simple password for comparing VRRP message packets received by a router If the two passwords are not exactly the same the packet will be dropped ip authdata string 16 This parameter will require the ...

Page 314: ...1 255 Enter the VRRP ID of a VRRP entry for which to view these settings Restrictions None Example usage To view the global VRRP settings currently implemented on the Switch VRRP Enabled DES 3800 admin show vrrp Command show vrrp Global VRRP Enabled Non owner response PING Disabled Interface Name System Authentication type No Authentication VRID 2 Virtual IP Address 10 53 13 3 Virtual MAC Address ...

Page 315: ...l device Parameters vrid vrid 1 255 Enter the VRRP ID of the virtual router to be deleted Not entering this parameter will delete all VRRP entries on the Switch ipif ipif_name 12 Enter the name of the IP interface which holds the VRRP router to delete Restrictions Only Administrator or Operator level users can issue this command Example usage To delete a VRRP entry DES 3800 admin delete vrrp vrid ...

Page 316: ... the Switch but do require attention such as unsuccessful downloads or uploads and failed logins Critical Events classified as critical are fatal exceptions occurring on the Switch such as hardware failures or spoofing attacks Parameters Choose one of the following to identify where severity messages are to be sent trap Entering this parameter will define which events occurring on the Switch will ...

Page 317: ...nt severity settings set on the Switch Syntax show system_severity Description This command is used to view the severity settings that have been implemented on the Switch using the config system_severity command Parameters None Restrictions Only Administrator or Operator level users can issue this command Example usage To view the system severity settings currently implemented on the Switch DES 38...

Page 318: ...cp_relay ipif ipif_name 12 enable dhcp_relay disable dhcp_relay Each command is listed in detail in the following sections config dhcp_relay Purpose Used to configure the DHCP BOOTP relay feature of the switch Syntax config dhcp_relay hops value 1 16 time sec 0 65535 Description This command is used to configure the DHCP BOOTP relay feature Parameters hops value 1 16 Specifies the maximum number o...

Page 319: ...00 admin config dhcp_relay add ipif System 10 58 44 6 Command config dhcp_relay add ipif System 10 58 44 6 Success DES 3800 admin config dhcp_relay delete ipif Purpose Used to delete one or all IP destination addresses from the Switch s DHCP BOOTP relay table Syntax config dhcp_relay delete ipif ipif_name 12 ipaddr Description This command is used to delete an IP destination addresses in the Switc...

Page 320: ...y the relay agent removes the option 82 field and forwards the packet to the switch port that is connected to the DHCP client that sent the DHCP request Parameters enable Choose this parameter to enable the addition of option 82 information to a packet disable Choose disable the relay agent from inserting and removing DHCP relay information option 82 field in messages between DHCP servers and clie...

Page 321: ...witch Syntax config dhcp_relay option_82 policy replace drop keep Description This command is used to configure the reforwarding policy of DHCP relay agent information option 82 of the Switch Parameters replace The option 82 field will be replaced if the option 82 field already exists in the packet received from the DHCP client drop The packet will be dropped if the option 82 field already exists ...

Page 322: ...ay Time Threshold 23 DHCP Relay Agent Information Option 82 State Enabled DHCP Relay Agent Information Option 82 Check Enabled DHCP Relay Agent Information Option 82 Policy Replace Interface Server 1 Server 2 Server 3 Server 4 System 10 58 44 6 DES 3800 admin Example usage To show a single IP destination of the DHCP relay configuration DES 3800 admin show dhcp_relay ipif System Command show dhcp_r...

Page 323: ...ose Used to disable the DHCP BOOTP relay function on the Switch Syntax disable dhcp_relay Description This command is used to disable the DHCP BOOTP relay function on the Switch Parameters None Restrictions Only Administrator or Operator level users can issue this command Example usage To disable DHCP relay DES 3800 admin disable dhcp_relay Command disable dhcp_relay Success DES 3800 admin ...

Page 324: ...try in the IP MAC Binding Setting window All others will be discarded To configure the ACL mode the user must first create an IP MAC binding using the create address_binding ip_mac ipaddress command and select the mode as acl Then the user must enable the mode by entering the enable address_binding acl_mode command If an IP MAC binding entry is created and the user wishes to change it to an ACL mo...

Page 325: ...mac_address macaddr blocked all vlan_name vlan_name mac_address macaddr ports delete address_binding ip mac ipaddress ipaddr mac_address macaddr all blocked all vlan_name vlan_name mac_address macaddr enable address_binding acl_mode disable address_binding acl_mode enable address_binding trap_log disable address_binding trap_log show address_binding dhcp_snoop max_entry ports portlist binding_entr...

Page 326: ...s will be effective If the system is in the acl mode only the acl mode entries will be active acl Choosing this entry will allow only packets from the source IP MAC binding entry created here All other packets with a different IP address will be discarded by the Switch This mode can only be used if the ACL Mode has been enabled in the IP MAC Binding Ports window as seen previously Restrictions Onl...

Page 327: ...set 48 63 0x00000000 00000000 00000000 00000000 Offset 64 79 0x00000000 00000000 00000000 00000000 Access ID 1 Mode Permit Owner Address_binding Port 1 Offset 0 15 0x00000000 0000ffff ffffffff 00000000 Offset 16 31 0x00000000 00000000 00000000 0000ffff Offset 32 47 0xffff0000 00000000 00000000 00000000 Offset 48 63 0x00000000 00000000 00000000 00000000 Offset 64 79 0x00000000 00000000 00000000 000...

Page 328: ...f the system is in ARP mode the arp mode entries and acl mode entries will be effective If the system is in the acl mode only the acl mode entries will be active acl Choosing this entry will allow only packets from the source IP MAC binding entry created here All other packets with a different IP address will be discarded by the Switch This mode can only be used if the ACL Mode has been enabled in...

Page 329: ...nable in strict mode when IP MAC binding DHCP_snoop is enabled it will create an ACL profile and the rules according to the ports If there are not enough profile or rule space for ACL profile or rule table it will return a warning message and will not create ACL profile and rules to capture unicast DHCP packets loose This mode provides a looser way of control If the user selects loose mode ARP pac...

Page 330: ... device ports The number of enabled ports on a device Parameters all For IP_MAC binding all specifies all the IP MAC binding entries for Blocked Address Binding entries all specifies all the blocked VLANs and their bound physical addresses ipaddr The IP address of the device where the IP MAC binding is made macaddr The MAC address of the device where the IP MAC binding is made vlan_name The VLAN n...

Page 331: ... will delete all the Address Binding entries Blocked Blocked address binding entries bindings between VLAN names and MAC addresses can be deleted by entering the VLAN name and the physical address of the device To delete all the Blocked Address Binding entries toggle all Parameters ipaddr The IP address of the device where the IP MAC binding is made macaddr The MAC address of the device where the ...

Page 332: ...mands for creating the IP MAC ACL mode access profile entries Example usage To enable IP MAC Binding ACL mode on the Switch DES 3800 admin enable address_binding acl_mode Command enable address_binding acl_mode Success DES 3800 admin disable address_binding acl_mode Purpose Used to disable the ACL mode for an IP MAC binding entry Syntax disable address_binding acl_mode Description This command alo...

Page 333: ... Example usage To enable sending of IP MAC Binding trap log messages on the Switch DES 3800 admin enable address_binding trap_log Command enable address_binding trap_log Success DES 3800 admin disable address_binding trap_log Purpose Used to disable the trap log for the IP MAC binding function Syntax disable address_binding trap_log Description This command along with the enable address_binding tr...

Page 334: ...s_binding dhcp_snoop information Parameters None Restrictions None Example usage To show address_binding dhcp_snoop DES 3800 admin show address_binding dhcp_snoop Command show address_binding dhcp_snoop DHCP_Snoop Enabled DES 3800 admin To show address_binding dhcp_snoop binding_entry DES 3800 admin show address_binding dhcp_snoop binding_entry Command show address_binding dhcp_snoop binding_entry...

Page 335: ...ss_binding dhcp_snoop max_entry DES 3800 admin show address_binding dhcp_snoop max_entry Command show address_binding dhcp_snoop max_entry Port Max entry 1 5 2 5 3 5 4 5 5 5 6 5 7 5 8 5 9 5 10 5 11 5 12 5 13 5 14 5 15 5 16 5 17 5 18 5 19 5 20 5 21 5 22 5 23 5 24 5 25 5 26 5 27 5 28 5 DES 3800 admin ...

Page 336: ...le address_binding dhcp_snoop DES 3800 admin enable address_binding dhcp_snoop Command enable address_binding dhcp_snoop Success DES 3800 disable address_binding dhcp_snoop Purpose Used to disable address_binding dhcp_snoop Syntax disable address_binding dhcp_snoop Description User use this command to disable function which entries can be created by DHCP packet Parameters None Restrictions Only Ad...

Page 337: ...nding dhcp_snoop binding_entry ports 1 3 Success DES 3800 admin config address_binding dhcp_snoop max_entry Purpose Specifies the max number of entries which can be learned by the specified ports Syntax config address_binding dhcp_snoop max_entry ports portlist all limit value 1 10 no_limit Description By default the per port max entry is 5 This command specifies the maximum number of entries whic...

Page 338: ... if LACP ports will process LACP control frames active Active LACP ports are capable of processing and sending LACP control frames This allows LACP compliant devices to negotiate the aggregated link so the group may be changed dynamically as needs require In order to utilize the ability to change an aggregated port group that is to add or subtract ports from the group at least one of the participa...

Page 339: ...s as they are currently configured Parameters portlist Specifies a port or range of ports to be configured If no parameter is specified the system will display the current LACP status for all ports Restrictions None Example usage To display LACP port mode settings DES 3800 admin show lacp_port 1 10 Command show lacp_port 1 10 Port Activity 1 Active 2 Active 3 Active 4 Active 5 Active 6 Active 7 Ac...

Page 340: ...fset 64 79 hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff profile_id value 1 5 delete cpu access_profile profile_id value 1 5 config cpu access_profile profile_id value 1 5 add access_id value 1 65535 ethernet vlan vlan_name 32 source_mac macaddr destination_mac macaddr ethernet_type hex 0x0 0xffff permit deny ip vlan vlan_name 32 source_ip ipaddr destination_ip ipaddr...

Page 341: ...ies that the Switch will examine the VLAN part of each packet header source_mac macmask Specifies to examine the source MAC address mask destination_mac macmask Specifies to examine the destination MAC address mask ethernet_type Specifies that the switch will examine the Ethernet type value in each frame s header ip Specifies that the switch will examine the IP address in each frame s header vlan ...

Page 342: ...reated with this command Restrictions Only Administrator or Operator level users can issue this command Example usage To create a CPU access profile DES 3800 admin create access_profile ip vlan source_ip_mask 20 0 0 0 destination_ip_mask 10 0 0 0 dscp icmp type code permit profile_id 1 Command create access_profile ip vlan source_ip_mask 20 0 0 0 destination_ip_mask 10 0 0 0 dscp icmp type code pe...

Page 343: ...ecific values that will be combined using a logical AND operational method with masks entered with the create cpu access_profile command above Parameters profile_id value 1 5 Enter an integer used to identify the access profile that will be configured with this command This value is assigned to the access profile when it is created with the create cpu access_profile command The profile ID sets the...

Page 344: ...ccess profile will apply only to packets that have this UDP source port in their header dst_port value 0 65535 Specifies that the access profile will apply only to packets that have this UDP destination port in their header protocol_id value 0 255 Specifies that the Switch will examine the protocol field in each packet and if this field contains the value entered here apply the following rules use...

Page 345: ... cpu_interface_filtering command below to enable and disable CPU interface filtering on the Switch Parameters None Restrictions Only Administrator or Operator level users can issue this command Example Usage To enable CPU interface filtering DES 3800 admin enable cpu_interface_filtering Command enable cpu_interface_filtering Success DES 3800 admin disable cpu_interface_filtering Purpose Used to di...

Page 346: ... view the CPU access profile entry currently set in the Switch Syntax show cpu access_profile profile_id value 1 5 access_id value 1 65535 Description The show cpu_access_profile command is used view the current CPU interface filtering entries set on the Switch Parameters profile_id value 1 5 Enter an integer between 1 and 5 that is used to identify the CPU access profile to be viewed with this co...

Page 347: ... Managed Switch CLI Manual 343 DES 3800 admin show cpu access_profile Command show cpu access_profile CPU Access Profile Table CPU Access Profile ID 1 Type Ethernet Masks VLAN 802 1p CPU Access ID 1 Mode Permit default Total Access Entries 1 DES 3800 admin ...

Page 348: ...ay replace all parts of the command prompt except the by entering a string of 16 alphanumerical characters with no spaces or the user may enter the current login username configured on the Switch Parameters string 16 Enter an alphanumeric string of no more than 16 characters to define the command prompt for the CLI interface username Entering this parameter will replace the current CLI command pro...

Page 349: ...ssage to its original factory default setting The maximum character capacity for the greeting banned is 6 lines and 80 characters per line Entering Ctrl W will save the current configured banner to the DRAM only To enter it into the FLASH memory the user must enter the save command Only Administrator or Operator level users can issue this command Example usage To configure the greeting message DES...

Page 350: ...ssage Description This command is used to view the currently configured greeting message on the Switch Parameters None Restrictions None Example usage To view the currently configured greeting message DES 3800 admin show greeting_message Command show greeting_message DES 3828 Fast Ethernet Switch Command Line Interface Firmware Build 4 50 B10 Copyright C 2000 2005 D Link Corporation All rights res...

Page 351: ... packet flow will decrease by half of the level that caused the Switch to enter Exhausted mode After the packet flow has stabilized the rate will initially increase by 25 and then return to a normal packet flow The Safeguard Engine commands in the Command Line Interface CLI are listed along with the appropriate parameters in the following table Command Parameters config safeguard_engine state enab...

Page 352: ...ose To display the CPU Safeguard Engine parameters currently set in the Switch Syntax show safeguard_engine Description This command is used to show the CPU Safeguard Engine information currently set on the Switch Parameters None Restrictions None Example usage To display current CPU protection parameters DES 3800 admin show safeguard_engine Command show safeguard_engine Safe Guard Engine State En...

Page 353: ...hen the ingress packets are somewhere between the maximum and minimum queue the Switch will use a slope probability function to determine a random method of dropping packets based on the fill percentage of the QoS queue If queues are closer to being full the Switch will increase the discarding of random packets to even out the flow to the queues and avoid overflows to higher priority queues Comman...

Page 354: ...st of ports are configured by entering the first and last port of the list separated by a dash Multiple separate ports may be entered by separating them with a comma class_id class_id 0 7 Specifies the hardware priority queues to be configured for WRED If no class ID is chosen all class IDs will be configured for WRED drop start int 0 100 Select a percentage between 0 and 100 to initialize the dis...

Page 355: ...ports 2 drop_start 50 drop_slope 45 average_time 100 Command config wred ports 2 drop_start 50 drop_slope 45 average_time 100 Success DES 3800 admin show wred Purpose Used to disable WRED on the Switch Syntax show wred ports portlist all Description This command will display the configured parameters for the WRED settings on the Switch Parameters ports portlist Specify a port or group of ports for...

Page 356: ...rnet Managed Switch CLI Manual 352 DES 3800 admin show wred ports 1 Command show wred ports 1 Global WRED Disabled Port 1 Average time 100 us Class_ID Drop Start Drop Slope 0 50 45 1 50 45 2 50 45 3 50 45 4 50 45 5 50 45 6 50 45 7 50 45 DES 3800 admin ...

Page 357: ... user and thus will be prompted for a username and password again The Web based Access Control WAC commands in the Command Line Interface CLI are listed along with the appropriate parameters in the following table Command Parameters enable wac disable wac config wac vlan vlan_name 32 ports portlist all state enable disable method local radius default_redirpath string 128 logout_timer min 1 1440 cr...

Page 358: ...N name which users will be placed when authenticated by the Switch or a RADIUS server This VLAN should be pre configured to have limited access rights to web based authenticated users ports Specify this parameter to add ports to be enabled as Web based Access Control ports Only these ports will accept authentication parameters from the user wishing limited access rights through the Switch portlist...

Page 359: ...mand config wac vlan Trinity method local ports 1 5 state enable default_redirpath http www dlink com Success DES 3800 admin Example usage To configure the WAC ports DES 3800 admin config wac ports 1 7 state enable Command config wac ports 1 7 state enable Success DES 3800 admin Example usage To configure the Web based Access Control method DES 3800 admin config wac method local Command config wac...

Page 360: ...n create wac user Darren vlan Trinity Command create wac user Darren vlan Trinity Success DES 3800 admin config wac user Purpose Used to configure a previously created Web based Access Control user on the Switch Syntax config wac user username 15 vlan vlan_name 32 Description This command is used to configure a previously created Web based Access Control user on the Switch Parameters username 15 E...

Page 361: ... Total Entries 1 DES 3800 admin show wac Purpose Used to display the parameters for the Web based Access Control settings currently configured on the Switch Syntax show wac ports portlist all Description This command is used to display the parameters for the Web based Access Control settings currently configured on the Switch Parameters ports portlist Use this parameter to define ports to be viewe...

Page 362: ... 1 Disable 0 0 0 0 Unauth 2 Disable 0 0 0 0 Unauth 3 Disable 0 0 0 0 Unauth 4 Disable 0 0 0 0 Unauth 5 Disable 0 0 0 0 Unauth 6 Disable 0 0 0 0 Unauth 7 Disable 0 0 0 0 Unauth 8 Disable 0 0 0 0 Unauth 9 Disable 0 0 0 0 Unauth 10 Enable Darren 0 0 0 0 Unauth 1 DES 3800 admin NOTE A successful authentication should direct the client to the stated web page If the client does not reach this web page y...

Page 363: ...provider VLAN tag has been added If so the packet is then routed through this provider VLAN which contains smaller VLANs with similar configurations to ensure speedy and guaranteed routing destination of the packet The VLAN commands in the Command Line Interface CLI are listed along with the appropriate parameters in the following table Command Parameters enable double_vlan disable double_vlan cre...

Page 364: ...and enables and disables the Double Tag VLAN When Double VLANs are enabled the system configurations for VLANs will return to the default setting in order to enable the Double VLAN mode In the Double VLAN mode normal VLANs and GVRP functions are disabled The Double VLAN default setting is disabled Parameters None Restrictions Only Administrator or Operator level users can issue this command Exampl...

Page 365: ...meric string of up to 32 characters to identify this VLAN spvid vlanid 1 4094 The VLAN ID of the service provider VLAN The user is to identify this VLAN with a number between 1 and 4094 tpid hex 0x0 0xffff The tag protocol ID This ID identified here in hex form will help identify packets to devices as Double VLAN tagged packets The default setting is 0x8100 Restrictions Only Administrator or Opera...

Page 366: ...cting Switch VLANs to customer VLANs Gigabit ports can not be configured as access ports portlist Enter a list of ports to be added to this VLAN A list of ports are configured by entering the first and last port of the list separated by a dash Multiple separate ports may be entered by separating them with a comma delete Specify this parameter to delete ports configured in the portlist from this VL...

Page 367: ...ow double_vlan vlan_name Description This command will display the current double VLAN parameters configured on the Switch Parameters vlan name Enter the name of a previously created VLAN for which to display the settings Restrictions None Users must have the Switch enabled for Double VLANs Example usage To display parameters for the Double VLAN Trinity DES 3800 admin show double_vlan Trinity Comm...

Page 368: ..._addr ports portlist config max_mcast_group ports portlist max_group value 1 256 show max_mcast_group ports ports portlist Each command is listed in detail in the following sections create mcast_filter_profile Purpose This command creates a multicast address profile Syntax create mcast_filter_profile profile_id value 1 24 description desc 1 32 Description This command configures a multicast addres...

Page 369: ...ile Restrictions Only Administrator or Operator level users can issue this command Usage Example To configure a multicast filter profile DES 3800 admin config mcast_filter_profile profile_id 2 add 225 1 1 1 225 1 1 1 Command config mcast_filter_profile profile_id 2 add 225 1 1 1 225 1 1 1 Success DES 3800 admin delete mcast_filter_profile Purpose This command deletes a multicast address profile Sy...

Page 370: ...ES 3800 admin config limited_multicast_addr Purpose Used to configure the multicast address filtering function on a port Syntax config limited_multicast_addr ports portlist add delete profile_id value 1 24 access permit deny Description Used to configure the multicast address filtering function on a port When there are no profiles specified with a port the limited function is not effective Paramet...

Page 371: ...mited multicast address configuration Restrictions None Usage Example To show limited multicast address range DES 3800 admin show limited_multicast_addr 1 3 Command show limited_multicast_addr 1 3 Port 1 Access Deny Profile Id 1 Port 3 Access Deny Profile ID 1 DES 3800 admin config max_mcast_group Purpose This command configures the maximum number of multicast group that a port can join Syntax con...

Page 372: ...This command display the max number of multicast groups that a port can join Syntax show max_mcast_group ports portlist Description This command display the max number of multicast groups that a port can join Parameters portlist A range of ports to display the max number of multicast groups Restrictions None Usage Example To display the maximum number of multicast groups that a port can join DES 3...

Page 373: ...cal will always be the first choice for routing purposes and the next most reliable path is Static due to the fact that its has the next lowest value To set a higher reliability for a route change its value to a number less than the value of a route preference that has a greater reliability value using the config route preference command For example if the user wishes to make RIP the most reliable...

Page 374: ...PF AS External route type 1 route ospfExtT2 Choose this parameter to configure the preference value for the AS External route type 2 route value 1 999 Enter a value between 1 and 999 to set the route preference for a particular route The lower the value the higher the chance the specified protocol will be chosen as the best path for routing packets Restrictions Only Administrator or Operator level...

Page 375: ...he route preference settings for the OSPF AS External route type 2 Entering this command with no parameters will display the route preference for all routes Restrictions None Example usage To view the route preference values for all routes DES 3800 admin show route preference Command show route preference Route Preference Settings Route Type Preference RIP 100 OSPF Intra 80 STATIC 60 LOCAL 0 OSPF ...

Page 376: ...DHCP packets the Switch will then query the remote RADIUS server with this potential MAC address using a RADIUS Access Request packet If a match is made with this MAC address the RADIUS server will return a notification stating that the MAC address has been accepted and is to be placed in the target VLAN If the VID for the target VLAN is not found by the Switch the Switch will create its own MAC B...

Page 377: ...able and disable MAC based Access Control globally on the Switch Parameters None Restrictions Only Administrator or Operator level users can issue this command Example usage To enable MAC based Access Control globally on the Switch DES 3800 admin enable mac_based_access_control Command enable mac_based_access_control Success DES 3800 admin disable mac_based_access_control Purpose Used to disable t...

Page 378: ...d when authenticating MAC addresses on a given port The user may choose between the following methods local Use this method to utilize the locally set MAC address database as the authenticator for MAC Based Access Control This MAC address list can be configured in the MAC Based Access Control Local Database Settings window radius Use this method to utilize a remote RADIUS server as the authenticat...

Page 379: ...ess control function state of ports on the switch portlist Enter a port or list of ports to be displayed all Choose to display all ports Entering this command without any parameters will display the global settings of the MAC_based access control feature Restrictions None Example usage To display the global settings for the MAC based Access Control on the Switch DES 3800 admin show mac_based_acces...

Page 380: ...To configure a Guest VLAN as a MAC based Access Control Guest VLAN DES 3800 admin create mac_based_access_control guest_vlan Triton Command create mac_based_access_control guest_vlan Triton Success DES 3800 admin config mac_based access_control guest_vlan Purpose Used to set the ports for a previously created MAC based access control Guest VLAN Syntax config mac_based access_control guest_vlan por...

Page 381: ...e 32 Description This command is used to set a list of MAC addresses along with their corresponding target VLAN which will be authenticated for the Switch Once a queried MAC address is matched in this table it will be placed in the VLAN associated with it here The switch administrator may enter up to 1024 MAC addresses to be authenticated using the local method configured here Parameters mac macad...

Page 382: ...0 admin config mac_based access_control_local mac 00 01 0A 3B 00 06 vlan default Command config mac_based access_control_local mac 00 01 0A 3B 00 06 vlan default Success DES 3800 admin delete mac_based_access_control_local mac Purpose Used to delete a MAC addresses from the local MAC based access control authentication database Syntax delete mac_based access_control_local mac macaddr vlan vlan_nam...

Page 383: ...nding MAC addresses Entering no parameters will display all entries located in the local MAC based access control authentication database along with their corresponding target VLANs Restrictions None Example usage To display a MAC address entry located within the local MAC based access control authentication database DES 3800 admin show mac_based_access_control_local mac 00 01 0A 3B 00 06 Command ...

Page 384: ...authenticating process of MAC addresses located on that port Restrictions None Example usage To display the current authentication process of MAC addresses on port 1 DES 3800 admin show mac_based_access_control auth_mac Command show mac_based_access_control_local auth_mac Port number 1 Index MAC Address Auth State VLAN Name 1 00 00 01 02 03 A2 Authenticating default 2 00 03 09 18 10 01 Authenticat...

Page 385: ...e routers can only join or be pruned from a multicast group through the use of Join Prune Messages exchanged between the DR and RP Join Prune Messages are packets relayed between routers that effectively state which interfaces are or are not to be receiving multicast data These messages can be configured for their frequency to be sent out on the network and are only valid to routers if a Hello pac...

Page 386: ...it explicit prune messages indicating that there are no multicast members on their respective branches PIM DM then removes these branches prunes them from the multicast delivery tree Because a member of a pruned branch of a multicast delivery tree may want to join a multicast delivery group at some point in the future the protocol periodically removes the prune information from its database and fl...

Page 387: ...PIM settings must first be configured for specific IP interfaces using the config pim command Parameters None Restrictions Only Administrator or Operator level users can issue this command Usage example To enable PIM as previously configured on the Switch DES 3800 admin enable pim Command enable pim Success DES 3800 admin disable pim Purpose Used to disable PIM function on the Switch Syntax disabl...

Page 388: ...y state an interval time between 1 18724 seconds with a default interval time of 30 seconds jp_interval sec 1 18724 This field will set the interval time between the sending of Join Prune packets stating which multicast groups are to join the PIM enabled network and which are to be removed or pruned from that group The user may state an interval time between 1 18724 seconds with a default interval...

Page 389: ...s can issue this command Example usage To configure the register probe time DES 3800 admin config pim register_probe_time 5 Command config pim register_probe_time 5 Success DES 3800 admin config pim register_suppression_time Purpose Used to configure the interval between the sending of register packets for the PIM protocol Syntax config pim register_suppression_time value 3 255 Description This co...

Page 390: ...roup Restrictions Only Administrator or Operator level users can issue this command Usage example To create an IP interface to become a Candidate RP on the Switch DES 3800 admin create pim crp group 231 0 0 1 32 rp Trinity Command create pim crp group 231 0 0 1 32 rp Trinity Success DES 3800 admin delete pim crp Purpose To disable the Switch in becoming a possible candidate to be the Rendezvous Po...

Page 391: ...f there is a tie for the highest priority the router having the higher IP address will become the RP The user may set a priority between 0 255 with a default setting of 0 wildcard_prefix_cnt 0 1 The user may set the Prefix Count value of the wildcard group address here by choosing a value between 0 and 1 with a default setting of 0 Restrictions Only Administrator or Operator level users can issue ...

Page 392: ...multicast group IP address used in identifying the Rendezvous Point RP This address must be a class D address Restrictions Only Administrator or Operator level users can issue this command Usage example To remove the multicast group IP address used in identifying the Rendezvous Point RP DES 3800 admin delete pim static_rp group 231 0 0 1 32 Command delete pim static_rp group 231 0 0 1 32 Success D...

Page 393: ...an SPT Restrictions Only Administrator or Operator level users can issue this command Usage example To set the SPT threshold DES 3800 admin config pim rp_spt_threshold 200 Command config pim rp_spt_threshold 200 Success DES 3800 admin config last_hop_spt_threshold Purpose Used to configure the packet threshold that the last hop router in the RP tree will use to change its path to a SPT Syntax conf...

Page 394: ... 3800 admin show pim rpset Command show pim rpset Bootstrap Router 12 43 51 81 Group Address RP Address Holdtime Expired Time Type 224 0 0 1 4 31 43 51 81 150 107 Total Entries 1 DES 3800 admin show pim crp Purpose Used to display the Candidate RP settings on the Switch along with CRP parameters configured for the Switch Syntax show pim crp Description This command will display the settings for Ca...

Page 395: ...asklen value 0 32 Enter a hash mask length which will be used with the IP address of the candidate RP and the multicast group address to calculate the hash algorithm used by the router to determine which CRP on the PIM SM enabled network will be the RP The user may select a length between 0 32 with a default setting of 30 This parameter must be configured separately from the ipif settings of this ...

Page 396: ... show pim cbsr ipif ipif_name12 Description This command will display the settings for Candidate BSRs that are accessible to the switch This command is for PIM SM configurations only Parameters ipif_name 12 Enter the name of the IP interface for which to display settings Entering no name will display all CBSRs Restrictions None Usage example To view the CBSR settings DES 3800 admin show pim cbsr C...

Page 397: ...eshold 0 packet per second switch to SPT tree immediately Register Probe Time 5 Register Suppression Time 60 PIM Interface Table Designated Hello J P Interface IP Address Router Interval Interval Mode State Trinity 11 1 1 1 8 10 53 13 30 30 60 DM Disabled System 10 53 13 30 8 11 1 1 1 60 60 SM Enabled Total Entries 2 DES 3800 admin show pim neighbor Purpose Used to display PIM neighbors of the Swi...

Page 398: ...et Managed Switch CLI Manual 394 Usage example To view the PIM neighbors DES 3800 admin show pim neighbor Command show pim neighbor PIM Neighbor Address Table Interface Name Neighbor Address Expired Time n10 10 20 6 251 79 Total Entries 1 DES 3800 admin ...

Page 399: ... 10 38 45 192 32 0 0 0 0 spt S G 229 55 150 208 10 50 93 100 32 0 0 0 0 spt S G 229 55 150 208 10 51 16 1 32 0 0 0 0 spt S G 229 55 150 208 10 59 23 10 32 0 0 0 0 spt S G 229 55 150 208 31 43 51 81 32 0 0 0 0 rpt G 239 192 0 1 31 43 51 81 32 0 0 0 0 rpt G Total Entries 12 DES 3800 admin create pim register_checksum_include_data Purpose Used to set the RPs that the Switch will send Register packets...

Page 400: ...ed with the data in Registered packets Restrictions Only Administrator or Operator level users can issue this command Usage example To delete RPs that the Switch will send Register packets to and create checksums to be included with the data in Registered packets DES 3800 admin delete pim register_checksum_include_data rp_ address 11 1 1 1 Command delete pim register_checksum_include_data rp_ addr...

Page 401: ...p multicast_ipaddr Description This command will display currently active RPs that have been chosen from the RP Set table which are relaying multicast data Parameters group multicast_ipaddr Enter the multicast group IP address used in identifying the Rendezvous Point RP This address must be a class D address Restrictions None Usage example To show the currently active RPs that have been chosen fro...

Page 402: ... create loopback ipif ipif_name 12 ipaddr state enable disable Description The create ipif command creates an IP interface on the switch Loopback interface is a network termination and can t be direct connected to the host That is the host talks with loopback interface by routing Parameters ipif The name for the IP interface to be created Maximum length is 12 ipaddr The IP address of this loopback...

Page 403: ...00 admin delete loopback ipif loopback0 Command delete loopback ipif loopback0 Success DES 3800 admin config loopback ipif Purpose Used to configure an loopback IP interface on the switch Syntax config loopback ipif ipif_name 12 ipaddress ipaddr state enable disable Description The config loopback ipif command is used to configure an loopback IP interface on the switch Parameters ipif_name The nam...

Page 404: ...e name of the loopback IP interface you want to display If no parameter is specified the switch will display all loopback IP interfaces Restrictions None Usage Example To display loopback IP interface settings DES 3800 admin show loopback ipif Command show loopback ipif Loopback IP Interface Settings Interface Name loopback0 IP Address 172 19 10 20 Subnet Mask 255 255 255 255 Admin State Enabled L...

Page 405: ...name 12 ipaddr ipaddr ipaddr config dhcp pool netbios_node_type pool_name 12 broadcast peer_to_peer mixed hybid config dhcp pool default_router pool_name 12 ipaddr ipaddr ipaddr config dhcp pool lease pool_name 12 day 0 365 hour 0 23 minute 0 59 infinite config dhcp pool boot_file pool_name 12 file_name 64 config dhcp pool next_server pool_name 12 ipaddr config dhcp ping_packets number 0 10 config...

Page 406: ...n be used multiple times in order to define multiple groups of excluded addresses Parameters ipaddr Start end addrress of ipaddress range Restrictions Only Administrator or Operator level users can issue this command Usage Example To specify the IP address that DHCP server should not assign to clients DES 3800 admin create dhcp excluded_address begin_address 10 10 10 1 end_address 10 10 10 10 Comm...

Page 407: ...p pool Purpose Creates delete a DHCP pool Syntax create dhcp pool pool_name 12 delete dhcp pool pool_name 12 all Description You must create a DHCP pool by specifying a name After you create a DHCP pool use other DHCP pool configuration command to configure parameters for the pool Parameters pool_name 12 Pool s name Restrictions Only Administrator or Operator level users can issue this command Usa...

Page 408: ...omatically find a pool to allocate the address If the request is relayed to the server by the intermediate device the server will match the gateway IP address carried in the packet against the network of each DHCP pool The pool which has the longest match will be selected If the request packet is not through relay then the server will match the IP address of the IPIF that received the request pack...

Page 409: ... users can issue this command Usage Example To config domain name option of dhcp pool DES 3800 admin config dhcp pool domain_name engineering d_link com Command config dhcp pool domain_name engineering d_link com Success DES 3800 admin config dhcp pool dns_server Purpose Specifies the IP address of a DNS server that is available to a DHCP client Up to three IP addresses can be specified in one com...

Page 410: ...ion Windows Internet Naming Service WINS is a name resolution service that Microsoft DHCP clients use to correlate host names to IP addresses within a general grouping of networks If netbios name server is not specified the netbios name server information will not be provided to the client If this command are input twice for the same pool the second command will overwrite the first command Paramet...

Page 411: ... pool netbios_node_type engineering hybid Command config dhcp pool netbios_node_type engineering hybid Success DES 3800 admin config dhcp pool default_router Purpose Specifies the IP address of the default router for a DHCP client Up to three IP addresses can be specified in one command line Syntax config dhcp pool default_router pool_name 12 ipaddr ipaddr ipaddr Description After a DHCP client ha...

Page 412: ...e day 0 365 Days of lease hour 0 23 Hours of lease minute 0 59 Minutes of lease Infinite Means infinite lease Restrictions Only Administrator or Operator level users can issue this command Usage Example To config lease of a pool DES 3800 admin config dhcp pool lease engineering infinite Command config dhcp pool lease engineering infinite Success DES 3800 admin config dhcp pool boot_file Purpose Sp...

Page 413: ... can issue this command Usage Example To configure next server DES 3800 admin config dhcp pool next_server engineering 192 168 0 1 Command config dhcp pool next_server engineering 192 168 0 1 Success DES 3800 admin config dhcp ping_packets Purpose Specifies the number of ping packets the DHCP server sends to a the IP address before assigning this address to a requesting client Syntax config dhcp p...

Page 414: ... a ping packet Syntax config dhcp ping_timeout milliseconds 10 2000 Description By default the DHCP server waits 100 milliseconds before timing out a ping packet Parameters millisecond 500 2000 Amount of time the DHCP server must wait before timing out a ping packet The default value is 100 Restrictions Only Administrator or Operator level users can issue this command Usage Example To config the t...

Page 415: ...will be ethernet For the match operation the hardward type and the hardware address field in the protocol fields will be used to match against the entry The IP address specified in the manual binding entry must be ranged within the network used by the DHCP pool If the user specifies a conflict IP address error message will be returned If a number of manual binding entries are created and the netwo...

Page 416: ...users can issue this command Usage Example To clear a dynamic binding entries in pool Engineering DES 3800 admin clear dhcp binding Engineering 10 20 3 4 Command clear dhcp binding Engineering 10 20 3 4 Success DES 3800 admin show dhcp binding Purpose Display the current binding entry information Syntax show dhcp binding pool_name 12 Description This command displays the current binding entry info...

Page 417: ... s name Restrictions None Usage Example To show the configured manual binding entries DES 3800 admin show dhcp pool manual_binding Command show dhcp pool manual_binding Pool Name IP Address Hardware address Type p1 192 168 0 1 00 80 C8 08 13 88 Ethernet p1 192 168 0 2 00 80 C8 08 13 99 Ethernet Total Entries 2 DES 3800 admin show dhcp pool Purpose Display the information for dhcp pool Syntax show ...

Page 418: ...HCP server function Syntax enable dhcp_server disable dhcp_server Description This command is used to enable or disable the DHCP server function on the Switch If DHCP relay is enabled DHCP server can not be enabled The opposite is also true Parameters None Restrictions Only Administrator or Operator level users can issue this command Usage Example To enable dhcp server DES 3800 admin enable dhcp_s...

Page 419: ...ear an IP address 10 20 3 4 from the conflict database DES 3800 admin clear dhcp conflict_ip 10 20 3 4 Command clear dhcp conflict_ip 10 20 3 4 Success DES 3800 admin show dhcp conflict_ip Purpose This command displays the IP address that has been identified as being conflict Syntax show dhcp conflict_ip ipaddr Description The DHCP server will use PING packet to determine whether an IP address is ...

Page 420: ... Managed Switch CLI Manual 416 DES 3800 admin show dhcp conflict_ip Command show dhcp conflict_ip IP address Detection Method Detection time 172 16 1 32 Ping 2007 08 30 17 06 59 172 16 1 64 Gratuitous ARP 2007 09 10 19 38 01 Total Entries 2 DES 3800 admin ...

Page 421: ...11450 done_timer sec 1 16711450 state enable disable fast_done enable disable Description The config mld_snooping command configures MLD snooping on the switch Parameters vlan_name The name of the VLAN for which MLD snooping is to be configured all Specifies that all VLANs configured on the switch will be configured node_timeout Specifies the amount of time that must pass before a link node is con...

Page 422: ...add or delete the router ports Portlist Specifies a range of ports to be configured Restrictions Only Administrator or Operator level users can issue this command Usage Example To set up port range 1 10 to be static router ports DES 3800 admin config mld_snooping mrouter_ports default add 1 10 Command config mld_snooping mrouter_ports default add 1 10 Success DES 3800 admin enable mld_snooping Pur...

Page 423: ...st traffic to flood within a given IPv6 interface Parameters None Restrictions Only Administrator or Operator level users can issue this command Usage Example To disable MLD snooping on the switch DES 3800 admin disable mld_snooping Command disable mld_snooping Success DES 3800 admin show mld_snooping Purpose Used to show the current status of MLD snooping on the switch Syntax show mld_snooping vl...

Page 424: ...r 2 Querier State Disabled Querier Router Behavior Non Querier State Disabled VLAN Name vlan2 show mld_snooping group Purpose Used to display the current MLD snooping group configuration on the switch Syntax show mld_snooping group vlan vlan_name 32 Description The show mld_snooping group displays the current MLD snooping group configuration on the switch Parameters vlan_name The name of the VLAN ...

Page 425: ...fault Multicast group FF02 14 MAC address 33 33 00 00 00 14 Reports 1 Port Listener 2 7 VLAN Name default Multicast group FF02 15 MAC address 33 33 00 00 00 15 Reports 1 Port Listener 2 9 VLAN Name default Multicast group FF02 16 MAC address 33 33 00 00 00 16 Reports 1 Port Listener 2 7 VLAN Name default Multicast group FF02 17 MAC address 33 33 00 00 00 17 Reports 2 Port Listener 2 7 VLAN Name de...

Page 426: ... The name of the VLAN for which you want to view the MLD snooping configuration If no parameter specified the system will display all current MLD snooping configuration Restrictions None Usage Example To show all MLD snooping entries on the switch DES 3800 admin show mld_snooping forwarding Command show mld_snooping forwarding VLAN Name default Source IP FE08 C Multicast Group FF02 17 Listening Po...

Page 427: ...static Displays router ports that have been statically configured dynamic Displays router ports that have been dynamically configured forbidden Displays forbidden router ports that have been statically configured If no parameter specified the system will display all currently configured router ports on the switch Restrictions None Usage Example To display the router ports DES 3800 admin show mld_s...

Page 428: ... based 1 Description The config loopdetect command is used to setup the loop back detection function LBD for the entire switch Parameters recover_timer The time interval in seconds used by the Auto Recovery mechanism to decide how long to check if the loop status is gone The valid range is 60 to 1000000 Zero is a special value which means to disable the auto recovery mechanism hence user need to r...

Page 429: ... portlist Specifies a range of ports to be configured all For set all ports in the system you may use all parameter state Allows loop detect to be enabled or disabled for the ports specified in the port list The default is disabled Restrictions Only Administrator or Operator level users can issue this command Example usage To set state enable DES 3800 admin config loopdetect ports 1 5 state enable...

Page 430: ...d allows the Loop Detection Function to be globally disabled on the switch The default value is disabled Parameters None Restrictions Only Administrator or Operator level users can issue this command Example usage To enable the loopdetect DES 3800 admin disable loopdetect Command disable loopdetect Success DES 3800 admin show loopdetect Purpose Used to display the switch s current loopdetect confi...

Page 431: ...iguration Syntax show loopdetect ports all portlist Description The show loopdetect ports command displays the switch s current per port loopdetect configuration and status Parameters portlist Specifies a range of ports to be displayed all System will display all ports loopdetect information Restrictions None Example usage To display loopdetect state of port 1 9 under port based mode Command show ...

Page 432: ...opdetect state of port 1 9 under vlan based mode DES 3800 admin show loopdetect ports 1 9 Command show loopdetect ports 1 9 Port Loopdetect State Loop VLAN 1 Enabled None 2 Enabled None 3 Enabled None 4 Enabled None 5 Enabled 2 6 Enabled None 7 Enabled 2 8 Enabled None 9 Enabled None DES 3800 admin ...

Page 433: ... created account s password Syntax reset password username Description The reset password command reset set to empty already created account s password Parameters username To specify the user name for the account to be reset Restrictions This command is only available in password recovery mode Example usage To reset the password reset password user1 Command reset password user1 Success reset facto...

Page 434: ...le in password recovery mode Example usage To restart the Switch restart Command restart Are you sure to proceed with the system reboot y n Are you want to save configuration y n Saving all configurations to NV RAM Done Please wait the switch is rebooting reset account Purpose Used to delete the created account Syntax reset account username Description The reset account command deletes the created...

Page 435: ...ount Syntax show account_list Description The show account_list command display all already created accounts Parameters None Restrictions This command is only available in password recovery mode Example usage To display the account list Command show account_list Current Accounts Username Access Level admin1 Admin user1 User Total Entries 2 ...

Page 436: ...ate a multicast VLAN Syntax create igmp_snooping multicast_vlan vlan_name 32 vlanid 2 4094 Description The create igmp_snooping multicast_vlan command will create a multicast_vlan Multiple multicast VLAN can be configured Parameters vlan_name The name of the multicast VLAN to be created Each multicast VLAN is given a name that can be up to 32 characters vlanid The VLAN ID of the multicast VLAN to ...

Page 437: ...t VLAN to be configured Each multicast VLAN is given a name that can be up to 32 characters member_port A range of member ports to add to the multicast VLAN They will become the untagged member port of the ISM VLAN source_port A range of member ports to add to the multicast VLAN state enable or disable multicast VLAN for the chosen VLAN force_agree When force_agree is specified the config command ...

Page 438: ...multicast_vlan DES 3800 admin delete igmp_snooping multicat_vlan v1 Command delete igmp_snooping multicat_vlan v1 Success DES 3800 admin show igmp_snooping multicast_vlan Purpose Used to show the information of multicast VLAN Syntax show igmp_snooping multicast_vlan vlan_name 32 Description The show igmp_snooping multicast_vlan command allows you to show the information of multicat_vlan Parameters...

Page 439: ...f rip vrrp all state enable disable Description This command is used to discard the l3 control packets sent to CPU from specific ports Parameters portlist Specify the port list to filter control packet dvmrp Specify to filter the DVMRP protocol pim Specify to filter the PIM protocol igmp_query Specify to filter the IGMP Query protocol ospf Specify to filter the OSPF protocol rip Specify to filter ...

Page 440: ...he l3 control packet CPU filtering status Parameters portlist Specify the list of ports that need to filter control packets Restrictions None Example usage To display the filtering status for ports 1 and 2 DES 3800 admin show cpu_filter l3 control_pkt 1 2 Command show cpu_filter l3 control_pkt 1 2 Port RIP OSPF VRRP PIM DVMRP IGMP Query 1 Disabled Enabled Disabled Disabled Enabled Disabled 2 Enabl...

Page 441: ... traffic Syntax config broadcast_filter portlist all null arp_forward_list portlist all null Description The command isolates broadcast or l2 unknown multicast traffic but allows the user to set forward ARP requests by port Parameters broadcast_filter When a port is listed in the portlist the broadcast unknown multicast from other ports to this port will be dropped the broadcast unknown multicast ...

Page 442: ...rictions None Example usage To display the broadcast filter DES 3800 admin show broadcast_filter Command show broadcast_filter Port Filter State ARP Forward State 1 Filter Forward 2 Filter Forward 3 Filter Forward 4 Filter Forward 5 Filter Forward 6 Forward Not Forward 7 Forward Not Forward 8 Forward Not Forward 9 Forward Not Forward 10 Forward Not Forward 11 Forward Not Forward 12 Forward Not For...

Page 443: ...Full duplex Flow Control IEEE 802 3 Nway auto negotiation IEEE 802 3af Power over Ethernet Protocols CSMA CD Data Transfer Rates Ethernet Fast Ethernet Gigabit Ethernet Fiber Optic Half duplex Full duplex 10 Mbps 20Mbps 100Mbps 200Mbps n a 2000Mbps SFP Mini GBIC Support IEEE 802 3z 1000BASE LX DEM 310GT transceiver IEEE 802 3z 1000BASE SX DEM 311GT transceiver IEEE 802 3z 1000BASE LH DEM 314GT tra...

Page 444: ... DES 3828P one additional 270mm blower Operating Temperature 0 40 C Storage Temperature 40 70 C Humidity 5 95 non condensing Dimensions DES 3828 DES3828DC DES 3852 441 mm x 310 mm x 44 mm DES 3828P 441mm x 369mm x 44mm Weight DES 3828 DES 3828DC 4 24kg 9 35lbs DES 3852 4 25kg 9 38lbs DES 3828P 6 02kg 13 27lbs EMI CE class A FCC Class A VCCI Class A C Tick Safety CSA International CB Report Perform...

Page 445: ...tten into the Sender Protocol Address in ARP payload As PC B s MAC address is unknown the Target H W Address will be 00 00 00 00 00 00 while PC B s IP address will be written into the Target Protocol Address shown in Table 1 H W type Protocol type H W address length Protocol address length Operation ARP request Sender H W address 00 20 5C 01 11 11 Sender protocol address 10 10 10 1 Target H W addr...

Page 446: ... all PCs will receive and examine the frame but only PC B will reply the query as the destination IP matched see Figure 3 Figure 3 When PC B replies the ARP request its MAC address will be written into Target H W Address in the ARP payload shown in Table 3 The ARP reply will be then encapsulated into Ethernet frame again and sent back to the sender The ARP reply is in a form of Unicast communicati...

Page 447: ...ding Table The switch will learn PC B s MAC and update its Forwarding Table Forwarding Table Port2 00 20 5C 01 22 22 Port1 00 20 5C 01 11 11 How ARP spoofing attacks a network ARP spoofing also known as ARP poisoning is a method to attack an Ethernet network which may allow an attacker to sniff data frames on a LAN modify the traffic or stop the traffic altogether known as a Denial of Service DoS ...

Page 448: ...s is the Ethernet broadcast address FF FF FF FF FF FF All nodes within the network will immediately update their own ARP table in accordance with the sender s MAC and IP address The format of Gratuitous ARP is shown in Table 5 Port 1 Port 23 Port 2 Port 24 A IP 10 10 10 1 MAC 00 20 5C 01 11 11 IP 10 10 10 3 Router B DNS server IP 10 10 10 253 MAC 00 20 5C 01 53 53 IP 10 10 10 2 MAC 00 20 5C 01 22 ...

Page 449: ...e done by associating a nonexistent or any specified MAC address to the IP address of the network s default gateway The malicious attacker only needs to broadcast ONE Gratuitous ARP to the network claiming it is the gateway so that the whole network operation will be turned down as all packets sent through the Internet will be directed to the wrong node Likewise the attacker can either choose to f...

Page 450: ... any specified content in the first 48 bytes of an ARP packet up to 80 bytes in total at one time It utilizes offsets to match individual fields in the Ethernet Frame An offset contains 16 bytes and each offset is divided into four 4 byte values in a HEX format refer to the configuration example below for details In addition the configuration logics are 1 Only if the ARP matches the Source MAC add...

Page 451: ...xStack DES 3800 Series Layer 3 Stackable Fast Ethernet Managed Switch CLI Manual 447 ...

Page 452: ...xStack DES 3800 Series Layer 3 Stackable Fast Ethernet Managed Switch CLI Manual 448 ...

Reviews:

No comments

Related manuals for DES-3828 - xStack Switch - Stackable

3Com 486 Getting Started Manual preview
486
Brand: 3Com Pages: 20
Paradyne 7995-A2-374 Quick Installation Instructions preview
7995-A2-374
Brand: Paradyne Pages: 1
H3C S12500R-2L Installation Manual preview
S12500R-2L
Brand: H3C Pages: 77
Lancom GS-2310P Instruction Manual preview
GS-2310P
Brand: Lancom Pages: 25
WAGO 852-1411 Operating And Assembly Instructions preview
852-1411
Brand: WAGO Pages: 2
NetComm RTA100 User Manual preview
RTA100
Brand: NetComm Pages: 75
Proscend 6200-2W User Manual preview
6200-2W
Brand: Proscend Pages: 93
Patton electronics ForeFront 2616RC Getting Started Manual preview
ForeFront 2616RC
Brand: Patton electronics Pages: 80
MasterForce 241-0836 Operating Manual preview
241-0836
Brand: MasterForce Pages: 12
Proxim Stratum Installation And Maintenance Manual preview
Stratum
Brand: Proxim Pages: 89
Zte MF971R Quick Start Manual preview
MF971R
Brand: Zte Pages: 28
Cambium Networks cnPilot Home R200 Series User Manual preview
cnPilot Home R200 Series
Brand: Cambium Networks Pages: 136
Cambium Networks PTP 820S Technical Description preview
PTP 820S
Brand: Cambium Networks Pages: 208
Cambium Networks PTP 850E User Manual preview
PTP 850E
Brand: Cambium Networks Pages: 560
Digi Digi Connect WAN Application Manual preview
Digi Connect WAN
Brand: Digi Pages: 3
Digi CR4110 Installation Manual preview
CR4110
Brand: Digi Pages: 13
Crestron UC-CAM-UPGRD-300 Quick Start preview
UC-CAM-UPGRD-300
Brand: Crestron Pages: 2
Bosch D9210B Operation And Installation Manual preview
D9210B
Brand: Bosch Pages: 28

Brands by name

Popular brands

Load more brands