D-Link DES-7200 Cli Reference Manual Download Page 1013

Page: 1013 / 1180

DES-7200 CLI Reference Guide

Chapter 54 ACL Configuration Commands

54-5

access-list

{deny | permit}

protocol [VID

[

out

][

inne

]] {

source

source-wildcard

| host

source

any

} {

host

source-mac-address

any

}

{destination

destination-wildcard

host

destination

any} {host

destination-mac-address

any} [precedence

precedence

] [

tos

tos

]

[fragments] [time-range

time-range-name

]

Extended expert ACLs of some important protocols:

Internet Control Message Protocol

(ICMP)

access-list

{

deny

permit

}

icmp

[

VID

[

out

][

inner

]] {

source

source-wildcard

host

source

any

} {

host

source-mac-address

any

} {

destination

destination-wildcard

host

destination

any

} {

host

destination-mac-address

any

} [

icmp-type

] [ [

icmp-type

[

icmp-code

] ]

| [

icmp-message

] ] [

precedence

precedence

] [

tos

tos

] [

fragments

]

[

time-range

time-range-name

]

Transmission Control Protocol

(TCP)

access-list

{

deny

permit

}

tcp

[

VID

[

out

][

inner

]]{

source

source-wildcard

host

Source

any

} {

host

source-mac-address

any

} [

operator

port [

port

] ] {

destination

destination-wildcard

host

destination

any

} {

host

destination-mac-address

any

}

[

operator port

[

port

] ] [

precedence

precedence

] [

tos

tos

] [

fragments

] [

time-range

time-range-name

] [

match-all

tcp-flag

]

User Datagram Protocol

(UDP)

access-list

{

deny

permit

}

udp

[

VID

[

out

][

inner

]]

{

source

source

–wildcard

host

source

any

} {

host

source-mac-address

any

} [

operator port

[

port

] ] {

destination

destination-wildcard

host

destination

any

}{

host

destination-mac-address

any

}

[

operator

port

[

port

] ] [

precedence

precedence

] [

tos

tos

] [

fragments

] [

time-range

time-range-name

]

5. List remark

access-list

list-remark text

The following parameters are described in the sequence they appear. Once described, a

parameter will not be described anymore.

Parameter

description

Parameter

Description

Access list ID. The ranges available

are 1 to 99

100 to 199

1300 to 1999, 2000

to 2699, 2700 to 2899, and 700 to 799

«
...
1011
1012
1013
1014
1015
...
»

Summary of Contents for DES-7200

Page 1: ...DES 7200 CLI Reference Guide Version 10 3 5 ...

Page 2: ... Version 10 3 5 Date 2009 12 31 Copyright Statement D Link Corporation 2009 All rights reserved Without our written permission this document may not be excerpted reproduced transmitted or otherwise in all or in part by any party in any means ...

Page 3: ...ng the screen output User s entries among the information shall be indicated with bolded characters 2 Command Line Format Convention Arial is used as the font for the command line The meanings of specific formats are described below Bold Key words in the command line which shall be entered exactly as they are displayed shall be indicated with bolded characters Italic Parameters in the command line...

Page 4: ...er necessary supplement or explanation for the operation Note The port types mentioned in the examples of this manual may not be consistent with the actual ones In real network environments you need configure port types according to the support on various products The display information of some examples in this manual may include the information on other series products like model and description...

Page 5: ...1 8 login local 2 6 2 1 9 login authentication 2 7 2 1 10 username 2 8 2 1 11 lock 2 9 2 1 12 lockable 2 10 2 1 13 telnet 2 11 2 1 14 enable service 2 12 2 2 Basic System Management Related Commands 2 12 2 2 1 clock set 2 13 2 2 2 clock update calendar 2 14 2 2 3 exec timeout 2 14 2 2 4 hostname 2 15 2 2 5 session timeout 2 16 2 2 6 show clock 2 16 2 2 7 show running config 2 17 2 2 8 show startup...

Page 6: ...g 5 1 5 1 2 traceroute 5 2 5 1 3 line detect 5 5 6 Interface Configuration Commands 6 1 6 1 Configuration Related Commands 6 1 6 1 1 interface aggregateport 6 1 6 1 2 interface fastEthernet 6 2 6 1 3 interface giagbitEthernet 6 3 6 1 4 interface tenGiagbitEthernet 6 3 6 1 5 interface vlan 6 4 6 1 6 medium type 6 5 6 1 7 description 6 6 6 1 8 shutdown 6 6 6 1 9 speed 6 7 6 1 10 duplex 6 8 6 1 11 fl...

Page 7: ...wing Related Command 8 4 8 2 1 show lacp summary 8 4 9 VLAN Configuration Commands 9 1 9 1 Configuration Related Commands 9 1 9 1 1 vlan 9 1 9 1 2 name 9 2 9 1 3 switchport mode 9 2 9 1 4 switchport access 9 3 9 1 5 switchport trunk 9 4 9 2 Showing Related Command 9 6 9 2 1 show vlan 9 6 10 Super VLAN Configuration Commands 10 1 10 1 Configuring Related Commands 10 1 10 1 1 supervlan 10 1 10 1 2 s...

Page 8: ... 6 12 3 2 switchport hybrid native vlan 12 7 12 3 3 switchport hybrid allowed vlan 12 7 13 802 1Q Tunneling Configuration Commands 13 1 13 1 Configuration Related Commands 13 1 13 1 1 switchport mode dot1q tunnel 13 1 13 1 2 switchport mode uplink 13 2 13 1 3 frame tag tpid tpid 13 2 13 1 4 inner priority trust enable 13 3 13 2 Showing Command 13 4 13 2 1 show frame tag tpid 13 4 13 2 2 show inner...

Page 9: ...e static 14 20 14 2 9 show mac address table vlan 14 21 14 2 10 show address bind 14 22 14 2 11 show mac address table mac manage learning 14 22 15 DHCP Snooping Configuration Commands 15 1 15 1 DHCP Snooping Global Commands 15 1 15 1 1 ip dhcp snooping 15 1 15 1 2 ip dhcp snooping vlan 15 2 15 1 3 ip dhcp snooping bootp bind 15 3 15 1 4 ip dhcp snooping verify mac address 15 4 15 1 5 ip dhcp snoo...

Page 10: ...6 13 16 1 16 ip igmp snooping svgl 16 14 16 1 17 ip igmp snooping svgl profile 16 14 16 1 18 ip igmp snooping vlan mrouting interface 16 15 16 1 19 ip igmp snooping vlan mrouting interface profile 16 16 16 1 20 ip igmp snooping vlan mdevice learn pim dvmrp 16 17 16 1 21 ip igmp snooping vlan static interface 16 18 16 2 Displaying and Monitoring Commands 16 19 16 2 1 show ip igmp snooping 16 19 16 ...

Page 11: ... 18 6 18 1 8 spanning tree mst cost 18 7 18 1 9 spanning tree mst port priority 18 8 18 1 10 spanning tree mst priority 18 10 18 1 11 spanning tree reset 18 11 18 1 12 spanning tree tx hold count 18 11 18 1 13 spanning tree pathcost method 18 12 18 1 14 spanning tree portfast 18 12 18 1 15 spanning tree portfast bpduguard default 18 13 18 1 16 spanning tree portfast bpdufilter default 18 14 18 1 1...

Page 12: ...21 1 21 1 1 ip address 21 1 21 1 2 ip unnumbered 21 3 21 2 Address Resolution Protocol ARP Configuration Commands 21 4 21 2 1 arp 21 5 21 2 2 arp retry interval 21 6 21 2 3 arp retry times 21 6 21 2 4 arp trusted num 21 7 21 2 5 arp trusted aging 21 8 21 2 6 arp unresolve 21 9 21 2 7 arp gratuitous send interval 21 10 21 2 8 arp timeout 21 11 21 2 9 ip proxy arp 21 11 21 2 10 service trustedarp 21...

Page 13: ...ent name 23 4 23 1 4 default device 23 5 23 1 5 dns server 23 5 23 1 6 domain name 23 7 23 1 7 hardware address 23 7 23 1 8 host 23 9 23 1 9 ip address dhcp 23 10 23 1 10 ip dhcp excluded address 23 10 23 1 11 ip dhcp ping packet 23 11 23 1 12 ip dhcp ping timeout 23 12 23 1 13 ip dhcp pool 23 13 23 1 14 lease 23 14 23 1 15 netbios name server 23 15 23 1 16 netbios node type 23 16 23 1 17 network ...

Page 14: ... id 24 4 24 1 7 ip dhcp relay suppression 24 5 25 DNS Module Configuration Commands 25 1 25 1 Configuring Related Commands 25 1 25 1 1 ip domain lookup 25 1 25 1 2 ip name server 25 2 25 1 3 ip host 25 2 25 1 4 clear host 25 3 25 1 5 show hosts 25 4 26 SNTP Configuration Commands 26 1 26 1 Configuring Related Commands 26 1 26 1 1 sntp enable 26 1 26 1 2 sntp server 26 2 26 1 3 sntp interval 26 2 2...

Page 15: ...ver community 29 3 29 1 4 snmp server contact 29 4 29 1 5 snmp server enable traps 29 4 29 1 6 snmp server host 29 5 29 1 7 snmp server location 29 6 29 1 8 snmp server packetsize 29 7 29 1 9 snmp server queue length 29 8 29 1 10 snmp server system shutdown 29 8 29 1 11 snmp server trap source 29 9 29 1 12 snmp server trap timeout 29 10 29 1 13 snmp server user 29 10 29 1 14 snmp server group 29 1...

Page 16: ...in 31 11 31 1 10 ip rip authentication mode 31 12 31 1 11 ip rip authentication text password 31 13 31 1 12 ip rip default information 31 14 31 1 13 ip rip receive enable 31 16 31 1 14 ip rip receive version 31 17 31 1 15 ip rip send enable 31 18 31 1 16 ip rip send version 31 19 31 1 17 ip rip v2 broadcast 31 20 31 1 18 ip split horizon RIP 31 21 31 1 19 ip summary address rip 31 22 31 1 20 netwo...

Page 17: ...PF 32 13 32 1 13 default metric 32 15 32 1 14 distance ospf 32 16 32 1 15 distribute list in 32 17 32 1 16 distribute list out 32 18 32 1 17 enable mib binding 32 19 32 1 18 enable traps 32 19 32 1 19 ip ospf authentication 32 22 32 1 20 ip ospf authentication key 32 23 32 1 21 ip ospf cost 32 24 32 1 22 ip ospf database filter all out 32 25 32 1 23 ip ospf dead interval 32 26 32 1 24 ip ospf disa...

Page 18: ...bor 32 68 32 2 6 show ip ospf route 32 71 32 2 7 show ip ospf summary address 32 72 32 2 8 show ip ospf virtual link 32 72 33 BGP4 Configuration Commands 33 1 33 1 Configuration Related Commands 33 1 33 1 1 address family ipv4 33 1 33 1 2 address family ipv4 vrf 33 2 33 1 3 address family vpnv4 33 2 33 1 4 aggregate address IPv4 33 3 33 1 5 auto summary 33 4 33 1 6 bgp always compare med 33 5 33 1...

Page 19: ... 33 1 32 clear ip bgp peer group 33 29 33 1 33 clear ip bgp vrf 33 30 33 1 34 default information originate 33 31 33 1 35 default metric 33 32 33 1 36 distance bgp 33 33 33 1 37 exit address family 33 34 33 1 38 ip as path access list 33 35 33 1 39 maximum prefix 33 36 33 1 40 neighbor activate 33 37 33 1 41 neighbor advertisement interval 33 38 33 1 42 neighbor allowas in 33 39 33 1 43 neighbor a...

Page 20: ...te 33 70 33 1 72 redistribute OSPF 33 71 33 1 73 redistribute ISIS 33 72 33 1 74 router bgp 33 73 33 1 75 synchronization 33 74 33 1 76 timers bgp 33 75 33 2 Showing Related Command 33 76 33 2 1 show ip bgp 33 76 33 2 2 show ip bgp cidr only 33 77 33 2 3 show ip bgp community 33 78 33 2 4 show ip bgp community list 33 79 33 2 5 show ip bgp dampening dampened paths 33 79 33 2 6 show ip bgp dampenin...

Page 21: ...34 14 34 1 13 ipv6 prefix list sequence number 34 15 34 1 14 match as path 34 16 34 1 15 match community 34 17 34 1 16 match interface 34 18 34 1 17 match ip address 34 19 34 1 18 match ip next hop 34 21 34 1 19 match ip route source 34 23 34 1 20 match ipv6 address 34 24 34 1 21 match ipv6 next hop 34 26 34 1 22 match ipv6 route source 34 28 34 1 23 match length 34 30 34 1 24 match metric 34 32 3...

Page 22: ...ag 34 71 34 1 52 set weight 34 72 34 1 53 ip ref ecmp load balance source 34 74 34 2 Show Related Command 34 75 34 2 1 show route map 34 75 34 2 2 show ip community list 34 76 34 2 3 show ip prefix list 34 76 34 2 4 show ip route 34 77 34 2 5 show ipv6 prefix list 34 79 34 2 6 show ip ref 34 80 35 PBR Configuration Commands 35 1 35 1 Configuration Related Commands 35 1 35 1 1 ip policy route map 3...

Page 23: ...3 tunnel source 36 20 36 1 24 tunnel ttl 36 21 36 2 Show Related Command 36 22 36 2 1 show ipv6 route 36 22 36 2 2 show ipv6 neighbors 36 23 36 2 3 show ipv6 interface 36 25 37 OSPFv3 Configuration Commands 37 1 37 1 Configuration Related Commands 37 1 37 1 1 area default cost 37 1 37 1 2 area range 37 2 37 1 3 area stub 37 3 37 1 4 area virtual link 37 4 37 1 5 auto cost 37 5 37 1 6 clear ipv6 os...

Page 24: ...ion Commands 38 1 38 1 IGMP Configuration Task List 38 1 38 1 1 clear ip igmp group 38 2 38 1 2 clear ip igmp interface 38 2 38 1 3 ip igmp access group 38 3 38 1 4 ip igmp join group 38 4 38 1 5 ip igmp static group 38 4 38 1 6 ip igmp immediate leave group list 38 5 38 1 7 ip igmp last member query count 38 6 38 1 8 ip igmp last member query interval 38 7 38 1 9 ip igmp limit interface configura...

Page 25: ... mroute 39 8 40 PIM SM Configuraiton Commands 40 1 40 1 PIM SM Configuration Commands 40 1 40 1 1 clear ip mroute 40 2 40 1 2 clear ip mroute statistics 40 2 40 1 3 clear ip pim sparse mode bsr rp set 40 3 40 1 4 ip multicast routing 40 3 40 1 5 ip pim accept register list 40 4 40 1 6 ip pim bsr candidate 40 4 40 1 7 ip pim cisco register checksum 40 6 40 1 8 ip pim dr priority 40 6 40 1 9 ip pim ...

Page 26: ...Configuration Related Commands 41 1 41 1 1 clear ip mroute 41 1 41 1 2 clear ip mroute statistics 41 2 41 1 3 ip mroute 41 3 41 1 4 ip multicast route limit 41 4 41 1 5 ip multicast ttl threshold 41 4 41 1 6 ip multicast routing 41 5 41 1 7 ip multicast rpf 41 6 41 1 8 ip multicast boundary 41 7 41 1 9 ip multicast static 41 7 41 2 Show Related Commands 41 8 41 2 1 show ip mroute 41 8 41 2 2 show ...

Page 27: ...dp max hop count 42 18 42 1 20 mpls ldp max label requests 42 19 42 1 21 mpls ldp max path vector 42 20 42 1 22 mpls ldp max pdu 42 21 42 1 23 transport address 42 22 42 1 24 mpls mtu 42 23 42 1 25 mpls router ldp 42 24 42 1 26 mpls static ftn 42 25 42 1 27 mpls static l3vpn ftn 42 26 42 1 28 mpls static l2vc ftn 42 27 42 1 29 mpls static ilm in label 42 28 42 1 30 neighbor 42 30 42 1 31 propagate...

Page 28: ... 42 58 42 2 18 redistribute 42 59 42 2 19 redistribute OSPF 42 61 42 2 20 route target 42 63 42 2 21 show ip bgp vpnv4 42 64 42 2 22 show ip route vrf 42 66 42 2 23 show ip vrf 42 67 42 3 L2 VPN Commands 42 68 42 3 1 show mpls l2transport vc 42 68 42 3 2 show mpls l2vc ftn table 42 71 42 3 3 show mpls ldp vc 42 71 42 3 4 vc withdraw expect release 42 74 42 3 5 xconnect 42 75 43 Port based Flow Con...

Page 29: ...ication Commands 44 10 44 3 1 dot1x re authentication 44 10 44 3 2 dot1x reauth max 44 11 44 4 dot1x Detection Function Commands 44 12 44 4 1 dot1x probe timer 44 12 44 4 2 dot1x client probe enable 44 13 44 5 Other dot1x Configuration Commands 44 14 44 5 1 dot1x authentication 44 15 44 5 2 dot1x auth address table 44 16 44 5 3 dot1x auth mode 44 16 44 5 4 dot1x default 44 17 44 5 5 dot1x dynamic ...

Page 30: ...ation 45 6 45 2 Authorization Related Commands 45 7 45 2 1 aaa authorization commands 45 7 45 2 2 aaa authorization config commands 45 9 45 2 3 aaa authorization console 45 9 45 2 4 aaa authorization exec 45 10 45 2 5 aaa authorization network 45 12 45 2 6 authorization commands 45 13 45 2 7 aaa authorization exec 45 14 45 3 Accounting Related commands 45 15 45 3 1 aaa accounting commands 45 15 45...

Page 31: ...46 1 7 radius attribute 46 7 46 1 8 radius set qos cos 46 9 46 1 9 radius vendor specific extend 46 10 46 2 Show Related Commands 46 10 46 2 1 debug radius 46 11 46 2 2 show radius server 46 11 46 2 3 show radius parameter 46 12 46 2 4 show radius vendor specific 46 13 47 TACACS Configuration Commands 47 1 47 1 Related Commands of TACACS Configuration 47 1 47 1 1 aaa group server tacacs 47 1 47 1 ...

Page 32: ...ed Commands 50 1 50 1 1 system guard enable 50 1 50 1 2 system guard isolate time seconds 50 2 50 1 3 system guard same dest ip attack packets number 50 3 50 1 4 system guard scan dest ip attack packets number 50 3 50 1 5 system guard detect maxnum number 50 4 50 1 6 system guard exception ip ip mask 50 5 50 1 7 clear system guard interface interface id ip address 50 6 50 2 Showing Related Command...

Page 33: ...ace manage protocol route percent 53 2 53 1 3 arp guard isolate timeout 53 3 53 1 4 arp guard rate limit 53 4 53 1 5 arp guard attack threshold 53 4 53 1 6 arp guard scan threshold 53 6 53 1 7 clear arp guard users 53 8 53 1 8 clear arp guard scan 53 9 53 2 Showing and Monitoring Commands 53 9 53 2 1 show arp guard configuration 53 9 53 2 2 show arp guard users 53 10 53 2 3 show arp guard scan 53 ...

Page 34: ... 1 55 1 Configuring Related Commands 55 1 55 1 1 vlan access map 55 1 55 1 2 match ip mac address 55 2 55 1 3 action forward drop redirect 55 3 55 1 4 vlan filter 55 4 55 2 Showing Related Commands 55 4 55 2 1 show vlan access map 55 4 55 2 2 show vlan filter 55 5 56 QoS Configuration Command 56 1 56 1 Default Configuration 56 1 56 2 Related Configuration Commands 56 2 56 2 1 mls qos trust 56 2 56...

Page 35: ...1 Configuration Related Commands 57 20 57 1 1 vrrp authentication 57 20 57 1 2 vrrp delay 57 21 57 1 3 vrrp description 57 22 57 1 4 vrrp ip 57 23 57 1 5 vrrp preempt 57 24 57 1 6 vrrp priority 57 25 57 1 7 vrrp timers advertise 57 26 57 1 8 vrrp timers learn 57 27 57 1 9 vrrp track 57 28 57 2 VRRP Monitoring and Maintenance Commands 57 30 57 2 1 debug vrrp 57 30 57 2 2 debug vrrp errors 57 31 57 ...

Page 36: ...ansit 59 4 59 1 5 mac address table update group 59 4 59 2 Showing and Monitoring Commands 59 5 59 2 1 show interfaces interface id switchport backup detail 59 5 59 2 2 show mac address table update group detail 59 6 60 RLDP Configuration Command 60 1 60 1 Configuration Related Commands 60 1 60 1 1 rldp enable 60 1 60 1 2 rldp detect interval 60 2 60 1 3 rldp detect max 60 3 60 1 4 rldp port 60 3 ...

Page 37: ...on Related Commands 63 1 63 1 1 cd 63 1 63 1 2 cp 63 2 63 1 3 ls 63 3 63 1 4 makefs 63 3 63 1 5 mkdir 63 4 63 1 6 mv 63 5 63 1 7 pwd 63 5 63 1 8 rm 63 6 63 1 9 rmdir 63 6 64 Memory Configuration Commands 64 1 64 1 Showing Commands 64 1 64 1 1 show memory 64 1 64 1 2 memory lack exit policy 64 2 64 1 3 show memory protocols 64 3 65 CPU LOG Configuration Commands 65 1 65 1 Related System Management ...

Page 38: ...g count 66 21 67 Module Hot plugging unplugging Configuration Commands 67 1 67 1 Related Configuration Commands 67 1 67 1 1 install slot num moduletype 67 1 67 1 2 no install slot num 67 2 67 1 3 remove configuration module slot num 67 3 67 1 4 reset module slot num 67 4 67 2 Showing Related Command 67 4 67 2 1 show version module detail module num 67 4 67 2 2 show version slots slot num 67 5 68 L...

Page 39: ...oe enable 70 3 70 1 2 poe power lower lower 70 3 70 1 3 poe power upeer upper 70 4 70 1 4 poe disconnect mode mode 70 5 70 2 Show Related Command 70 5 70 2 1 show poe interfaces 70 5 70 2 2 show poe powersupply 70 6 ...

Page 40: ......

Page 41: ... mode alias mode command alias original command no alias mode command alias Parameter description Parameter Description mode Mode of the command represented by the alias command alias Alias of the command original command Syntax of the command represented by the alias Default Settings Some commands in the privileged EXEC mode have default alias names Command mode Global configuration mode Usage gu...

Page 42: ...onfigure bgp Protocol config globle configure mode The alias also has its help information that is displayed after in the following format command alias original command For example in the privileged EXEC mode the default alias s stands for show You can enter s to query the key words beginning with s and the help information of the alias DES 7210 s s show show start chat start terminal service If ...

Page 43: ...sent the default route setting of ip route 0 0 0 0 0 0 0 0 192 168 1 1 DES 7210 configure terminal DES 7210 config alias config def route ip route 0 0 0 0 0 0 0 0 192 168 1 1 DES 7210 config def route def route ip route 0 0 0 0 0 0 0 0 192 168 1 1 DES 7210 config def route Unrecognized command DES 7210 config end DES 7210 show aliases config globle configure mode alias def route ip route 0 0 0 0 0...

Page 44: ...nd privilege in the CLI mode The number of command modes that can be authorized may vary with different devices In the global configuration mode you can use privilege to list all CLI command modes that can be authorized Mode Descripton config Global configuration mode exec Privileged EXEC mode interface Interface configuration mode ip dhcp pool DHCP address pool configuration mode keychain KeyChai...

Page 45: ... cancel pending reload scheme in reload after a time interval cr Related commands Command Description enable secret Set CLI level password 1 3 show aliases To display all the command aliases or aliases in special command modes run the show aliases command in the privileged EXEC mode show aliases mode Parameter description Parameter Description mode Mode of the command represented by the alias Defa...

Page 46: ...Chapter 1 CLI Authorization Configuration Commands DES 7200 CLI Reference Guide 1 6 h help p ping s show u undebug un undebug Related commands Command Description alias Set the alias of a command ...

Page 47: ...e following related commands disable enable enable password enable secret service password encryption password login login local login authentication username lock lockable telnet enable service 2 1 1 disable To exit from privileged user mode to normal user mode or lower the privilege level execute the privileged user command disable disable privilege level Parameter description Parameter Descript...

Page 48: ...nter to the privileged mode or log on the higher level of authority 2 1 2 enable To enter into the privileged user mode execute the normal user configuration command enable For the details of the command see the Security Configuration Command Reference 2 1 3 enable password To configure the password for different privilege level execute the global configuration command enable password The no form ...

Page 49: ...is impossible to enter into the privileged EXEC mode A lost password that has been encrypted with any method cannot be restored The only way is to reconfigure the device password Examples The example below configures the password as pw10 DES 7210 config enable password pw10 Related commands Command Description enable secret Set the security password 2 1 4 enable secret To configure the security pa...

Page 50: ...onverted into the security password If password type password is set for level 15 and the same as the security password an alert is provided The password must be saved in encrypted manner with simple encryption for the password type password and security encryption for the security type password Examples The example below configures the security password as pw10 DES 7210 config enable secret 0 pw1...

Page 51: ...mand Description enable password Set passwords of different privileges 2 1 6 password To configure the password for line logon execute the line configuration command password The no form of this command is used to delete the line logon password password password 0 7 encrypted password no password Parameter description Parameter Description password Password for line of remote user 0 7 Password enc...

Page 52: ...A security server is not enabled this command is used for the simple password authentication at logon The password here is the one configured for VTY or console interface Examples The example below shows how to set the logon password authentication on VTY DES 7210 config no aaa new model DES 7210 config line vty 0 DES 7210 config line password 0 normatest DES 7210 config line login Related command...

Page 53: ...ocal Related commands Command Description username Configure the local user information 2 1 9 login authentication In case the AAA is enabled the authentication with the AAA server must be performed for logon Use this command to associate logon authentication method list The no form of this command is used to delete the logon authentication method list login authentication default list name no log...

Page 54: ...d username username name nopassword password password 0 7 encrypted password username name privilege privilege level no username name Parameter description Parameter Description name Username password User password 0 7 Password encryption type 0 for no encryption 7 for simple encryption encrypted password Password text privilege level User bound privilege level Command mode Global configuration mo...

Page 55: ...ock the terminal interface but maintain the continuity of session to prevent it from being accessed by setting the temporary password The terminal interface can be locked by the steps below 1 Enter the lock command and the system will prompt you to enter the password 2 Enter the password which may be any string The system will prompt you to confirm the entered password and then clear the screen as...

Page 56: ...nal execute the lockable command in the line configuration mode The terminal doesn t support the lock command by default Use the no command to cancel the setting lockable no lockable Parameter description N A Command mode Line configuration mode Usage guidelines This command is used to support the terminal lock function in corresponding line To lock the terminal execute the lock command in the EXE...

Page 57: ... to be used for the login 23 by default Keyword The available keywords are listed in the table below Keyword Description source interface Specify the interface from which the telnet connection request is sent Command mode Privileged mode Usage guidelines This command is used to log in a telnet server Examples The example below commands telnet to 192 168 1 11 the port uses the default value and the...

Page 58: ...d disable HTTP Server snmp agent Enable and disable SNMP Agent Command mode Global configuration mode Usage guidelines This command is used to enable the specified service Use the no enable service command to disable the specified service Examples Following Example Enable the SSH Server Enable the function of SSH Server DES 7210 Config enable service ssh sesrver Related commands Command Descriptio...

Page 59: ...hour Minute Second day Date 1 31 of month month Month 1 12 OF year year Year 1993 2035 abbreviation is not allowed Command mode Privileged mode Usage guidelines Use this command to set the system time to facilitate the management For devices without hardware clock the time set by the clock set command takes effect for only the current setting Once the device powers off the manually set time become...

Page 60: ... closed or restarts hardware clock still runs If hardware clock and software clock are asynchronous then software clock is more accurate Execute clock update calendar command to copy date and time of software clock to hardware clock Examples The example below copys the current time and date of software clock to hardware clock DES 7210 clock update calendar Related commands Command Description cloc...

Page 61: ...is connection within specified time this connection will be interrupted and this LINE will be restored to the free status Examples The example below specifies the connection timeout is 5 30 DES 7210 config line exec timeout 5 30 2 2 4 hostname To specify or modify the hostname of the device execute the global configuration command hostname hostname name Parameter description Parameter Description ...

Page 62: ...the session will never be timeout session timeout minutes seconds no session timeout Parameter description Parameter Description minutes The minutes of specified timeout seconds Optional Parameter The seconds of specified timeout Default configuration The default timeout is 0 min Command mode LINE configuration mode Usage guidelines If there is no input output information for the session to the re...

Page 63: ...27 21 Clock read from calendar when system boot Related commands Command Description clock set Set the system clock 2 2 7 show running config To show the configuration information current device system is running execute the privileged user command show running config show running config Command mode Privileged mode 2 2 8 show startup config To view the configuration of device stored in the Non Vo...

Page 64: ...ified time Up to 200 days is supported month Month in the range January to December day Date in the range 1 to 31 year Year in the range 1993 to 2035 cancel Cancel scheduled restart Command mode Privileged mode Usage guidelines This command is used to restart the device at specified time which may facilitate the management Examples The example below specifies to restart the system in 10 minutes DE...

Page 65: ...ription string Character string of the prompt command The maximum length is 32 letters Command mode Global configuration mode Usage guidelines If you have not set the prompt string the prompt string is the system name which varies with the system name The prompt command is valid only in the EXEC mode Examples Set the prompt string to D Link DES 7210 config prompt D Link DES 7210 config end D Link ...

Page 66: ...figuration banner login c message c Parameter description Parameter Description c Separator of the message of logging banner Delimiters are not allowed in the MOTD message Contents of login banner Command mode Global configuration mode Usage guidelines This command sets the logging banner message which is displayed upon login All characters behind the terminating symbol will be discarded by the sy...

Page 67: ...wing example shows how to configure the rate of the serial port to 57600 bps DES 7210 config DES 7210 config line console 0 DES 7210 config line speed 57600 DES 7210 config line 2 2 15 show line To show the configuration of a line execute the show line command in the privileged mode show line console line num vty line num line num Parameter description Parameter Description console Show the config...

Page 68: ...nfiguration execute the privileged user command write write memory network terminal Parameter description Parameter Description memory Write the system configuration running config into NVRAM which is equivalent to copy running config startup config network Save the system configuration into the TFTP server which is equivalent to copy running config tftp terminal Show the system configuration whic...

Page 69: ...ence Guide Chapter 2 Switch Management Configuration Commands 2 23 Building configuration OK Related commands Command Description show running config View the system configuration copy Copy the device configuration files ...

Page 70: ......

Page 71: ...description Parameter Description aux Auxiliary port on the routers console Console port tty Asynchronous port on the routers vty Virtual terminal line applicable for telnet ssh connection first line Number of first line to enter last line Number of last line to enter Default configuration N A Command mode Global configuration mode Usage guidelines Access to the specified LINE mode Examples Enter ...

Page 72: ...u need to increase or decrease the number of available VTY connections use the above commands Examples Increase the number of available VTY connections to 20 The available VTY connections are numbered 0 19 DES 7210 config line vty 19 Decrease the number of available VTY connections to 10 The available VTY connections are numbered 0 9 DES 7210 config line vty 10 Related commands N A 3 1 3 transport...

Page 73: ... the default value Command mode Line configuration mode Usage guidelines This command is used to set the protocols in the Line mode that are available for communication By default VTY allows all the protocols for communication After protocols available for communication are set only these protocols can connect on the specific VTY successfully Use the show running command to view configuration info...

Page 74: ...r the outgoing connections Default configuration By default no ACL is configured under Line All connections are accepted and all outgoing connections are allowed Command mode Line configuration mode Usage guidelines This command is used to configure ACLs under Line By default all the incoming and outgoing connections are allowed and no connection is filtered After access class is configured only t...

Page 75: ...DES 7200 CLI Reference Guide Chapter 3 LINE Configuration Commands 3 5 Version description The software version must be later than R10 1 ...

Page 76: ......

Page 77: ...by using the xmodem protocol copy flash filename xmodem copy xmodem flash filename Parameter description Parameter Description filename The name of files in the equipment Default N A Command mode Privileged mode Usage guidelines If the file is transmitted successfully show the length of the transmitted file otherwise show the failure information Any files can be transmitted by TFTP such as main pr...

Page 78: ... filename copy tftp location filename flash filename copy flash filename tftp location filename vrf vrfname copy tftp location filename flash filename vrf vrfname Parameter description Parameter Description filename File name vrfname VRF name Default N A Command mode Privileged user mode Usage guidelines If the file is transmitted successfully show the length of the transmitted file Otherwise show...

Page 79: ...me Examples The following is two examples The first one transmits the backup parameter file config bak from the local host ip 192 168 12 1 to the switch The second one transmits the file switch bin from the switch to the local switch ip 192 168 12 1 DES 7210 copy tftp 192 168 12 1 confg bak flash config text DES 7210 copy flash swhich bin tftp 192 168 12 1 Config bak Related commands N A ...

Page 80: ......

Page 81: ...e command format is as follows ping vrf vrf name ip ip address length length ntimes times timeout seconds data data source source Parameter description Parameter Description vrf name VRF name ip address Specifies an IPv4 address length Specifies the length of the packet to be sent times Specifies the number of packets to be sent timeout Specifies the timeout time data Specifies the data to fill in...

Page 82: ...specified and the statistics is also displayed in the end To use the domain name function configure the domain name server firstly For the concrete configuration refer to the DNS Configuration section Examples The example below shows the ordinary ping DES 7210 ping 192 168 5 1 Sending 5 100 byte ICMP Echoes to 192 168 5 1 timeout is 2 seconds press Ctrl C to break Success rate is 100 percent 5 5 r...

Page 83: ...r For the concrete configuration refer to the DNS Configuration part Examples The following is two examples of the application bout traceroute the one is of the smooth network and the other is the network in which some gateways aren t connected successfully 1 When the network is connected smoothly DES 7210 traceroute 61 154 22 36 press Ctrl C to break Tracing the route to 61 154 22 36 1 192 168 12...

Page 84: ...52 msec 84 msec 18 202 108 37 42 48 msec 48 msec 52 msec The above result clearly shown that the gateways passed by the packets sent to the host with an IP address of 202 108 37 42 gateways 1 17 and the spent time are displayed and gateway 4 fails DES 7210 traceroute www ietf org Translating www ietf org OK press Ctrl C to break Tracing the route to 64 170 98 32 1 192 168 217 1 0 msec 0 msec 0 mse...

Page 85: ...ec 40 msec 5 1 3 line detect To detect the line status execute this command line detect Parameter description N A Default Configuration N A Command mode Interface configuration mode Usage guidelines This command is used to detect the line status and locate the problem in case of a line failure for example the line is torn down ...

Page 86: ...s Number of line pairs included For example the twisted pair includes four pairs of lines state Status of the current line pair OK Short or Open In general the 100M twisted pairs A and B are OK C and D are Short The 1000M twisted pairs A B C and D are all OK length Length of the line in meter Only the length of the line pair whose status is OK takes effect Since the length is calculated based on t...

Page 87: ...thernet interface giagbitEthernet interface tenGigabitEthernet interface vlan medium type description shutdown speed duplex flowcontrol mtu carrier delay clear counters clear interface switchport switchport mode switchport access switchport trunk snmp trap link status 6 1 1 interface aggregateport Use this command to access or create an aggregate port and enter interface configuration mode Use the...

Page 88: ...gate port You can use show interfaces or show interfaces aggregateport commands to display the interface configuration Examples DES 7210 config interface aggregateport 3 DES 7210 config if Related commands Command Description show interfaces Show the interface information Platform description The DES 7200 series supports up to 8 port members and create up to 128 AP globally 6 1 2 interface fastEth...

Page 89: ...guration mode interface gigabitEthernet mod num port num Parameter description Parameter Description mod num port num The range depends on the device and the extended module Command mode Global configuration mode Usage guidelines The no form of the command is not available and this interface type cannot be deleted Use show interfaces or show interfaces gigabitEthernet to display the interface conf...

Page 90: ...ernet 1 2 DES 7210 config if Related commands Command Description show interfaces Show the interface information Platform Description No product supports this command till now 6 1 5 interface vlan Use the interface vlan command in the global configuration mode to access or create the SVI Switch Virtual Interface Use the no form of the command to remove the SVI interface vlan vlan id no interface v...

Page 91: ...ration Copeer interface Command mode Interface configuration physical interface except for AP and SVI Usage guidelines If a port can be selected as an optical port or electrical port you can only select one of them Once the media type is selected the attributes of the port for example status duplex flow control and rate all mean those of the currently selected media type After the port type is cha...

Page 92: ...etting description string no description Parameter description Parameter Description string Interface alias Default configuration By default there is no alias Command mode Interface configuration mode Usage guidelines Use show interfaces to display the interface information including the alias Examples DES 7210 config interface gigabitethernet 1 1 DES 7210 config if description GBIC 1 Related comm...

Page 93: ...1 DES 7210 config interface aggregateport 1 DES 7210 config if no shutdown Related commands Command Description clear interface Reset the hardware show interfaces Show the interface information Note If you use the script to run no shutdown frequently and fapidly the system may prompt the interface status reversal 6 1 9 speed Use this command to configure the speed on the port Use the no form of th...

Page 94: ...rface types For example you cannot set the rate of a SFP interface to 10M or 100M Examples DES 7210 config interface gigabitethernet 1 1 DES 7210 config if speed 100 Related commands Command Description show interfaces Show the interface information 6 1 10 duplex Use the duplex command in the interface configuration mode to specify the duplex mode for the interface Use the no form of the command t...

Page 95: ...nd to restore it to the default setting flowcontrol auto off on no flowcontrol Parameter description Parameter Description auto Self negotiate the flow control off Disable the flow control on Enable the flow control Default configuration By default flow control is disabled Command mode Interface configuration mode Usage guidelines Use show interfaces to display the flow control configurations Exam...

Page 96: ...S 7200 now supports the setting on physical interfaces Examples DES 7210 config interface gigabitethernet 1 1 DES 7210 config if mtu 9216 Related commands Command Description show interfaces Show the interface information 6 1 13 carrier delay In the interface configuration mode execute the carrier delay command to set the carrier delay on the interface and the no carrier delay command to restore i...

Page 97: ...ter than the time used for route aggregation you should set the parameter to a higher value to avoid unnecessary route vibration Examples The following example shows how to configure the carrier delay of serial interface to 5 seconds DES 7210 config interface gigabitethernet 1 1 DES 7210 config carrier delay 5 6 1 14 clear counters Use this command to clear the counters on the specified interface ...

Page 98: ... L2 Aggregate port routing port and member port of the L3 aggregate port This command is equal to the shutdown and no shutdown commands Examples DES 7210 clear interface gigabitethernet 1 1 Related commands Command Description shutdown Shutdown the interface 6 1 16 switchport In the interface configuration mode you can use switchport without any parameter to configure an interface as Layer 2 mode ...

Page 99: ...he interface information Platform description Only DES 7200 supports the creation of L3 aggregate ports up to 128 L3 Aps globally Up to 2000 IP addresses are supported 6 1 17 switchport mode Use this command to specify a L2 interface switch port mode You can specify this interface to be an access port or a trunk port or an 802 1Q tunnel Use the no form of the command to restore it to the default s...

Page 100: ...ce as a statics access port and assign it to a VLAN switchport trunk Use this command to specify a native VLAN and the allowed VLAN list for the trunk port 6 1 18 switchport access Use this command to configure an interface as a statics access port and add it to a VLAN Use the no form of the command to assign the port to the default VLAN switchport access vlan vlan id no switchport access vlan Par...

Page 101: ...n id no switchport trunk allowed vlan native vlan Parameter description Parameter Description allowed vlan vlan list Configure the list of VLANs allowed on the trunk port vlan list can be a VLAN or a range of VLANs starting with the smaller VLAN ID and ending with the larger VLAN ID and being separated by hyphen for example 10 to 20 The segments can be separated with a comma for example 1 to 10 20...

Page 102: ...on a trunk Use show interfaces switchport to display configuration Examples The example below removes port 1 15 from VLAN 2 DES 7210 config interface fastethernet 1 15 DES 7210 config if switchport trunk allowed vlan remove 2 DES 7210 config if end DES 7210 show interfaces fastethernet1 15 switchport Switchport is enabled Mode is trunk port Access vlan is 1 Native vlan is 1 Protected is disabled V...

Page 103: ...gabitEthernet 1 1 DES 7210 config if no snmp trap link status Following configuration shows how to configure the interface to forwarding Link trap DES 7210 config interface gigabitEthernet 1 1 DES 7210 config if snmp trap link status Related commands Command Function DES 7210 config if snmp trap link status Enable sending LinkTrap on the interface DES 7210 config if no snmp trap link status Disabl...

Page 104: ...abitEthernet 0 1 switchport Interface Switchport ModeAccess Native Protected VLAN lists GigabitEthernet 0 1 enabled Access 11 Disabled ALL Related commands Command Description duplex Duplex flowcontrol Flow control status interface gigabitEthernet Select the interface and enter the interface configuration mode interface aggregateport Create or access the aggregate port and enter the interface conf...

Page 105: ...default the physical port does not belong to any aggregate port Parameter description Parameter Description port group number Number of the member group of an aggregate port the interface number of the aggregate port Command mode Interface configuration mode Usage guidelines All the members of an aggregate port belong to a VLAN or configured to be trunk ports The ports belonging to different nativ...

Page 106: ...g packets For all the links of an aggregate port the messages from different addresses are distributed to different ports and those from the same addresses are distributed to the same port Src dst ip Traffic is distributed according to the source IP address and destination IP address Packets with different source and destination IP address pairs are forwarded through different ports The packets wi...

Page 107: ...the destination and source MAC addresses of the incoming packets Command mode Global configuration mode Usage guidelines Use show aggregateport to display load balance configuration Examples DES 7210 config aggregateport load balance dst mac Related commands Command Description show aggregateport load balance Use this command to display aggregate port configurations Platform description DES 7200 s...

Page 108: ...e aggregate port Command mode Privileged mode Usage guidelines If the aggregate port number is not specified all the aggregate port information will be displayed Examples DES 7210 show aggregateport 1 summary AggregatePort MaxPorts SwitchPort Mode Ports Ag1 8 Enabled ACCESS Related commands Command Description aggregateport load balance Configure a load balance algorithm of AP ...

Page 109: ...group key mode active passive no port group Parameter description Parameter Description key Specify the group ID on the port to be aggregated The key values vary with the aggregation group numbers supported for different products active Places a port into an active negotiating state in which the port initiates negotiations with remote ports by sending LACP packets passive Places a port into a pass...

Page 110: ... return to the default value lacp port priority port priority no lacp port priority Parameter description Parameter Description port priority The port priority in the range of 0 65535 Default configuration By default the port priority is 32768 Command mode Interface configuration mode Usage guidelines When multiple ports are to be aggregated the ports with high priorities take precedence and the p...

Page 111: ... description Parameter Description system priority The LACP system priority in the range of 0 65535 Default configuration By default the system priority is 32768 Command mode Global configuration mode Usage guidelines LACP system priority consists of the Layer2 management MAC address and its priority value where the MAC address is fixed but the priority value is configurable If two priorities are ...

Page 112: ...w lacp summary Parameter description Parameter Description Command mode Privileged mode Usage guidelines N A Examples DES 7210 show LACP summary Flags S Device is sending Slow LACPDUs F Device is sending fast LACPDUs A Device is in active mode P Device is in passive mode Aggregate port 3 Local information LACP port Oper Port Port Port Flags State Priority Key Number State Gi0 1 SA bndl 4096 0x3 0x...

Page 113: ...is in the active mode State Show the port aggregation information bndl indicates that the port is aggregated Down represents the disconnection port state sups indicates that the port is not aggregated LACP Port Priority Show the LACP port priority Oper Key Show the port operation key Port Number Show the port number Port State Show the flag bit for the LACP port state Partner infomation Partly sho...

Page 114: ......

Page 115: ...an vlan id Parameter description Parameter Description vlan id VLAN ID Default VLAN VLAN 1 cannot be removed Command mode Global configuration mode Usage guidelines To return to the privileged EXEC mode input end or pressing Ctrl C To return to the global configuration mode input exit Examples DES 7210 config vlan 1 DES 7210 config vlan Related commands Command Description show vlan Show member po...

Page 116: ...s by using the show vlan command Examples DES 7210 config vlan 10 DES 7210 config vlan name vlan10 Related commands Command Description show vlan Show member ports of the VLAN 9 1 3 switchport mode Use this command to specify a L2 interface switch port mode You can specify this interface to be an access port or a trunk port or an 802 1Q tunnel Use the no form of the command to restore the default ...

Page 117: ...runk to define the allowed VLANs list Examples DES 7210 config if switchport mode trunk Related commands Command Description switchport access Use this command to configure an interface as a statics access port and assign it to a VLAN switchport trunk Use this command to specify a native VLAN and the allowed VLAN list for the trunkport 9 1 4 switchport access Use this command to configure an inter...

Page 118: ...st for the trunk port Use the no form of the command to restore the default setting switchport trunk allowed vlan all add remove except vlan list native vlan vlan id no switchport trunk allowed vlan native vlan Parameter description Parameter Description allowed vlan vlan list Configure the list of VLANs allowed on the trunk port vlan list can be a VLAN or a range of VLANs starting with the smalle...

Page 119: ...st By default a trunk port sends traffic to and received traffic from all VLANs ID 1 to 4094 However you can prevent the traffic from passing over the trunk port by configuring allowed VLAN lists on a trunk port Use show interfaces switchport to display configuration Examples The example below removes port 1 15 from VLAN 2 DES 7210 config interface fastethernet 1 15 DES 7210 config if switchport t...

Page 120: ...guidelines To return to the privileged EXEC mode input end or pressing Ctrl C To return to the global configuration mode input exit Examples DES 7210 show vlan id 1 VLAN 1 VLAN0001 GigabitEthernet 3 1 GigabitEthernet 3 2 GigabitEthernet 3 3 GigabitEthernet 3 4 GigabitEthernet 3 5 GigabitEthernet 3 6 GigabitEthernet 3 7 GigabitEthernet 3 8 GigabitEthernet 3 9 GigabitEthernet 3 10 GigabitEthernet 3 ...

Page 121: ... description N A Command mode VLAN configuration Mode Usage guidelines To return to the privileged EXEC mode input end or press Ctrl C To return to the global configuration mode input exit Examples DES 7210 config vlan 3 DES 7210 config vlan supervlan Related commands Command Description show supervlan Show the super VLAN information Platform description N A 10 1 2 subvlan Use this command to set ...

Page 122: ...ES 7210 config vlan subvlan 7 19 Related commands Command Description show supervlan Show the super VLAN information 10 1 3 subvlan address range Use this command to set the IP address range of the sub VLAN subvlan address range start ip end ip no subvlan address range Parameter description Parameter Description start ip The start IP address of this sub VLAN end ip The end IP address of this sub V...

Page 123: ...A Command mode VLAN configuration Mode Usage guidelines To return to the privileged EXEC mode input end or press Ctrl C To return to the global configuration mode input exit Examples DES 7210 config vlan 3 DES 7210 config vlan proxy arp Related commands Command Description show supervlan Show the super VLAN information Platform description N A 10 2 Showing Related Command 10 2 1 show supervlan Use...

Page 124: ... Reference Guide 10 4 Parameter description Parameter Description vlan id VLAN ID Command mode Privileged mode Usage guidelines N A Examples DES 7210 show supervlan supervlan id supervlan arp agent subvlan id subvlan arp agent subvlan ip range 3 ON 4 ON 5 ON ...

Page 125: ...rotocol vlan ipv4 addr mask addr vlan id Use this command to configure the IP address subnet mask and VLAN classification Parameter description Parameter Description addr IP address in the x x x x format id VLAN ID the maximal VLAN the product supports Default configuration N A Command mode Global configuration mode Examples DES 7210 config protocol vlan ipv4 192 168 100 3 mask 255 255 255 0 vlan ...

Page 126: ...tion N A Command mode Global configuration mode Examples DES 7210 config protocol vlan profile 1 frame type ETHERII ether type aarp Related commands Command Description show protocol vlan profile show protocol vlan profile num no protocol vlan profile no protocol vlan profile num Platform description The software version must be R10 1 and later 11 1 3 protocol vlan profile num vlan id Use this com...

Page 127: ...an profile num no protocol vlan profile no protocol vlan profile num Platform description The software version must be R10 1 and later 11 2 Showing Related Commands show protocol vlan 11 2 1 show protocol vlan Show the configuration of protocol VLAN show protocol vlan Parameter description N A Default configuration N A Command mode Privileged mode Examples DES 7210 show protocol vlan Platform desc...

Page 128: ...Chapter 11 Protocol VLAN Configuration Commands DES 7200 CLI Reference Guide 11 4 ...

Page 129: ...rivate vlan mapping 12 1 1 private vlan type Use this command to configure the VLAN as the private VLAN private vlan community isolated primary no private vlan community isolated primary Parameter description Parameter Description community Configure it as the community VLAN isolated Configure it as the isolated VLAN primary Configure it as the primary VLAN no Delete the corresponding private VLAN...

Page 130: ... VLAN with the primary command private vlan association svlist add svlist remove svlist no private vlan association Parameter description Parameter Description svlist The secondary VLAN list no Remove the association between the primary VLAN and all the secondary VLANs Default configuration No association Command mode VLAN configuration Mode Examples DES 7210 config vlan 22 DES 7210 config vlan pr...

Page 131: ...ary VLAN Examples DES 7210 config interface vlan 22 DES 7210 config if private vlan mapping add 24 26 Related commands Command Description show vlan private vlan Platform description The software version must be R10 1 and later 12 1 4 switchport mode private vlan Use this command to declare the private VLAN mode of the interface switchport mode private vlan host promiscuous no switchport mode Para...

Page 132: ...th the private VLAN mode of the interface with the secondary VLAN switchport private vlan host association p_vid s_vid no switchport private vlan host association Parameter description Parameter Description p_vid Primary VID s_vid Secondary VID no Delete the host port from the private VLAN Command mode Interface configuration mode Examples DES 7210 config interface gigabitEthernet 0 1 DES 7210 con...

Page 133: ... the promiscuous secondary VLANs Default configuration No promiscuous secondary VLAN is configured Command mode Hybrid interface configuration mode of private VLAN Examples DES 7210 config interface gigabitEthernet 0 1 DES 7210 config if switchport mode private vlan promiscuous DES 7210 config if switchport private vlan mapping 22 add 23 25 Related commands Command Description show vlan private vl...

Page 134: ...de Privileged mode Examples DES 7210 show vlan private vlan Platform description The software version must be R10 1 and later 12 3 Hybrid Commands switchport mode hybrid switchport hybrid native vlan switchport hybrid allowed vlan 12 3 1 switchport mode hybrid switchport mode hybrid no switchport mode Use this command to configure the port as a hybrid port Parameter description Parameter Descripti...

Page 135: ...estore the hybrid port to the default VLAN Default configuration No default VLAN is configured Command mode Interface mode Examples DES 7210 config if switchport hybrid native vlan 3 Platform description The software version must be R10 1 and later 12 3 3 switchport hybrid allowed vlan switchport hybrid allowed vlan add tagged untagged remove vlist no switchport hybrid allowed vlan Use this comman...

Page 136: ...Configuration Commands DES 7200 CLI Reference Guide 12 8 Command mode Interface mode Examples DES 7210 config if switchport hybrid allowed vlan add untagged 3 5 Platform description The software version must be R10 1 and later ...

Page 137: ...he interface as the 802 1Q tunneling interface switchport mode dot1q tunnel no switchport mode Parameter description Parameter Description no Delete the corresponding 802 1Q tunneling interface configuration Default configuration No 802 1Q tunneling interface is configured Command mode Interface configuration mode Examples Here is an example of configuring the interface as the 802 1Q tunneling int...

Page 138: ...e Parameter description Parameter Description no Remove the settings Default configuration No uplink port is configured Command mode Interface configuration mode Examples Here is an example of configuring the interface as a uplink port DES 7210 config interface gigabitEthernet 0 1 DES 7210 config if switchport mode up link DES 7210 config end Related commands Command Description show vlan private ...

Page 139: ...tpid Gi0 3 0x9100 Related commands Command Description show frame tag tpid Platform description The software version must be R10 1 and later 13 1 4 inner priority trust enable Use this command to copy the priority of the inner tag to the outer tag of the packets on the interface inner priority trust enable no inner priority trust enable Parameter description Parameter Description no Remove the set...

Page 140: ...ag tpid Use this command to show the configuration of interface tpid show frame tag tpid interface intf id Parameter description Parameter Description intf id Specific Interface Default configuration The tpid is not modified Command mode Privileged mode Examples DES 7210 show frame tag tpid Ports tpid Gi0 1 0x9100 Platform description The software version must be R10 1 and later 13 2 2 show inner ...

Page 141: ...mmands 13 5 Parameter description N A Default configuration Priority copy is disabled by default Command mode Privileged mode Examples DES 7210 show inner priority trust Port inner priority trust Gi0 1 enable Platform description The software version must be R10 1 and later ...

Page 142: ......

Page 143: ...static mac address table filtering mac address table notification nmp trap mac notification address bind address bind ip address address bind uplink address bind install address bind ipv6 mode mac manage learning uniform mac manage learning uniform learning synchronization mac manage learning dispersive 14 1 1 mac address table aging time Use this command to specify the aging time of the dynamic M...

Page 144: ...e 150 Related commands Command Description show mac address table aging time Use this command to display the aging time of the dynamic MAC address show mac address table dynamic Use this command to display dynamic MAC address 14 1 2 clear mac address table dynamic Use this command to clear the dynamic MAC address clear mac address table dynamic address mac addr interface interface id vlan vlan id ...

Page 145: ...lear mac address table filtering address mac addr vlan vlan id Parameter description Parameter Description filtering Clear all the filtering MAC addresses address mac addr Clear the specified filtering MAC address vlan vlan id Clear all the filtering MAC addresses of the specified VLAN Command mode Privileged mode Usage guidelines Use show mac address table filtering to display all the filtering M...

Page 146: ...ileged mode Usage guidelines Use show mac address table static to display all the static MAC addresses Examples The example below is to clear the static MAC address 00d0 f800 073c DES 7210 clear mac address table static address 00d0 f800 073c Related commands Command Description mac address table static Configure the static MAC address show mac address table static Show the static MAC address 14 1...

Page 147: ...switch is reset the static MAC address will not be lost A static MAC address shall not be configured as a multicast address Use show mac address table static to display the static MAC address Use clear mac address table static to clear static MAC address Examples When the packet destined to 00d0 f800 073c arrives at VLAN4 it will be forwarded to the specified port gigabitethernet 1 1 DES 7210 conf...

Page 148: ...de Global configuration mode Usage guidelines The filtering MAC address shall not be a multicast address Use show mac address table filtering to display the filtering MAC addresses Examples DES 7210 config mac address table filtering 00d0f8000000 vlan 1 Related commands Command Description clear mac address table filtering Clear the filtering MAC address show mac address table filtering Show the f...

Page 149: ...l configuration mode you can use the snmp server enable traps mac notification command to enable or disable the switch to send the MAC address trap message Examples DES 7210 config mac address table notification DES 7210 config mac address table notification interval 40 DES 7210 config mac address table notification history size 100 Related commands Command Description snmp server enable traps Set...

Page 150: ...mples DES 7210 config interface gigabitethernet 1 1 DES 7210 config if snmp trap mac notification added Related commands Command Description mac address table notification Enable MAC address notification show mac address table notification Show the MAC address notification configuration and the MAC address notification table 14 1 9 address bind Use this command to configure IP address MAC address ...

Page 151: ...latform description DES 7200 supports up to 1000 IP address MAC address binding 14 1 10 address bind ip address Use this command to configure IP address MAC address binding address bind ip address mac address no address bind ip address Parameter description Parameter Description ip address IP address to be bound mac address MAC address to be bound Command mode Global configuration mode Usage guide...

Page 152: ...intf id Exceptional port Command mode Global configuration mode Usage guidelines If you have bound an IP address and a MAC address the switch will discard the packets that have the same source IP address but different source MAC address If the port is an exceptional port and is installed see address bind install this binding policy does not take effect Examples Following example is to set the fa 0...

Page 153: ...and to make installation policy take effect Examples Install fa 0 1 port DES 7210 config address bind uplink fa0 1 DES 7210 config address bind install Related commands Command Function show address bind uplink Show the exceptional port of the address binding Platform description The version must be R10 1 and later 14 1 13 address bind ipv6 mode Use this command to set the IP mode of IP address bi...

Page 154: ...orwarded default Loose Only the packets matching IPv4 and MAC are forwarded All IPv6 packets are forwarded compatible Only the packets matching IPv4 and MAC are forwarded Only the IPv6 packets whose source MAC address is the bound MAC address are forwarded Examples Bind the IP address 192 168 5 2 and the MAC address 00do f822 33aa and forward the corresponding packets DES 7210 configure t Enter co...

Page 155: ...ve it and restart before the new mode takes effect Examples N A Related commands Command Function show mac address table mac manage learning Show the MAC management and learning mode 14 1 15 mac manage learning uniform learning synchronization Use this command to synchronize the dynamic MAC address in the whole device in the uniform mode no mac manage learning uniform learning sychronization Param...

Page 156: ...r description N A Command mode Global configuration mode Usage guidelines After the management and learning mode of the dynamic MAC address is set to the dispersive mode the device can learn more MAC addresses Examples N A Related commands Command Function show mac address table mac manage learning Show the MAC address management and learning mode 14 2 Showing Related Command The MAC address showi...

Page 157: ...cription address mac addr Specified MAC address interface interface id Interface ID vlan vlan id VLAN ID Command mode Privileged mode Command mode DES 7210 show mac address table address 00d0 f800 1001 Vlan MAC Address Type Interface 1 00d0 f800 1001 STATIC Gi1 1 Related commands Command Description show mac address table static Show the static MAC address show mac address table filtering Show the...

Page 158: ...commands Command Description mac address table aging time Specify the aging time of the dynamic MAC address 14 2 3 show mac address table count Use this command to display the mac address table count show mac address table count Command mode Privileged mode Examples DES 7210 show mac address table count Dynamic Address Count 51 Static Address Count 0 Filter Address Count 0 Total Mac Addresses 51 T...

Page 159: ...on mac addr Destination MAC address of the entry vlan id VLAN of the entry interface id Interface that the packet is forwarded to It may be a physical port or an aggregate port Default configuration All the MAC addresses are displayed by default Command mode Privileged mode Examples DES 7210 show mac address table dynamic Vlan MAC Address Type Interface 1 0000 0000 0001 DYNAMIC gigabitethernet 1 1...

Page 160: ... Related commands Command Description clear mac address table filtering Clear the filtering MAC address mac address table filtering Configure the filtering MAC address 14 2 6 show mac address table interface Use this command to show all the MAC address information of the specified interface including static and dynamic MAC address show mac address table interface interface id vlan vlan id Paramete...

Page 161: ...address table vlan Show all types of MAC addresses of the specified VLAN show mac address table count Show the address counts in the MAC address table 14 2 7 show mac address table notification Use this command to show the MAC address notification configuration and the MAC address notification table show mac address table notification interface interface id history Parameter description Parameter ...

Page 162: ...otification snmp trap mac notification Enable the MAC address trap notification function on the specified interface 14 2 8 show mac address table static Use this command to show the static MAC address show mac address table static addr mac addr interface interface id vlan vlan id Parameter description Parameter Description mac addr Destination MAC address of the entry vlan id VLAN ID of the entry ...

Page 163: ...mples DES 7210 show mac address table vlan 1 Vlan MAC Address Type Interface 1 00d0 f800 1001 STATIC gigabitethernet 1 1 1 00d0 f800 1002 STATIC gigabitethernet 1 1 1 00d0 f800 1003 STATIC gigabitethernet 1 1 Related commands Command Description show mac address table static Show the static MAC address show mac address table filtering Show the filtering MAC address show mac address table dynamic S...

Page 164: ...r 3 3 3 3 00d0 f811 1112 3 3 3 4 00d0 f811 1117 Related commands Command Description address bind Enable IP address MAC address binding 14 2 11 show mac address table mac manage learning Use this command to show the management and learning mode of the dynamic MAC address Command mode Privileged mode Usage guidelines N A Examples DES 7210 show mac address table mac manage learning MAC manage learni...

Page 165: ...learning uniform Set the management and learning mode of the dynamic MAC address to the uniform mode mac manage learning uniform learning synchronization Synchronize the dynamic MAC address in the whole device mac manage learning dispersive Set the management and learning mode of the dynamic MAC address to the dispersive mode ...

Page 166: ......

Page 167: ...ing vlan ip dhcp snooping bootp bind ip dhcp snooping verify mac address ip dhcp snooping information option ip dhcp snooping database write delay ip dhcp snooping database write to flash 15 1 1 ip dhcp snooping Use this command to enable the DHCP snooping function globally The no form of this command will disable the DHCP snooping function globally no ip dhcp snooping Parameter description N A De...

Page 168: ...time 0 seconds DHCP snooping option 82 status ENABLE DHCP Snooping Support Bootp bind status ENABLE Interface Trusted Rate limit pps Related commands Command Description show ip dhcp snooping View the configuration information of DHCP snooping ip dhcp snooping vlan Configure DHCP snooping enabled VLAN 15 1 2 ip dhcp snooping vlan Use this command to enable DHCP snooping for the specific VLAN The n...

Page 169: ...ping 15 1 3 ip dhcp snooping bootp bind Use this command to enable DHCP snooping bootp bind function The no form of this command will disable the function no ip dhcp snooping bootp bind Parameter description N A Default Disabled Command mode Global configuration mode Usage guidelines By default the DHCP Snooping only forwards Bootp packets With this function enabled it can snoop Bootp packets Afte...

Page 170: ...source MAC address of the DHCP request message matches against the client addr field of the DHCP message The no form of this command disables this function no ip dhcp snooping verify mac address Parameter description N A Default Disabled Command mode Global configuration mode Usage guidelines Use this command to enable checking the validity of the source MAC address of the DHCP request message Onc...

Page 171: ...nd to add option82 to the DHCP request message The no form of this command disables this function no ip dhcp snooping information option Parameter description N A Default configuration Disabled Command mode Global configuration mode Usage guidelines This command adds option82 to the DHCP request message based on which the DHCP server assigns IP address Examples Add option82 to the DHCP request mes...

Page 172: ...erval at which the system writes the dynamic user information of the DHCP snooping database into the flash Default Disabled Command mode Global configuration mode Usage guidelines This function can avoid loss of user information after restart In that case users need to obtain IP addresses again for normal communication Examples The following is an example of setting interval at which the switch wr...

Page 173: ...h Parameter description N A Default N A Command mode Global configuration mode Usage guidelines Use this command to write the dynamic user information of the DHCP binding database into flash in real time Examples The following is an example of writing the dynamic user information of the DHCP binding database into flash DES 7210 configure terminal DES 7210 config ip dhcp snooping database write to ...

Page 174: ...that is all the users under the port are prohibited to request addresses through DHCP Examples The following is an example of setting fastethernet 0 2 to be suppression status DES 7210 configure terminal DES 7210 config interface fastEthernet 0 2 DES 7210 config if ip dhcp snooping suppression DES 7210 config if end Related commands Command Description show ip dhcp snooping View the configuration ...

Page 175: ...f end DES 7210 show ip dhcp snooping Switch DHCP snooping status ENABLE DHCP snooping Verification of hwaddr field status DISABLE DHCP snooping database write delay time 0 seconds DHCP snooping option 82 status ENABLE DHCP Snooping Support Bootp bind status ENABLE Interface Trusted Rate limit pps FastEthernet0 1 yes unlimited Related commands Command Description show ip dhcp snooping View the conf...

Page 176: ...on an interface Examples The following example sets rate limit of port 1 as 100 DES 7210 configure terminal DES 7210 config interface fastEthernet 0 1 DES 7210 config if ip dhcp snooping limit rate 100 DES 7210 config if end DES 7210 show ip dhcp snooping Switch DHCP snooping status ENABLE DHCP snooping Verification of hwaddr field status DISABLE DHCP snooping database write delay time 0 seconds D...

Page 177: ...tatus ENABLE Interface Trusted Rate limit pps Related commands Command Description ip dhcp snooping Enable the DHCP snooping globally ip dhcp snooping verify mac address Enable the check of source MAC address of DHCP Snooping packets ip dhcp snooping write delay Set the interval of writing user information to FLASH periodically ip dhcp snooping information option Add option82 to the DHCP request m...

Page 178: ...on ip dhcp snooping binding Add the static user information to the DHCP Snooping database clear ip dhcp snooping binding Clear the dynamic user information from the DHCP snooping binding database 15 4 Other DHCP Snooping Configuration Commands The configuration of other dhcp snooping includes the commands as follows clear ip dhcp snooping binding debug ip dhcp snooping 15 4 1 clear ip dhcp snoopin...

Page 179: ...ES 7210 show ip dhcp snooping binding Total number of bindings 0 MacAddress IpAddress Lease sec Type VLAN Interface Related commands Command Description show ip dhcp snooping binding Show the information of the DHCP snooping binding database 15 4 2 debug ip dhcp snooping Use this command to trun on the debugging switch of the DHCP snooping debug ip dhcp snooping Default Turned off Command mode Pri...

Page 180: ......

Page 181: ... global configuration mode include ip igmp profile ip igmp snooping dyn mr aging time ip igmp snooping fast leave enable ip igmp snooping filter ip igmp snooping ivgl ip igmp snooping ivgl svgl ip igmp snooping limit ipmc vlan server ip igmp snooping max groups ip igmp snooping query max response time ip igmp snooping source check default server ip igmp snooping source check port ip igmp snooping ...

Page 182: ...ge using the range command in the profile configuration mode In addition the profile must be applied to the interface in order to make the profile configuration take effect Examples The following is an example of deny the forwarding of the multicast stream 224 2 2 2 DES 7210 config ip igmp profile 1 DES 7210 config profile range 224 2 2 2 DES 7210 config profile deny Related commands Command Descr...

Page 183: ...of the multicast stream 224 2 2 2 DES 7210 config ip igmp profile 1 DES 7210 config profile range 224 2 2 2 DES 7210 config profile permit Related commands Command Description ip igmp profile Create a profile range Configure the multicast address range 16 1 3 range To specify the range of multicast streams execute the range command in the profile configuration mode You can specify either a single ...

Page 184: ...2 2 224 2 2 244 Related commands Command Description ip igmp profile Create a profile deny Deny the forwarding of the multicast streams in the range specified by the profile permit Permit the forwarding of the multicast streams in the range specified by the profile 16 1 4 ip igmp profile This is a mode navigation command Use this command to select a profile and enter the IGMP profile configuration...

Page 185: ...ommand ip igmp snooping dyn mr aging time time no ip igmp snooping dyn mr aging time Parameter description Parameter Description time Aging time of the routing interface that the switch learns dynamically Default configuration 300s Command mode Global configuration mode Usage guidelines When the dynamic routing interface learning function is enabled this command sets the aging time of the routing ...

Page 186: ...xecute this command to enable the fast leave function the system will remove the corresponding multicast group on the corresponding interface upon the receipt of the IGMP leave message Examples The following example shows how to enable the fast leave function on the switch DES 7210 config ip igmp snooping fast leave Related commands Command Function N A 16 1 7 ip igmp snooping filter To configure ...

Page 187: ...gmp snooping filter 1 Related commands Command Description ip igmp profile Create a profile 16 1 8 ip igmp snooping ivgl To enable IGMP snooping and enter the IVGL mode execute the ip igmp snooping ivgl command in the global configuration mode The no form of this command is used to disable IGMP snooping ip igmp snooping ivgl no ip igmp snooping Parameter description N A Default Disabled Command mo...

Page 188: ... ivgl svgl To enable IGMP snooping and enter the ivgl svgl mode execute the ip igmp snooping ivgl svgl command in the global configuration mode The no form of this command is used to disable IGMP snooping ip igmp snooping ivgl svgl no ip igmp snooping Parameter description N A Default Disabed Command mode Global configuration mode Usage guidelines After this mode is set IVGL and SVGL coexist Examp...

Page 189: ...ess Multicast address Saddress Multicast source IP address multicast server Default N A Command mode Global configuration mode Usage guidelines The source IP address check function must be enabled before an entry can be added Examples The following is an example of adding an entry to the multicast source IP address check table DES 7210 config ip igmp snooping limit ipmc vlan 1 address 224 0 0 1 se...

Page 190: ...multicast groups to 100 on the megabit interface 0 1 DES 7210 config interface fastEthernet 0 1 DES 7210 config if ip igmp snooping max group 100 Related commands Command Description ip igmp snooping filter Filter multicast groups that pass through a port 16 1 12 ip igmp snooping query max response time This command specifies the time for the switch to wait for the member join message after receiv...

Page 191: ... 7210 config ip igmp snooping query max response time 100 Related commands Command Function ip igmp snooping Configure a multicast routing interface 16 1 13 ip igmp snooping source check default server The source IP address check is used to permit one or several IPMC flows from the server of the specified IP address To configure the source IP address check function of IGMP snooping execute the ip ...

Page 192: ...igmp snooping source check default server 192 168 4 243 Related commands Command Description Ip igmp snooping limit ipmc vlan server Add an entry to the source IP check table 16 1 14 ip igmp snooping source check port The source port check function is used to permit one or several IPMC flows from the mroute port To configure the source port check function of IGMP snooping execute the ip igmp snoop...

Page 193: ...pression execute the ip igmp snooping suppression enable command in the global configuration mode The no form of this command is used to disable IGMP snooping suppression ip igmp snooping suppression enable no ip igmp snooping suppression enable Parameter description N A Default configuration Disabled Command mode Global configuration mode Usage guidelines After you execute this command to enable ...

Page 194: ...ress range is configured Examples The following example demonstrates how to enable IGMP snooping and enter the SVGL mode DES 7210 config ip igmp snooping svgl Related commands Command Description ip igmp snooping ivgl Enable igmp snooping and enter the IVGL mode ip igmp snooping ivgl svgl Enable igmp snooping and enter the hybrid mode 16 1 17 ip igmp snooping svgl profile To specify the multicast ...

Page 195: ... By default no profile is associated Examples DES 7210 config ip igmp snooping svgl profile 1 Related commands Command Description ip igmp snooping ivgl Enable igmp snooping and enter the IVGL mode ip igmp snooping ivgl svgl Enable igmp snooping and enter the hybrid mode 16 1 18 ip igmp snooping vlan mrouting interface Routing interface is a port through which a multicast device is directly connec...

Page 196: ...file By deffault the routing interface forwards the multicast frames of all the mlticast IP addresses in the VLAN as a member of a VLAN Sometimes administrator does not want to forward some multicast frames to a multicast device At this point the administrator can use the IGMP Profile to filter the range of multicast frames to be forwarded by the routing interface by executing the ip igmp snooping...

Page 197: ... snooping vlan mdevice learn pim dvmrp To configure a device to listen to the IGMP query dvmrp or PIM packets dynamically in order to automatically identify a routing interface execute the ip igmp snooping vlan mdevice learn command in the global configuration mode The no form of this command is used to disable the dynamic learning ip igmp snooping vlan vid mdevice learn pim dvmrp no ip igmp snoop...

Page 198: ...and in the global configuration mode The no form of this command is used to delete a static configuration ip igmp snooping vlan vid static ip addr interface interface id no ip igmp snooping vlan vid static ip addr interface interface id Parameter description Parameter Description vid VLAN ID of a routing interface ip addr Multicast IP address interface id Interface ID Default N A Command mode Glob...

Page 199: ...snp 16 2 1 show ip igmp snooping Use this command to show related information of igmp snooping show ip igmp snooping gda table interfaces mdevice statistics vlan vlan id Parameter description Parameter Description none Show the function configuration of IGMP snooping gda table Show multicast forwarding rule table interfaces Show the configuration of igmp snooping filtring mdevice Show interface co...

Page 200: ...profile number Use this command to show the profile information show ip igmp profile show ip igmp profile profile number Parameter description Parameter Description none Show configuration information of all profiles profile number Show configuration information of the designated profile Command mode Privileged EXEC mode Examples DES 7210 config if show ip igmp profile Profile 1 Permit range 224 0...

Page 201: ...ileged EXEC mode 16 2 5 debug igmp snp Use the following commands to turn on igmp service debug switch The no form of this command closes debug switch debug igmp snp debug igmp snp event debug igmp snp packet debug igmp snp msf debug igmp snp warning undebug igmp snp undebug igmp snp event undebug igmp snp packet undebug igmp snp msf undebug igmp snp warning Parameter description Parameter Descrip...

Page 202: ...CLI Reference Guide 16 22 packet Show the debug information of IGMP Snooping packet msf Show the debug information exchanged between the IGMP Snooping and multicast warning Show all debug information of IGMP Snooping warning Command mode Privileged EXEC mode ...

Page 203: ...snooping dr flood ip pim snooping interface configuration mode show ip pim snooping show ip pim snooping mroute show ip pim snooping neighbor show ip pim snooping statistics show ip pim snooping vlan clear ip pim snooping statistics clear ip pim snooping vlan debug ip psnp event debug ip psnp mst debug ip psnp port debug ip psnp timer 17 1 1 ip pim snooping global configuration mode This command e...

Page 204: ...ow between the routers even if the PIM Snooping has been enabled If you disable PIM Snooping globally then the PIM Snooping function will be ineffective in all VLANs 17 1 2 ip pim snooping dr flood Use the ip pim snooping dr flood command to enable PIM Snooping to flood the multicast flow towards DR With DR flood configured the multicast data will be forwarded through the Layer 2 port no matter wh...

Page 205: ...nd DR flood function is disabled only when the multicast source does not exist in the VLAN 17 1 3 ip pim snooping interface configuration mode This command enables or disables the PIM snooping on the interface ip pim snooping no ip pim snooping Parameter description N A Default configuration Disabled Command mode Interface configuration mode Examples DES 7210 configure terminal DES 7210 config int...

Page 206: ...how ip pim snooping Global runtime mode Enabled Global admin mode Enabled DR Flooding status Enabled Number of user enabled VLANs 2 User enabled VLANs 199 198 The following are the description for each field Field Description Global runtime mode Global PIM Snooping running mode Enabled indicates the current normal running mode Disabled indicates the current unavailable running mode Global admin mo...

Page 207: ...ry Command mode Privileged EXEC mode global configuration mode interface configuration mode Examples The following example shows the information of the PIM snooping forwarding entry DES 7210 show ip pim snooping mroute Flags JOIN PRUNE G S G Join Prune SGR PP S G R PrunePending SGR P S G R Prune VLAN 199 1 mroutes 229 1 1 1 00 06 12 00 03 06 214 199 199 10 214 199 199 2 00 06 12 00 03 06 JOIN Down...

Page 208: ...ooping neighbor IP Address Port Uptime Expires Flags VLAN 199 2 neighbors 214 199 199 2 2 32 00 18 25 00 01 04 214 199 199 10 2 20 00 18 09 00 01 03 DR The following are the description for each field Field Description IP Address The neighbor IP address Port The Layer 2 port connecting to the neighbor Uptime Expires The creating and aging time of the neighbor Flags Explain whether DR or not 17 1 7...

Page 209: ...version not 2 0 17 1 8 show ip pim snooping vlan Use this command to display related information of PIM Snooping VLAN show ip pim snooping vlan interface number mroute neighbor statistics Parameter description Parameter Description interface number Show VLAN ID mroute Show the forwarding table information in the VLAN neighbor Show the neighbor information in the VLAN statistics Show the statistics...

Page 210: ... 41 JOIN Downstream ports 2 32 Upstream ports 2 34 Outgoing ports 2 32 2 34 The following example shows the neighbor information of the PIM Snooping VLAN 199 DES 7210 show ip pim snooping vlan 199 neighbor IP Address Port Uptime Expires Flags VLAN 199 4 neighbors 214 199 199 4 2 32 02 34 58 00 01 17 DR 214 199 199 3 2 36 02 22 19 00 05 10 214 199 199 2 2 34 02 33 34 00 05 35 214 199 199 1 2 20 02 ...

Page 211: ...oin Prune not modified 11 Join Prune modified 5 Join Prune suppressed 1 Error Hello hold option missing 0 Error Hello option length 0 Error Hello option unknown 4 Error Join Prune Address Family 0 Error Join Prune Unknown up down neighbor 5 17 1 9 clear ip pim snooping statistics Use this command to clear the PIM Snooping statistics clear ip pim snooping statistics Parameter description N A Comman...

Page 212: ... Clear VLAN ID mroute Clear the forwarding table information in the VLAN neighbor Clear the neighbor information in the VLAN statistics Clear the statistics in the VLAN Command mode Privileged EXEC mode Examples The following example clears the forwarding table information of the PIM Snooping VLAN 199 DES 7210 show ip pim snooping vlan 199 mroute The following example clears the neighbor informati...

Page 213: ...ug ip psnp event 17 1 12 debug ip psnp mst Use this command to enable the PIM Snooping entry operation debugging switch Use the no form of this command to disable the switch debug ip psnp mst no debug ip psnp mst Parameter description N A Command mode Privileged EXEC mode Examples The following example enable the PIM Snooping entry operation debugging switch DES 7210 debug ip psnp mst 17 1 13 debu...

Page 214: ...port Use this command to enable the PIM Snooping port management and neighbor information debugging switch Use the no form of this command to disable the switch debug ip psnp port no debug ip psnp port Parameter description N A Command mode Privileged EXEC mode Examples The following example enable the PIM Snooping port management debugging switch DES 7210 debug ip psnp port 17 1 15 debug ip psnp ...

Page 215: ...LI Reference Guide Chapter 17 PIM Snooping Configuration Commands 17 13 Command mode Privileged EXEC mode Examples The following example enable the PIM Snooping timer debugging switch DES 7210 debug ip psnp timer ...

Page 216: ......

Page 217: ...ers only restores the corresponding parameters to the default values but does not disable the spanning tree function spanning tree forward time seconds hello time seconds max age seconds no spanning tree forward time hello time max age Parameter description Parameter Description forward time seconds Interval at which the port status changes hello time seconds Interval at which the switch sends the...

Page 218: ... tree forward time 10 Related commands Command Description show spanning tree Show the global STP configuration spanning tree mst cost Set the PathCost of an STP interface spanning tree tx hold count Set the global TxHoldCount of STP 18 1 2 spanning tree bpdufilter Use this command to enable BPDU filter on the interface You can use the enabled or disabled option of the command to enable or disable...

Page 219: ...abled disabled Parameter description Parameter Description enabled Enable BPDU guard on the interface disabled Disable BPDU guard on the interface Default configuration Disabled Command mode Interface configuration mode Examples DES 7210 config interface gigabitethernet 1 1 DES 7210 config if spanning tree bpduguard enable Related commands Command Description show spanning tree interface Show the ...

Page 220: ... type point to point Related commands Command Description show spanning tree interface Show the STP configuration of the interface 18 1 5 spanning tree max hops Use this command to set the maximum number of hops Max hopsCount of the BPDU message in the global configuration mode the number of hops in a region that the BPDU message passes before being dropped This parameter takes effect for all inst...

Page 221: ...tances DES 7210 config spanning tree max hops 10 You can verify your setting by entering the show spanning tree mst command in the privileged configuration mode Related commands Command Description show spanning tree Show the MSTP information 18 1 6 spanning tree mode Use this command to set the STP version in the global configuration mode Use the no form of the command to restore the version of t...

Page 222: ...nter exit After entering the MST configuration mode you can use the following commands to configure parameters instance instance id vlan vlan range Adds the VLANs to the MST instance The range of instance id is 0 to 64 and the range of VLAN is 1 to 4095 The vlan range can be a collection of some inconsecutive VLANs separated with comma or some consecutive VLANs in the form of start VLAN number end...

Page 223: ...ng the MST configuration mode DES 7210 config mst no instance 1 vlan 3 Delete instance 1 DES 7210 config mst no instance 1 You can verify your settings by entering the show command of the MST configuration commands Related commands Command Description show spanning tree mst Show the MST region configuration instance instance id vlan vlan range Add VLANs to the MST instance name Configure the name ...

Page 224: ...10 config interface gigabitethernet 1 1 DES 7210 config if spanning tree mst 3 cost 400 You can verify your settings by entering the show spanning tree mst interface interface id command in the privileged EXEC mode Related commands Command Description show spanning tree mst Show the MSTP information of an interface spanning tree mst port priority Configure the priority of an interface spanning tre...

Page 225: ...in the region the interface of the higher priority will be in charge of forwarding If all interfaces have the same priority value the interface of the smaller number will be in charge of the forwarding Examples This example shows how to set the priority of gigabitethernet 1 1 to 10 in instance 20 DES 7210 config interface gigabitethernet 1 1 DES 7210 config if spanning tree mst 20 port priority 0 ...

Page 226: ... 8192 12288 16384 20480 24576 28672 32768 36864 40960 45056 49152 53248 57344 and 61440 which are all multiples of 4096 Default configuration The default instance ID is 0 The default device priority is 32768 Command mode Global configuration mode Examples The following example sets the device priority of the Instance as 8192 DES 7210 config if spanning tree mst 20 priority 8192 You can verify your...

Page 227: ...tree interface Show the STP configuration of the interface 18 1 12 spanning tree tx hold count Use this command to configure the TxHoldCount of the STP in the global configuraiton mode the maximum number of the BPDU messages sent in one second Use the no form of the command to restore it to the default setting spanning tree tx hold count tx hold count no spanning tree tx hold count Parameter descr...

Page 228: ...d to configure path cost short Adopt the 802 1d standard to configure path cost Default configuration Adopt the 802 1T standard to set path cost by default Command mode Global configuration mode Examples DES 7210 config if spanning tree pathcost method long Related commands Command Description show spanning tree interface Show the STP configuration of the interface 18 1 14 spanning tree portfast U...

Page 229: ...guard default Use this command to enable the GPDU guard globally You can use the no form of the command to disable the BPDU guard spanning tree portfast bpduguard default no spanning tree portfast bpduguard default Parameter description N A Default configuration Disabled Command mode Global configuration mode Usage guidelines Once the BPDU guard is enabled on the interface it will enter the error ...

Page 230: ...ult configuration Disabled Command mode Global configuration mode Usage guidelines Once the BPDU filter is enabled the BPDU message is neither received nor sent on the interface Use the show spanning tree command to display the configuration Examples DES 7210 config spanning tree portfast bpdufilter default Related commands Command Description show spanning tree interface Show the global STP confi...

Page 231: ...tection Use this command to enable tc protection globally Use The no form of this command to disable tc protection globally spanning tree tc protection no spanning tree tc protection Parameter description N A Default configuration Enabled Command mode Global configuration mode Examples DES 7210 config spanning tree tc protection 18 1 19 spanning tree tc protection tc guard Use this command to enab...

Page 232: ...ages Use the no form of this command to disable tc guard on the interface spanning tree tc guard no spanning tree tc guard Parameter description N A Default configuration Disabled Command mode Global configuration mode Examples DES 7210 config spanning tree tc guard 18 1 21 spanning tree guard root Use this command to enable root guard on the interface to prevent the change of current root bridge ...

Page 233: ... can not receive bpdu Use the no form of this command to disable loop guard spanning tree loopguard default no spanning tree loopguard default Parameter description N A Default configuration Disabled Command mode Global configuration mode Examples DES 7210 config spanning tree loopguard default 18 1 23 spanning tree guard loop Use this command to enable loop guard on the interface to prevent the r...

Page 234: ...e guard on the interface Use the no form of this command to delete guard on the interface spanning tree guard none no spanning tree guard none Parameter description N A Default configuration Disabled Command mode Interface configuration mode Examples DES 7210 config spanning tree guard none 18 1 25 spanning tree autoedge Use this command to enable Autoedge on the interface Use the disabled option ...

Page 235: ...uration information of the interface 18 1 26 bpdu src mac check Use this command to enable the BPDU source MAC address check function on the interface Use the no form of this command to disable the function bpdu src mac check H H H no bpdu src mac check Parameter description Parameter Description H H H Indicate that only the BPDU messages from this MAC address are received no Indicate that the BPD...

Page 236: ...nfiguration mode Examples DES 7210 clear spanning tree detected protocols Related commands Command Description show spanning tree interface Show the STP configuration of the interface 18 1 28 spanning tree compatible enable Use this command to send the message selectively carried with MSTI according to the interface attibute of current port to realize interconnection with other vendors spanning tr...

Page 237: ...Showing Related Command 18 2 1 show spanning tree Use this command to display the global spanning tree configurations show spanning tree summary forward time hello time max age inconsistentports tx hold count pathcost method max_hops Parameter description Parameter Description summary Show the information of MSTP instances and forwarding status of the interfaces inconsistentports Show the block po...

Page 238: ...ee max age Set BridgeMaxAge spanning tree max hops Set the maximum hops of an instance spanning tree tx hold count Show TxHoldCount 18 2 2 show spanning tree interface Use this command to show the STP configuration of the interface including the optional spanning tree show spanning tree interface interface id bpdufilter portfast bpduguard link type Parameter description Parameter Description inter...

Page 239: ...point 18 2 3 show spanning tree mst In privileged EXEC mode use this command to display the information of MST and instances show spanning tree mst configuration instance id interface interface id Parameter description Parameter Description configuration The MST configuration of the equipment instance id Instance number interface id Interface number Default configuration All the instances are disp...

Page 240: ...DES 7200 CLI Reference Guide 18 24 spanning tree mst max hops Show the maximum hops of the instance spanning tree mst priority Show the equipment priority of the instance spanning tree mst port priority Show the port priority of the instance ...

Page 241: ...ation interface interface id switch acl name no monitor session all Parameter description Parameter Description session_number SPAN session number source interface interface id Specify the source port interface id interface ID which can be physical interface not SVI DES 7200 supports AP destination interface interface id Specify the destination port interface id interface ID which can be physical ...

Page 242: ...w describes how to create a SPAN session session 1 If this session is set previously clear the configuration of current session 1 firstly and then set the frame mapping of port 1 to port 8 DES 7210 config no monitor session 1 DES 7210 config monitor session 1 source interface gigabitEthernet 1 1 both DES 7210 config monitor session 1 destination interface gigabitEthernet 1 8 Note session 1 support...

Page 243: ...ileged mode Usage guidelines N A Examples This example shows how to use show monitor to display SPAN session 1 DES 7210 show monitor session 1 sess num 1 src intf GigabitEthernet 3 1 frame type Both dest intf GigabitEthernet 3 8 Related commands Command Description monitor session Specify a SPAN session and the destination port mirroring port and the source port mirrored port ...

Page 244: ......

Page 245: ...on num destination remote vlan vlan id interface interface name switch Set remote source mirror monitor session session num source interface interface id rx tx both Parameter description Parameter Description session num Session number vlan id Remote span vlan id interface id Interface number Command mode Global configuration mode Usage guidelines Key in end or Ctrl C to return to the privileged m...

Page 246: ...nd Description show monitor Show monitor session information 20 1 2 remote span Use this command to set RSPAN VLAN no remote span Parameter description N A Command mode VLAN configuration mode Usage guidelines Key in end or Ctrl C to return to the privileged mode Key in exit to return to the global configuration mode Examples DES 7210 config vlan 5 DES 7210 config vlan remote span Related commands...

Page 247: ... secondary Parameter description Parameter Description ip address 32 bit IP address with 8 bits in one group in decimal format Groups are separated by dots network mask 32 bit network mask 1 stands for the mask bit 0 stands for the host bit with 8 bits in one group in decimal format Groups are separated by dots secondary Indicates the secondary IP address that has been configured Default No IP add...

Page 248: ...imary IP address can belong to the same network or different networks Secondary IP addresses are often used in network construction Typically you can try to use secondary IP addresses in the following situations A network hasn t enough host addresses At present the LAN should be a class C network where 254 hosts can be configured However when there are more than 254 hosts in the LAN another class ...

Page 249: ...e type Interface type interface number Interface number Default N A Command mode Interface configuration mode Usage guidelines Unnumbered interface is an interface that has IP enabled on it but no IP address is assigned to it The unnumbered interface should be associated to an interface with an IP address The source IP address of the IP packet generated by an unnumbered interface is the IP address...

Page 250: ...In the example below the local interface is configured as an unnumbered interface and the associated interface is FastEthernet 0 1 An IP address must be configured for the associated interface ip unnumbered fastEthernet 0 1 Related commands Command Description show interface Show detailed information of the interface Platform description This command is not supported on the Layer 2 switch 21 2 Add...

Page 251: ...he keyword is arpa for the Ethernet interface alias Optional The DES 7200 series will respond to the ARP request from this IP address after this parameter is defined Default There is no static mapping record in the ARP cache table Command mode Global configuration mode Usage guidelines DES 7200 finds the 48 bit MAC address according to the 32 bit IP address using the ARP cache table Since most hos...

Page 252: ...interval of the ARP request is 1s Command mode Global configuration mode Usage guidelines The switch sends the ARP request message frequently and thus causing problems like network busy In this case you can set the retry interval of the ARP request message longer In general it should not exceed the aging time of the dynamic ARP entry Examples The following configuration sets the retry interval of ...

Page 253: ...guidelines The switch sends the ARP request message frequently and thus causing problems like network busy In this case you can set the retry times of the ARP request smaller In general the retry times should not be set too large Examples The following configuration will set the local ARP request not to be retried arp retry times 1 The following configuration will set the local ARP request to be r...

Page 254: ... other entries share the memory Too much trusted ARP entries may lead to insufficient ARP entry space In general you should set the maximum number of trusted ARP entries according to your real requirements Examples The following configuration sets 1000 trusted ARPs arp trusted 1000 Related commands Command Function service trustedarp Enable the trusted ARP function 21 2 5 arp trusted aging Use thi...

Page 255: ...aximum number of the unresolved ARP entries The no form of this command can restore it to the default value 8192 arp unresolve number no arp unresolve Parameter description Parameter Description number The maximum number of the unresolved ARP entries in the range of 1 to 8192 The default value is 8192 Default configuration The ARP cache table can contain up to 8192 unresolved entries Command mode ...

Page 256: ...to 3600 seconds Default configuration This function is not enabled on the interface to send the free ARP request regularly Command mode Interface configuration mode Usage guidelines If an interface of the switch is used as the gateway of its downlink devices and counterfeit gateway behavior occurs in the downlink devices you can configure to send the free ARP request message regularly on this inte...

Page 257: ... that are learned dynamically The shorter the timeout the truer the mapping table saved in the ARP cache but the more network bandwidth occupied by the ARP Hence the advantages and disadvantages should be weighted Generally it is not necessary to configure the ARP timeout unless there is a special requirement Examples The following is an example of setting the timeout for the dynamic ARP mapping r...

Page 258: ... of the device itself Examples The following is an example of enabling ARP on FastEthernet 0 interface fastEthernet 0 0 ip proxy arp Platform description This command is not supported on the Layer 2 switch 21 2 10 service trustedarp Use this command to enable the trusted ARP function The no form of this command disables the trusted ARP function service trustedarp no service trustedarp Default conf...

Page 259: ...ode config service trustedarp 21 3 Broadcast Message Processing Configuration Commands The broadcast message processing configuration related commands include ip broadcast addresss ip directed broadcast 21 3 1 ip broadcast addresss Use this command to define a broadcast address for an interface in the interface configuration mode The no form of this command is used to remove the broadcast address ...

Page 260: ... ip broadcast address 0 0 0 0 Platform description This command is not supported on the Layer 2 switch 21 3 2 ip directed broadcast Use this command to enable the conversion from IP directed broadcast to physical broadcast in the interface configuration mode The no form of this command is used to remove the configuration ip directed broadcast access list number no ip directed broadcast Parameter d...

Page 261: ... manner of link layer broadcast You can enable conversion from directed broadcast into physical broadcast on a specified interface so that this interface can forward a direct broadcast packet to a directly connected network This command affects only the final transmission of directed broadcast packets that have reached the destination subnet instead of normal forwarding of other directed broadcast...

Page 262: ...face interface name Command mode Privileged mode Usage guidelines This command can be used to refresh an ARP cache table Caution On a NFPP based Network Foundation Protection Policy device it receives one ARP packet for every mac ip address per second by default If the interval of two clear arp times is within 1s the second response packet will be filtered and the ARP packet will not be resolved f...

Page 263: ...tic ARP entries complete Show all the resolved dynamic ARP entries incomplete Show all the unresolved dynamic ARP entries Command mode Any Examples The following is the output result of the show arp command DES 7210 show arp Total Numbers of Arp 7 Protocol Address Age min Hardware Type Interface Internet 192 168 195 68 0 0013 20a5 7a5f arpa VLAN 1 Internet 192 168 195 67 0 001a a0b5 378d arpa VLAN...

Page 264: ...Interface Internet 192 168 195 68 1 0013 20a5 7a5f arpa VLAN 1 The following is the output result of show arp 192 168 195 0 255 255 255 0 DES 7210 show arp 192 168 195 0 255 255 255 0 Protocol Address Age min Hardware Type Interface Internet 192 168 195 64 0 0018 8b7b 9106 arpa VLAN 1 Internet 192 168 195 2 1 00d0 f8ff f00e arpa VLAN 1 Internet 192 168 195 5 00d0 f822 33b1 arpa VLAN 1 Internet 192...

Page 265: ...e is described in Table 1 Platform description This command is not supported on the Layer 2 switch 21 4 4 show arp timeout Use this command to show the aging time of a dynamic ARP entry on the interface show arp timeout Parameter description N A Command mode Any Examples The following is the output of the show arp timeout command DES 7210 show arp timeout Interface arp timeout sec VLAN 1 3600 The ...

Page 266: ...n invalid route is found in the routing table you can immediately refresh the routing table to get the updated routes Note that however refreshing the entire routing table will result in temporary communication failure in the entire network Examples The example below refreshes only the route of 192 168 12 0 clear ip route 192 168 12 0 Related commands Command Description show ip route Show the IP ...

Page 267: ...eld in the ARP cache table has the following meanings Field Description Protocol Network address protocol always Internet Address The IP address corresponding to the hardware address Age min Age of the ARP cache record in minutes If it is not locally or statically configured the value of the field is represented with Hardware Hardware address corresponding to the IP address Type The type of hardwa...

Page 268: ...ts are the interface specific options Examples Presented below is the output of show ip interface DES 7210 show ip interface FastEthernet 0 0 IP interface state is UP IP interface type is BROADCAST IP interface metric is 0 IP interface MTU is 1500 IP address is 192 168 5 133 24 primary IP address negotiate is OFF Forward direct boardcast is ON ICMP mask reply is ON Send ICMP redirect is ON Send IC...

Page 269: ...the DHCP relay is enabled Fast switch is Show whether the IP fash switching function is enabled Route horizontal split is Show whether horizontal split is enabled which will affect the route update behavior of the distance vector protocol Help address is Show the helper IP address Proxy ARP is Show whether the agent ARP is enabled Outgoing access list is Show whether an outgoing access list has be...

Page 270: ...ide 21 24 DES 7210 show ip redirects Default Gateway 192 168 195 1 Related commands Command Description ip default gateway Configure the default gateway which is only supported on the Layer 2 switch Platform description This command is not supported on the Layer 2 switch ...

Page 271: ...te ip unreachables 22 1 1 ip default gateway Use this command to configure the default gateway on the Layer2 switch Use the no form of this command to remove the default gateway ip default gateway no ip default gateway Default configuration By default no default gateway is configured Command mode Global configuration mode Usage guidelines The packets will be sent to the default gateway if the dest...

Page 272: ...ration mode The no form of this command is used to prohibit from sending the ICMP mask response message ip mask reply no ip mask reply Default configuration By default no ICMP mask response message is sent Command mode Interface configuration mode Usage guidelines Sometimes a network device needs the subnet mask of a subnet on the Internet To obtain such information the network device can send an ...

Page 273: ...terface configuration mode Usage guidelines If an IP packet is larger than the IP MTU the DES 7200 software will split this packet All the devices in the same physical network segment must have the same IP MTU for the interconnected interface If the interface configuration command mtu is used to set the maximum transmission unit value of the interface IP MTU will automatically match with the MTU v...

Page 274: ... it may make the device to receive packets through one interface and send it though the same interface If the device sends the packet through the interface through which this packet is received the device will send an ICMP redirection message to the data source telling the data source that the gateway for the destination address is another device in the subnet In this way the data source will send...

Page 275: ...as strict source route loose source route and record route Details about these options can be found in RFC 791 If an option is found to be enabled in this packet a response will be made If an invalid option is detected an ICMP parameter problem message will be sent to the data source and then this packet is discarded The DES 7200 software supports IP source route by default Examples The following ...

Page 276: ...and can not process the upeer protocol of this message DES 7200 software will send ICMP host unreachable message to source data if it can not forward a message due to no routing This command influences all ICMP destination unreachable messages Examples The following example disables sending ICMP destination unreachable message on FastEthernet 0 1 interface fastEthernet 0 1 no ip unreachables Platf...

Page 277: ...mmand DHCP configuration includes the following commands bootfile client identifier client name default device dns server domain name hardware address host ip address dhcp ip dhcp excluded address ip dhcp ping packet ip dhcp ping timeout ip dhcp pool lease netbios name server netbios node type network DHCP next server option service dhcp ...

Page 278: ...er should provide the mapping file name required for the startup so that DHCP clients can download the file from the corresponding server such as TFTP Other servers are defined by the next server command Examples The configuration example below defines the device conf as the startup file name bootfile device conf Related commands Command Description ip dhcp pool Define the name of the DHCP address...

Page 279: ...e is GigabitEthernet 0 1 and the corresponding client ID is 0100 d0f8 2233 b467 6967 6162 6974 4574 6865 726e 6574 302f 31 where 01 denotes the type of the Ethernet media The 67 6967 6162 6974 4574 6865 726e 6574 302f 31 is the hex code of GigabitEthernet0 1 For the definition of the media code refer to the Address Resolution Protocol Parameters section in RFC1700 This command is used only when th...

Page 280: ...should not include the suffix domain name For instance you can define the name of the DHCP client as river not river i net com cn Default No client name is defined Command mode DHCP address pool configuration mode Usage guidelines This command can be used to define the name of the DHCP client only when the DHCP is defined by manual binding This name should not include the suffix domain name Exampl...

Page 281: ...y default Command mode DHCP address pool configuration mode Usage guidelines In general the DHCP client should get the information of the default gateway from the DHCP server The DHCP server should specify one gateway address for the client at least and this address should be of the same network segment as the address assigned to the client Examples The configuration example below defines 192 168 ...

Page 282: ...CP address pool configuration mode Usage guidelines When more than one DNS server is defined the former will possess higher priory so the DHCP client will select the next DNS server only when its communication with the former DNS server fails If the DES 7200 software also acts as the DHCP client the DNS server information obtained by the client can be transmitted to the DHCP client Examples The co...

Page 283: ...the DHCP client obtains specified suffix domain name it can access a host with the same suffix domain name by the host name directly Examples The configuration example below defines the suffix domain name i net com cn for the DHCP client domain name i net com cn Related commands Command Description dns server Define the DNS server of the DHCP client ip dhcp pool Define the name of the DHCP address...

Page 284: ...efined it is the Ethernet by default Command mode DHCP address pool configuration mode Usage guidelines This command can be used only when the DHCP is defined by manual binding Examples The configuration example below defines the MAC address 00d0 f838 bf3d with the type ethernet hardware address 00d0 f838 bf3d Related commands Command Description client identifier Define the unique ID of the DHCP ...

Page 285: ...ool configuration mode Usage guidelines If the network mask is not defined definitely the DHCP server will use the natural network mask of this IP address 255 0 0 0 for class A IP address 255 255 0 for class B IP address and 255 255 255 0 for class C IP address This command can be used only when the DHCP is defined by manual binding Examples The configuration example below sets the client IP addre...

Page 286: ...nformation of the same subnet 3 DHCP option 6 the DNS server information 4 DHCP option 15 the host suffix domain name and 5 DHCP option 44 the WINS server information The client of the DES 7200 software is allowed to obtain the address on the PPP FR or HDL link by the DHCP which should be supported by the server At present our server can support this function Examples The configuration example bel...

Page 287: ...e IP addresses for specific hosts to prevent these addresses are assigned to the DHCP client and define the excluded IP address accurately to reduce the conflict detecting time when the DHCP server assigns the address Examples In the configuration example below the DHCP server will not attempt to assign the IP addresses within 192 168 12 100 150 ip dhcp excluded address 192 168 12 100 192 168 12 1...

Page 288: ...o packets by default Examples The configuration example below sets the number of the packets sent by the ping operation as 3 ip dhcp ping packets 3 Related commands Command Description clear ip dhcp conflict Clear the DHCP history conflict record ip dhcp ping packet Configure the timeout time that the DHCP server waits for the Ping response If all the ping packets are not responded within the spec...

Page 289: ... Related commands Command Description clear ip dhcp conflict Clear the DHCP history conflict record ip dhcp ping packets Define the number of the data packets sent by the ping operation for the detection of the address conflict when the DHCP server assigns an IP address show ip dhcp conflict Show the address conflict the DHCP server detects when it assigns an IP address 23 1 13 ip dhcp pool Use th...

Page 290: ...the DHCP manual binding ip dhcp excluded address Define the IP addresses that the DHCP server cannot assign to the clients network DHCP Define the network number and network mask of the DHCP address pool 23 1 14 lease Use this command to define the lease time of the IP address that the DHCP server assigns to the client in the DHCP address pool configuration mode The no form of this command can be ...

Page 291: ...cription ip dhcp pool Define the name of the DHCP address pool and enter into the DHCP address pool configuration mode 23 1 15 netbios name server Use this command to configure the WINS name server of the Microsoft DHCP client NETBIOS in the DHCP address pool configuration mode The no form of this command can be used to delete the WINS server netbios name server ip address ip address2 ip address8 ...

Page 292: ...fine the name of the DHCP address pool and enter into the DHCP address pool configuration mode 23 1 16 netbios node type Use this command to define the node type of the master NetBIOS of the Microsoft DHCP client in the DHCP address configuration mode The no form of this command can be used to delete the configuration of the NetBIOS node type netbios node type type no netbios node type Parameter d...

Page 293: ...fault the node type for Microsoft operating system is broadcast or hybrid If the WINS server is not configured broadcast node is used Otherwise hybrid node is used It is recommended to set the type of the NetBIOS node as Hybrid Examples The configuration example below sets the NetBIOS node of Microsoft DHCP client as Hybrid netbios node type h node Related commands Command Description ip dhcp pool...

Page 294: ...checks the next until it assigns an effective IP address The show ip dhcp binding command can be used to view the address assignment and the show ip dhcp conflict command can be used to view the address conflict detection configuration Examples The configuration example below defines the network number of the DHCP address pool as 192 168 12 0 and the network mask as 255 255 255 240 network 192 168...

Page 295: ...cation with the former startup server fails Examples The configuration example below specifies the startup server 192 168 12 4 for the DHCP client next server 192 168 12 4 Related commands Command Description bootfile Define the default startup mapping file name of the DHCP client ip dhcp pool Define the name of the DHCP address pool and enter into the DHCP address pool configuration mode ip help ...

Page 296: ... For the definition of current DHCP option refer to RFC 2131 Examples The configuration example below defines the option code 19 which determines whether the DHCP client can enable the IP packet forwarding 0 indicates to disable the IP packet forwarding and 1 indicates to enable the IP packet forwarding The configuration below enable the IP packet forwarding on the DHCP client option 19 hex 1 The ...

Page 297: ...omatically and provide them with the network configuration information such as DNS server and default gateway The DHCP relay can forward the DHCP requests to other servers and the returned DHCP responses to the DHCP client serving as the relay for DHCP packets Examples In the following configuration example the device has enabled the DHCP server and the DHCP relay feature service dhcp Related comm...

Page 298: ...idelines This command can only clear the automatic DHCP binding but the manual DHCP binding can be deleted by the no ip dhcp pool command Examples The example below clears the DHCP binding with the IP address 192 168 12 100 clear ip dhcp binding 192 168 12 100 Related commands Command Description show ip dhcp binding Show the address binding of the DHCP server 23 2 2 clear ip dhcp conflict Use thi...

Page 299: ...flict when the DHCP server assigns an IP address show ip dhcp conflict Show the address conflict that the DHCP server detects when it assigns an IP address 23 2 3 clear ip dhcp server statistics Use this command to reset the counter of the DHCP server in the privileged user mode clear ip dhcp server statistics Default N A Command mode Privileged mode Usage guidelines The DHCP server carries out th...

Page 300: ...ebug ip dhcp client Parameter description N A Default Disabled Command mode Privileged mode Usage guidelines This command is used to show the main message content of the DHCP client during the interaction of the servers and the processing status Examples The example below turns on the debugging switch of the DHCP client in the equipment debug ip dhcp client 23 2 5 debug ip dhcp server Use this com...

Page 301: ...client show dhcp lease Parameter description N A Default N A Command mode Privileged mode Usage guidelines If the IP address is not defined show the binding condition of all addresses If the IP address is defined show the binding condition of this IP address Examples The following is the result of the show dhcp lease DES 7210 show dhcp lease Temp IP addr 192 168 5 71 for peer on Interface FastEthe...

Page 302: ...e show ip dhcp binding DES 7210 show ip dhcp binding IP address client ID Lease expiration Type Hardware address 192 168 1 2 00D0 f866 4777 IDLE Manual The meaning of various fields in the show result is described as follows Field Description IP address The IP address to be assigned to the DHCP client Client id Hardware address The client identifier or hardware address of the DHCP client Lease exp...

Page 303: ...lines This command can show the conflict address list and excluded address list detected by the DHCP server Examples The following is the output result of the show ip dhcp conflict command DES 7210 show ip dhcp conflict IP address Detection Method 192 168 12 1 Ping dhcpd excluded ipaddress 192 168 12 100 The meaning of various fields in the show result is described as follows Field Description IP ...

Page 304: ...e Privileged mode Usage guidelines This command shows the statistics of the DHCP server Examples The following is the output result of the show ip dhcp server statistics command DES 7210 show ip dhcp server statistics Address pools 4 Automatic bindings 4 Manual bindings 0 Expired bindings 0 Malformed messages 2 Message Received BOOTREQUEST 216 DHCPDISCOVER 33 DHCPREQUEST 25 DHCPDECLINE 0 DHCPRELEA...

Page 305: ...ss bindings Manual bindings Number of manual address bindings Expired bindings Number of expired address bindings Malformed messages Number of malformed messages received by the DHCP Message Received or Sent Number of the messages received and sent by the DHCP server respectively Related commands Command Description clear ip dhcp server statistics Delete the DHCP server statistics ...

Page 306: ......

Page 307: ...ay in the global configuration mode The no form of this command can disable the DHCP relay service dhcp no service dhcp Default Disabled Command mode Global configuration mode Usage guidelines The DHCP relay can forward the DHCP requests to other servers and the returned DHCP response packets to the DHCP client serving as the relay for DHCP packets Examples In the following configuration example t...

Page 308: ...l be sent to these servers You can select one for confirmation The global configuration and port based configuration of the vrf are slightly different In the global configuration mode if the vrf is not specified the default address of the current server does not belong to any vrf In the port based configuration if the vrf is not specified the current default server and port configurations belong t...

Page 309: ...oup Configure the option dot1x acl 24 1 4 ip dhcp relay information option dot1x access group Use this command to configure the dhcp option dot1x acl The no form of this command is used to disable the dhcp option dot1x acl Default No ACL is associated with Command mode Global configuration mode Usage guidelines Be sure that the ACL does not conflict with the existing ACE of the configured ACL on t...

Page 310: ...k server id function Ip dhcp relay check server id Related commands Command Description service dhcp Enable the DHCP Relay ip dhcp relay information option dot1x Enable the DHCP option dot1x function 24 1 6 ip dhcp relay check server id Use this command to configure to enable the ip dhcp relay check server id function The no form of this command is used to disable the ip dhcp relay information che...

Page 311: ...ression on the port Default configuration Disabled Command mode Interface configuration mode Usage guidelines After executing this command the system will not relay the DHCP request message on the interface Examples The following example enables the relay suppression function on the interface 1 DES 7210 DES 7210 configure terminal DES 7210 config interface fastEthernet 0 1 DES 7210 config if ip dh...

Page 312: ......

Page 313: ...o form of this command to disable the DNS domain name resolution function ip domain lookup no ip domain lookup Default configuration Enabled Command mode Global configuration mode Usage guidelines This command enables the domain name resolution function Examples The following example enables the DNS domain name resolution function DES 7210 config ip domain lookup Related commands Command Descripti...

Page 314: ...is command is executed the equipment will add a DNS server When the device cannot obtain the domain name from a DNS server it will attempt to send the DNS request to subsequent servers until it receives a response Up to 6 DNS servers are supported You can delete a DNS server with the ip address option or all the DNS servers Examples DES 7210 config ip name server 192 168 5 134 25 1 3 ip host Use t...

Page 315: ...de clear host host name Parameter description Parameter Description host name Delete the dynamically learned host denotes to clear all the dynamically learned host names Command mode Privileged mode Usage guidelines You can obtain the mapping record of the host name buffer table in two ways 1 the ip host static configuration 2 the DNS dynamic learning Execute this command to delete the host name r...

Page 316: ... mode Privileged mode Usage guidelines Show the DNS related configuration information Examples DES 7210 show hosts Name servers are static host type address switch static 192 168 5 243 www dlink com dynamic 192 168 5 123 Related commands Command Description ip host Configure the host name and IP address mapping by manual ip name server Configure the DNS server ...

Page 317: ...form of this command to restore the default value no sntp enable Default configuration Disabled Command mode Global configuration mode Usage guidelines This command shows the parameters of SNTP Examples DES 7210 config sntp enable Related commands Command Description show sntp Show the SNTP configuration clock update calendar Synchronize the software click with the hardware clock clock set Set the...

Page 318: ... mode Global configuration mode Usage guidelines The show sntp command shows the parameters of SNTP Examples DES 7210 config sntp server 192 168 4 12 Related commands Command Description show sntp Show the SNTP configuration sntp enable Enable SNTP 26 1 3 sntp interval Use this command to set the interval for the SNTP Client to synchronize its clock with the NTP SNTP Server Note that the set inter...

Page 319: ...ption sntp enable Enable SNTP show sntp Show the SNTP configuration clock update calendar Synchronizes the software clock with the hardware clock 26 2 Showing Related Command 26 2 1 show sntp Use this command to show the parameters of SNTP Command mode Privileged mode Usage guidelines This command shows the parameters of SNTP Examples DES 7210 show sntp SNTP state Enable SNTP server 192 168 4 12 S...

Page 320: ...Chapter 26 SNTP Configuration Commands DES 7200 CLI Reference Guide 26 4 show sntp Show the SNTP configuration ...

Page 321: ...mands no ntp ntp access group ntp authenticate ntp authentication key ntp disable ntp master ntp server ntp synchronize ntp trusted key ntp update calendar 27 1 1 no ntp Use this command to disable the ntp synchronization service with the time server and clear all configuration information of ntp no ntp Parameter description N A Default Disabled Command mode Global configuration mode ...

Page 322: ...t number access list name no ntp access group peer serve serve only query only access list number access list name Parameter description Parameter Description peer Not only allow to request for the time of and control the local NTP service but also allow the time synchronization of the local and the peer serve Allow to request for the time of and control the local NTP service only the time synchro...

Page 323: ... the order in accordance with the above rules the related requests about the control and query are not supported If you do not configure any access control rules then all accesses are allowed However once the access control rules are configured only the rule that allows access can be carried out Examples The following example shows how to allow the peer device in acl1 to control the query request ...

Page 324: ...d and specified as the global trusted key enable the authentication mechanism ntp authentication key 6 md5 wooooop ntp trusted key 6 ntp authenticate Related commands Command Description ntp authentication key Set the global authentication key ntp trusted key Configure the global trusted key 27 1 4 ntp authentication key Use this command to configure a global NTP authentication key for the NTP ser...

Page 325: ...ription ntp authenticate Enable the global security identification mechanism ntp trusted key Configure the global trusted key ntp server Specify a NTP server 27 1 5 ntp disable Use this command to disable the function of receiving the NTP message on the interface ntp disable Parameter description N A Default The NTP message is received on the interface by default Command mode Interface configurati...

Page 326: ...In general the local system synchronizes the time from the external time source directly or indirectly However if the time synchronization of local system fails for the network connection trouble ect use the command to set the reliable reference source of the local time providing the synchronized time for other devices Once set the system time can not be synchronized to the time source with higher...

Page 327: ... name key keyid prefer no ntp server ip addr Parameter description Parameter Description ip addr Set the IP address of the NTP server version Optional Specify the version 1 3 of NTP NTPv3 by default if name Optional Specify the source interface from which the NTP message is sent L3 interface keyid Optional Specify the encryption key adopted when communication with the corresponding server prefer O...

Page 328: ...st key to complete the encrypted communication with the server In the same condition for instance precision the prefer clock is used for synchronization It should be noted that the configured interface is that configured with the IP address and can communicate with the corresponding NTP server when you configure the source interface of the NTP message Examples The configuration example below confi...

Page 329: ...trusted key Use this command to set a key at the global trusted key ntp trusted key key id no ntp trusted key key id Parameter description Parameter Description key id Global trusted key ID Default N A Command mode Global configuration mode Usage guidelines The NTP communication parties must use the same trusted key The key is identified by ID and is not transmitted to improve security Examples Th...

Page 330: ...Default By default update the calendar periodically is not configured Command mode Global configuration mode Usage guidelines By default the NTP update calendar is not configured After configuration the NTP client updates the calendar at the same time when the time synchronization of external time source is successful It is recommended to enable this function for keeping the accurate calendar Exam...

Page 331: ...his command Examples The example below enables the NTP debugging switch debug ntp 27 2 2 show ntp status Use this command to show the NTP information show ntp status Parameter description N A Default N A Command mode Privileged mode Usage guidelines If the NTP service of the system is enabled show current NTP information This command will not print any information before the synchronization server...

Page 332: ......

Page 333: ...isable the forward function of the UDP broadcast message By default the forwarding of the UDP broadcast message is disabled udp helper enable no udp helper enable Parameter description N A Default configuration Disabled Command mode Global configuration mode Usage guidelines Enable the forwarding function of UDP Helper The UDP broadcast messages from the port 69 53 37 137 138 49 are forwarded by d...

Page 334: ...t up to 20 server addresses Default configuration N A Command mode Interface configuration mode Usage guidelines Up to 20 destination servers can be configured on an interface Once the forwarding destination server is configured someone an interface and UDP Helper is enabled the broadcast message of the specified port received from this interface will be sent to the destination server configured o...

Page 335: ...fer Protocol 69 Forward the broadcast message from port 69 domain Domain Name System 53 Forward the broadcast message from port 53 time Time service 37 Forward the broadcast message from port 37 netbios ns NetBIOS Name Service 137 Forward the broadcast message from port 137 netbios dgm NetBIOS Datagram Service 138 Forward the broadcast message from port 138 tacacs TAC Access Control System 49 Forw...

Page 336: ...Chapter 28 UDP Helper Module Configuration Commands DES 7200 CLI Reference Guide 28 4 ip forward protocol Configure the UDP port to enalbe forwarding ...

Page 337: ...community snmp server contact snmp server enable traps snmp server host snmp server location snmp server packetsize snmp server queue length snmp server system shutdown snmp server trap source snmp server trap timeout snmp server user snmp server group snmp server view snmp server if index persists 29 1 1 no snmp server Use this command to disable the SNMP agent function in the global configuratio...

Page 338: ...to the initial value snmp server chassis id text no snmp server chassis id Parameter description Parameter Description text Text of the system sequential number numerals or characters Default configuration The default sequence number is 60FF60 Command mode Global configuration mode Usage guidelines The SNMP system sequence number is generally the sequence number of the machine to facilitate the de...

Page 339: ...rite the variables of the MIB number Sequence number of the ACL in the range of 0 to 99 which specifies the IP address range of the NMS that are permitted to access the MIB ipaddr IP address of the NMS accessing the MIB Default configuration All communities are read only by default Command mode Global configuration mode Usage guidelines This command is the first important command to enable the SNM...

Page 340: ... A Command mode Global configuration mode Examples The example below specifies the SNMP system contract i net800 i net com cn DES 7210 config snmp server contact i net800 i net com cn Related commands Command Description show snmp server Check the SNMP information no snmp server Disable the SNMP agent function 29 1 5 snmp server enable traps Use this command to enable the SNMP server to actively s...

Page 341: ...ommands Command Description snmp server host Specify the SNMP host to send the SNMP Trap message 29 1 6 snmp server host Use this command to specify the SNMP host NMS to send the trap message in the global configuration mode The no form of this command is used to remove the specified SNMP host snmp server host host addr ipv6 ipv6 addr vrf vrfname traps version 1 2c 3 auth noauth priv community str...

Page 342: ...ombinations of the types of the SNMP trap message but the last configuration for the same host will overwrite the previous configurations In other words to send different SNMP trap messages to the same host different combination of SNMP trap messages have to be configured Examples The example below specifies an SNMP host to receive the SNMP event trap DES 7210 config snmp server host 192 168 12 21...

Page 343: ... specify the maximum size of the SNMP packet in the global configuration mode The no form of this command is used to restore it to the default value snmp server packetsize byte count no snmp server packetsize Parameter description Parameter Description byte count Packet size in the range of 484 to 17876 bytes Default configuration 1 500 bytes Command mode Global configuration mode Examples The exa...

Page 344: ...the size of the SNMP trap message queue to control the speed to sending the SNMP trap messages The maximum speed to send messages is 4 messages per second Examples The example below specifies the speed to send the trap message to 4 messages per second DES 7210 config snmp server queue length 4 Related commands Command Description snmp server packetsize Specify the maximum size of the SNMP packet 2...

Page 345: ...of this command is used to restore it to the default value snmp server trap source interface no snmp server trap source Parameter description Parameter Description interface Interface to be used as the source of the SNMP trap message Default configuration The IP address of the interface where the NMP message is sent from is just the source address Command mode Global configuration mode Usage guide...

Page 346: ... server trap timeout seconds no snmp server trap timeout Parameter description Parameter Description seconds Timeout in seconds of retransmit the SNMP trap message Default configuration 30s Command mode Global configuration mode Examples The example below specifies the timeout period as 60 seconds DES 7210 config snmp server trap timeout 60 Related commands Command Description snmp server queue le...

Page 347: ... that of SHA has a length of 20 bytes Two characters make a byte The encrypted key can only be used by the local SNMP engine on the switch Auth Authentication mode md5 and sha auth password Password string no more than 32 characters used by the authentication protocol The system will change the password to the corresponding authentication key priv Encryption mode des56 refers to 56 bit DES encrypt...

Page 348: ...scription v1 v2c v3 SNMP version auth Authenticate the messages transmitted by the user group without encryption This applies to only SNMPv3 noauth Neither authenticate nor encrypt the messages transmitted by the user group This applies to only SNMPv3 priv Authenticate and encrypt the messages transmitted by the user group This applies to only SNMPv3 readview Associate with a read only view writev...

Page 349: ...of the MIB object in the view exclude Exclude the sub trees of the MIB object from the view Default configuration By default a default view is set to access all MIB objects Command mode Global configuration mode Examples The example below sets a view that includes all MIB 2 sub trees oid is 1 3 6 1 DES 7210 config snmp server view mib2 1 3 6 1 include Related commands Command Description show snmp...

Page 350: ... privileged mode show snmp mib user view group Command mode Privileged mode Usage guidelines show snmp Show the SNMP information show snmp mib Show the SNMP MIBs supported in the system show snmp user Show the SNMP user information show snmp view Show the SNMP view information show snmp group Show the SNMP user group information Examples The example below shows the SNMP information DES 7210 show s...

Page 351: ...MP packets output 0 Too big errors Maximum packet size 1500 0 No such name errors 0 Bad values errors 0 General errors 0 Response PDUs 0 Trap PDUs SNMP global trap disabled SNMP logging disabled SNMP agent enabled Related commands Command Description snmp server chassis id Specify the SNMP system sequence number ...

Page 352: ......

Page 353: ...er variable interval absolute delta rising threshold value event number falling threshold value event number owner ownername rmon event number log trap community description string show rmon statistics show rmon history show rmon events show rmon alarms 30 1 1 rmon collection stats Use this command to monitor an Ethernet interface The no form of this command remove the configuration rmon collectio...

Page 354: ... the logging rmon collection history index owner ownername buckets bucket number interval seconds no rmon collection history index Default N A Command mode Interface configuration mode Usage guidelines The DES 7200 allows you to modify the configured history information of the Ethernet network including owner buckets and interval However the modification does not take effect immediately until the ...

Page 355: ...lta owner rising threadhold falling threadhold and the corresponding events However the modification does not take effect immediately until the system triggers the monitoring event at the next time Examples The example below monitors the MIB variable instance ifInNUcastPkts 6 DES 7210 config rmon alarm 10 1 3 6 1 2 1 2 2 1 12 6 30 delta rising threshold 20 1 falling threshold 10 1 owner zhangsan R...

Page 356: ...n alarm number variable interval absolute delta rising threshold value event number falling threshold value event number owner ownername Add an alarm entry 30 2 Showing Related Commands 30 2 1 show rmon statistics Use this command to show the statistics show rmon statictics Default N A Command mode Privileged mode Usage guidelines N A Examples The example below shows the statistics DES 7210 show r...

Page 357: ...ted commands Command Description rmon collection stats index owner owner string Add a statistical entry 30 2 2 show rmon history Use this command to show the history information show rmon history Default N A Command mode Privileged mode Usage guidelines N A Examples The example below shows the history information DES 7210 show rmon history Entry 1 Data source Gi1 1 Buckets requested 65535 Buckets ...

Page 358: ...mber interval seconds Add a history control entry 30 2 3 show rmon alarm Use this command to show the MIB variable information show rmon alarm Default N A Command mode Privileged mode Usage guidelines N A Examples The example below shows the MIB variable information DES 7210 show rmon alarm Event 1 Description firstevent Event type log and trap Community public Last time sent 0d 0h 0m 0s Owner zha...

Page 359: ... this command to show the event information show rmon event Default N A Command mode Privileged mode Usage guidelines N A Examples The example below shows the event information DES 7210 show rmon event Alarm 1 Interval 1 Variable 1 3 6 1 2 1 4 2 0 Sample type absolute Last value 64 Startup alarm 3 Rising threshold 10 Falling threshold 22 Rising event 0 Falling event 0 Owner zhangsan Related comman...

Page 360: ......

Page 361: ...ame Specify the VRF name associated with the sub mode command Default configuration The address family of the RIP protocol is not configured Command mode Route configuration mode Usage Guidelines You can use the address family command to enter the address family configuration sub mode The prompt is config router af When you specify the VRF associated with the sub mode for the first time the RIP in...

Page 362: ...ipv4 vrf vpn1 DES 7210 config router network 192 168 1 0 DES 7210 config router exit address family Related commands Command Description exit address family Exit the address family configuration sub mode ip vrf Create a VRF Platform description Version description 31 1 2 auto summary RIP Use this command to enable the automatic summary of RIP routes The no form of this command disables the functio...

Page 363: ...route is always processed preferentially in querying the RIP database Any sub route is ignored in querying the RIP database reducing the processing time Sometimes there is a need to learn the specific sub routes instead of the summarized route Here it is required to disable the automatic route summary function Only when the RIPv2 is configured however the automatic route summary function can be di...

Page 364: ...metric cannot be converted due to the incompatibility of the metric calculation mechanism of different protocols During the conversion therefore it is required to redefine the metric of redistributed routes in the RIP routing domain If there is no clear definition of metric in redistributing a routing protocol process the RIP uses the metric defined with default metric If a clear metric is defined...

Page 365: ...t information originate always metric route map map name Parameter description Parameter Description always Optional Enable RIP to generate the default route no matter whether the default route exists or not metric metric value Optional The original metric value of the default route in the range of 1 15 route map map name Optional Name of the associated route map Route map is not associated by def...

Page 366: ...o set the metric value of the default route The route map set metric rule takes precedence over the parameter metric value configuration of the default route If the parameter metric has not been configured the default metric value of the default route will be adopted Note If the default route can be generated by using this command RIP will not learn the default route notified from the neighbor For...

Page 367: ...he management distance of the RIP route You can use this command to create several management distances with source address prefix When the source address of the RIP route is within the range specified by the prefix the corresponding management distance is applied otherwise the route uses the management distance set by the RIP Examples Set the management distance of the RIP route to 160 and specif...

Page 368: ...guration mode Usage guidelines To deny some specified routes you can process all the route update packets received by configuring the route distribute control list Without any interface specified the system will process the route update packet received on all the interfaces Examples In the following configuration example the RIP controls and processes the routes received from the Fastethernet 0 0 ...

Page 369: ...ame prefix prefix list name out interface protocol process id process name Parameter description Parameter Description access list number ACL number Only the routes on the ACL are permitted prefix prefix list name Use the prefix list to filter the routes Interface Optional Interface that the route update advertisement control applies to protocol Optional Routing protocol whose routes are selective...

Page 370: ... DES 7210 config router distribute list 10 out DES 7210 config router version 2 DES 7210 config router access list 10 permit 192 168 12 0 0 0 0 255 Related commands Parameter Description access list Define the ACL prefix list Define the prefix of the ACL redistribute Configure route redistribution 31 1 8 exit address family Use this command to exit the address family configuration mode exit addres...

Page 371: ...ame of keychain no ip rip authentication key chain Parameter description Parameter Description name of keychain Name of the keychain used for RIP authentication Default configuration RIP authentication is disabled by default Command mode Interface configuration mode Usage guidelines If the keychain is specified in the interface configuration mode but not defined with the key chain global configura...

Page 372: ...this command to define the RIP authentication mode in the interface configuration mode The no form of this command is used to restore it to the default RIP authentication mode ip rip authentication mode text md5 no ip rip authentication mode Parameter description Parameter Description text Enable plaintext authentication md5 Enable MD5 authentication Default configuration It is the plaintext authe...

Page 373: ...authentication key chain Define the keychain and enter into the keychain configuration mode Platform description Version description 31 1 11 ip rip authentication text password Use this command to set the password string of RIP plaintext authentication The no form of this command is used to remove the password string ip rip authentication text password password string no ip rip authentication text...

Page 374: ... Related commands Command Description ip rip authentication mode Define the RIP authentication mode ip rip authentication key chain Enable the RIP authentication and specify the keychain used for the RIP authentication Only the RIPv2 supports authentication Platform description Version description 31 1 12 ip rip default information Use this command to notify a specified interface of the RIP defaul...

Page 375: ...te Note RIP will not learn the default route notified by the neighbor if the ip rip default information command does not configured on an interface If the default route has been learned it will be removed till the timer expires The ip rip default information command configuration on the interface can not be triggered and updated immediately and will be notified on the next timed update message Exa...

Page 376: ...prevent from receiving RIP packets on the interface use the no form of this command in the interface configuration mode To this end you must configure this command on the interface The default form of this command restores it to the default value Examples Prohibit from receiving RIP packets on the Fastethernet 0 0 DES 7210 config interface fastethernet 0 0 DES 7210 config if no ip rip receive enab...

Page 377: ...ith the version command Command mode Interface configuration mode Usage guidelines This command overwrites the default configuration of the version command It allows RIPv1 and RIPv2 packets to be received on the interface at the same time If there is no parameter when the command is configured the receiving behavior will depend on the configuration of the version Examples The configuration example...

Page 378: ...vent from sending RIP packets on the interface use the no form of this command in the interface configuration mode To this end you must configure this command on the interface The default form of this command can restore it to the default value Examples Prohibit from sending RIP packets on the Fastethernet 0 0 DES 7210 config interface fastethernet 0 0 DES 7210 config if no ip rip send enable Rela...

Page 379: ...the version command Command mode Interface configuration mode Usage guidelines This command overwrites the default configuration of the version command It allows RIPv1 and RIPv2 packets to be sent on the interface at the same time If there is no parameter when the command is configured the receiving behavior will depend on the configuration of the version Examples The configuration example below e...

Page 380: ...delines This command overwrites the default of the version command This command only affects the behavior of sending RIP packets on the interface This command allows RIPv1 and RIPv2 packets to be sent on the interface simultaneously Without parameters specified which packets will be received depends on the version setting Examples Send RIPv2 packets in the broadcast mode on the Fastethernet 0 0 in...

Page 381: ...n multiple devices For non broadcast multi path access network such as frame relay and X 25 however the split horizon may cause some devices unable to learn all routing information The split horizon may need to be disabled in this case If an interface is configured the secondary IP address attentions shall be paid also for the split horizon issue The RIP routing protocol is a distance vector routi...

Page 382: ...on ip address IP addresses to be converged ip network mask Subnet mask of the specified IP address to be converged Default configuration The RIP routes are automatically converged to the classful network edge Command mode Interface configuration mode Usage guidelines This command converges an address or subnet on a specified port RIP routes are automatically converged to the classful network edge ...

Page 383: ...vertised in the RIP routing process in the routing process configuration mode The no form of this command is used to delete the defined network network network number wildcard no network network number wildcard Parameter description Parameter Description network number Number of the directly connected network This network number is a natural network number All interfaces whose IP addresses belong ...

Page 384: ... be received and sent on the interface Examples The following example defines two network numbers associated with the RIP process DES 7210 config router rip DES 7210 config router network 192 168 12 0 DES 7210 config router network 172 16 0 0 Related commands Platform description Version description If some command or some options are available only on a certain version please explain it clearly h...

Page 385: ...ve the routing information This command does not affect the receiving of RIP messages Once restart the interface who is set to passive will not send request message Examples The configuration example below defines two neighbors DES 7210 config router rip DES 7210 config router network 192 168 12 0 DES 7210 config router network 172 16 0 0 Related commands Platform description Version description 3...

Page 386: ...he global offset list it will increase the metric value of the offset list of the specified interface Examples Increase the metric of the RIP routes by 7 in the range specified by ACL 7 DES 7210 config router offset list 7 out 7 Increase the metric of the RIP routes by 7 in the range specified by ACL 7 and learned by fastEthernet 1 0 DES 7210 config router offset list 7 in 7 DES 7210 config router...

Page 387: ...t as possible However when a high speed device sends a large amount of packets to a low speed device the low speed device may not process all the packets timely resulting in packet loss In this case you can use this command to increase the delay to send packets on the high speed device so that the low speed device can process all the update packets Examples Set the delay to send the RIP update pac...

Page 388: ... non passive mode When you enable receiving and sending RIP messages on the interface with the ip rip send enable and ip rip receive enable commands this command sets the interface to the passive mode Consequently receiving RIP update messages rather than sending RIP update messages is enabled on the interface However the ip rip send enable and ip rip receive enable commands determine whether the ...

Page 389: ...ternal type nssa external type Parameter description Parameter Description bgp isis ospf connected static Specify the route redistribution protocol metric Set the metric of the route to be redistributed route map Set the redistribution rule match Redistribute OSPF type routes 1 65535 Number of an OSPF instance Default By default All the routes of the sub types of the instance are redistributed whe...

Page 390: ...ured are redistributed When you configure redistributing OSPF routes without the match parameter the OSPF routes of all sub types are redistributed by default Then the first configured match parameter is used as the original one Only the routes matching the specific type can be redistributed The no form of this command restores the setting to the default value Note The redistribute command cannot ...

Page 391: ... to adjust the RIP clock in the routing process configuration mode The no form of this command is used to restore it to the default timers basic update invalid flush no timers basic Parameter description Parameter Description update Route update time in seconds The update keyword defines the period at which the device sends route update messages Once an update message is received the Invalid and F...

Page 392: ...The adjustment of RIP clocks is not recommended unless otherwise necessary To check the current RIP clock parameters execute the show ip rip command Examples The configuration example below enables the RIP update message to be sent every 10 seconds If no update message is received within 30s the related routes become invalid and enter into the invalid status When another 90s elapses they will be c...

Page 393: ...lidation no matter whether it has been configured with the validate update source command in the routing process configuration mode In addition for the ip unnumbered interface the RIP routing process does not implement update message source address validation no matter whether it has been configured with the routing process configuration command validate update source Examples The configuration ex...

Page 394: ...only Command mode Routing process configuration mode Usage guidelines This command defines the RIP version running on the device It is possible to redefine the messages of which RIP version are processed on every interface by using the ip rip receive version and ip rip send version commands Examples The configuration example below configures the RIP version 2 DES 7210 config router rip DES 7210 co...

Page 395: ...c distance and so on of the RIP routing protocol process quickly If vrf is specified display the name of VRF and VRF id Examples In the configuration example below the basic information of the RIP routing protocol is displayed such as the refresh time management distance etc DES 7210 show ip rip Routing Protocol is rip Sending updates every 10 seconds next due in 4 seconds Invalid after 20 seconds...

Page 396: ...dress entries in the RIP routing database show ip rip database vrf vrf name network number network mask Parameter description Parameter Description vrf vrf name Optional Show the RIP routing information of specified VRF network number Optional Network number network mask Subnet maskIt if the network number is specified Default configuration N A Command mode Privileged mode global configuration mod...

Page 397: ...he information of the currently running routing protocol process 31 2 3 show ip rip external Use this command to show the information of the external routes redistributed by the RIP protocol show ip rip external bgp connected isis process name ospf 1 65535 static vrf vrf name Parameter description Parameter Description bgp connected isis ospf static Show the external route redistributed by the spe...

Page 398: ...ocess 31 2 4 show ip rip interface Use this command to show the RIP interface information show ip rip interface vrf vrf name Parameter description Parameter Description vrf vrf name Show the RIP interface of specified VRF optional Default configuration N A Command mode Privileged mode global configuration mode routing process configuration mode Usage guidelines Examples The following is an example...

Page 399: ...If the BFD has been configured for RIP the result of this command is shown as follows DES 7210 show ip rip interface Vlan 1 is up line protocol is up Routing Protocol RIP Receive RIPv1 and RIPv2 packets Send RIPv1 packets only Receive RIP packet Enabled Send RIP supernet routes Enabled Passive interface Disabled Split horizon Enabled V2 Broadcast Disabled Multicast registe Registed Interface Summa...

Page 400: ......

Page 401: ...r or an IP address Default configuration No OSPF area is configured by default Command mode Routing process configuration mode Usage guidelines Use the no form of this command to remove the specified OSPF area and its configuration including the removal of the area based configuration commands of area authentication area default cost area filter list area nssa ect Users can not remove the OSPF con...

Page 402: ...disables authentication in the OSPF area area area id authentication message digest no area area id authentication message digest Parameter description Parameter Description area id Number of the area where authentication is enabled a decimal integer or an IP address message digest optional MD5 message digest 5 authentication mode Default configuration N A Command mode Routing process configuratio...

Page 403: ...192 168 12 1 255 255 255 0 DES 7210 config if ip ospf message digest key 1 md5 backbone Configure OSPF routing protocol DES 7210 config router ospf 1 DES 7210 config router network 192 168 12 0 0 0 0 255 area 0 DES 7210 config router area 0 authentication message digest Related commands Command Description ip ospf authentication key Define the OSPF plaintext authentication password ip ospf message...

Page 404: ... to the NSSA area must be configured with the area nssa command However the area default cost command can be executed only on the ABR Examples Set the cost of the default aggregate route to 50 DES 7210 config router ospf 1 DES 7210 config router network 172 16 0 0 0 0 255 255 area 0 DES 7210 config router network 192 168 12 0 0 0 0 255 area 1 DES 7210 config router area 1 stub DES 7210 config rout...

Page 405: ... area as an NSSA area in the routing process configuration mode The no form of this command is used to delete the NSSA area or the configuration of the NSSA area area area id nssa no redistribution default information originate metric 0 16777214 metric type 1 2 no summary no area area id nssa no redistribution default information originate no summary Parameter description Parameter Description are...

Page 406: ...NSSA area you can configure the no summary parameter on the ABR to prevent it from advertising summary LSAs Type 3 LSA to the NSSA area In addition the area default cost command is used on the ABR of the NSSA area to configure the cost of the default route sent to the NSSA area By default the cost of the default route sent to the NSSA area is 1 Examples Sets area 1 as the stub area on the devices ...

Page 407: ...route Command mode Routing process configuration mode Usage guidelines This command can be executed only on the ABR to aggregate multiple routes of an area to a route and then advertise it to other areas Route combination occurs only on the border of an area The devices within an area see the specific routing information but the devices outside the area only one aggregate route The advertise and n...

Page 408: ...nd The ABR only sends three types of link state advertisement LSA to the stub area 1 type 1 device LSA 2 type 2 network LSA 3 type 3 network summary LSA From the aspect of the routing table the devices in the stub area can learn only the routes inside the OSPF routing domain including the internal default routes generated by the ABR The devices in the stub area cannot learn the routes outside the ...

Page 409: ...terval seconds hello interval seconds retransmit interval seconds transmit delay seconds authentication key key message digest key key id md5 key no area area id virtual link router id Parameter description Parameter Description area id OSPF transition area number a decimal integer or an IP address router id Identifier of the router neighboring to the virtual link The router identifier can be view...

Page 410: ... enables the key to be displayed in encrypted manner authentication Set the authentication type to plaintext message digest Set the authentication type to MD5 null Set the authentication type to no authentication Default dead interval 40s hello interval 10s retransmit interval 5s transmit delay 1s authentication no authentication N A values for the other parameters Command mode Routing process con...

Page 411: ... to establish virtual link with neighbor 1 1 1 1 This virtual link connects area 10 and backbone area and works with the OSPF message authentication of MD5 DES 7210 config router ospf 1 DES 7210 config router network 172 16 17 0 0 0 15 255 area 1 DES 7210 config router network 172 16 252 0 0 0 0 255 area 10 DES 7210 config router area 0 authentication message digest DES 7210 config router area 1 v...

Page 412: ...er disables the automatic cost calculation function If you use ip ospf cost command to set the cost of the interface the cost will replace the auto cost Examples The configuration example below configures the reference bandwidth as 10M DES 7210 config router ospf 1 DES 7210 config router network 172 16 10 0 0 0 0 255 area 0 DES 7210 config router auto cost reference bandwidth 10 Related commands C...

Page 413: ...e the rule recommended in RFC 1583 by default Command mode Routing process configuration mode Examples The configuration example below determines the best route with the rfc 2328 rule DES 7210 config router ospf 1 DES 7210 config router no commpatible rfc1583 Related commands Command Description show ip ospf Show the OSPF global configuration information 32 1 12 default information originate OSPF ...

Page 414: ... enabled device automatically turns into the autonomous system border device ASBR But the ASBR cannot generate default route automatically or advertise it to all the devices in the OSPF routing domain The ASBR generates default routes by default It is required to configure with the default information originate routing process configuration command If the always parameter is used the OSPF routing ...

Page 415: ...tion originate always metric 50 metric type 1 Related commands Command Description show ip ospf database Show OSPF link state database show ip route Show the IP routing table 32 1 13 default metric Use this command to configure the default metric of OSPF redistributed route in the routing process mode The no format of this command is used to restore it to the default default metric metric N A metr...

Page 416: ... Redistribute the routes of other routing processes show ip ospf Show the OSPF global configuration information 32 1 14 distance ospf Use this command to set the management distance of different types of routes distance ospf intra area 1 255 inter area 1 255 external 1 255 no distance ospf Parameter description Parameter Description intra area 1 255 Set the management distance of the inner area ro...

Page 417: ...efix list filtering rule interface type num Configure the LSA route filtering on the interface Default N A Command mode Routing process configuration mode Usage guidelines This configuration filters the received LSAs and only those matching the filtering conditions are involved in the SPF calculation to generate the corresponding routes It does not affect the link status database or the routing ta...

Page 418: ...p connected isis area tag ospf process id rip static Source of the routes to be filtered Default N A Command mode Routing process configuration mode Usage guidelines The distribute list out and the redistribute route map commands are similar Both filter the routes that other protocols redistribute to the OSPF However it does not perform route redistribution by itself Instead it works with the redi...

Page 419: ...Fv2 MIB is binded with the OSPFv2 process in the smallest number The user operations take effect for this process If the user wants to operate the specified OSPF process by SNMP use this command to bind the MIB with this process Examples The example below operates the OSPFv2 process 100 by SNMP DES 7210 config router ospf 100 DES 7210 config router enable mib binding Related commands Command Descr...

Page 420: ...proachoverflow lsdboverflow maxagelsa originatelsa retransmit iftxretransmit virtiftxretransmit state change ifstatechange nbrstatechange virtifstatechange virtnbrstatechange Parameter description Parameter Description error Set all traps switches related to the error Use this parameter to set the following specified error traps switches ifauthfailure Interface authentication error ifconfigerror I...

Page 421: ...raps switches related to the retransmit Use this parameter to set the following specified retransmit traps switches iftxretransmit Packet retransmission occurs on the interface virtiftxretransmit Packet retransmission occurs on the virtual interface state change Set all traps switches related to the state change Use this parameter to set the following specified state change switches ifstatechange ...

Page 422: ...spf 100 DES 7210 config router enable traps Related commands Command Description show ip ospf Show the OSPF global configuration information enable mib binding Bind the OSPFv2 process with MIB 32 1 19 ip ospf authentication Use this command to configure the authentication type Use the no form of the command to restore it to the default type ip ospf authentication message digest null no ip ospf aut...

Page 423: ...stEthernet 0 0 DES 7210 config interface fastethernet 0 0 DES 7210 config if ip address 172 16 10 0 255 255 255 0 DES 7210 config if ip ospf authentication message digest Related commands Command Description area authentication Enable authentication and define the authentication mode in the OSPF area ip ospf authentication key Configure the plaintext authentication key ip ospf message digest key C...

Page 424: ... in the interface configuration mode When both the interface and the area are configured with authentication the one for the interface takes priority Examples The configuration example below configures the OSPF authentication key ospfauth for the interface FastEthernet 0 0 DES 7210 config interface fastethernet 0 0 DES 7210 config if ip address 172 16 10 0 255 255 255 0 DES 7210 config if ip ospf ...

Page 425: ...configuration Examples The configuration example below configures the OSPF cost of the interface serial 1 0 as 100 DES 7210 config interface serial 1 0 DES 7210 config if ip ospf cost 100 Related commands Command Description bandwidth Specify the interface bandwidth This setting does not affect the data transmission rate show ip ospf Show the OSPF global configuration information 32 1 22 ip ospf d...

Page 426: ... it to the default ip ospf dead interval seconds no ip ospf dead interval Parameter description Parameter Description Seconds Interval to judge the neighbor death in seconds Default By default it is 4 times the interval configured with the ip ospf hello interval command Command mode Interface configuration mode Usage guidelines The OSPF death time is included in the Hello message If the OSPF does ...

Page 427: ... not to generate the OSPF messages ip ospf disable all no ip ospf disable all Default Command mode Interface configuration mode Usage guidelines The interface with this command configured will ignore whether the network area matches or not After this command is configured even if the interface belongs to the network it will not generate OSPF datagram any more So it does not receive or send any OSP...

Page 428: ...be the same To further manually modify the interval to judge neighbor death ensure the Hello message interval cannot be greater than the neighbor death interval Examples The configuration example below configures the interval of sending the Hello message on the interface Gi 1 1 as 15 DES 7210 config interface Gi 1 1 DES 7210 config if ip address 172 16 10 1 255 255 255 0 DES 7210 config if ip ospf...

Page 429: ...authentication command in the interface configuration mode When both the interface and the area are configured with authentication the one for the interface takes priority The DES 7200 software supports smooth modification of MD5 authentication keys which shall be added before deleted When an MD5 authentication key of the device is added the device will regard other devices have not had new keys a...

Page 430: ...guidelines After receiving the database description message the device will check whether the MTU of neighbor interface is the same as its own MTU If the received database description message indicates an MTU greater than the interface s MTU the neighbor relationship cannot be established This can be fixed by disabling the MTU check Examples The configuration example below disables the MTU check f...

Page 431: ... X 25 encapsulation except for PTP sub interface Broadcast network type Ethernet encapsulation By default the network type is the point to multipoint network type Command mode Interface configuration mode Usage guidelines Networks are divided into three types according to the transmission feature of media Broadcast network Ethernet token ring and FDDI Non broadcast network frame relay and X 25 PTP...

Page 432: ... map and frame relay map commands may enable the X 25 and frame relay networks with broadcasting capability so that the OSPF can regard such networks as X 25 and frame relay as broadcast network The interface of the point to multipoint network can be configured with one or more neighbors When the OSPF is configured as the point to multipoint network type multiple host routes may be generated In co...

Page 433: ...onfig interface Serial1 0 DES 7210 config if ip address 172 16 24 4 255 255 255 0 DES 7210 config if encapsulation frame relay DES 7210 config if ip ospf network broadcast DES 7210 config if ip ospf priority 0 Related commands Command Description dialer map ip Define the map between IP address and dialing number frame relay map Define the map between IP address and frame DLCI neighbor OSPF Define ...

Page 434: ...ill not be used until the next DR and BDR election occurs Examples The configuration example below configures the priority of the interface fastethernet 0 0 as 0 Switch config interface fastethernet 0 0 DES 7210 config if ip ospf priority 0 Related commands Command Description ip ospf network Configure the network type of the interface 32 1 30 ip ospf retransmit interval Use this command to define...

Page 435: ...ace serial 1 0 as 10 seconds DES 7210 config interface serial 1 0 DES 7210 config if ip ospf retransmit interval 10 Related commands Command Description area virtual link Define an OSPF virtual link 32 1 31 ip ospf transmit delay Use this command to define the LSU message transmission delay in the interface configuration mode The no form of this command is used to restore it to the default ip ospf...

Page 436: ...interface serial 1 0 DES 7210 config if ip ospf transmit delay 10 Related commands Command Description area virtual link Define an OSPF virtual link 32 1 32 log adj changes Use this command to enable the logging of the neighbor state changes The no or default form of the command is used to disable it log adj changes detail no log adj changes detail Parameter description Parameter Description Secon...

Page 437: ...device is exchanging data with multiple neighbors its performance will be affected This command is configured to limit the maximum number of DD messages that each OSPF instance can have at the same time Examples In the configuration example below the maximum number of DD messages is set as 4 DES 7210 config router ospf 10 DES 7210 config router max concurrent dd 4 32 1 34 neighbor Use this command...

Page 438: ...bor must be the master IP address of that neighbor interface In the NBMA network if the neighbor device becomes inactive in other words the Hello message is not received within the device death interval the OSPF will send more Hello messages to the neighbor The interval at which the Hello messages are sent is called the polling interval When the OSPF starts to work for the first time it sends Hell...

Page 439: ...area area id no network ip address wildcard area area id Parameter description Parameter Description ip addres IP address of the interface wildcard Define the comparison bits in the IP address 0 for exact match and 1 for no comparison area id OSPF area identifier An OSPF area is always associated with an address range For easy of management a subnet can be used as the OSPF area identifier Default ...

Page 440: ...72 16 16 0 DES 7210 config router network 192 168 12 0 0 0 0 255 area 1 DES 7210 config router network 0 0 0 0 255 255 255 255 area 0 Related commands Command Description router ospf Create OSPF routing process 32 1 36 overflow database Use this command to configure the maximum number of LSAs supported by the current OSPF instance overflow database 0 4294967294 hard soft no overflow database Param...

Page 441: ...shall be the same for all routing devices in the same AS wait time Waiting time of the routing device from the overflow status to normal status Default By default the max dbsize is 1 and the wait time is 0 second Command mode Global configuration mode Examples In the configuration below the maximum number of external LSAs is configured as 10 and it turns to the overflow status upon timeout and the...

Page 442: ...bility OSPF will generate a default route directing to the NULL port and this default route will exist in the OVERFLOW state Use the clear ip ospf process command to reset the OSPF and remove the OSPF OVERFLOW state Use the no form of this command to disallow the OSPF to enter the OVERFLOW state when the memory lacks which may result in the constantly consume of the memory resources If the memory ...

Page 443: ...sages Command mode Routing process configuration mode Usage guidelines To prevent other devices in the network from dynamically learning the routing information of the device specify the specified network interface of this device as passive interface Examples The configuration example below configures serial 1 0 as passive interface DES 7210 config router ospf 30 DES 7210 config router passive int...

Page 444: ...lt N A Command mode Route configuration mode Usage guidelines After the command is configured the routing device will turn to ASBR the related routing information is imported into the OSPF domain and broadcasted to other OSPF routing device through type 5 LSAs For redistribution the default metric of BGP routes is 1 the default metric of the LSAs generated by other types of routes is 20 When you c...

Page 445: ...mode The no form of this command is used to delete the defined OSPF routing process router ospf process id vrf vrf name no router ospf process id Parameter description Parameter Description process id OSPF process ID vrf name VRF name Default N A Command mode Global configuration mode Usage guidelines On the basis of the original implementation the R10 1 adds the routing process ID to multi instan...

Page 446: ...uidelines You can configure any IP address as the router ID However the router ID should be unique Note that once the router ID changes the OSPF protocol will do a large number of works It is not recommended to change the router ID The device can be changed only when no LSA is generated To configure the OSPF protocol you should execute this command to specify the ID of a device Certainly you can a...

Page 447: ...ing process into the OSPF routing process every route is advertised to the OSPF enabled device separately in the form of external link state If the incoming routes are continuous addresses the autonomous border device can advertise only one converged route reducing the scale of routing table greatly Unlike the area rang command the former involves the convergence of routes between OSPF areas while...

Page 448: ... The range is 0 to 600s and 10 to1800s Default 240 seconds Command mode Routing process configuration mode Usage guidelines The updated information in the pacing switch LSA checksum calculation and aging interval are for more efficient switch use The default is 4 minutes This parameter needs not to be adjusted often The optimum group pacing interval is inversely proportional to the number of LSAs ...

Page 449: ...s must wait for the specified period to start the SPF calculation spf holdtime Define the interval between two SPF calculations in seconds When the waiting time is up but the interval between two calculations is still elapsing the SPF calculation cannot start Default spf delay 5 s spf holdtime 10 s Command mode Routing process configuration mode Usage guidelines Shorter values of spf delay and spf...

Page 450: ...e is 4 minutes Process bound to VRF default Conforms to RFC2328 and RFC1583Compatibility flag isenabled Supports only single TOS TOS0 routes Supports opaque LSA This device is an ASBR injecting external routing information SPF schedule delay 5 secs Hold time between two SPFs 10 secs LsaGroupPacing 240 secs Number of incomming current DD exchange neighbors 0 5 Number of outgoing current DD exchange...

Page 451: ...sults are described as follows Field Description Router id Router id Process uptime Effective time of the current OSPF process the process does not take effect when the device id is 0 0 0 0 Bound to VRF The VRF of the current OSPF Conforms to RFC2328 The same as the RFC2328 RFC1583Compatibility flag Whether the RFC1583 or RFC2328 is adopted for the calculation of external route This policy is used...

Page 452: ... sum of external LSAs stored in the database Number of non default external LSA Number of external LSAs with non default routes External LSA database limit Limit of external LSA number Exit database overflow state interval Time of exiting the overflow status Database overflow state Whether the current OSPF process is in the overflow status Number of LSA originated Number of LSAs generated Number o...

Page 453: ...e on the ABR OSPF process in the NSSA area 32 2 2 show ip ospf border devices Use this command to show the OSPF internal routing table on the ABR ASBR in the privileged user mode show ip ospf process id border devices Parameter description Parameter Description process id OSPF process ID Command mode Privileged mode Usage guidelines This command shows the OSPF internal routes from the local routin...

Page 454: ... ASBR Show the type of the border device including ABR ASBR or both Area 0 0 0 1 Show the area that learns the route select When there are multiple paths to the ASBR the select indicates the currently selected optimal path 32 2 3 show ip ospf database Use this command to show the OSPF link state database information in the privileged user mode Different formats of the command will display differen...

Page 455: ...ss show ip ospf process id area id database asbr summary link state id self originate show ip ospf process id area id database external link state id show ip ospf process id area id database external link state id adv device ip address show ip ospf process id area id database external link state id self originate show ip ospf process id area id database nssa external link state id show ip ospf pro...

Page 456: ... Optional Show type 10 LSAs opaque as Optional Show type 11 LSAs opaque link Optional Show type 9 LSAs database summary Optional Show the statistics of LSAs of the link state database Default N A Command mode Privileged mode Usage guidelines When the OSPF link state database is very large you should show the information on the link state database in many ways Proper use of these commands may help ...

Page 457: ...ce Age Seq CkSum Route Tag 20 0 0 0 1 1 1 1 1 0x80000001 0x033c E2 20 0 0 0 24 0 100 0 0 0 1 1 1 1 1 0x80000001 0x9469 E2 100 0 0 0 28 0 AS External Link States Link ID ADV Device Age Seq CkSum Route Tag 20 0 0 0 1 1 1 1 380 0x8000000a 0x7627 E2 20 0 0 0 24 0 100 0 0 0 1 1 1 1 620 0x8000000a 0x0854 E2 100 0 0 0 28 0 The fields in the displayed results of the show ip ospf database command are descr...

Page 458: ... ASBR summary LSA Link State ID 3 3 3 3 AS Boundary Device address Advertising Device 1 1 1 1 LS Seq Number 80000001 Checksum 0xbe8c Length 28 Network Mask 0 TOS 0 Metric 1 The fields in the displayed results of the show ip ospf database asbr summary command are described as follows Field Description OSPF Device with ID Router id AS Summary Link States Show the summary LSA information in the AS LS...

Page 459: ...ny link state path TOS 0 Metric 20 Forward Address 0 0 0 0 External Route Tag 0 The fields in the displayed results of the show ip ospf database external command are described as follows Field Description OSPF Device with ID Router id Type 5 AS External Link States Show autonomous external LSA information LS age Show the live period of the LSA Options Option LS Type Show the type of the LSA Link S...

Page 460: ...s follows DES 7210 show ip ospf database network OSPF Device with ID 1 1 1 1 Process ID 1 Network Link States Area 0 0 0 0 LS age 572 Options 0x2 E LS Type network LSA Link State ID 192 88 88 27 address of Designated Device Advertising Device 1 1 1 1 LS Seq Number 80000001 Checksum 0x5366 Length 32 Network Mask 24 Attached Device 1 1 1 1 Attached Device 3 3 3 3 The fields in the displayed results ...

Page 461: ... Link State ID 1 1 1 1 Advertising Device 1 1 1 1 LS Seq Number 80000012 Checksum 0x6d3a Length 48 Number of Links 2 Link connected to Stub Network Link ID Network subnet number 100 0 1 1 Link Data Network Mask 255 255 255 255 Number of TOS metrics 0 TOS 0 Metric 0 The fields in the displayed results of the show ip ospf database device command are described as follows Field Description OSPF Device...

Page 462: ...States Area 0 0 0 0 LS age 499 Options 0x2 E LS Type summary LSA Link State ID 10 0 0 0 summary Network Number Advertising Device 1 1 1 1 LS Seq Number 80000004 Checksum 0x330e Length 28 Network Mask 24 TOS 0 Metric 11 The fields in the displayed results of the show ip ospf database summary command are described as follows Field Description OSPF Device with ID Router id Summary Net Link States Sho...

Page 463: ...cksum 0x033c Length 36 Network Mask 24 Metric Type 2 Larger than any link state path TOS 0 Metric 20 NSSA Forward Address 100 0 2 1 External Route Tag 0 The fields in the displayed results of the show ip ospf database nssa external command are described as follows Field Description OSPF Device with ID Router id NSSA external Link States Show the type 7 autonomous external LSA information LS age Sh...

Page 464: ...sults of the show ip ospf database external command are as follows RDES 7210 show ip ospf database external OSPF Device with ID 1 1 1 1 Process ID 1 AS External Link States LS age 1290 Options 0x2 E LS Type AS external LSA Link State ID 20 0 0 0 External Network Number Advertising Device 1 1 1 1 LS Seq Number 8000000a Checksum 0x7627 Length 36 Network Mask 24 Metric Type 2 Larger than any link sta...

Page 465: ...l be forwarded to the device that generates the link state External Route Tag External route tag Each external route has a 32 byte route tag The OSPF does not use the route tag by itself but it will be used in redistributing OSPF routes by other routing process Following is the display result of show ip ospf database database summary command DES 7210 show ip ospf database database summary OSPF pro...

Page 466: ...ode Usage guidelines This command shows the OSPF information on the interface Examples The output results of the show ip ospf interface FastEthernet 1 0 command are as follows DES 7210 show ip ospf interface fa 1 0 FastEthernet 1 0 is up line protocol is up Internet Address 192 88 88 27 24 Ifindex 4 Area 0 0 0 0 MTU 1500 Matching network config 192 88 88 0 24 Process ID 1 Router id 1 1 1 1 Network...

Page 467: ...ID Router id OSPF router id Network Type OSPF network type Cost OSPF interface cost Transmit Delay is OSPF interface transmit delay State DR BDR state ID Priority Priority of the interface Designated Device ID DR ID of the interface DR s Interface address Address of the DR of the interface Backup designated device ID Router id of the BRD of the interface BDR s Interface address Address of the BDR ...

Page 468: ... process id neighbor detail interface type interface number neighbor id Parameter description Parameter Description Detail Optional Show the neighbor details interface type interface number Optional Show the neighbor information of the specified interface neighbor id Optional Show the information of the specified neighbor Default N A Command mode Privileged mode Usage guidelines This command shows...

Page 469: ...cription Retransmission off Thread Link State Request Retransmission off Thread Link State Update Retransmission off Thread Poll Timer on The fields in the displayed results of the show ip ospf neighbor command are described as follows Field Description Neighbor ID Neighbor ID Pri Neighbor priority for selection of DR State Neighbor status Dead Time Remaining time for the neighbor to enter the Dea...

Page 470: ...ghbor device that is the BDR field of the Hello packet Options Hello packet E bit option where 0 indicates that the area is a STUB area 2 indicates that the area is not a STUB area Dead timer due in Dead time of the neighbor device Neighbor up time Period from when the device is discovered till now Database Summary List Statistics on the neighbor DD packets Link State Request List Statistics on th...

Page 471: ...cified Count Show the statistics of various OSPF routes Command mode Privileged mode Examples DES 7210 show ip ospf route OSPF process 1 Codes C connected D Discard O OSPF IA OSPF inter area N1 OSPF NSSA external type 1 N2 OSPF NSSA external type 2 E1 OSPF external type 1 E2 OSPF external type 2 E2 100 0 0 0 24 1 20 via 192 88 88 126 FastEthernet 1 0 C 192 88 88 0 24 1 is directly connected FastEt...

Page 472: ...ise Status Aggregated subnets 202 101 0 0 255 255 0 0 advertise Inactive 0 DES 7210 Parameter Description Summary Address IP address to be converged Summary Mask Mask to be converged Advertise Whether to advertise the converged route Status The convergence range takes effect or not Aggregated subnets Number of external routes included in the converged route 32 2 8 show ip ospf virtual link Use thi...

Page 473: ...e in 00 00 05 Adjacency state Full The fields in the displayed results are described as follows Field Description Virtual Link VLINK0 to device Show the virtual link neighbors and their status Virtual Link State Show the virtual link state Transit area Show the transit area of the virtual link via interface Show the associated interface of the virtual link Local address Local interface address Rem...

Page 474: ......

Page 475: ...ast no address family ipv4 unicast Parameter description Parameter Description unicast Optional detailed IPv4 unicast address prefix Default configuration Unicast address prefix Command mode BGP configuration mode Usage guidelines In the BGP address configuration mode the standard IPv4 address can be used for the configuration To exit to the BGP configuration mode run the command exit address fami...

Page 476: ...figuration mode Usage guidelines You can execute this command to configure or exit the exchange of route information between PEs and CEs To exit to the BGP configuration mode run the exit address family command Examples DES 7210 config router bgp 65000 DES 7210 config router address family ipv4 vrf vpn1 Related commands Command Description exit address family Exit the configuration mode 33 1 3 add...

Page 477: ...mmands Command Description exit address family Exit the mode 33 1 4 aggregate address IPv4 Use this command to set the aggregate IPv4 route The no form of the command is used to disable this function aggregate address ip address mask as set summary only no aggregate address ip addres mask as set summary only Parameter description Parameter Description ip address IP address of the aggregate route m...

Page 478: ...ted commands Command Description router bgp Enable the BGP protocol 33 1 5 auto summary Use this command to set BGP route auto summary Use the no form of the command to disable this function auto summary no auto summary Parameter description N A Default configuration By default this function is disabled Command mode BGP configuration mode BGP IPv4 address family configuration mode Usage guidelines...

Page 479: ...or the paths from different ASs this command can be used If there are multiple valid paths to the same destination the one with lower MED value has higher priority Unless you are sure that the different ASs are using the same IGP and routing method this command is not recommended Examples DES 7210 config router bgp 65000 DES 7210 config router bgp always compare med Related commands Command Descri...

Page 480: ...onfiguration mode Usage guidelines The BGP will not take the length of the AS path into account when it selects the optimal path as specified in RFC1771 In general the shorter the length of the AS path the higher the path priority is Hence we take the length of the AS path when we select the optimal path You can determine whether it is necessary to take the length of the AS path into account when ...

Page 481: ...de BGP configuration mode Usage guidelines By default during the selection of the same routing information from the peer of the internal EBGP the AS path of the confederation is not compared This command is used to compare the AS path of the confederation Note that if a route does not contain the AS path of the confederation it is not possible to implement the AS path comparison for that route Exa...

Page 482: ...he paths You can select the path with smaller Device ID as the optimal path by configuring the following commands Examples DES 7210 config router bgp 65000 DES 7210 config router bgp bestpath compare routerid Related commands Command Description show ip bgp Show the BGP route entry bgp router id Set the BGP Device ID Platform description 33 1 10 bgp bestpath med confed Use this command to compare ...

Page 483: ...th of the peer from different ASs while selecting the optimal path bgp bestpath med missing as worst Set the priority of the path without MED attribute as the lowest while selecting the optimal path bgp deterministic med Compare the path of the peer from the same AS while selecting the optimal path Platform description 33 1 11 bgp bestpath med missing as worst Use this command to set the priority ...

Page 484: ...config router bgp 65000 DES 7210 config router bgp bestpath med missing as worst Related commands Command Description show ip bgp Show the BGP route entry bgp bestpath always compare med Compare the MED value of the path of the peer from different ASs while selecting the optimal path bgp bestpath med confed Set the priority of the path without MED attribute as the lowest while selecting the optima...

Page 485: ...isable the route reflection function use the command no bgp client to client reflection Examples DES 7210 config router bgp 65000 DES 7210 config router no bgp client to client reflection Related commands Command Description bgp cluster id Configure the cluster ID of the route reflector neighbor route reflector client Configure the client of the route reflector and configure itself as the route re...

Page 486: ...other route reflectors of this cluster Examples DES 7210 config router bgp 65000 DES 7210 config router bgp cluster id 10 0 0 1 Related commands Command Description bgp client to client reflection Configure the route reflection between clients neighbor route reflector client Configure the client of the route reflector and configure itself as the route reflector Platform description 33 1 14 bgp con...

Page 487: ...BGP Speakers within the sub AS and the EBGP connection is established among the BGP Speakers within the sub AS Despite of the EBGP connections established between the BGP speakers in an AS the next hop MED and local priority information remains unchanged in exchanging the information Examples DES 7210 config router bgp confederation identifier 65000 Related commands Command Description bgp confede...

Page 488: ...he sub AS and the EBGP connection is established among the BGP Speakers within the sub AS Despite of the EBGP connections established between the BGP speakers in an AS the next hop MED and local priority information remains unchanged in exchanging the information This command is used to specify the member AS of a confederation Note This command can configure up to 15 members of a confederation at ...

Page 489: ...ES 7210 config router default ipv4 unicast Related commands Command Description address family ipv4 Enter the IPv4 address mode Platform description 33 1 17 bgp default local preference Use this command to set the default local preference attribute value Use the no form of the command to restore the defaults bgp default local preference value no bgp default local preference Parameter description P...

Page 490: ...ow comparing the MED value of the path of the peer from different ASs bgp bestpath med confed In electing the optimal path allow comparing the MED value of the path of the internal peer from AS community bgp bestpath med missing as worst In electing the optimal path allow setting the priority of the path without MED attribute as the lowest Platform description 33 1 18 bgp deterministic med This co...

Page 491: ...ays compare med Compare the MED value of the path of the peer from different ASs while selecting the optimal path bgp bestpath med confed Set the priority of the path without MED attribute as the lowest while selecting the optimal path bgp bestpath med missing as worst Compare the path of the peer from the same AS while selecting the optimal path Platform description 33 1 19 bgp enforce first as U...

Page 492: ...rface that is used in establishing the connection of the directly connected EBGP peer fails this command is used to establish the BGP session connection quickly You can use the no form of the command to disable this function bgp fast external fallover no bgp fast external fallover Parameter description N A Default configuration Enabled Command mode BGP configuration mode Usage guidelines This comm...

Page 493: ...t configuration Disabled Command mode BGP configuration mode Usage guidelines The debug command can also be used to log the BGP status changes But this command may consume a great deal of resources Examples DES 7210 config router bgp log neighbor changes Related commands Command Description router bgp Enabled the BGP protocol Platform description 33 1 22 bgp router id Use this command to configure...

Page 494: ...gp router id 10 0 0 1 Related commands Command Description show ip bgp dampening dampened paths Show the suppressed routing information bgp dampening Enable the route dampening function and set the dampening parameters Platform description 33 1 23 clear bgp ipv4 unicast Use this command to reset the BGP clear bgp ipv4 unicast address as number soft in out Parameter description Parameter Descriptio...

Page 495: ... measure is to close it and reestablish new BGP connection This product supports implementing new routing strategy without the close of the BGP session connection by the configuration of the soft reset for BGP effectively For the peer that does not support the route refresh function you may run the neighbor soft reconfiguration inbound command to keep a copy of original routing information of ever...

Page 496: ...ged EXEC mode Usage guidelines This command is used to clear the BGP route dampening information and de suppress the suppressed routes This command can be used to restart the BGP route dampening Examples DES 7210 clear ip bgp dampening 192 168 0 0 255 255 0 0 Related commands Command Description show ip bgp dampening dampened paths Show the suppressed routing information bgp dampening Enable the r...

Page 497: ... the distributed routing information Default configuration N A Command mode Privileged EXEC mode Usage guidelines This command is used to reset the specified external BGP connection Examples DES 7210 clear ip bgp external in Related commands Command Description clear ip bgp Reset the BGP session show ip bgp neighbors Show the neighbor information Platform description 33 1 26 clear bgp ipv4 unicast...

Page 498: ...ute dampening function and set the dampening parameters show ip bgp Show the BGP route entry Platform description 33 1 27 clear bgp ipv4 unicast peer group Use this command to reset the session with all members in the peer group clear bgp ipv4 unicast peer group peer group name soft in out Parameter description Parameter Description peer group name Name of the peer group in Without soft reset the ...

Page 499: ... show ip bgp Show the BGP route entry Platform description 33 1 28 clear ip bgp Use this command to reset the BGP session clear ip bgp ipv4 unicastaddress as number soft in out Parameter description Parameter Description Reset all the current BGP sessions ipv4 Reset the peer of the specified IPv4 address family address Reset the BGP session with the specified peer as number Reset the sessions with...

Page 500: ...oduct supports implementing new routing strategy without the close of the BGP session connection by the configuration of the soft reset for BGP effectively For the peer that does not support the route refresh function you may run the neighbor soft reconfiguration inbound command to keep a copy of original routing information of every specified BGP peer on the local BGP speaker This will consume so...

Page 501: ...mpening information and de suppress the suppressed routes This command can be used to restart the BGP route dampening Examples DES 7210 clear ip bgp dampening 192 168 0 0 255 255 0 0 Related commands Command Description show ip bgp dampening dampened paths Show the suppressed routing information bgp dampening Enable the route dampening function and set the dampening parameters 33 1 30 clear ip bgp...

Page 502: ...mmand mode Privileged EXEC mode Usage guidelines This command is used to reset the specified external BGP connection Examples DES 7210 clear ip bgp external in Related commands Command Description clear ip bgp Reset the BGP session show ip bgp neighbors Show the neighbor information 33 1 31 clear ip bgp flap statistics Use this command to clear the unsuppressed routes clear ip bgp flap statistics ...

Page 503: ... 33 1 32 clear ip bgp peer group Use this command to reset the session with all members in the peer group clear ip bgp peer group peer group name ipv4 unicast soft in out Parameter description Parameter Description peer group name Name of the peer group ipv4 unicast ipv4 unicast session in Without soft reset the session through which the peer establishes active connection out Without soft reset th...

Page 504: ... ip bgp vrf vrf name address soft in out Parameter description Parameter Description vrf name VRF name Reset all the current BGP sessions ipv4 unicast Reset the BGP session of the peer of the IPv4 unicast address family address Reset the BGP session with the specified peer in Without soft reset the direct session with the specific peer out Without soft reset the direct session with the BGP speaker...

Page 505: ... redistribute the default route in the process of route redistribution The no form of this command is used to disable the redistribution of the default route no default information originate Parameter description N A Default configuration Disabled Command mode BGP configuration mode Usage guidelines This command redistributes the default route which takes effect only when the routes to be redistri...

Page 506: ...d restore it to the default value default metric number no default metric Parameter description Parameter Description number Metric number in the range of 1 to 4294967295 Default configuration No metric is set by default Command mode BGP configuration mode and various address family configuration modes Usage guidelines This command sets the metric of the routes to be redistributed for integrity No...

Page 507: ...al distance Route management distance learned from the IBGP peers in the range 1 to 255 local distance The management distance of route learned from the peers However the optimal one can be learned from the IGP In general these routes are indicated by the Network Backdoor command Range 1 to 255 Default configuration The parameter defaults are as follows external distance 20 internal distance 200 l...

Page 508: ...form description 33 1 37 exit address family Use this command to exit the BGP address family configuration mode exit address family Parameter description N A Default configuration N A Command mode BGP address family configuration mode Usage guidelines This command can be used to exit from various address family modes of the BGP to the BGP configuration mode Examples DES 7210 config router af exit ...

Page 509: ...trol list based on the regular expression in the range of 1 to 500 permit Permit the accesses deny Deny the accesses regular expression Regular expression Range 1 to 255 characters Default configuration N A Command mode Global configuration mode Usage guidelines For the regular expression see BGP Configuration in the configuration guide Examples DES 7210 config router ip as path access list 1 deny...

Page 510: ...lt number in the IPv4 unicast address family is 4294967295 Command mode BGP configuration mode BGP IPv4 address family configuration mode BGP IPv4 VRF configuration mode BGP VPNv4 configuration mode Usage guidelines In a BGP address family the routing prefix may be introduced through the redistribute or the neighbor learning Once the routing prefix in the BGP address family reaches the maximum num...

Page 511: ... the no form of the command to restore it tothe default setting neighbor peer address peer group name activate no neighbor peer address peer group name activate Parameter description Parameter Description peer address IP address of the peer IPv4 address or IPv6 address peer group name Name of the peer group of up to 32 characters Default configuration Enabled in address family IPv4 configuration m...

Page 512: ...and to restore it to the default setting neighbor peer address peer group name advertisement interval seconds no neighbor peer address peer group name advertisement interval Parameter description Parameter Description peer address IP address of the peer peer group name Name of the peer group of up to 32 characters seconds Time interval to send the route update message in the range of 1 to 600 seco...

Page 513: ...roup of up to 32 characters number Number of the AS number duplication in the range of 1 to 10 3 by default Default configuration Disabled Command mode BGP configuration mode address family IPv4 configuration mode address family IPv4 VRF configuration mode Usage guidelines A typical application is spoke hub mode Execute this command on the PE to enable it to receive and then send the advertised ad...

Page 514: ... name Name of the peer group of up to 32 characters Default configuration Disabled Command mode BGP configuration mode address family IPv4 configuration mode address family IPv4 VRF configuration mode Usage guidelines In general the BGP will not receive the messages of the same AS number as its AS This command can override the AS number so that the BGP can receive the messages of the same AS numbe...

Page 515: ...r group name default originate route map map tag no neighbor peer address peer group name default originate route map map tag Parameter description Parameter Description peer address IP address of the peer peer group name Name of the peer group of up to 32 characters map tag Name of the route map of up to 32 characters Default configuration Disabled Command mode BGP configuration mode Usage guidel...

Page 516: ...e setting neighbor peer address peer group name description text no neighbor peer address peer group name description Parameter description Parameter Description peer address IP address of the peer peer group name Name of the peer group of up to 32 characters text Text for describing the peer group of up to 80 characters Default configuration Disabled Command mode BGP configuration mode Usage guid...

Page 517: ...ress IP address of the peer peer group name Name of the peer group of up to 32 characters access list number ACL number in Specify the ACL for filtering the incoming routes out Specify the ACL for filtering the outgoing routes Default configuration Disabled Command mode BGP configuration mode address family IPv4 configuration mode address family IPv6 configuration mode address family IPv4 VRF conf...

Page 518: ... established between the EBGP peers that are not directly connected The no form of the command removes the setting neighbor peer address peer group name ebgp multihop ttl no neighbor peer address peer group name ebgp multihop Parameter description Parameter Description peer address IP address of the peer peer group name Name of the peer group of up to 32 characters ttl Maximum hops in the range 1 ...

Page 519: ... Enable the BGP protocol neighbor remote as Configure the BGP peer Platform description 33 1 48 neighbor filter list When this command is set to specify the BGP peer to receive transmit routing information the same route filtering is used The no form of the command cancels the filtering neighbor peer address peer group name filter list access list number in out no neighbor peer address peer group ...

Page 520: ...nfig router bgp 65000 DES 7210 config router neighbor 10 0 0 1 remote as 65100 DES 7210 config router neighbor 10 0 0 1 filter list 1 out Related commands Command Description router bgp Enable the BGP protocol neighbor remote as Configure the BGP peer ip as path access list Create an AS_PATH list match as path Match the AS_PATH list Platform description 33 1 49 neighbor maximum prefix Use this com...

Page 521: ...ot hope to tear down the connection set the warning only to control that If the BGP peer group is specified all members of the peer group inherit the settings of this command If this command is set for a member of the peer the setting will overwrite the setting for the group Examples DES 7210 config router bgp 65000 DES 7210 config router neighbor 10 0 0 1 maximum prefix 1000 Related commands Comm...

Page 522: ... Frame Relay and X 25 where the BGP speakers within the same subnet cannot completely be accessed mutually If you have specified the BGP peer group all members of the peer group will inherit the settings of the command Examples DES 7210 config router bgp 65000 DES 7210 config router neighbor 10 0 0 1 next hop self Related commands Command Description router bgp Enable the BGP protocol neighbor rem...

Page 523: ...and will enable the MD5 authentication of the TCP The BGP peers must have the same password configured otherwise the neighbor relationship cannot be established When this command is set the local BGP speaker will re establish the BGP connection with the BGP peer If the BGP peer group is specified all members of the peer group inherit the settings of this command If this command is set for a member...

Page 524: ...allowed to configure an individual member of the peer group to take the place of the universal configuration for the peer group but such separate configuration does not contain the configuration information that may affect the output update In other words every member in the peer group will always inherit the following configurations of the peer group remote as update source local as reconnect int...

Page 525: ...eighbor peer group name peer group no neighbor peer group name peer group Parameter description Parameter Description peer group name Name of the peer group of up to 32 characters Default configuration No BGP peer group is created Command mode BGP configuration mode Usage guidelines If multiple BGP peers use the same update policy those peers can be configured in the same peer group so as to simpl...

Page 526: ... or IPv6 address peer group name Name of the peer group of up to 32 characters prefix lis name Name of the prefix list of up to 32 characters in Apply the prefix list to the received routes out Apply the prefix list to the redistributed routes Default configuration Disabled Command mode BGP configuration mode address family IPv4 configuration mode address family IPv6 configuration mode address fam...

Page 527: ... of the command deletes the configured peer group neighbor peer address peer group name remote as as number no neighbor peer address peer group name remote as as number Parameter description Parameter Description peer address IP address of the peer IPv4 or IPv6 address peer group name Name of the peer group of up to 32 characters as number BGP peer group autonomous system number in the range of 1 ...

Page 528: ...as no neighbor peer address peer group name remove private as Parameter description Parameter Description peer address IP address of the peer IPv4 or IPv6 address peer group name Name of the peer group of up to 32 characters Default configuration Disabled Command mode BGP configuration mode address family IPv4 configuration mode address family IPv6 configuration mode address family IPv4 VRF config...

Page 529: ...r group name Name of the peer group of up to 32 characters map tag Name of the match rule in Apply the rule to the incoming routes out Apply the rule to the outgoing routes Default configuration N A Command mode BGP configuration mode address family IPv4 configuration mode address family IPv6 configuration mode address family IPv4 VRF configuration mode and address family IPv4 VPNv4 cofiguration m...

Page 530: ...n Parameter Description ip address IP address of the peer peer group name Name of the peer group of no more than 32 characters Default configuration Disabled Command mode BGP configuration mode Usage guidelines By default all IBGP speakers in the autonomous system must establish neighbor relationship one another The BGP speaker does not forward the routes learned from an IBGP peer to the other IBG...

Page 531: ... this function neighbor peer address peer group name send community both standard extended no neighbor peer address peer group name send community both standard extended Parameter description Parameter Description peer addres IP address of the peer IPv4 or IPv6 address peer group name Name of the peer group of up to 32 characters both Transmit both standard and extended communities standard Transm...

Page 532: ...established with the specified BGP peer The no form of the command reconnects the BGP peer group neighbor peer address peer group name shutdown no neighbor peer address peer group name shutdown Parameter description Parameter Description peer address IP address of the peer IPv4 or IPv6 address peer group name Name of the peer group of up to 32 characters Default configuration Disabled Command mode...

Page 533: ...d Description router bgp Enable the BGP protocol neighbor remote as Configure the BGP peer show ip bgp summary Show the BGP connection status Platform description 33 1 61 neighbor soft reconfiguration inbound Use this command to sotre the routing information sent from the BGP peer Use the no form of the command to disable them neighbor peer address peer group name soft reconfiguration inbound no n...

Page 534: ...he setting for the group Examples DES 7210 config router bgp 65000 DES 7210 config router neighbor 10 0 0 1 soft reconfiguration inbound Related commands Command Description router bgp Enable the BGP protocol neighbor remote as Configure the BGP peer show ip bgp neighbors Show the information of the BGP peer clear ip bgp Reset the BGP peer session Platform description 33 1 62 neighbor soo Use this...

Page 535: ...S 7210 config router address family ipv4 vrf vpn1 DES 7210 config router neighbor 10 0 0 1 soo 100 100 Related commands Command Description router bgp Enable the BGP protocol timers bgp Configure the keepalive and holetime values globally Platform description 33 1 63 neighbor timers In specifying the BGP peer to establish the BGP connection use this command to set the keepalive and holdtime time v...

Page 536: ...e greater than one third of the holdtime value If the time is configured for an individual peer or a peer group that peer or peer group will use its time to replace the global time configuration and connect the peer If the BGP peer group is specified all members of the peer group inherit the settings of this command If this command is set for a member of the peer the setting will overwrite the set...

Page 537: ... up to 32 characters map tag Name of the route map of up to 32 characters Default configuration Disabled Command mode BGP configuration mode Usage guidelines This command advertises the specified routes that has been suppressed If the BGP peer group is specified all members of the peer group inherit the settings of this command If this command is set for a member of the peer the setting will overw...

Page 538: ...ame Name of the peer group of up to 32 characters interface type Interface type interface index Interface index Default configuration Use the optimal local interface as the output interface Command mode BGP configuration mode address family IPv4 configuration mode address family IPv6 configuration mode address family IPv4 VRF configuration mode Usage guidelines This command enables using the loopb...

Page 539: ...no neighbor ip address peer group name version number Parameter description Parameter Description peer address IP address of the peer peer group name Name of the peer group of up to 32 characters number Version Number Now only version 4 is supported Default configuration The default version number is 4 Command mode BGP configuration mode Usage guidelines When the command is used the BGP will lose ...

Page 540: ...range of 0 to 65535 Default configuration No weight is configured for the specific neighbor by default In this case the learned neighbor weight is 0 and the locally generated weight is 32768 initially Command mode BGP configuration mode Usage guidelines When the command is used the routes from the neighbor use this value as the initial weight value The higher the weight the higher the priority is ...

Page 541: ...map of up to 32 characters backdoor The route is a backdoor route Default configuration The network information is not specified Command mode BGP configuration mode Usage guidelines This command allows injecting the IGP route into the BGP routing table The network information advertised can be direct route static route and dynamic route The route map can be used to modify the network information E...

Page 542: ... command is used to modify the behavior of the network during the process of advertisement It is not recommended to turn off this switch lest route black hole is caused Examples DES 7210 config router bgp 65000 DES 7210 config router network synchronization Related commands Command Description router bgp Enable the BGP protocol redistribute Configure the route redistribution network BGP Configure ...

Page 543: ...appening and reduce the propability BGP generates a default route directing to the NULL interface and the default route will always exist in the OVERFLOW state Use the clear bgp addressfamily all command to reset the BGP and clear the OVERFLOW state in the BGP address family Use the no option to disallow the BGP to enter the OVERFLOW state when the memory lacks which is possible to lead to the con...

Page 544: ...mily IPv4 configuration mode address family IPv6 configuration mode address family IPv4 VRF configuration mode Usage guidelines When a switch supports multiple routing protocols the coordination between these protocols becomes an important task The switch may run multiple routing protocols at the same time so it should redistribute the protocols This is applicable to all IP routing protocols Note ...

Page 545: ...ption process id OSPF process ID to be redistributed route map map tag Specify the route map No route map is associated with by default metric metric value Set the default metric of the routes to be redistributed null by default match Match the sub type of OSPF routes internal Match the internal OSPF routes the default configuration external 1 2 Match the external OSPF rotues You can specify the c...

Page 546: ...xamples DES 7210 config router redistribute ospf 2 route map static rmap DES 7210 config router no redistribute ospf 4 match external rotue map ospf rmap DES 7210 config router no redistribute ospf 78 Related commands Command Description show ip protocol Show the protocol configuration Platform description 33 1 73 redistribute ISIS Use this is to redistribute routes between the ISIS and the BGP Th...

Page 547: ...mand with parameters the corresponding parameter configuration will be removed The no form removes redistribution without any parameters configured The route metric generated by the route map command takes precedence over the one generated by the metric option of this command If both are not available the redistributed one is used Examples DES 7210 config router redistribute isis route map static ...

Page 548: ...gp 65000 Related commands Command Description ip routing Enable IP routing bgp router id Set the ID of the device running the BGP protocol network Set the network information to be advertised by the local BGP speaker Platform description 33 1 75 synchronization Use this command to enable the synchronization mechanism of the BGP and IGP routing information The no form of the command disables the sy...

Page 549: ...ionship is established among all BGP Speakers The adjacent relationship is established between any two BGP Speakers Examples DES 7210 config router bgp 65000 DES 7210 config router synchronization Related commands Command Description router bgp Enable the BGP protocol Platform description 33 1 76 timers bgp Use this command to adjust the BGP network timer The no form of the command restores the de...

Page 550: ... peer the setting will overwrite the setting for the group Examples DES 7210 config router bgp 65000 DES 7210 config router timers bgp 80 240 Related commands Command Description neighbor timers Set the keepalive and holdtime values on the basis of neighbors Platform description 33 2 Showing Related Command 33 2 1 show ip bgp Use this command to show the route information of BGP show ip bgp networ...

Page 551: ...work Next Hop Metric LocPrf Path 211 21 21 0 24 110 110 110 10 0 1000 200 300 211 21 23 0 24 110 110 110 10 0 1000 200 300 211 21 25 0 24 110 110 110 10 0 1000 300 211 21 26 0 24 110 110 110 10 0 1000 300 211 21 27 0 24 110 110 110 10 0 1000 200 33 2 2 show ip bgp cidr only Use this command to show unclassified routes show ip bgp cidr only Parameter description N A Default configuration N A Comman...

Page 552: ...te numeral or any of the following predefined values internet no export local as no advertise exact match Show the routing information that fully matches the community Default configuration N A Command mode Privileged EXEC mode Usage guidelines This command is used to show the routing information with specified community value Examples DES 7210 show ip bgp community local as 111 12345 Status codes...

Page 553: ... This command is used to view the information of the community list Examples DES 7210 show ip bgp community list my_comm Status codes s suppressed d damped h history valid best i internal Origin codes i IGP e EGP incomplete Status Network Next Hop Metric LocPrf Path 211 21 21 0 24 110 110 110 10 0 1000 200 300 211 21 23 0 24 110 110 110 10 0 1000 200 300 211 21 25 0 24 110 110 110 10 0 1000 300 21...

Page 554: ... 110 110 10 00 21 41 1000 i d 202 117 121 0 24 110 110 110 10 00 21 43 1000 d 202 117 122 0 23 110 110 110 10 00 21 43 1000 d 202 117 122 0 23 110 110 110 10 00 21 43 1000 d 202 117 122 0 23 110 110 110 10 00 21 43 1000 d 202 117 122 0 23 110 110 110 10 00 21 43 1000 d 202 117 122 0 23 110 110 110 10 00 21 43 1000 d 202 117 122 0 23 110 110 110 10 00 21 43 1000 d 202 117 122 0 23 110 110 110 10 00...

Page 555: ...34 2 0 23 110 110 110 10 2 00 19 17 1000 h 201 234 2 0 23 110 110 110 10 2 00 19 17 1000 h 201 234 2 0 23 110 110 110 10 2 00 19 17 1000 h 201 234 2 0 23 110 110 110 10 2 00 19 17 1000 Related commands Platform description 33 2 7 show ip bgp dampening parameters Use this command to show the route dampening parameters configured for the BGP show ip bgp dampening parameters Parameter description N A...

Page 556: ...t number Filtering list identifier Default configuration N A Command mode Privileged EXEC mode Usage guidelines This command is used to show the routing information that matches the filtering list Examples DES 7210 config ip as path access list 5 permit DES 7210 show ip bgp filter list 5 BGP table version is 1 local device ID is 192 168 88 200 Status codes s suppressed d damped h history valid bes...

Page 557: ...neighbors neighbor address received routes routes advertised routes Parameter description Parameter Description neighbor address IP address of the neighbor received routes Show all routing information received from the peer including the received routes and rejected routes routes Show all routes that come from the peer and are accepted advertised routes Show all sent route information Command mode...

Page 558: ...10 Sent messages 116 Received notifications 0 Sent notifications 0 Route refresh received 0 Route refresh sent 0 DES 7210 show ip bgp neighbors 15 15 15 5 routes Status codes s suppressed d damped h history valid best i internal Origin codes i IGP e EGP incomplete Status Network Next Hop Metric LocPrf Path i 58 1 1 0 24 58 58 58 8 58 100 800 i 58 1 2 0 24 58 58 58 8 58 100 800 i 58 1 3 0 24 58 58 ...

Page 559: ... EXEC mode Usage guidelines This command is used to view the path information in the route database Examples DES 7210 show ip bgp paths Related commands Platform description 33 2 12 show ip bgp quote regexp Use this command to show the BGP routing information that the AS path attribute matches the regular expression in the specified double quotation marks show ip bgp quote regexp regexp Parameter ...

Page 560: ...codes s suppressed d damped h history valid best i internal Origin codes i IGP e EGP incomplete Network Next Hop Metric LocPrf Path 211 21 21 0 24 110 110 110 10 0 1000 200 300 211 21 23 0 24 110 110 110 10 0 1000 200 300 211 21 25 0 24 110 110 110 10 0 1000 300 211 21 26 0 24 110 110 110 10 0 1000 300 Related commands Platform description 33 2 13 show ip bgp regexp Use this command to show the BG...

Page 561: ... 21 23 0 24 110 110 110 10 0 1000 200 300 211 21 25 0 24 110 110 110 10 0 1000 300 211 21 26 0 24 110 110 110 10 0 1000 300 33 2 14 show ip bgp summary Use this command to show the related information of BGP show ip bgp summary Parameter description N A Command mode Privileged EXEC mode Usage guidelines This command is used to show the related information of BGP Examples DES 7210 show ip bgp summa...

Page 562: ...rmation label Show the label information of routes vrf_name VRF name rd_value RD value for example 100 1 or 202 118 239 165 1 Summary Show the route summary information Command mode Privileged EXEC mode Usage guidelines This command is used to show the VPN information of all VRFs or RDs Examples DES 7210 show ip bgp vpnv4 all Network Nexthop Metric Localprf Weight Path Route Distinguisher 100 2 i ...

Page 563: ...he related information of the community list show ip community list community list number community list name Parameter description Parameter Description community list number Number of the community list community list name Name of the community list Default configuration N A Command mode Privileged EXEC mode Usage guidelines This command is used to view the related information of the community l...

Page 564: ...list num Parameter description Parameter Description num AS path ACL number Default configuration N A Command mode Privileged EXEC mode Usage guidelines This command is used to view the as path access list information Example s DES 7210 show ip as path access list AS path access list 30 permit 30s ...

Page 565: ...r no distribute list access list number name prefix prefix list name gateway prefix list name in interface type interface number Parameter description Parameter Description access list number ACL number Only the routes permitted in the access list can be received prefix prefix list name Use the prefix list to filter routes gateway prefix list name Use the prefix list to filter the sources of the r...

Page 566: ... Related commands Command Description access list Set the access list prefix list Set the prefix list 34 1 2 distribute list out Use distribute list out to control the route update for the purpose of route filtering Use the no form of this command to remove the setting distribute list access list number name prefix prefix list name out interface protocol process id no distribute list access list n...

Page 567: ...2 0 24 in RIP router rip network 200 4 4 0 network 192 168 12 0 distribute list 10 out version 2 access list 10 permit 192 168 12 0 Related commands Command Description access list Define the access list prefix list Define the prefix list redistribute Redistribute routes 34 1 3 ip community list Use this command to define a community list and control access to it Use the no form of this command to...

Page 568: ...th will not be advertised to any EBGP peers no advertise Indicates that this path will not be advertised to any BGP peers local as Indicates that this path will not be advertised to out of the AS When AS confederation is configured this path will not be advertised to other ASs or sub ASs Default configuration None Command mode Global configuration mode Usage guidelines This command is used to defi...

Page 569: ...his command is to generate the default route The default network must be reachable in the routing table but not the directly connected network The default network always starts with an asterisk indicating that it is the candidate of the default route If there is connected route and the route without the next hop in the default network the default route must be a static route Examples The following...

Page 570: ... in the range of 1 to 2147483647 When you execute this command to add an entry without a sequence number the system allocates a default sequence number for the entry The default sequence number of the first entry is 5 Every subsequential entry withtout a sequence number uses the time of 5 larger than the previous sequence number as the default sequence number deny Deny the route matching the prefi...

Page 571: ...llowing example filters the RIP routes the OSPF redistributes by the destination IP address following the rule defined in the associated IP prefix list for example redistribute the routes whose destination IP address is in the range 201 1 1 0 24 DES 7210 configure terminal DES 7210 config ip prefix list pre1 permit 201 1 1 0 24 DES 7210 config router ospf DES 7210 config router distribute list pre...

Page 572: ...e sort funciton for a prefix list Use the no form of this command to disable the sort function ip prefix list sequence number no ip prefix list sequence number Parameter description None Default configuration No sequence number is added for a prefix list by default Command mode Global configuration mode Examples The example below adds a sequence number for the prefix list DES 7210 configure termin...

Page 573: ...ription Parameter Description vrf name Name of the VRF network Network address of the destination net mask Mask of the destination ip address The next hop IP address of the static route interface Optional The next hop egress of the static route distance Optional The management distance of the static route tag Optional The tag of the static route permanent Optional Permanent rotue ID number Optiona...

Page 574: ...eyond this weight limit the excessive ones will not take effect Enablement disablement shows the state of the static route Disablement means the static route is not used for forwarding The forwarding table used the permanent route until administrator deletes it When you configure the static route on an Ethernet interface do not set the next hop as an interface for example ip route 0 0 0 0 0 0 0 0 ...

Page 575: ... is not necessary when the switch serves as bridge or VoIP gateway Examples The following example disables IP routing no ip routing Related commands Platform description This command is not supported on Layer 2 devices 34 1 10 ip static route limit Use this command to set the upeer threshold of the static route Use the no form of this command to restore the setting to the default value ip static r...

Page 576: ...c route limit 900 Related commands Platform description This command is not supported on Layer 2 devices Version description 34 1 11 ipv6 prefix list Use this command to create an IPv6 prefix list or add an entry in the prefix list Use the no form of this command to delete an IPv6 prefix list or an entry in the prefix list Ipv6 prefix list prefix lis name seq seq number deny permit ipv6 prefix ge ...

Page 577: ...The mask can be 0 to 32 characters minimum prefix length Optional Minimum length of the prefix the starting length Note ge indicates the operation of larger than and equivalent to maximum prefix length Optional Maximum length of the prefix the ending length Note le indicates the operation of less than and equivalent to Default configuration No prefix list is created Command mode Global configurati...

Page 578: ...terminal DES 7210 config ipv6 prefix list pre1 permit 2222 64 DES 7210 config ipv6 router ospf DES 7210 config router distribute list prefix pre out rip DES 7210 config router end 34 1 12 ipv6 prefix list description Use this command to add the description of an IPv6 prefix list Use the no form of this command to delete the description ipv6 prefix list prefix lis name description description text ...

Page 579: ...e this command to add a sequence number for an IPv6 prefix list Use the no form of this command to remove the settings ipv6 prefix list sequence number no ipv6 prefix list sequence number Parameter description None Default configuration No sequence number is added for a prefix list by default Command mode Global configuration mode Examples The example below adds a sequence number for the prefix li...

Page 580: ...s list name Name of the access list Default configuration None Command mode Route map configuration mode Usage guidelines The match as path can be followed by an access list number or name One or more match or set commands can be executed to configure one route map If the match command is not used all the routes will be matched If the set command is not used no operation will be performed Examples...

Page 581: ...of the standard community list in the range 1 to 99 extended list number Number of the extended community list in the range of 100 to 199 communitys list name Name of the community list in the range of less than 80 characters exact match Match the community list exactly Default configuration None Command mode Route map configuration mode Usage guidelines The match community can be followed by more...

Page 582: ... Parameter description Parameter Description interface type Interface type interface number Interface number Default configuration None Command mode Route map configuration mode Usage guidelines This command can be followed by multiple interfaces You can redistribute the routes from one routing process to another routing process For example you can redistribute the route in the OSPF routing domain...

Page 583: ...mmand Description match ip address Match the address in the access list match ip next hop Match the next hop IP address in the access list match ip route source Match the source IP address in the access list match metric Match the metric match route type Match the route type match tag Match the tag set metric Set the metric set metric type Set the metric type set tag Set the tag 34 1 17 match ip a...

Page 584: ...are usually used to control the mutual route redistribution between two routing domains One or more match or set commands can be executed to configure a route map If the match command is not used all the routes will be matched If the set command is not used no operation will be performed Examples The route map can be configured very flexibly for route redistribution and policy based routing No mat...

Page 585: ...he tag 34 1 18 match ip next hop Use match ip next hop command to redistribute the routes whose next hop IP address matches the access list or the prefix list Use the no form of this command to remove the setting match ip next hop access list number access list number access list name access list name access list number access list name prefix list prefix list name prefix list name no match ip nex...

Page 586: ...ted to configure a route map If the match command is not used all the routes will be matched If the set command is not used no operation will be performed Examples In the example below the OSPF routing protocol redistributes the RIP routes As long as the next hop address of the RIP route matches the access list 10 or 20 the OSPF allows for redistribution router ospf redistribute rip subnets route ...

Page 587: ...er description Parameter Description access list number Number of the access list access list name Name of the access list prefix list prefix list name Specify the prefix list to match Default configuration None Command mode Route map configuration mode Usage guidelines Multiple access list numbers may follow match ip route source You can redistribute the routes from one routing process to another...

Page 588: ...h the IP address in the access list match interface Match the next hop interface of the route match ip next hop Match the next hop IP address in the access list match metric Match the metric match route type Match the route type match tag Match the tag set metric Set the metric set metric type Set the metric type set tag Set the tag 34 1 20 match ipv6 address Use this command to redistribute the n...

Page 589: ...et commands can be executed If the match command is not used all the routes will be matched If the set command is not used no operation will be performed Examples The route map can be configured very flexibly to be used for route redistribution and policy based routing No matter how the route map is used the configuration principle is the same except that different command sets are used Even if it...

Page 590: ...tag Match the route tag set metric Set the metric for route redistribution set metric type Set the type for route redistribution set tag Set the tag for route redistribution 34 1 21 match ipv6 next hop Use this command to redistribute the network routes whose next hop IP address matches the IPv6 access list or the IPv6 prefix list Use the no form of this command to delete the setting match ipv6 ne...

Page 591: ...If the set command is not used no operation will be performed Examples The route map can be configured very flexibly to be used for route redistribution and policy based routing No matter how the route map is used the configuration principle is the same except that different command sets are used Even if it is used on the route redistribution different routing protocols can use different commands ...

Page 592: ...type for route redistribution set tag Set the tag for route redistribution 34 1 22 match ipv6 route source Use this command to redistribute the network routes whose next hop IP address matches the IPv6 access list or the IPv6 prefix list Use the no form of this command to delete the setting match ipv6 route source access list name prefix list prefix list name no match ipv6 route source Parameter d...

Page 593: ...route map can be configured very flexibly to be used for route redistribution and policy based routing No matter how the route map is used the configuration principle is the same except that different command sets are used Even if it is used on the route redistribution different routing protocols can use different commands with the route map The following example enables the OSPF routing protocol ...

Page 594: ...g Set the tag for route redistribution 34 1 23 match length Use this command to implement the policy based routing based on the IP packet length in the route map configuration mode The no form of Use this command to remove the setting match length min length max length no match length min length max length Parameter description Parameter Description min length Minimum length of the IP packet max l...

Page 595: ...not match any policy in the route map will be forwarded to the usual route The packets that match a policy in the route map will be processed according to the operation defined in the policy To route interactive traffic and mass traffic respectively use the packet size based policy based routing Examples In the example below the policy based routing is enabled on serial 1 0 to send the traffic wit...

Page 596: ...r example you can redistribute the route in the OSPF routing domain and then advertise it to the RIP routing domain and vice versa The mutual route redistribution can be implemented between all the IP routing protocols In the route redistribution route maps are usually used to control the mutual route redistribution between two routing domains In configuring one route map one or more match or set ...

Page 597: ...set metric type Set the metric type set tag Set the tag 34 1 25 match origin Use this command to redistribute the routes whose source IP address is permitted by the ACL in the route map configuration mode Use the no form of this command to remove the setting match origin egp igp incomplete no match origin egp igp incomplete Parameter description Parameter Description egp Redistribute the routes fr...

Page 598: ...he source set as path prepend Set the AS_PATH attribute set metric Set the metric set origin Set the source 34 1 26 match route type Use this command to redistribute the network routes of the specified type Use the no form of this command to delete the setting match route type local internal external type 1 type 2 level 1 level 2 no match route type local internal external type 1 type 2 level 1 le...

Page 599: ... IP routing protocols In the route redistribution route maps are usually used to control the mutual route redistribution between two routing domains In configuring one route map one or more match or set commands can be executed If the match command is not used all the routes will be matched If the set command is not used no operation will be performed Examples In the example below the RIP routing ...

Page 600: ...h tag Match the tag set metric Set the metric set metric type Set the access list set tag Match the IP address 34 1 27 match tag Use this command to redistribute the network routes with the specified tag Use the no form of this command to delete the setting match tag tag tag no match tag tag tag Parameter description Parameter Description tag Route tag Default configuration None Command mode Route...

Page 601: ...ap one or more match or set commands can be executed If the match command is not used all the routes will be matched If the set command is not used no operation will be performed Examples In the example below the RIP routing protocol redistributes only the routes with tag 50 and 80 in the OSPF routing domain router rip redistribute ospf 100 route map redrip network 192 168 12 0 route map redrip pe...

Page 602: ...mber of routes for load balancing is no more than the specified number of equivalent routes You can view the number of equivalent routes with the show running config command Examples The following example sets the number of equivalent routes to 10 and then restore it to the default value maximum paths 10 no maximum paths 10 34 1 29 route map Use route map to enter the route map configuration mode ...

Page 603: ...cuted finally deny Optional If the deny keyword is defined and the rule defined by match is met no operation will be performed Neither route redistribution nor policy based routing is supported in the route map The system exits the route map operation If the deny keyword is defined but the rule defined by match is not met the system performs the routing policy of the second route map till the set ...

Page 604: ...ll be created and the existing route map policy will be accessed for configuration If more than one route map policy is available the sequence number of each policy shall be specified otherwise an error message will be displayed 2 policy based routing Policy based routing refers to a routing mechanism based on user defined policies Compared with traditional destination IP address based routing pol...

Page 605: ...ttribute for the aggregator of the routes that match the rule in the route map configuration mode Excute the no form of this command to remove the setting This command is only used to configure policy based routing set aggregator as as number ip addr no set aggregator as as number ip addr Parameter description Parameter Description as number AS number of the aggregator ip_address IP address of the...

Page 606: ...ITY attribute set metric Set the metric set metric type Set the type 34 1 31 set as path prepend Use this command to specify the AS_PATH attribute for the routes that match the rule in the route map configuration mode Excute the no form of this command to remove the setting This command is only used to configure policy based routing set as path prepend as number no set as path prepend as number Pa...

Page 607: ...ty Set the COMMUNITY attribute set metric Set the metric set metric type Set the type 34 1 32 set comm list delete Use this command to delete the COMMUNITY_LIST attribute for the routes that match the rule in the route map configuration mode Use the no form of this command to remove the setting This command is only used to configure policy based routing set comm list community list number communit...

Page 608: ... deny 100 50 ip community list 120 permit 100 route map ROUTEMAPIN permit 10 set comm list 500 delete route map ROUTEMAPOUT permit 10 set comm list 120 delete Related commands Command Description match as path Match the AS_PATH attribute value match metric Match the metric match origin Match the source set as path prepend Set the AS_PATH attribute set local preference Set the local priority of the...

Page 609: ...nity attributes like internet local AS no export and no advertise additive Increase on the original COMMUNITY attribute none Set the community attribute as blank Default configuration None Command mode Route map configuration mode Usage guideline Use this command to set the community attribute for the matched route Examples route map SET_COMMUNITY 10 permit match as path 1 set community 109 10 rou...

Page 610: ...cy based routing set dampening half life reuse suppress max suppress time no set dampening Parameter description Parameter Description half life Half dampening life for the reachable or unreachable route in the range of 1 to 45 minutes 15 minutes by default reuse When the route penalty is lower than this value the route suppression is released It is in the range 1 to 20000 750 by default suppress ...

Page 611: ...ath prepend Set the AS_PATH attribute set metric Set the metric set local preference Set the local priority of the route to be redistributed 34 1 35 set default interface Use this command to specify the default interface for forwarding the packets whose route matches the rule but without an egress in the route map configuration mode Use the no form of this command to remove the setting set default...

Page 612: ...uting is applied to an interface the packets received by the interface will be checked The packets that do not match any policy in the route map will be forwarded to the usual route The packets that match a policy in the route map will be processed according to the operation defined in the policy If the first defined interface becomes down the interface set by the second set command will be attemp...

Page 613: ...mmand to remove the setting This command is only used to configure policy based routing set extcommunity rt extend community value soo extend community value no set extcommunity rt soo Parameter description Parameter Description rt Specify the extended community value in the form of RT soo Specify the extended community value in the form of SOO extend community value Extended community value Defau...

Page 614: ...o form of this command to remove the setting set interface interface type interface number interface type interface number no set interface interface type interface number interface type interface number Parameter description Parameter Description interface type Interface type interface number Interface ID Default None Command mode Route map configuration mode Usage guideline Multiple interfaces m...

Page 615: ...ommand will be attempted A route map policy may contain multiple set operations If the interface is set as null 0 the packets will be discarded Examples In the example below the policy based routing is enabled on serial 1 0 to send the traffic whose packet size is less than 500 bytes through fastethernet 0 0 interface interface serial 1 0 ip policy route map smallpak route map smallpak permit 10 m...

Page 616: ...tch the rule in the route map configuration mode Use the no form of this command to remove the setting set ip default next hop ip address weight ip address weight no set ip default next hop ip address weight ip address weight Parameter description Parameter Description ip address IP address of the next hop weight Weight of the next hop Default configuration None Command mode Route map configuratio...

Page 617: ...ftware fails to find the forwarding route the packet will be forwarded to the nexthop set with this command To use the policy based routing you must specify the route map for it and create the route map A route map contains multiple policies and each policy defines one or more match rules and the corresponding operations After policy based routing is applied to an interface the packets received by...

Page 618: ...ion route map Define a route map match ip address Match the IP address set default interface Set the default outgoing interface set interface Set the outgoing interface set ip next hop Set the next hop of the packets set ip precedence Set the priority of the packets 34 1 39 set ip dscp Use this command to specify the DSCP value for the packets that match the rule in the route map configuration mod...

Page 619: ...ext hop Set the next hop of the packets set ip precedence Set the priority of the packets 34 1 40 set ip next hop Use this command to specify the next hop IP address for the packets that meet the matching rule Use the no form of this command to remove the setting This command is only used to configure policy based routing set ip next hop ip address weight ip address weight no set ip next hop ip ad...

Page 620: ...tch rule If multiple IP addresses are configured they can be used in turn Policy based routing is a packet forwarding mechanism more flexible than the routing based on the target network After the policy based routing is used the device will decide how to process the packets that need be routed according to the route map which decides the next hop device of the packets To use the policy based rout...

Page 621: ...t hop 172 16 100 1 route map load balance permit 30 set interface Null0 Related commands Command Description Route map Define the route map match ip address Match the IP address set default interface Set the default outgoing interface set interface Set the outgoing interface set ip default next hop Set the default next hop set ip precedence Set the priority of the packets 34 1 41 set ip next hop v...

Page 622: ...1 0 When the interface receives the packets from 10 0 0 0 8 they will be sent to 192 168 100 1 when the interface receives the packets from 172 16 0 0 16 they will be sent to 172 16 100 1 all other packets will be discarded interface serial 1 0 ip policy route map load balance access list 10 permit 10 0 0 0 0 255 255 255 access list 20 permit 172 16 0 0 0 0 255 255 route map load balance permit 10...

Page 623: ... setting set ip precedence 0 7 critical flash flash override immediate internet network priority routine no set ip precedence 0 7 critical flash flash override immediate internet network priority routine Default configuration N A Command mode Route map configuration mode Usage guideline With different precedence values for the IP packet head configured the IP packets matching the PBR routing are s...

Page 624: ...hop IP address in the ACL match ip route source Match the route source IP address in the ACL match metric Match the route metric value match route type Match the route type match tag Match the route tag value set metric type Set the type of redistributed route set tag Set the tag value of redistributed route set ip tos Set the tos for the IP packet head 34 1 43 set ip tos Use this command to set t...

Page 625: ...e packet with the source IP address 192 168 217 68 received at the interface FastEthernet 0 0 as 4 DES 7210 config access list 1 permit 192 168 217 68 0 0 0 0 DES 7210 config route map name DES 7210 config route map match ip address 1 DES 7210 config route map set ip tos 4 DES 7210 config interface FastEthernet 0 0 DES 7210 config if ip policy route map name Related commands Command Description ma...

Page 626: ...g the rule are redistributed in the route map configuration command Use the no form of this command to remove the setting set level level 1 level 2 level 1 2 stub area backbone no set level Default configuration None Command mode Route map configuration mode Examples In the example below the OSPF routing protocol redistributes the RIP protocol to the backbone area router ospf redistribute rip subn...

Page 627: ...1 45 set local preference Use this command to set the LOCAL_PREFERENCE value for the routes to be redistributed in the route map configuration mode Use the no form of this command to remove the setting set local preference number no set local preference Parameter description Parameter Description number Local priority metric ranging 1 to 4294967295 Default configuration None Command mode Route map...

Page 628: ...repend Set the AS_PATH attribute set metric Set the metric set metric type Set the metric type 34 1 46 set metric Use set metric to set the metric for the routes to be redistributed Use the no form of this command to remove the setting set metric metric value metric value metric value no set metric Parameter description Parameter Description Increase based on the metric of the original route Decre...

Page 629: ...ain and vice versa The mutual route redistribution can be implemented between all the IP routing protocols For route redistribution route maps are usually used to control the mutual route redistribution between two routing domains One or more match or set commands can be executed to configure a route map If the match command is not used all the routes will be matched If the set command is not used...

Page 630: ...e type of the routes that the OSPF protocol redistributes type 1 Type 1 external route type 2 Type 2 external route Default configuration Type 2 Command mode Route map configuration mode Usage guideline You can redistribute the routing information from one routing process to another routing process For example you can redistribute the route in the OSPF routing domain and then advertise it to the R...

Page 631: ... Related commands Command Description match interface Match the interface match ip address Match the IP address match ip next hop Match the next hop IP address match ip route source Match the source IP address match metric Match the metric match route type Match the route type match tag Match the tag set metric Set the metric set tag Set the tag 34 1 48 set next hop Use this command to specify the...

Page 632: ...stribution between two routing domains In configuring one route map one or more match or set commands can be executed If the match command is not used all the routes will be matched If the set command is not used no operation will be performed Examples The following example enables the OSPF routing protocol to redistribute the RIP route and sets the next hop to 192 168 1 2 route map redrip permit ...

Page 633: ... igp incomplete Parameter description Parameter Description egp Redistribute the routes from the remote EGP igp Redistribute the routes from the local IGP Incomplete Redistribute the routes from an unknown device Default configuration None Command mode Route map configuration mode Usage guideline Use this command to set the source of the routes to be matched Only one route source attribute can be ...

Page 634: ...eference Set the local priority of redistributed routes 34 1 50 set originator id Use this command to set the source of the routes to be redistributed in the route map configuration mode Use the no form of this command to remove the setting set originator id ip addr no originator id ip addr Parameter description Parameter Description ip addr IP address of the originator Default configuration None ...

Page 635: ...ch the route metric match origin Match the source set as path prepend Set the AS_PATH attribute set metric Set the metric set local preference Set the local priority of redistributed routes 34 1 51 set tag Use this command to set the tag for the routes to be redistributed Use the no form of this command to remove the setting set tag tag no set tag Parameter description Parameter Description tag Ta...

Page 636: ...p permit 10 set tag 100 Related commands Command Description match interface Match the interface match ip address Match the IP address match ip next hop Match the next hop IP address match ip route source Match the source IP address match metric Match the metric match route type Match the route type match tag Match the tag set metric Set the metric set metric type Set the metric type 34 1 52 set w...

Page 637: ...xed 32768 Examples The following example sets the weight for the BGP route learned from the neighbor 1 1 1 1 at the inbound direction to 100 router bgp 1 neighbor 1 1 1 1 route map nei rmap in in route map nei rmap in permit 10 set weight 100 Related commands Command Description match as path Match the AS_PATH attribute match community Match the route community match metric Match the route metric ...

Page 638: ...UDP packet are available ip ref ecmp load balance crc32_lower crc32_upper dip port udf number no ip ref ecmp load balance crc32_lower crc32 upper dip port udf number Command mode Global configuration mode Usage guideline You can use any combination of DIP port and UDF to form a key and select CRC32_Lower or CRC32_Upper as Hash algorithm This command can only be used modify the weight of a BGP rout...

Page 639: ...n mode interface configuration mode routing protocol configuration mode route map configuration mode Usage guidelines If no route map is specified the configurations of all the route maps will be displayed otherwise only the configuration of the specified route map is displayed Examples DES 7210 show route map route map AAA permit sequence 10 Match clauses ip address 2 Set clauses metric 10 Field ...

Page 640: ...is command shows the information on the community list Examples DES 7210 show ip community list Community list standard local permit local AS Community list standard Red Giant permit 0 10 deny 0 20 34 2 3 show ip prefix list Use show ip prefix list to view the prefix list or the entries show ip prefix list prefix name seq seq num ip prefix Parameter description Parameter Description prefix name Na...

Page 641: ... process id weight Parameter description Parameter Description vrf vrf_name Optional Show the route information of the VRF network Optional Show the route information to the network mask Optional Show the route information to the network of this mask count Optional Show the number of existent routes protocol Optional Show the route information of specific protocol process id Optional Routing proto...

Page 642: ...N 1 R 40 0 0 0 8 120 20 via 192 1 1 2 00 00 23 VLAN 1 B 50 0 0 0 8 120 0 via 192 1 1 3 00 00 41 C 192 1 1 0 24 is directly connected VLAN 1 C 192 1 1 254 32 is local host Field Description O Source routing protocol which may be C directly connected route S static route R RIP route B BGP route O OSPF route I IS IS route E2 Route type which may be E1 OSPF external route type 1 E2 OSPF external route...

Page 643: ... weight S 23 0 0 0 8 1 0 2 via 192 1 1 20 S 172 0 0 0 16 1 0 4 via 192 0 0 1 34 2 5 show ipv6 prefix list Use this command to show the information about the IPv6 prefix list or its entries show ipv6 prefix list prefix name Parameter description Parameter Description prefix name Name of the IPv6 prefix list Default configuration The configuration information of all the IPv6 prefix lists is displaye...

Page 644: ...tables and number of weighted nodes show ip ref Command mode Privileged mode Usage guidelines This command shows the route information of the REF Examples DES 7210 show ip ref statistic information current routes 5 alloc weight_nodes 5 alloc bal_tables 0 alloc adj_nodes 5 alloc res_adj 0 Field Description routes Number of routes in the REF table weight_nodes Number of weighted nodes bal_tables Num...

Page 645: ...nterface That interface performs only the policy based routing for the received packets while the packets sent by the interface will be forwarded normally according to the routing table To use the policy based routing you must specify the route map for it and create the route map A route map contains multiple policies and each policy defines one or more match rules and the corresponding operations...

Page 646: ...urce address is 20 0 0 1 it sets the next hop as 196 168 5 6 otherwise otherwise the general forwarding will be performed access list 1 permit 10 0 0 1 access list 2 permit 20 0 0 1 route map lab1 permit 10 match ip address 1 set ip next hop 196 168 4 6 exit route map lab1 permit 20 match ip address 2 set ip next hop 196 168 5 6 exit interface FastEthernet 0 0 ip policy route map lab1 exit Related...

Page 647: ...icy load balancing or redundant backup Default Redundant backup is adopted by default Command mode Global configuration mode Usage guidelines When you configure the set ip next hop command in the sub route map it is possible to configure multiple next hops However when you set redundant backup only the first hop of the policy based routing can be parsed When the load balancing is set multiple hops...

Page 648: ... policy based routing applied on the EF0 takes effect and performs forwarding access list 1 permit 10 0 0 1 access list 2 permit 20 0 0 1 route map lab1 permit 10 match ip address 1 set ip next hop 196 168 4 6 set ip next hop 196 168 4 7 set ip next hop 196 168 4 8 exit route map lab1 permit 20 match ip address 2 set ip next hop 196 168 5 6 set ip next hop 196 168 5 7 set ip next hop 196 168 5 8 e...

Page 649: ...v6 ipv6 address ipv6 enable ipv6 hop limit ipv6 neighbor ipv6 source route ipv6 route ipv6 ns linklocal src ipv6 nd ns interval ipv6 nd reachable time ipv6 nd prefix ipv6 nd ra lifetime ipv6 nd ra interval ipv6 nd ra hoplimit ipv6 nd ra mtu ipv6 nd managed config flag ipv6 nd dad attempts ipv6 nd suppress ra ipv6 redirects clear ipv6 neighbors tunnel destination tunnel mode ipv6ip tunnel source tu...

Page 650: ...ns Meaning The response to each request sent is received The response to the request sent is not received within a regulated time U The device has no route to the destination host R Parameter error F No system resource is available A The source IP address of the packet is not selected D The network interface is in the Down status or the IPv6 function is disabled on the the interface for example IP...

Page 651: ...i 64 the length of the prefix must be 64 bits When an IPv6 interface is created and the link status is up the system will automatically generate a local IP address for the interface If no deleted address is specified when using no ipv6 address all the manually configured addresses will be deleted no ipv6 address ipv6 prefix prefix length eui 64 can be used to delete the addresses configured with i...

Page 652: ...d commands Command Description show ipv6 interface Show the related information of an interface 36 1 4 ipv6 hop limit Use this command to configure the default hopcount to send unicast messages in the global configuration mode ipv6 hop limit value no ipv6 hop limit Default configuration The default is 64 Command mode Global configuration mode Usage guidelines This command takes effect for the unic...

Page 653: ... the ARP command the static neighbor can only be configured on an IPv6 interface If the neighbor to be configured has been learned through NDP and has been stored in the neighbor list the dynamically generated neighbor will be automatically switched to a static one The configured static neighbor is always in the Reachable status Use clear ipv6 neighbors to clear all the neighbors dynamically learn...

Page 654: ...ype 0 that destined to the local machine is processed Examples DES 7210 config no ipv6 source route Related commands None 36 1 7 ipv6 route Use this command to configure an IPv6 static route Use the no form of this command to remove the setting ipv6 route ipv6 prefix prefix length ipv6 address interface id ipv6 address no ipv6 route ipv6 prefix prefix length ipv6 address interface id ipv6 address ...

Page 655: ...must be specified Command mode Global configuration mode Usage guidelines Note If the destination IP address or next hop IP address is a link local IP address the outgoing interface must be specified if the destination address is a link local IP address the next hop must be also a link local IP address When configuring a route the destination IP address and the next hop IP address shall not be a m...

Page 656: ...olicitation Use the no form of this command to restore it to the default setting ipv6 nd ns interval milliseconds no ipv6 nd ns interval Parameter description Parameter Description milliseconds Interval for retransmitting NS in the range of 1000 to 429467295 milliseconds Default configuration The default value in RA is 0 unspecified the interval for retransmitting NS is 1000ms 1s Command mode Inte...

Page 657: ...0s when the device discovers the neighbor Command mode Interface configuration mode Usage guidelines The device checks the unreachable neighbor through the set time A shorter time means that the device can check the neighbor failure more quickly but more network bandwidth and device resource will be occupied Therefore it is not recommended to set a too short reachable time The configured value wil...

Page 658: ...refix received by the host at valid date preferred date Set the dead line for the valid lifetime and that of the preferred lifetime in day month year hour minute infinite Indicate that the prefix is always valid default Set the default perfix no advertise The prefix will not be advertised by the device off link When the host sends an IPv6 packet if the prefix of the destination address matches the...

Page 659: ...preferred date The valid lifetime of a prefix can be specified in two ways One way is to specify a fixed time for each prefix in the RA the other way is to specify the end time in this mode the valid lifetime of the prefix sent in RA will be gradually reduced until the end time is 0 Examples The following example adds a prefix for SVI 1 DES 7210 conifg interface vlan 1 DES 7210 conifg if ipv6 nd p...

Page 660: ...f it is not set to 0 it shall be larger than or equal to the interval of sending the RA ra interval Examples DES 7210 conifgf interface vlan 1 DES 7210 conifg if ipv6 nd ra lifetime 2000 Related commands Command Description show ipv6 interface Show the interface information ipv6 nd ra interval Set the interval of sending the RA ipv6 nd ra hoplimit Set the hopcount of the RA ipv6 nd ra mtu Set the ...

Page 661: ... bandwidth while sending the RA message the actual interval for sending the RA message will be fluctuated 20 based on the set value If the key word min max is specified the actual interval for sending the packet will be chosen between the range of minimum value and maximum value Examples DES 7210 conifgf interface vlan 1 DES 7210 conifg if ipv6 nd ra interval 110 DES 7210 config if ipv6 nd ra inte...

Page 662: ...fig if ipv6 nd ra hoplimit 110 Related commands Command Description show ipv6 interface Show the interface information ipv6 nd ra lifetime Set the lifetime of the device ipv6 nd ra interval Set the interval of sending the RA message ipv6 nd ra mtu Set the MTU of the RA message 36 1 15 ipv6 nd ra mtu Use this command to set the MTU of the RA messag Use the no form of this command to restore it to t...

Page 663: ...nd ra hoplimit Set the hopcount of the RA message 36 1 16 ipv6 nd managed config flag Use this command to set the managed address configuration flag of the RA message Use the no form of this command to remove the setting ipv6 nd managed config flag no ipv6 managed config flag Default configuration None Command mode Interface configuration mode Usage guidelines This flag determines whether the host...

Page 664: ...n the interface The range is 0 to 600 Default configuration 1 Command mode Interface configuration mode Usage guidelines When the interface is configured with a new IPv6 address the address collision shall be checked before the address is assigned to the interface and the address shall be in the tentative status After the address collision check is completed if no collision is detected the address...

Page 665: ...t sent on the IPv6 interface by default Command mode Interface configuration mode Usage guidelines This command suppresses the sending of the RA message on an interface Examples DES 7210 config interface vlan 1 DES 7210 config if ipv6 nd suppress ra Related commands Command Description show ipv6 interface Show the interface information 36 1 19 ipv6 redirects Use this command to control whether to ...

Page 666: ... command to clear the dynamically learned neighbors clrear ipv6 neighbors Command mode Privileged mode Usage guidelines This command can be used to clear all the neighbors dynamically learned by the RDP Note that the static neighbors will not be cleared Examples DES 7210 clear ipv6 neighbors Related commands Command Description ipv6 neighbor Configure the neighbor show ipv6 neighbors Show the neig...

Page 667: ...mples The following example configures a 6to4 tunnel DES 7210 config interface tunnel 1 DES 7210 config if tunnel mode ipv6ip 6to4 DES 7210 config if tunnel source vlan 1 Related commands Command Description tunnel source Configure the source address of the tunnel tunnel destination Configure the destination address of a tunnel Tunnel ttl Configure the TTL of the tunnel 36 1 22 tunnel destination ...

Page 668: ...commands Command Description tunnel source Configure the source IP address of the tunnel tunnel mode Configure the mode of a tunnel Tunnel ttl Configure the TTL of the tunnel 36 1 23 tunnel source Use this command to specify the source IP address for the tunnel Use the no form of this command to remove the setting tunnel source ipv4 address interface type interface number no tunnel source Paramete...

Page 669: ...The following example configures an IPv6 manual tunnel DES 7210 config interface tunnel 1 DES 7210 config if tunnel mode ipv6ip DES 7210 config if tunnel source vlan 1 DES 7210 config if tunnel destination 192 168 5 1 Related commands Command Description tunnel mode Configure the mode of a tunnel tunnel destination Configure the destination address of a tunnel Tunnel ttl Configure the TTL of the t...

Page 670: ...l destination Configure the destination IP address of a tunnel 36 2 Show Related Command 36 2 1 show ipv6 route Use this command to show the IPv6 route information show ipv6 route static local connected Parameter description Parameter Description static Show the static routes local Show the local routes connected Show the directly connected routes Command mode Privileged mode Usage guidelines Use ...

Page 671: ...meter description Parameter Description verbose Show the neighbor details interface id Show the neighbors of the specified interface ipv6 addres Show the neighbors of the specified IPv6 address Command mode Privileged mode Usage guidelines Show the neighbors on the SVI 1 interface DES 7210 show ipv6 neighbors vlan 1 IPv6 Address Linklayer Addr Interface fa 1 00d0 0000 0002 vlan 1 fe80 200 ff fe00 ...

Page 672: ...E The reachable time of the neighbor expires In this state the switch takes no additional action it only starts NUD Neighbor Unreachability Detection after a packet is sent to the neighbor DELAY A packet is sent to the neighbor in STALE state If the STALE state changes to DELAY DELAY will be changed to PROBE if no neighbor reachability notification is received within DELAY_FIRST_PROBE_TIME seconds...

Page 673: ...ed commands Command Description ipv6 neighbor Configure a neighbor 36 2 3 show ipv6 interface Use this command to show the IPv6 interface information show ipv6 interface interface id ra info Parameter description Parameter Description interface id Interface including Ethernet interface aggregateport or SVI ra info Show the RA information of the interface Command mode Privileged mode Usage guidelin...

Page 674: ...e is included in the above information 2001 1 subnet is 2001 64 TENTATIVE The flag bit in the following the INET6 address is explained as follows Flag Meaning ANYCAST Indicate that the address is an anycast address TENTATIVE Indicate that the DAD is underway The address is a tentative before the DAD is completed DUPLICATED Indicate that a duplicate address exists DEPRECATED Indicate that the prefe...

Page 675: ...e the number of the RAs when the RA timer is restarted RA out in inconsistent out Indicate the number of the RAs that are sent In Indicate the number of the RAs that are received inconsistent Indicate the number of the received RAs in which the parameters are different from those contained in the RAs advertised by the device RS input Indicate the number of the RSs that are received Link layer addr...

Page 676: ...ddress CFG Indicate that the prefix is manually configured Adv Indicate that the prefix will not be advertised vltime Valid lifetime of the prefix measured in seconds pltime Preferred lifetime of the prefix measured in seconds L L L Indicate that the on link in the prefix is set L Indicate that the on link in the prefix is not set A A A Indicate that the auto configure in the prefix is set A It in...

Page 677: ...no area area id default cost Parameter description Parameter Description area id Area ID of the stub area It can be an integer or an IPv4 prefix cost Cost of the default route of the stub area in the range 1 to 16777214 Default configuration By default the cost of the default route is 1 Command mode OSPFv3 configuration mode Usage guidelines This command can only work in the ABR connected to the s...

Page 678: ...ddresses are converged It can be an integer or an IPv4 prefix ipv6 prefix prefix length Range of the converged addresses not advertise The range of the converged addresses is not advertised By default the function is enabled Default configuration No converged inter area address range is defined Command mode OSPFv3 configuration mode Usage guidelines This command applies only to ABR Use this comman...

Page 679: ...on applies only to the ABR in the stub area indicating that the ABR only advertises the type 3 LSA indicating the default route to the stub area not other type 3 LSAs Default configuration None Command mode OSPFv3 configuration mode Usage guidelines Use no area area id stub command to restore the area as a common area Use no area area id to delete the area including all the configuration of the ar...

Page 680: ...meter Description area id ID of the area in which the virtual link is located It can be an integer or an IPv6 prefix Router id Neighbor router ID of the virtual link hello interval seconds Set the interval to send the hello message on the local virtual link interface in the range from 1 to 65535s The default value is 10s dead interval seconds Interval for the local interface of the virtual link to...

Page 681: ...en the virtual neighbors Use no area area id to delete the area including all the configuration of the area Examples The following example configures a virtual link ipv6 router ospf 1 area 1 virtual link 192 1 1 1 Related commands Command Description show ipv6 ospf Show the OSPFv3 routing process information show ipv6 ospf neighbor Show the OSPFv3 neighbor information show ipv6 ospf virtual links ...

Page 682: ...ace configuration mode to set the cost of the specified interface and it takes precedence over the metric calculated based on the reference bandwidth Examples The following example changes the reference bandwidth to 10M ipv6 router ospf 1 auto cost reference bandwidth 5 Related commands Command Description ipv6 ospf cost Set the cost of the interface show ipv6 ospf Show the OSPFv3 routing process ...

Page 683: ...ic Optional Initial metric value of the default route 1 by default metric type type Optional Type of the default route There are two type of OSPF external routes type 1 different metrics seen on different routers type 2 the same metric sees on different routers External route of type 1 is more trustworthy than that of type 2 By default it is type 2 route map map name Associated route map name no a...

Page 684: ...stead of the default metric command There are two types of OSPF external routes type 1 external routes have changeable routing metrics while type 2 external routes have constant routing metrics For two parallel routes with the same route metric to the same destination network type 1 takes precedence over type 2 As a result the show ipv6 route command shows only the type 1 route The routers in the ...

Page 685: ...istributed direct route which always uses 20 as the default metric value Examples The following example sets the default metric for the routes to be redistributed to 10 default metric 10 Related commands Command Description redistribute Redistribute the routes show ipv6 ospf Show the OSPFv3 routing process information 37 1 9 ipv6 ospf area Use this command to enable the interface to participate in...

Page 686: ...e OSPFv3 routing process Only the routers with the same instance ID can establish neighbor relationship one another After this command is configured all the prefix information on the interface will be used in the operation of the OSPFv3 Examples The following example starts the OSPFv3 process on int fastethernet 0 0 for the specified area of the specified instance int fastethernet 0 0 ipv6 ospf 1 ...

Page 687: ... to modify the cost of the interface and it takes precedence over the metric value based on the reference bandwidth Examples The following example sets the cost of the interface to 1 ipv6 ospf cost 1 Related commands Command Description show ipv6 ospf interface Show the OSPFv3 interface information instance instance id Configure the specific OSPFv3 instance on the interface 37 1 11 ipv6 ospf dead ...

Page 688: ...val changes accordingly It s not recommended to modify the parameters directly If needed note that 1 The dead interval shall be larger than the hello interval sent by the neighbor 2 The same dead interval shall be set for the neighbors Examples The following example sets the dead interval of the local interface to 60s ipv6 ospf dead interval 60 Related commands Command Description ipv6 ospf hello ...

Page 689: ...Examples The following example sets the interval for the interface to send the Hello message to 20s ipv6 ospf hello interval 20 Related commands Command Description ipv6 ospf dead interval Set the interval for the interface to consider that the neighbor fails show ipv6 ospf interface Show the OSPFv3 interface information instance instance id Configure the specific OSPFv3 instance on the interface ...

Page 690: ...ion instance instance id Configure the specific OSPFv3 instance on the interface Command mode Interface configuration mode Usage guidelines You can set relevant parameters for the neighbors depending on the actual network type 37 1 14 ipv6 ospf network Use this command to set the network type of the interface Use the no form of this command to restore it to the default setting ipv6 ospf network br...

Page 691: ...s in the OSPFv3 to point to point ipv6 ospf network point to point Related commands Command Description ipv6 ospf priority Set the interface priority show ipv6 ospf interface Show the OSPFv3 interface information instance instance id Configure the specific OSPFv3 instance on the interface 37 1 15 ipv6 ospf priority Use this command to set the interface priority Use the no form of this command to r...

Page 692: ...ect immediately The interface will participate in the election of the DR BDR at the next time Examples The following example disables the interface from being elected as the DR BDR ipv6 ospf priority 0 Related commands Command Description ipv6 ospf network Set the network type of the interface router id Set the ID of the router show ipv6 ospf interface Show the OSPFv3 interface information instanc...

Page 693: ...m the neighbor If no acknowledgement is received within the specified period the LSA information will be retransmitted Examples The following example sets the interval for retransmitting the LSA to 10s ipv6 ospf retransmit interval 10 Related commands Command Description show ipv6 ospf interface Show the OSPFv3 interface information instance instance id Configure the specific OSPFv3 instance on th...

Page 694: ...les The following example sets the delay for the interface to transmit the LSA ipv6 ospf transmit delay 2 Related commands Command Description show ipv6 ospf interface Show the OSPFv3 interface information 37 1 18 ipv6 router ospf Use this command to start OSPFv3 routing process Use the no form of this command to disable the OSPFv3 routing process ipv6 router ospf process id no ipv6 router ospf pr...

Page 695: ...Show the OSPFv3 routing process information 37 1 19 log adj changes Use this command to enable the logging of the neighbor state changes The no or default form of the command is used to disable it log adj changes no log adj changes Parameter settings None Default By default Disabled Command mode Routing process configuration mode Examples The configuration example below turns on the log for neighb...

Page 696: ...ples The following example set max concurrent dd to 4 allowing exchanging DD packet with 4 neighbors at the same time router ipv6 ospf 1 max concurrent dd 4 37 1 21 passive interface Use this command to set the passive interface Use the no form of this command to remove the configuration passive interface default interface type interface number no passive interface default interface type interface...

Page 697: ...his command to start the route redistribution in order to import the routing information of other routing protocols to the OSPFv3 routing process Use the no form of this command to disable this function or modify the redistribution parameters redistribute protocol metric metric value metric type type value route map map tag level 1 level 1 2 level 2 match internal l external nssa external 1 2 no r...

Page 698: ...rotocols becomes an important task The device can run the protocols at the same time so it should redistribute the protocols This is applicable to all IP routing protocols When redistributing OSPF routes you can configure match to redistribute the corresponding routes All types of OSPF routes are redistributed by default The match parameter of route map is specific the source of routes The paramet...

Page 699: ...nterface address is automatically selected as the router ID Command mode OSPFv3 configuration mode Usage guidelines Each device that runs the OSPFv3 process shall be identified with a router ID Router ID is in the format of IPv4 address Unlike the OSPFv2 the OSPFv3 process will automatically acquire an IPv4 address to use it as the router ID After the device starts the OSPFv3 process a user must u...

Page 700: ...l for the OSPFv3 to calculate SPF after receiving the topology change The no format of this command is used to restore it to the default timers spf delay holdtime no timers spf Parameter description Parameter Description delay Delay from determining the topology change to calculating SPF Its range is 0 to 214748364s and the default value is 5s holdtime Delay from determining the topology change to...

Page 701: ...e following example shows the information about the OSPFv3 process DES 7210 show ipv6 ospf Routing Process OSPFv3 1 with ID 1 1 1 1 Process uptime is 24 minutes SPF schedule delay 5 secs Hold time between SPFs 10 secs Minimum LSA interval 5 secs Minimum LSA arrival 1 secs Number of incomming current DD exchange neighbors 0 5 Number of outgoing current DD exchange neighbors 0 5 Number of external L...

Page 702: ...ncy Changes Enabled Number of areas in this device is 2 BFD is enabled Area BACKBONE 0 Number of interfaces in this area is 1 1 SPF algorithm executed 4 times Number of LSA 3 Checksum Sum 0x1DDF1 Number of Unknown LSA 0 Related commands Command Description ipv6 router ospf Start the OSPFv3 routing process default information originate Set the default route to be redistributed default metric Set th...

Page 703: ... 0 0 0 0 5 2 2 2 2 206 0x80000001 0x8c86 0 Link LSA Interface Loopback 1 Link State ID ADV Router Age Seq CkSum Prefix 0 0 64 1 1 1 1 1 82 0x80000001 0xb760 0 Router LSA Area 0 0 0 0 Link State ID ADV Router Age Seq CkSum Link 0 0 0 0 1 1 1 1 17 0x80000006 0x62a1 1 0 0 0 0 2 2 2 2 156 0x80000003 0x8653 1 Network LSA Area 0 0 0 0 Link State ID ADV Router Age Seq CkSum 0 0 0 5 2 2 2 2 157 0x80000001...

Page 704: ...ate BDR Priority 1 Designated Router ID 2 2 2 2 Interface Address fe80 c800 eff fe84 1c Backup Designated Router ID 1 1 1 1 Interface Address fe80 2d0 22ff fe22 2223 Timer interval configured Hello 10 Dead 40 Wait 40 Retransmit 5 Hello due in 00 00 02 Neighbor Count is 1 Adjacent neighbor count is 1 Hello received 26 sent 26 DD received 5 sent 4 LS Req received 1 sent 1 LS Upd received 3 sent 6 LS...

Page 705: ...rocess ipv6 ospf area Enable the interface to participate in the OSPFv3 process 37 2 4 show ipv6 ospf neighbor Use this command to show the neighbor information of the OSPFv3 process show ipv6 ospf process id neighbor interface type interface number detail neighbor id detail Parameter description Parameter Description process id OSPFv3 process number 1 65535 detail Show details about the neighbor ...

Page 706: ...For example DES 7210 show ipv6 ospf neighbor detail Neighbor 2 2 2 2 interface address fe80 c800 eff fe84 1c In the area 0 0 0 0 via interface FastEthernet 1 0 Neighbor priority is 1 State is Full 6 state changes DR is 2 2 2 2 BDR is 1 1 1 1 Options is 0x000013 R E V6 Dead timer due in 00 00 36 Database Summary List 0 Link State Request List 0 Link State Retransmission List 0 BFD session state up ...

Page 707: ...type 2 Destination Metric Next hop E2 2222 64 1 20 via fe80 c800 eff fe84 1c FastEthernet 1 0 O 3333 64 11 via fe80 c800 eff fe84 1c FastEthernet 1 0 Area 0 0 0 0 Related commands Command Description ipv6 router ospf Start the OSPFv3 routing process 37 2 6 show ipv6 ospf topology Use this command to show the topology of each area of OSPFv3 show ipv6 ospf process id topology area area id Parameter ...

Page 708: ...re the address range of the OSPF area 37 2 7 show ipv6 ospf virtual links Use this command to show the virtual link information of the OSPFv3 process show ipv6 ospf process id virtual links Parameter description Parameter Description process id OSPFv3 process number 1 65535 Command mode Privileged mode Examples The following command shows the information about the OSPFv3 virtual link DES 7210 show...

Page 709: ...37 OSPFv3 Configuration Commands 37 33 Related commands Command Description ipv6 router ospf Start the OSPFv3 routing process area virtual link Configure the OSPFv3 virtual link show ipv6 ospf neighbor Show the OSPFv3 neighbor information ...

Page 710: ......

Page 711: ...p join group ip igmp static group ip igmp immediate leave group list ip igmp last member query count ip igmp last member query interval ip igmp limit interface configuration mode ip igmp query interval ip igmp query max response time ip igmp querier timeout ip igmp robustness variable ip igmp version ip igmp limit global configuration mode ip igmp proxy service ip igmp mroute proxy ip igmp ssm map...

Page 712: ...nterface type Interface type interface number Interface number Command mode Privileged mode Usage guidelines The IGMP buffer includes a list that contains the multicast groups that the hosts in the direct subnet join If the device joins a group this group will be included in this list To delete all the entries from the IGMP buffer use the clear ip igmp group command without parameters Examples Del...

Page 713: ...s this function Command syntax ip igmp access group access list no ip igmp access group Parameter description Parameter Description access list Name of access control list within the range of 1 to 199 1300 to 2699 or characters Default Filtering conditions are not set Command mode Interface configuration mode Usage guidelines You can add some interfaces of the host in a subnet to multiple multicas...

Page 714: ...erface is not manually added to the multicast group Command mode Interface configuration mode Usage guidelines This command enables the host activities for the IGMP interface When the host function is enabled the interface can initiate the report message and respond to the query message If the IGMP function is enabled on the interface the interface can initiate the report message so that the inter...

Page 715: ...with a report message You can use this command to add an interface to a group Examples Following example is to add a host group member manually DES 7210 configure terminal DES 7210 config interface fast 0 1 DES 7210 config if ip igmp static group 233 3 3 3 38 1 6 ip igmp immediate leave group list In the IGMPversion2 and IGMPversion3 versions use this command to shorten the delay of leaving a grou...

Page 716: ...ntly Examples The following example demonstrates how to provide the immediate leaving function for some multicast groups Certainly you must make sure each interface of these multicast groups have one group member only DES 7210 configure terminal DES 7210 config access list 1 permit 225 192 20 0 0 0 0 255 DES 7210 config interface ethernet 0 1 DES 7210 config if ip igmp immediate leave group list 1...

Page 717: ...ace ethernet 0 DES 7210 config if ip igmp last member query count 3 38 1 8 ip igmp last member query interval Use this command to set the time interval of sending the group query message Use the no form of this command to restore it to the default Command syntax ip igmp last member query interval interval no ip igmp last member query interval Parameter description Parameter Description Interval Th...

Page 718: ...e the setting Command syntax ip igmp limit number except access list no ip igmp limit Parameter description Parameter Description number Maximum number of IGMP states depending on devices 1 16384 except Optional Prevent the groups of the access list from taking part in calculation which is not limited by maximum number access list Optional Access list Default 1024 Command mode Interface configurat...

Page 719: ...iguration mode Usage guidelines The time to query an ordinary member can be changed by configuring the query interval of the ordinary member Examples Configure the query interval of ordinary member to 120s on the interface Ethernet 0 DES 7210 config if ip igmp query interval 120 Configure the query interval of ordinary member to the default value on the interface Ethernet 0 DES 7210 config if no i...

Page 720: ...ult value on the interface Ethernet 0 DES 7210 config if no ip igmp query max response time 38 1 12 ip igmp query timeout Use this command to configure the time the device waits before it takes over as the querier Use the no form to restore it to the default Command syntax ip igmp query timeout seconds no ip igmp query timeout Parameter description Parameter Description seconds Time the device wai...

Page 721: ...of the robustness variable Use the no form of this command to restore it to the default value Command syntax ip igmp robustness variable number no ip igmp robustness variable Parameter description Parameter Description number The value of robustness variable ranging 2 to 7 Default The default value is 2 Command mode Interface configuration mode Examples The following example sets the value of robu...

Page 722: ...inal DES 7210 config interface ethernet 0 DES 7210 config if ip igmp version 2 Related commands ip igmp access group ip igmp limit ip multicast rate limit 38 1 15 ip igmp limit global configuration Use this command to globally set the maximum number of IGMP group records Use the no form of this command to remove the setting Command syntax ip igmp limit number except access list no ip igmp limit nu...

Page 723: ...f the corresponding mroute proxy that associates its downlink ports and maintains the group information reported by the downlink ports ip igmp proxy service no ip igmp proxy service Default configuration All interfaces are not in the proxy serice status Command mode Interface configuration mode Usage guidelines The command can configure at most 32 interfaces Each proxy service port can associate w...

Page 724: ...the relevant uplink interface Default configuration N A Command mode Interface configuration mode Usage guidelines After an uplink interface is configured as proxy service interface the interface can forward the IGMP messages sent by its members Examples Configure an interface to mroute proxy interface DES 7210 config if ip igmp mroute proxy fa 0 1 38 1 18 ip igmp ssm map enable Use this command t...

Page 725: ...n the global mode Use the no form of this command to disable the function ip igmp ssm map static access list a b c d no ip igmp ssm map static access list a b c d Parameter description Parameter Description access list ACL name in the range 1 to 99 1300 to 1999 or characters a b c d Unicast address mapped to the group record Default configuration N A Command mode Global configuration mode Usage gu...

Page 726: ...how the information about all the groups Default N A Command mode User mode or privileged mode Usage guidelines Use this command without any parameters to show group address interface type and information about all the multicast groups directly connected to the interface Information about a specific group is displayed if a group address is added to the command Examples The following example shows ...

Page 727: ...information of this interface Command syntax Show ip igmp interface interface type interface number Parameter description Parameter Description interface type Interface type interface number Interface number N A Show information about all the interfaces Default Command mode User mode or privileged mode Examples The following example shows the information of all the interfaces DES 7210 show ip igmp...

Page 728: ... B C D Parameter description Parameter Description A B C D Source address to be mapped Default configuration All the ssm map information of the IGMP is displayed Command mode Global configuration mode Usage guidelines If all the parameters are not used the related configurations are displayed Examples Show the ssm map configuration information DES 7210 sh ip igmp ssm mapping SSM Mapping Enabled Da...

Page 729: ...nterval ip pim state refresh disable ip pim state refresh origination interval 39 1 1 ip pim dense mode Use this command to enable PIM DM on the interface Use the no form of this command to disable the function ip pim dense mode no ip pim dense mode Parameter description N A Default configuration Disabled Command mode Interface configuration mode Examples DES 7210 configure terminal DES 7210 confi...

Page 730: ...he upper limit of the multicast interfaces In this case if it s still necessary to enable the PIM DM on the interface delete the unnecessary PIM DM PIM SM or DVMRP interfaces It is not recommended to configure different multicat routing protocols on different interfaces of a device 39 1 2 ip pim neighbor filter Use this command to enable the neighbor filtering on the interface If the neighbor filt...

Page 731: ...e is terminated the neighbor relationship with this device will not be established and the PIM protocol packets from this device will not be received 39 1 3 ip pim query interval Use this command to reconfigure the interval of sending the hello message The no form of this command is used to restore hello interval to the default value ip pim query interval interval seconds no ip pim query interval ...

Page 732: ...al configuration mode Usage guidelines When the state refresh function is disabled the PIM DM state refresh message is not processed and forwarded The sent Hello message does not contain the status refresh option Consequently the SR Cap field will not be processed when the Hello message is received Examples The following example disables the processing of the PIM DM state refresh message DES 7210 ...

Page 733: ...M update message in the range of 1 to 100 in seconds Default configuration 60 seconds Command mode Interface configuration mode Examples DES 7210 configure terminal DES 7210 config interface fastethernet 0 1 DES 7210 config if ip pim state refresh origination interval 65 39 2 Show Related Commands 39 2 1 show ip pim dense mode interface Use this command to show the information about the PIM DM int...

Page 734: ...rs of the PIM DM interface Related commands Command Description show ip pim dense mode neighbor Show the information about the neighbors of the PIM DM interface 39 2 2 show ip pim dense mode neighbor Use this command to show the information about the PIM DM neighbors show ip pim dense mode neighbor interface type interface number Parameter description Parameter Description interface type interface...

Page 735: ...IP address of the neighbor Interface Name of the interface connecting the neighbor Uptime Expires Valid time and aging time of the entry Ver PIM version 39 2 3 show ip pim dense mode nexthop Use this command to show the information about the PIM DM next hop show ip pim dense mode nexthop Parameter description N A Command mode Privileged Global configuration Interface configuration mode ...

Page 736: ...ddress Nexthop Num Number of next hop Nexthop Addr IP address of next hop Nexthop interface Interface connecting to the of next hop Metric Route metric Pref Route priority 39 2 4 show ip pim dense mode mroute Use this command to show the information about the PIM DM routing table show ip pim dense mode mroute A B C D A B C D summary Parameter description Parameter Description A B C D A B C D Multi...

Page 737: ... routing table DES 7210 show ip pim dense mode mroute PIM DM Multicast Routing Table 1 1 1 111 229 1 1 1 MRT lifetime expires in 205 seconds RPF Neighbor 50 50 50 1 Nexthop 50 50 50 1 VLAN 4 Upstream IF VLAN 4 Upstream State Pruned PLT 200 Assert State NoInfo Downstream IF List FastEthernet 0 45 Downstream State NoInfo Assert State Loser AT 170 ...

Page 738: ......

Page 739: ...se mode bsr rp set ip multicast routing ip pim access register list ip pim bsr candidate ip pim cisco register checksum ip pim dr priority ip pim ignore rp set priority ip pim jp timer ip pim mib ip pim neighbor filter ip pim query interval ip pim register rate limit ip pim register rp reachability ip pim register source ip pim register suppression ip pim rp address ip pim rp candidate ip pim rp r...

Page 740: ... N A Command mode Privileged mode Usage guideline Multicast routing entries can be deleted manually Examples DES 7210 clear ip mroute DES 7210 clear ip mroute 224 2 2 2 DES 7210 clear ip mroute 224 2 2 2 2 2 2 2 40 1 2 clear ip mroute statistics clear ip mroute statistics group_address source_address Parameter description Parameter Description Delete the statistics of all multicast routing entries...

Page 741: ...tics 224 2 2 2 DES 7210 clear ip mroute statistics 224 2 2 2 2 2 2 2 40 1 3 clear ip pim sparse mode bsr rp set clear ip pim sparse mode bsr rp set Parameter description Parameter Description Clear all RP SET Default N A Command mode Privileged mode Usage guideline All the RP information learnt dynamically can be cleared manually Examples DES 7210 clear ip pim sparse mode bsr rp set 40 1 4 ip mult...

Page 742: ...er Description access list Access control list supporting numerical ACL in the range of 100 to 199 and 2000 to 2699 and name ACL Default There is no restriction on the source IP address pair of register messages on RP Command mode Global configuration mode Usage guideline This command is used to restrict the source IP address of register messages on RP Examples DES 7210 config ip pim accept regist...

Page 743: ...to be the BSR and regularly send bootstrap packets using the multicast address 224 0 0 13 in the PIM SM domain This packet contains the address and priority of the BSR This command allows the device to send a bootstrap message to all the PIM neighbors using the assigned BSR address Each neighbor compares the original BSR address with the address in the received bootstrap message If the IP address ...

Page 744: ...ated in Cisco way Command mode Global configuration mode Usage guideline This command is used to achieve the compatibility with those devices that the checksum of register messages calculate the whole PIM message including encapsulated multicast data packet rather than the head of the register message Examples DES 7210 configure terminal DES 7210 config ip pim cisco register checksum DES 7210 conf...

Page 745: ...ty parameter of the Hello message is not set for the devices in a LAN the one of the largest IP address is elected to be the DR Examples DES 7210 configure terminal DES 7210 config interface g 0 3 DES 7210 config if ip pim dr priority 10000 40 1 9 ip pim ignore rp set priority ip pim ignore rp set priority Parameter description N A Default By default the RP priority of the RP set is taken into acc...

Page 746: ... interval of 60s Command mode Global configuration mode Usage guideline This command is used to set the interval to send the Join Prune message Examples DES 7210 configure terminal DES 7210 config ip pim jp timer 50 40 1 11 ip pim mib ip pim mib dense mode Parameter description N A Default By default the MIB of the sparse mode is used Command mode Global configuration mode Usage guideline This com...

Page 747: ...s denied by the access list PIM SM will not establish the peering relationship with this neighbor or terminate the established peering relationship with this neighbor Examples DES 7210 configure terminal DES 7210 config interface g 0 3 DES 7210 config if ip pim neighbor filter 14 DES 7210 config if exit DES 7210 config access list 14 deny 192 168 1 5 0 0 0 255 Related commands Command Description ...

Page 748: ...ter rate limit ip pim register rate limit rate Parameter description Parameter Description rate Maximum number of register packets that can be sent per second in the range of 1 to 65535 Default By default there is no rate limitation on register messages Command mode Global configuration mode Usage guideline This command is used to configure speed of transmitting register packet in each S G status ...

Page 749: ...interface type interface number Parameter description Parameter Description source_ip Source IP address of register packets interface type interface number Interface whose IP address is used as the source IP address of register packets Default By default the source IP address of register packets is the IP address of the DR interface connecting the multicast source Command mode Global configuration...

Page 750: ...guration mode Usage guideline Executing this command on the DR will change the register packet suppression time configured if the ip pim rp register kat command is not configured executing this command on RP will modify the period of RP keepalive Examples DES 7210 configure terminal DES 7210 config ip pim register suppression 100 40 1 18 ip pim rp address ip pim rp address rp address access_list P...

Page 751: ...tted After configuration is performed the static RP s source IP address is inserted to the group range based static RP group tree structure Each group range based static multicast group maintains the chain list structure of a static RP group This chain list is sorted in descending order of IP address When you select a RP from a static RP group the first entry namely the one wit the largest IP addr...

Page 752: ... by the multicast routing uses the Rendezvous Point RP as the root node RP is elected by the candidate RPs After BSR is elected all C RPs sends C RP messages in the unicast form to BSR regularly and BSR spreads the messages throughout the PIM domain To specify an interface as the candidate RP of a specific group execute this command with ACL Note that the group range is calculated only based on th...

Page 753: ...This command is used to configure the KAT interval of RP Examples DES 7210 configure terminal DES 7210 config ip pim rp register kat 250 40 1 21 ip pim sparse mode ip pim sparse mode Parameter description N A Default Disabled Command mode Interface configuration mode Usage guideline This command is used to enable PIM SM on the interface Examples DES 7210 configure terminal DES 7210 config interfac...

Page 754: ...faces In this case if you still need to enable PIM SM on the interface delete the unnecessary PIM SM PIM DM or DVMRP interfaces 40 1 22 ip pim spt threshold ip pim spt threshold group list access_list Parameter description Parameter Description access_list Optional Numerical ACL in the range 1 to 99 and 1300 to 1999 or name ACL By default all multicast groups are permitted for SPT switching Defaul...

Page 755: ...me ACL Default Disabled Command mode Global configuration mode Usage guideline This command is used to enable PIM SSM or in some specific multicast groups Examples The following command sets the source specific multicast of the multicast group range 232 8 DES 7210 configure terminal DES 7210 config ip pim ssm default The following command sets the source specific multicast with ACL 10 DES 7210 con...

Page 756: ...nterface configuration mode Usage guideline This command is used to turn on debugging switch Examples DES 7210 show debugging PIM SM Debugging status PIM packet debugging is on 40 2 2 show ip pim sparse mode bsr router show ip pim sparse mode bsr router Parameter description N A Command mode Privileged EXEC mode global configuration mode and interface configuration mode Usage guideline This comman...

Page 757: ...de interface interface type interface number detail Parameter description Parameter Description interface type interface number Optional Interface name This command takes effect for all commands by default detail Optional Show the details of an interface Command mode Privileged EXEC mode global configuration mode and interface configuration mode Usage guideline This command shows the PIM SM inform...

Page 758: ...n GigabitEthernet 0 3 225 1 1 1 Include Loopback 1 40 2 5 show ip pim sparse mode mroute show ip pim sparse mode mroute group_address source_address Parameter description Parameter Description group_address Group IP address in the form of A B C D source_address Source IP address in the form of A B C D Command mode Privileged EXEC mode global configuration mode and interface configuration mode Usag...

Page 759: ...n 81 seconds 40 2 7 show ip pim sparse mode nexthop show ip pim sparse mode nexthop Parameter description N A Command mode Privileged EXEC mode global configuration mode and interface configuration mode Usage guideline This command shows the information on the next hop including interface number IP address and metric 40 2 8 show ip pim sparse mode rp mapping show ip pim sparse mode rp mapping Para...

Page 760: ...14 expires 00 01 38 Group s 224 0 0 0 4 Static RP 100 100 100 100 Uptime 00 45 35 40 2 9 show ip pim sparse mode rp hash show ip pim sparse mode rp hash group address Parameter description Parameter Description group address Group address to be resolved Command mode Privileged EXEC mode global configuration mode and interface configuration mode Usage guideline This command shows the information on...

Page 761: ...hold ip multicast routing ip multicast boundary ip multicast static 41 1 1 clear ip mroute Use this command to remove the forwarding information of the IP multicast routes clear ip mroute group address source address Parameter description Parameter Description Remove all the forwarding information in the IP multicast route table group address Group IP address of IP multicast routes source address ...

Page 762: ... address Parameter description Parameter Description Remove all the forwarding entries in the multicast route table group address Group IP address of IP multicast routes source address Source IP address of multicast route Command mode Privileged mode Usage guideline This command allows you to clear the statistics information of IP multicast routes Examples Following example shows how to clear the ...

Page 763: ...mask Mask of the source IP address protocol Optional The unicast routing protocol being used rpf address Incoming interface of the multicast route interface type interface number Interface type and interface ID distance Management distance used to determine whether to use the route for RPF routing ranging from 1 to 255 The default value is 0 Default distance 0 Command mode Global configuration mod...

Page 764: ...gered The default value is 2147483647 Default The default value of limit is 1024 The default value of threshold is 2147483647 Command mode Global configuration mode Usage guideline This command is used to restrict the number of route adding to the IPv6 multicast table Note that the hardware resources of different devices are limited The routes exceeding the hardware resource will be forwarded by s...

Page 765: ... is greater than the threshold of the interface the packets will be forwarded Otherwise the packet is discarded Note that the TTL threshold is effective only to the multicast frames In addition you must configure it on the L3 interface When TTL threshold is 0 the data flow will not go through the correspondent interface Examples The following example sets the TTL threshold on the interface to 5 DE...

Page 766: ...ith SVGL mode of IGMP SNOOPING The IPv4 multicast routing forwarding can be co used with the IGMP SNOOPING IVGL mode but the source IP check function cannot be enabled Examples This command enables multicast routing forwarding DES 7210 config ip multicast routing Note It is not recommended to configure different v4 multicast routing protocols on different interfaces of a device 41 1 7 ip multicast...

Page 767: ... ACL associated with the multicast boundary is either standard ACL or extended ACL But the extended ACL only match the destination IP address Note This command filters IGMP and PIMSM packets of the specified IP address range Multicast packets will not be received and sent through the interface of the boundary Examples The following example configures svi1 as the boundary of all IP multicast groups...

Page 768: ...for a multicast flow With flow control enabled the multicast flow can only be forwarded through these configured interfaces This command controls the forwarding of multicast flows on an interface without any direct influence on the packet processing of multicast protocols However the action of a multicast protocol for instance PIM DM or PIM SM may be affected because some features of the multicast...

Page 769: ... Examples The following example shows the information of the multicast routing table DES 7210 show ip mroute IP Multicast Routing Table Flags I Immediate Stat T Timed Stat F Forwarder installed Timers Uptime Stat Expiry Interface State Interface TTL 10 10 1 52 224 0 1 3 uptime 00 00 31 stat expires 00 02 59 Owner PIM SM Flags TF Incoming interface FastEthernet 2 1 Outgoing interface list FastEther...

Page 770: ... 01 10 Forwarding Counts Pkt count Byte count Other Counts Wrong If pkts Fwd msg counts WRONGVIF WHOLEPKT recv Client msg counts WRONGVIF WHOLEPKT Imm Stat Timed Stat sent Reg pkt counts Reg ACK recv Reg NACK recv Reg pkt sent 10 10 1 52 224 0 1 3 Forwarding 2 19456 Other 0 Fwd msg 0 0 Client msg 0 0 0 0 Reg 0 0 0 The following example shows the summary of the routing table DES 7210 show ip mroute...

Page 771: ...er Counts Wrong If pkts Count of the packets received from the wrong incoming interface Related commands Command Description ip multicast routing Enabling the multicast routing forwarding ip pim dense mode Enable the PIM DM on the interface ip pim sparse mode Enable the PIM SM on the interface 41 2 2 show ip rpf Use this command to show the RPF information of the specified source IP address show i...

Page 772: ...this command to show the basic information of the multicast interface show ip mvif interface type interface number Parameter description Parameter Description interface type interface number Interface Type and number Command mode Privileged mode Examples The following example shows the basic information of the multicast interface of svil DES 7210 show ip mvif vlan 1 Interface Vif Owner TTL Local R...

Page 773: ...mcast all 41 3 2 debug nsm mcast fib msg Use this command to turn on the fib msg debugging switch The no form of this command turns off the debugging switch debug nsm mcast fib ms Default Disabled Command mode Privileged EXEC configuration mode Usage guideline N A Examples The following example turns on the fib msg debugging switch DES 7210 debug nsm mcast fib msg 41 3 3 debug nsm mcast vrf Use th...

Page 774: ...ging switch The no form of this command turns off the debugging switch debug nsm mcast register Default Disabled Command mode Privileged EXEC configuration mode Usage guideline N A Examples The following example turns on the register debugging switches DES 7210 debug nsm mcast register 41 3 5 debug nsm mcast stats Use this command to turn on the interface statistics debugging switch The no form of...

Page 775: ...LI Reference Guide Chapter 41 Multicast Routing Configuration Commands 41 15 Usage guideline N A Examples The following example turns on the interface statistics debugging switches DES 7210 debug nsm mcast stats ...

Page 776: ......

Page 777: ...ified routings advertised labels for bgp routes host routes no advertised labels for bgp routes host routes Parameter description Parameter Description bgp routes Distribute labels to the valid bgp routes host routes Only distribute labels to the host routes with 32 bit mask length Default configuration By default it distributes labels to the IGP routes not the BGP routes Command mode config mpls ...

Page 778: ...not be necessary to distribute the labels to all IGP routes and set up LSP For example in the MPLS network for transmitting the user service such as L3VPN the VPN users in different locations communicate by the MPLS transmission network In this application it is not necessary to distribute the labels and set up the LSP in every network segment of the MPLS transmission network but set up the LSP be...

Page 779: ...onfiguration it is necessary to ensure the holdtime of the target hello is larger than the interval value Otherwise LDP can not work normally according to the requirement Note that this command is valid for the targeted hello used by the extended discovery mechanism only Examples DES 7210 config mpls route ldp DES 7210 config mpls router discovery target hello holdtime 90 Related commands Command ...

Page 780: ...erge Related commands Command Description show mpls ldp parameters Show the LDP global configuration attribute mpls ldp distribution mode Configure the label distribution mode used for each interface 42 1 4 label retention mode Use this command to set the label retention mode Use the no form of this command to restore the default value label retention mode liberal conservative no label retention m...

Page 781: ...ion mode liberal Related commands Command Description show mpls ldp parameters Show the LDP global configuration attribute 42 1 5 label switching When the MPLS multi service card is used to forward the MPLS service use this command to enable the interface to process the MPLS label message no label switching Default configuration For the equipment which uses the MPLS multi service card to forward t...

Page 782: ...label pool in each label space 42 1 6 ldp router id Use this command to set the LSR ID of the LDP Use the no form of this command to restore the default value no ldp router id A B C D Parameter description Parameter Description A B C D The configured IP address Default configuration Use Router ID as the LDP LSR ID Command mode config mpls router mode Usage guidelines The value of ldp router id sho...

Page 783: ...ection Use the no form of this command to disable loop detection no loop detection Default configuration Disabled Command mode config mpls router mode Usage guidelines Use this command to reset and rebuild the LDP session Examples DES 7210 config mpls router ldp DES 7210 config mpls router loop detection Related commands Command Description show mpls ldp parameters Show the LDP global configuratio...

Page 784: ...e the default value lsp control mode independent ordered no Isp control mode Parameter description Parameter Description independent Use the independent control mode ordered Use the ordered control mode Default configuration Independent control mode Command mode config mpls router mode Usage guidelines Use this command to reset and rebuild the LDP session Examples DES 7210 config mpls router ldp D...

Page 785: ...idelines To implement the mpls forward it is necessary to enable the MPLS globally firstly This command is invalid for the mpls forward on the switch After the mpls forward is disabled by the process forward the switch can not send and receive the MPLS messages Examples DES 7210 config mpls ip Related commands Command Description mpls ip Enable the MPLS in the interface configuration mode 42 1 10 ...

Page 786: ...LDP to set up the LSP It only allows enable the MPLS function on the L3 interface Examples DES 7210 config interface Gi4 1 DES 7210 config if mpls ip Related commands Command Description mpls ldp hello interval Configure the interval for sending hello messages mpls ldp hello holdtime Configure the hello packet holdtime 42 1 11 mpls ip fragment Use this command to set the processing if it exceeds t...

Page 787: ... MPLS MTU after the entered IP packet is encapsulated with the MPLS label Examples DES 7210 config no mpls ip fragment Related commands Command Description mpls ip Enable MPLS globally 42 1 12 mpls ip icmp forward For the ICMP error message generated by multiples layers larger than or equal to 2 of labels it will be forwarded until the PE returns to the source terminal mpls ip icmp forward no mpls...

Page 788: ...ls ip Enable MPLS globally 42 1 13 mpls ip ttl expiration Use this command to set the generated ICMP timeout error message to be forwarded along the local IP route if the TTL of the label message is timeout when it is forwarded within MPLS network mpls ip ttl expiration no mpls ip ttl expiration Default configuration By default it will return the ICMP message according to the local IP route for th...

Page 789: ...able the IP TTL copy function of the MPLS mpls ip ttl propagate public vpn no mpls ip ttl propagate Parameter description Parameter Description public Specify whether to enable TTL copy function or not for the sending messages vpn Specify whether to enable TTL copy function or not for the forwarding messages Default configuration By default it enables TTL copy function for both the sending and for...

Page 790: ...5 when Pushing the label and keep the value of the TTL of the internal IP packet or the MPLS packet when Popping the label Examples The following example disables the TTL copy function of the forwarding message DES 7210 config mpls ip ttl propagate public Related commands Command Description mpls ip Enable MPLS globally 42 1 15 mpls ldp distribution mode Use this command to set the label distribut...

Page 791: ...les DES 7210 config interface vlan 10 DES 7210 config if mpls ldp distribution mode dod Related commands Command Description loop detection mode Configure loop detection 42 1 16 mpls ldp hello holdtime Use this command to configure the holdtime in seconds for LDP hello packets on each interface Use the no form of this command to restore the default value no mpls ldp hello hellotime 1 65535 Paramet...

Page 792: ...ES 7210 config if mpls ldp hello holdtime 30 Related commands Command Description mpls ldp hello interval Configure the interval for sending hello messages discovery targeted hello Configure the interval and timeout time of sending hello messages for the extended discovery mechanism 42 1 17 mpls ldp hello interval Use this command to configure the holdtime in seconds for LDP hello packets on each ...

Page 793: ...o set the hello holdtime for the extended discovery mechanism Examples DES 7210 config interface vlan 10 DES 7210 config if mpls ldp hello interval 10 Related commands Command Description mpls ldp hello holdtime Configure the hello packet holdtime discovery targeted hello Configure the interval and timeout time of sending hello messages for the extended discovery mechanism 42 1 18 mpls ldp keepali...

Page 794: ...argeted session holdtime command to modify the Keepalive Holdtime of the LDP session set up by the extended discovery mechanism Examples DES 7210 config interface vlan 10 DES 7210 config if mpls ldp keepalive holdtime 90 Related commands Command Description targeted session holdtime Set the holdtime of keepalive messages for the extended mechanism 42 1 19 mpls ldp max hop count Use this command to...

Page 795: ... value it is deemed that a loop occurs This command is invalid for the label mapping message and label request message received previously but valid for the ones received later Examples DES 7210 config interface vlan 10 DES 7210 config if mpls ldp max hop count 30 Related commands Command Description loop detection node Configure LDP loop detection 42 1 20 mpls ldp max label requests Use this comm...

Page 796: ...ession The value 0 means that the label requests will not be retransmitted Examples DES 7210 config interface vlan 10 DES 7210 config if mpls ldp max label requests 5 Related commands Command Description mpls ldp distribution mode Configure the label distribution mode 42 1 21 mpls ldp max path vector Use this command to configure the maximum path vector value allowed for loop detection on each int...

Page 797: ...ured value it is deemed that a loop occurs This command is invalid for the built LDP session but influences the LDP session to be built Examples DES 7210 config interface vlan 10 DES 7210 config if mpls ldp max path vector 10 Related commands Command Description loop detection Set LDP loop detection 42 1 22 mpls ldp max pdu Use this command to configure the maximum PDU value Use the no form of thi...

Page 798: ...nd to set the global transport address Use the no form of this command to restore the default value no transport address interface ipaddr interface_name Parameter description Parameter Description interface Use the IP address of the corresponding interface as the transmission address for the session on each interface ipaddr All sessions use this specified IP address as the transmission address uni...

Page 799: ...no mpls mtu Parameter description Parameter Description 64 65535 The mtu value supported by the interface in byte Usage guidelines The path vector value is valid with the loop detection of the LDP instance enabled If the LDR ID number that is in the path vector list of the label mapping message or the label request message of LDP is greater than the configured value it is deemed that a loop occurs...

Page 800: ...he interface must not exceed the actual transmitted units This command is valid for the process forward only The switch hardware forwards the messages according to the configured MTU on the interface and discards the messages that exceed the confgured MTU Use the mtu command in the interface configuration mode to adjust the MTU on the interface Examples DES 7210 config interface Gi4 1 DES 7210 con...

Page 801: ...bel label Corresponding out label of this FEC nexthop interface name nexthop ip The next hop of this FEC including the egress and the ip address of the next hop Command mode Global configuration mode Usage guidelines This command allows you to add an FTN entry to the FTN table After the router with MPLS enabled receives an IP packet it looks up for the next hop in the FTN table according to the de...

Page 802: ... Parameter description Parameter Description vrf name Specify the name of the VRF whose FTN table to which the FTN entry is to be added A B C D Mask Fec namely the destination network out label label It indicates that the corresponding private network FTN should reach to other PE forwarding through the LSP tunnel At the same time it will be specified with the private network label used for the for...

Page 803: ...ute forwarding table Examples DES 7210 config mpls static l3vpn ftn 192 168 0 0 16 out label 100 remote pe 10 10 10 1 Related commands Command Description show mpls forwarding table Show the overview information of the global FTN table 42 1 28 mpls static l2vc ftn Use this command to configure one static VC FTN item Use the no form of this command to to delete the configured FTN item mpls static l...

Page 804: ...em of the MPLS 42 1 29 mpls static ilm in label Use this command to add one ILM table item to the ILM table Use the no form of this command to delete the configured ILM item mpls static ilm in label in label forward action swap label label nexthop interface name nexthop ip fec A B C D Mask mpls static ilm in label in label forward action pop l3vpn nexthop vrf name nexthop interface name nexthop ip...

Page 805: ...ll specify the forwarded egress nexthop interface name nexthop ip Specify the next hop including the egress and the IP address of the next hop fec Indicate this ILM is created for which FEC A B C D Mask Correspond to the fec format of the global or l3 vpn application to indicate one destination network vc id Correspond to the fec format of the l2vpn application to indicate the VC instance Command ...

Page 806: ...eer Use the no form of this command to delete the ldp extended peer no neighbor A B C D Parameter description Parameter Description A B C D The Router ID of the peer LSR Default configuration There is no LDP extended peer by default Command mode config mpls router mode Usage guidelines To set up a extended LDP session the both ends of the LSR of the session to be built must be configured It fails ...

Page 807: ...ith no label release messages transmitted no propagate release Default configuration Disabled Command mode config mpls router mode Usage guidelines This command execution does not influence the label release messages previously received from the LDP instance only the ones received later Examples DES 7210 config mpls router ldp DES 7210 config mpls router propagate release Related commands Command ...

Page 808: ...hop A B C D Show the MPLS forward entry ILM and FTN of the specified next hop address ftn Show to forward the mapping table item of the forwarding equivalence class ilm Show the mapping table item of the egress label vc Show the MPLS forwarding table item added by the vc ip Show the MPLS forwarding table item generated by the ip route detail Show the detailed information of the mpls forwarding tab...

Page 809: ...ge is sent by this equipment POP IP It is necessary to pop up the label when the message is sent by this equipment and carry out the IP forwarding POP L2PORT It is necessary to pop up the label when the message is sent by this equipment and carry out the forwarding by the L2 port VPLS POP VC It is necessary to pop up the label when the message is sent by this equipment and carry out the forwarding...

Page 810: ...gment packets 0 Fragment error packets 0 Label error packets 0 Label failed packets 0 Ttl over packets 0 Buffer failed packets 0 Ip don t fragment packets 0 Other failed packets 0 42 1 33 show mpls label pool Use this command to show the usage of the label pool in various label spaces You can show the data of all the label spaces or that of a specific label space by specifying a label space number...

Page 811: ...lated commands Command Description label switching Enable label switching 42 1 34 show mpls ldp bindings Use this command to show the LDP label database information show mpls ldp bindings Command mode Privileged user mode Usage guidelines This command shows the FEC and label binding information This command allows you to view the working status of the LDP whether the LDP has normally bound the FEC...

Page 812: ...session status 42 1 35 show mpls ldp discovery Use this command to show the neighbor of LDP discovery show mpls ldp discovery Command mode Privileged user mode Usage guidelines This command allows you to show the interfaces on which the LDP neighbor has been discovered the LDP neighbors discovered the hello packet source address of the LDP neighbor and hello keepalive interval Examples DES 7210 sh...

Page 813: ...Hello messages actively and the local LSR responses Related commands Command Description show mpls ldp interface Show the LDP enabled interface information 42 1 36 show mpls ldp neighbor Use this command to show the LDP neighbor information show mpls ldp neighbor Command mode Privileged user mode Usage guidelines Show all LDP neighbors including the TCP connection port between the local LDP and pe...

Page 814: ...NSOLICITED ONDEMAND The label distribution mode Related commands Command Description show mpls ldp discovery Show the neighbor information discovered by LDP 42 1 37 show mpls ldp parameters Use this command to show the LDP global configuration parameters show mpls ldp parameter Command mode Privileged user mode Usage guidelines It can show various attribute information of the LDP including the LSR...

Page 815: ...p label retention mode Configure the label retention mode propagate release Configure the label propagate release label merge Configure the label merge loop detection mode Configure loop detection 42 1 38 show mpls ldp session Use this command to show LDP session information show mpls ldp session Command mode Privileged user mode Usage guidelines This command allows you to show the information of ...

Page 816: ...s off Session attach socket FD 2572 read thread is 0xc6019c0 write thread is nil LDP Peer Address 192 168 4 1 192 168 0 2 192 168 3 2 42 1 39 show mpls summary Use this command to show the MPLS global configurations show mpls summary Command mode Privileged user mode Usage guidelines This command allows you to view the basic information of the MPLS including maximum minimum available labels inform...

Page 817: ... seconds Parameter description Parameter Description seconds Set the holdtime with the value range 15 65535 Default configuration By default the holdtime of the LDP session built in the extended discovery mechanism is 180s The sending interval of the keepalive message is 60s which is 1 3 of the session holdtime Command mode config mpls router mode Usage guidelines Note that this command is valid f...

Page 818: ...e interaction of a vrf route no address family ipv4 vrf vrf name Parameter description Parameter Description vrf name VRF name Default configuration By default no VRF address family is defined Command mode Router mode Usage guidelines This command allows you to enable or disable the route information exchange between the PE and CE Use command exit address family to return to the BGP configuration ...

Page 819: ...meter description Parameter Description unicast Specify the unicast address prefix Default configuration By default no vpn address family is defined Command mode Router mode Usage guidelines Use this command to enable the VPN routing information interaction between PEs and enter the address family VPN mode Use command exit address family to exit from the address family VPN configuration mode Examp...

Page 820: ...t all BGP sessions in VRF address Reset the BGP sessions of the specified peer in VRF ipv4 unicast IPv4 unicast session in Reset the actively connected session bulit by the peer out Reset the actively connected session bulit by the local BGP speaker soft Reset the route information sent to or received from the specified peer by command soft in Reset the received route information by command soft o...

Page 821: ...ation or vpn address family configuration mode exit address family Command mode Specific address family configuration mode Examples DES 7210 config router bgp 100 DES 7210 config router address family vpnv4 unicast DES 7210 config router af exit address family 42 2 5 ip route static inter vrf Use this command to enable or disable the static inter vrf route no ip route static inter vrf Default conf...

Page 822: ...ble with outgoing interface x x Examples DES 7210 config no ip route static inter vrf 42 2 6 ip route vrf Use this command to create a static routing table entry for the VFR Use the no form of this command to delete the entry no ip route vrf vrf name ip addr mask interface next hop address global Parameter description Parameter Description vrf name VRF name ip addr Prefix of the destination addres...

Page 823: ... and the interface is not within the global vrf it will take the vrf where the interface locates as the standard Note Configure the global to cross the global inter vrf It is not limited by the no ip route static inter vrf Examples DES 7210 config ip route vrf vrf1 10 10 10 0 255 255 255 0 gi3 1 192 168 18 1 42 2 7 ip vrf Use this command to create a VRF Use the no form of this command to delete a...

Page 824: ...tribute for the VRF 42 2 8 ip vrf forwarding Use this command to bind the VRF with an interface Use the no form of this command to remove the binding no ip vrf forwarding vrf name Parameter description Parameter Description vrf name VRF name Default configuration By default the VRF is not binding with any interface Command mode Interface configuration mode Examples DES 7210 config int eth1 DES 721...

Page 825: ...s The routes which exceed the limits will not be written into the core route table ranging from 1 to 4294967295 warn threshold Print the warning threshold It will print the warning after the percent is reached ranging from 1 to 100 warning only After the configured limit is reached it only prints the warning But it is still allowed to add to the core route table Default configuration There is no l...

Page 826: ...dress of the peer This address can be the IPv4 or IPv6 address peer group name Specify the name of the peer group The peer group name doesn t exceed 32 characters Default configuration It is enabled under the address family IPv4 Command mode The BGP configuration mode the IPv4 address family configuration mode of BGP the IPv6 address family configuration mode of BGP the IPv4 VRF configuration mode...

Page 827: ... PE Use the no form of this command to restore the default value neighbor peer address peer group name allowas in number no neighbor peer address peer group name allowas in Parameter description Parameter Description peer address Specify the address of the peer peer group name Specify the name of the peer group The name of the peer group doesn t exceed 32 characters number The repeated times of th...

Page 828: ...bgp 60 DES 7210 config router neighbor 10 0 0 1 remote as 100 DES 7210 config router address family ipv4 vrf vpn1 DES 7210 config router af neighbor 10 0 0 1 allowas in Related commands Command Description router bgp Open the BGP protocol neighbor remote as Configure the peer of the BGP 42 2 12 neighbor as override Use this command to configure the PE to cover the AS number of a site Use the no fo...

Page 829: ...e other party After the above command is configured on the PE you can let the PE cover the AS number of the CE so that the CE from the other end can receive the route information Only set this function for the EBGP peer Examples DES 7210 config router bgp 60 DES 7210 config router neighbor 10 0 0 1 remote as 100 DES 7210 config router address family ipv4 vrf vpn DES 7210 config router af neighbor ...

Page 830: ... configuration Disabled Command mode BGP configuration mode IPv4VRF address family configuration mode of BGP Usage guidelines This command is used to add the descriptive character for the peer group It can help us remember the characteristics and features of this peer group better Examples DES 7210 config router bgp 60 DES 7210 config router neighbor 10 1 1 1 remote as 80 DES 7210 config router ne...

Page 831: ... be the IPv4 or IPv6 address peer group name Specify the name of the peer group The name of the peer group doesn t exceed 32 characters as number AS number of the BGP peer group The range is from 1 to 65535 Default configuration No BGP peer is configured Command mode BGP configuration mode IPv4 address family configuration mode of BGP IPv6 address family configuration mode of BGP and IPv4 VRF conf...

Page 832: ... name Specify the name of the peer group The name of the peer group doesn t exceed 32 characters Default configuration Disabled Command mode BGP configuration mode IPv4 address family configuration mode of BGP IPv6 address family configuration mode of BGP and IPv4 VRF configuration mode of BGP Usage guidelines This command is used to disable the valid connection established for specified peer grou...

Page 833: ... this command to cancel the neighbor source site attribute value neighbor peer address peer group name soo soo value no neighbor peer address peer group name soo Parameter description Parameter Description peer address Specify the address of the peer peer group name Specify the name of the peer group The name of the peer group doesn t exceed 32 characters soo value Value of soo soo value can have ...

Page 834: ...e CE end Examples DES 7210 config router bgp 65000 DES 7210 config router address family ipv4 vrf vpn1 DES 7210 config router af neighbor 10 0 0 1 remote as 100 DES 7210 config router af neighbor 10 0 0 1 soo 100 100 Related commands Command Description router bgp Enable BGP protocol 42 2 17 rd Use this command to define the RD value of the VRF rd rd value Parameter description Parameter Descripti...

Page 835: ...escription ip vrf Create a VRF instance show ip vrf Show the VRF configuration 42 2 18 redistribute The route redistributed command can be used to carry out the redistribution between the route information of other route protocol and BGP and the no form of this command can be used to delete this function and its parameter configuration redistribute protocol type route map map tag metric metric val...

Page 836: ...tocols This is applicable to all IP routing protocols Description When the no command is configured if the parameters are configured and there are corresponding parameter configurations it will cancel the configuration of corresponding parameters If there is no parameter this configuration of redistribute will be canceled Caution for the metric value of the route it will apply the route map to pro...

Page 837: ...nternal external 1 2 nssa external 1 2 Parameter description Parameter Description process id Process ID of the redistributed OSPF protocol route map map tag The name of the associate route map No associated with route map by default metric metric value Configured default metric value of the redistributed route This value is not set by default match Used to set the matched subtype of the OSPF rout...

Page 838: ...onding parameters If there is no parameter this configuration of redistribute will be canceled When all of the route subtypes are deleted it is the default route type Caution The filtration rule of the OSPF route is to carry out the filtration of the OSPF route type according to the configured match option and then carry out the filtration of the route map rule For the metric value of the route it...

Page 839: ...eter Description import Set the import value for the VRF export set the export value for the VRF both Set the import and export value for the VRF Default configuration By default no Route Target is defined Command mode VRF configuration mode Usage guidelines In one VRF you can configure multiple import and expoer route target attribute values Examples DES 7210 config ip vrf vrf1 DES 7210 config vr...

Page 840: ...bgp vpvn4 rd rd value network neighbor address summary label Parameter description Parameter Description network Show the prefix of the specified destination network neighbor Show the neighbor information of the specified route summary Show the summary information of the route label Show the label information of the route all Show the VPN route information of all VRFs vrf Show the VPN route inform...

Page 841: ...e Distinguisher 100 2 i 192 168 0 1 32 192 168 0 2 0 100 0 10 i 192 168 1 0 32 192 168 0 2 0 100 0 Route Distinguisher 100 30 i 192 168 0 1 32 192 168 0 2 0 100 0 10 192 168 4 0 192 168 4 1 0 0 20 192 168 4 0 0 0 0 0 0 32768 DES 7210 show ip bgp vpnv4 vrf vpn1 summary BGP router identifier 192 168 0 4 local AS num 100 BGP VRF vrf1 Route Distinguisher 100 30 BGP table version is 1 3 BGP AS PATH ent...

Page 842: ...P and EGP 42 2 22 show ip route vrf Use this command to show the routing table entry of the VRF show ip route vrf vrf name A B C D mask bgp connected isis ospf rip static Parameter description Parameter Description vrf name VRF name A B C D mask Show the entry of the prefix of the specified route bgp Show the route entry generated from BGP connected Show the entry of directly connected route isis ...

Page 843: ...8 0 1 32 200 0 via 192 168 0 2 01 02 33 B 192 168 0 3 32 200 0 via 192 168 4 1 01 02 33 C 192 168 4 0 24 is directly connected eth1 Related commands Command Description show ip vrf Show the vrf configuration information 42 2 23 show ip vrf Use this command to show the configured VRF information show ip vrf vrf name Parameter description Parameter Description vrf name VRF name Command mode Privileg...

Page 844: ... VRF instance rd Configure the RD value route target Configure the RT value ip vrf forwarding Bind the VRF with an interface 42 3 L2 VPN Commands Caution In this chapter VC and PW are of the same understanding 42 3 1 show mpls l2transport vc Use this command to display the VPWS VC information show mpls l2transport vc vc_id interface interface_name detail Parameter description Parameter Description...

Page 845: ...n VC mode tagged Group id 0 MTU 1500 Control Word not support Output interface VLAN 300 imposed label stack 21 501 MPLS VC label local 21 remote 21 DES 7210 show mpls l2transport vc detail Local interface VLAN 1 AC state up Peer address 192 168 0 1 VC ID 1 VC status up VC type vlan VC mode tagged Group id 0 MTU 1500 Control Word not support Output interface VLAN 300 imposed label stack 21 501 MPLS...

Page 846: ...r address VC Peer IP address VC ID Sole identifier for VC VC status VC state up or down VC type VC type ethernet or vlan VC mode VC mode tag or raw Group id Local group ID for VC MTU Locally configured VC MTU Control Word Whether the control word is support or not Output interface The output interface for transmitting the local VC in the public network imposed label stack The imposed label stack M...

Page 847: ...leged mode Usage guidelines N A Examples DES 7210 show mpls l2vc ftn table Local intf Dest address VC ID VC_label Out intf 2 2 2 2 1 1024 GigabitEthernet 1 1 3 3 3 3 1 21 GigabitEthernet 1 2 Related commands Command Description xconnect Interface VPWS PW bind and create the VPWS PW instance 42 3 3 show mpls ldp vc Use this command to show the LDP PW information show mpls ldp vc vc id Parameter Par...

Page 848: ... ldp vc Total VC Count 1 VC vcid 1 peer 3 3 3 3 local info vpn_id 1 vc bind type vpws vc Local vc type Ethernet VLAN local group id 0 local mtu 1500 local prefer use Control Word no local use Control Word no Remote info remote vc type Ethernet VLAN remote group id 0 remote mtu 1500 remote use Control Word no remote label 21 VC info state 0x27 create map_send map_recv AC up session 3 3 3 3 0 local_...

Page 849: ... VC ID For VPLS VC it is VPLS ID vc bind type Specify the VC bind type local vc type Local configured VC type local group id VC local group ID local mtu VC local MTU local prefer use Control Word Whether the local enables Control Word or not local use Control Word Whether the negotiation result of Control Word is used or not Remote info VC peer configurations remote vc type Peer VC type remote gro...

Page 850: ... send messsage id Last send LDP message ID carried with the VC message last recv message id Last received LDP message ID carried with the VC message create time VC create time in the LDP layer last change time Last change time for VC in the LDP layer up time VC UP time in the LDP layer 42 3 4 vc withdraw expect release Use this command to configure whether to expect the peer reply of the PW label ...

Page 851: ...el withdraw messages are sent because the AC is down if the peer reply of PW label release message is not received when the AC is up again LDP will not resend the PW label mapping message untill the peer reply of PW label release message is received or use the no vc withdraw expect release command to halt the waiting Examples DES 7210 config mpls router vc withdraw expect release 42 3 5 xconnect U...

Page 852: ... encapsulation mode as raw tagged Specify the encapsulation mode as tag send vlanrewrite req Send the vlanrewrite request to the PW peer not send vlanrewrite req Not send the vlanrewrite request to the PW peer group_id Specify the VC group ID the default value is 0 in the range of 0 4294967295 mtu Set the MTU size the default value is 1500 in the range of 46 9216 Default configuration By default n...

Page 853: ... ensured You can use the mtu command to modify the actual MTU value on the interface Caution The MTU configuration of both ends of PW must be consistent so are the PW types otherwise the PW fails to be UP Examples The following example binds vlan 2 with VPWS DES 7210 config int vlan 2 DES 7210 config if xconnect 1 1 1 1 1 encapsulation mpls Related commands Command Description show mpls l2transpor...

Page 854: ......

Page 855: ...switchport port security mac address arp check 43 1 1 storm control Use this command to enable the storm suppression Use the no form of the command to disable the storm suppression storm control broadcast multicast unicast level percent pps packets rate bps no storm control broadcast multicast unicast level percent pps packets rate bps Parameter description Parameter Description broadcast Enable t...

Page 856: ...etwork configuration may also lead to such storms A device can implement the storm suppression to a broadcast a multicast or a unicast storm respectively When excessive broadcast multicast or unknown unicast packets are received the switch temporarily prohibits forwarding of relevant types of packets till data streams are recovered to the normal state then packets will be forwarded normally Use sh...

Page 857: ...orts are set as the protected ports they cannot switch on L2 but can route on L3 A protected port can communicate with an unprotected port Use show interfaces to display configuration Examples DES 7210 config interface gigabitethernet 1 1 DES 7210 config if switchport protected Related commands Command Description show interfaces Show the interface information 43 1 3 protected ports route deny Use...

Page 858: ...port port security Use this command to configure port security and the way to deal with violation Use the no form of the command to disable the port security or restore it to the default switchport port security violation protect restrict shutdown no switchport port security violation Parameter description Parameter Description port security Enable interface security violation protect Discard the ...

Page 859: ...hernet 1 1 DES 7210 config if switchport port security DES 7210 config if switchport port security violation shutdown Related commands Command Description show port security Show port security settings 43 1 5 switchport port security aging Use this command to set the aging time for all secure addresses on a interface To enable this function you need to set the maximum number of secure addresses In...

Page 860: ...config if switchport port security aging static Related commands Command Description show port security Show port security settings 43 1 6 switchport port security mac address Use this command to configure the secure address table Use the no form of the command to remove the configuration or restore it to the default setting switchport port security mac address mac address ip address ip address ip...

Page 861: ...ES 7210 config if switchport mode access DES 7210 config if switchport port security DES 7210 config if switchport port security mac address 00d0 f800 073c ip address 192 168 12 202 Related commands Command Description show port security Show port security settings Platform description DES 7200 series supports up to 1000 secure addresses globally or up to 84 secure addresses IP address binding per...

Page 862: ...r not Examples DES 7210 config if arp check Related commands Command Description show port security Show the port security configuration 43 2 Show Related Command The following commands are used to show the security configuration of the port show storm control show port security 43 2 1 show storm control Use this command to show storm suppression information show storm control interface id Paramet...

Page 863: ... the specified interface Interface interface id Show the port security configuration of the specified interface Command mode Privileged mode Usage guidelines This command shows all the port security configurations secure addresses and the way to deal with violation if no parameter is configured Examples DES 7210 show port security Secure Port MaxSecureAddr count CurrentAddr count Security Action G...

Page 864: ...Chapter 43 Port based Flow Control Configuration Commands DES 7200 CLI Reference Guide 43 10 ...

Page 865: ...on in the global configuration command The no form of this command disables the automatic authentication function no dot1x auto req Default Disabled Command mode Global configuration mode Usage guidelines This command is used to actively initiate 802 1x authentication on the device Use the show dot1x auto req command to view the setting of this function Examples The following example sets the devi...

Page 866: ...dot1x auto req packet num Parameter description Parameter Description num Number of authentication request messages that the device sends automatically Default num 0 namely the packets are sent continuously Command mode Global configuration mode Usage guidelines Use the show dot1x auto req command to view the setting of this function Examples The following example sets the device to automatically ...

Page 867: ...time interval of actively sending authentication request messages by the device in second Default 30 seconds Command mode Global configuration mode Usage guidelines Use the show dot1x auto req command to view the setting of this function Examples The following example sets the time interval of sending authentication request message to 60s DES 7210 configure terminal DES 7210 config dot1x auto req ...

Page 868: ...w dot1x auto req command to view the setting of this function Examples The following example sets the device to stop sending authentication request messages after the user gets on line DES 7210 configure terminal DES 7210 config dot1x auto req user detect DES 7210 config end DES 7210 show dot1x auto req Auto Req Enabled User Detect Enabled Packet Num 0 Req Interval 60 Second Related commands Comma...

Page 869: ...me in seconds for the device to wait before reauthentication after the authentication failure The range is from 0 to 65535 in seconds Default 10 seconds Command mode Global configuration mode Usage guidelines When authentication fails the solicitator must wait for a period of time before reauthentication Examples The following example sets the time for waiting re authentication to 1000s DES 7210 c...

Page 870: ...no dot1x timeout re authperiod Parameter description Parameter Description seconds Period of authentication The range is from 0 to 65535 seconds Default 3600 seconds Command mode Global configuration mode Usage guidelines Use show dot1x command to show the 802 1X configuration Examples The following example sets the period of re authentication to 1000s DES 7210 configure terminal DES 7210 config d...

Page 871: ...ut server timeout seconds no dot1x timeout server timeout Parameter description Parameter Description seconds Authentication timeout between the device and the authentication server The range is 0 to 65535 seconds Default 5 seconds Command mode Global configuration mode Usage guidelines Use show dot1x command to show 802 1X configuration Examples The following example sets the authentication timeo...

Page 872: ...o form of the command to restore it to the default setting dot1x timeout supp timeout seconds no dot1x timeout supp timeout Parameter description Parameter Description seconds Authentication timeout between the device and the supplicant The range is from 0 to 65535 seconds Default 3 seconds Command mode Global configuration mode Usage guidelines Use show dot1x command to show 802 1X configuration ...

Page 873: ...mand to set the interval of transmitting packets after the maximum number of retransmission times is configured Use the no form of the command to restore it to the default setting dot1x timeout tx period seconds no dot1x timeout tx period Parameter description Parameter Description seconds Period of retransmission The range is from 0 to 65535 seconds Default 3 seconds Command mode Global configura...

Page 874: ...dot1x Show the information about 802 1x 44 3 dot1x Re authentication Commands Re authentication commands include dot1x re authentication dot1x reauth max 44 3 1 dot1x re authentication Use this command to enable periodic re authentication Use the no form of the command to restore it to the the default setting no dot1x re authentication Parameter description N A Default By default it is not require...

Page 875: ...imes Maximum Request 3 times Client Oline Probe Disabled Eapol Tag Enable Disabled Authorization Mode Group Server Related commands Command Description show dot1x Show the information about 802 1x 44 3 2 dot1x reauth max Use this command to set the maximum number of supplicant reauthentication Use the no form of the command to restore it to the default value dot1x reauth max count no dot1x reauth ...

Page 876: ... Timeout 10 sec Server Timeout 10 sec Re authen Max 5 times Maximum Request 3 times Client Oline Probe Disabled Eapol Tag Enable Disabled Authorization Mode Group Server Related commands Command Description show dot1x Show the information about 802 1x 44 4 dot1x Detection Function Commands The detection function commands include dot1x probe timer dot1x client probe enable 44 4 1 dot1x probe timer ...

Page 877: ...ample sets the Hello interval to 30 seconds and the alive interval to 120 seconds DES 7210 configure terminal DES 7210 config dot1x probe timer interval 30 DES 7210 config dot1x probe timer alive 120 DES 7210 config end DES 7210 show dot1x probe timer Hello Interval 30 Seconds Hello Alive 120 Seconds Related commands Command Description Show dot1x probe timer Show the probe timer information 44 4 ...

Page 878: ...iod 1000 sec Quiet Timer Period 1000 sec Tx Timer Period 10 sec Supplicant Timeout 10 sec Server Timeout 10 sec Re authen Max 5 times Maximum Request 3 times Client Oline Probe Enabled Eapol Tag Enable Disabled Authorization Mode Group Server Related commands Command Description show dot1x Show the 802 1x configurations 44 5 Other dot1x Configuration Commands Other dot1x configuration commands inc...

Page 879: ...e Default If AAA is enabled the AAA service is used for login authentication by default Command mode Interface configuration mode Usage guidelines If the AAA security server is enabled this command is used for the login authentication with the specified method list Examples The following command demonstrates how to associate a method list on the interface and use group radius for authentication DE...

Page 880: ...Command mode Global configuration mode Usage guidelines Only the IP address in this list can be authenticated by 802 1X Use show dot1x auth address table command to show the authentication address list Examples The following example demonstrates how to add an authentication address on the interface DES 7210 configure terminal DES 7210 config dot1x auth address table address 00d0f8000000 interface ...

Page 881: ...e 802 1X configurations Examples This example shows how to configure the 802 1X authentication mode DES 7210 configure terminal DES 7210 config dot1x auth mode chap DES 7210 config end DES 7210 Related commands Command Description show dot1x Show the information about 802 1x 44 5 4 dot1x default Use this command to restore part of 802 1x parameters to the default value dot1x default Parameter desc...

Page 882: ...dynamic VLAN Use the no form of the command to disable the function dot1x dynamic vlan enable no dot1x dynamic vlan enable Parameter description N A Default Disabled Command mode Interface configuration mode Usage guidelines Use the show dot1x dynamic vlan command to show the 802 1X configuration Examples The following example enables dynamic VLAN DES 7210 configure terminal DES 7210 config interf...

Page 883: ...est vlan you need to execute dot1x dynamic vlan enable command first or the configured guest vlan does not take effect 2 When configuring guest vlan it is recommended not to modify L2 attribute of the port especially not to add the port to a VLAN manually 3 Execute show running config to view 802 1x configuration Examples The following example sets 802 1x guest vlan jumping DES 7210 configure term...

Page 884: ...e terminal DES 7210 config dot1x eapol tag DES 7210 config end DES 7210 Related commands Command Description show dot1x Show the information about 802 1x 44 5 8 dot1x max req During interaction between the dot1x and the server the dot1x will send a request to the server again if it does not receive a response from the server within a certain period of time Use this command to set the maximum numbe...

Page 885: ...7210 configure terminal DES 7210 config dot1x max req 7 DES 7210 config end DES 7210 Related commands Command Description show dot1x Show the information about 802 1x 44 5 9 dot1x private supplicant only Use this command to support the private supplicant in the global configuration mode The no form of this command restores it to the default value dot1x private supplicant only no dot1x private supp...

Page 886: ... 10 dot1x port control auto In the interface configuration mode use this command to allow the port to participate in authentication Use the no form of the command to restore it to the default value dot1x port control auto no dot1x port control Parameter description N A Default By default the port does not participate in 802 1x authentication Command mode Interface configuration mode Usage guidelin...

Page 887: ... port you should clear all the users on the port and reauthenticate The authentication mode can be configured using the following commands dot1x port control mode mac based port based single host no dot1x port control mode Parameter description Parameter Description mac based Enable the MAC address based control port based Enable port based control single host Enable singlehost based control Defau...

Page 888: ... of single user port DES 7210 config interface g 0 1 DES 7210 config if dot1x port control auto DES 7210 config if dot1x port control mode port based single host DES 7210 config if end DES 7210 Related commands Command Description show dot1x port control Show the port control mode Show running config Show the configuration 44 5 12 dot1x stationarity enable In the port based 802 1X control mode dyn...

Page 889: ...Examples The following example prevents the user from transiting from 802 1X port to other port DES 7210 configure terminal DES 7210 config dot1x stationarity enable DES 7210 config end DES 7210 Related commands N A 44 6 Show Related Commands show dot1x show dot1x auth address table show dot1x auto req show dot1x private supplicant only show dot1x max req show dot1x port control show dot1x probe t...

Page 890: ...hentication Mode EAP MD5 Authed User Number 0 Re authen Enabled Disabled Re authen Period 3600 sec Quiet Timer Period 10 sec Tx Timer Period 3 sec Supplicant Timeout 3 sec Server Timeout 5 sec Re authen Max 3 times Maximum Request 3 times Client Oline Probe Disabled Eapol Tag Enable Disabled Authorization Mode Group Server DES 7210 Related commands Command Description dot1x auth mode Set the 802 1...

Page 891: ...x timeout supp timeout Set the authentication timeout between the device and the supplicant dot1x timeout tx period Set the retransmission period 44 6 2 show dot1x auth address table Use this command to display 802 1X authentication allowed address table show dot1x auth address table address mac addr interface interface id Parameter description Parameter Description mac addr Physical IP address th...

Page 892: ...ibute dot1x timeout quiet period Set the time the device waits before reauthentication dot1x timeout re authperiod Set the re authentication period for the supplicant dot1x timeout server timeout Set the authentication timeout between the device and authentication server dot1x timeout supp timeout Set the authentication timeout between the device and the supplicant dot1x timeout tx period Set the ...

Page 893: ...1x reauth max Set the maximum number of the supplicant re authentications dot1x re authentication Set the re authentication attribute dot1x timeout quiet period Set the time the device waits before reauthentication dot1x timeout re authperiod Set the re authentication period for the supplicant dot1x timeout server timeout Set the authentication timeout between the device and authentication server ...

Page 894: ...n request retransmissions dot1x port control auto Set the port to participate in authentication dot1x reauth max Set the maximum number of the supplicant re authentications dot1x re authentication Set the re authentication attribute dot1x timeout quiet period Set the time the device waits before reauthentication dot1x timeout re authperiod Set the re authentication period for the supplicant dot1x ...

Page 895: ...s DES 7210 Related commands Command Description dot1x auth mode Set the 802 1x authentication mode dot1x max req Set the maximum number of authentication request retransmissions dot1x port control auto Set the port to participate in authentication dot1x reauth max Set the maximum number of the supplicant re authentications dot1x re authentication Set the re authentication attribute dot1x timeout q...

Page 896: ...N A Command mode Privileged mode Usage guidelines N A Examples The following example shows the ports that participate in the authentication DES 7210 show dot1x port control interface dyn user static user max user qos ctrl mode status Gi0 1 0 1 6000 dscp 0 mac base Authed DES 7210 Related commands Command Description dot1x auth mode Set the 802 1x authentication mode dot1x max req Set the maximum n...

Page 897: ...t1x timeout tx period Set the retransmission period 44 6 7 show dot1x probe timer Use this command to show the online probing configurations show dot1x probe timer Parameter description N A Default N A Command mode Privileged mode Usage guidelines N A Examples The following example shows the online probing configuration DES 7210 show dot1x probe timer Hello Interval 20 Seconds Hello Alive 250 Seco...

Page 898: ...t between the device and authentication server dot1x timeout supp timeout Set the authentication timeout between the device and the supplicant dot1x timeout tx period Set the retransmission period 44 6 8 show dot1x re authentication Use this command to show re authentication configuration show dot1x re authentication Parameter description N A Default N A Command mode Privileged mode Usage guidelin...

Page 899: ...eriod Set the re authentication period for the supplicant dot1x timeout server timeout Set the authentication timeout between the device and authentication server dot1x timeout supp timeout Set the authentication timeout between the device and the supplicant dot1x timeout tx period Set the retransmission period 44 6 9 show dot1x reauth max Use this command to show the maximum number of re authenti...

Page 900: ...authentication attribute dot1x timeout quiet period Set the time the device waits before reauthentication dot1x timeout re authperiod Set the re authentication period for the supplicant dot1x timeout server timeout Set the authentication timeout between the device and authentication server dot1x timeout supp timeout Set the authentication timeout between the device and the supplicant dot1x timeout...

Page 901: ...t1x reauth max Set the maximum number of the supplicant re authentications dot1x re authentication Set the re authentication attribute dot1x timeout quiet period Set the time the device waits before reauthentication dot1x timeout re authperiod Set the re authentication period for the supplicant dot1x timeout server timeout Set the authentication timeout between the device and authentication server...

Page 902: ... bandwidth is 1024 kbps Authorization vlan is dep7 Authorization seesion time is 1000000 seconds Authorization ip address is 192 168 217 64 Start accounting Permit proxy user Permit dial user IP privilige is 2 DES 7210 Related commands Command Description dot1x auth mode Set the 802 1x authentication mode dot1x max req Set the maximum number of authentication request retransmissions dot1x port con...

Page 903: ...od 44 6 12 show dot1x timeout The commands show the information about the 802 1X timeout show dot1x timeout quiet period show dot1x timeout re authperiod show dot1x timeout server timeout show dot1x timeout supp timeout show dot1x timeout tx period Parameter description N A Default N A Command mode Privileged mode Usage guidelines N A Examples The following example shows the information about the ...

Page 904: ...thentications dot1x re authentication Set the re authentication attribute dot1x timeout quiet period Set the time the device waits before reauthentication dot1x timeout re authperiod Set the re authentication period for the supplicant dot1x timeout server timeout Set the authentication timeout between the device and authentication server dot1x timeout supp timeout Set the authentication timeout be...

Page 905: ...on dot1x default list name Parameter description Parameter Description default When this parameter is used the following defined 802 1x user authentication method list is used as the default method for user authentication list name Name of the 802 1x user authentication method list which could be any character string method It must be one of the keywords listed in the following table One method li...

Page 906: ...or authentication DES 7210 config aaa authentication dot1x rds_d1x group radius local Related commands Command Description aaa new model Enable the AAA security service dot1x authentication Associate a specific method list with the 802 1x user username Define a local user database 45 1 2 aaa authentication enable Use this command to enable AAA Enable authentication and configure the Enable authent...

Page 907: ...method does not work The Enable authentication function automatically takes effect after configuring the Enable authentication method list Examples The following example defines an AAA Enable authentication method list In the authentication method list first the RADIUS security server is used for authentication If the RADIUS security server does not respond the local user database is used for auth...

Page 908: ...entication At present the RADIUS and TACACS server groups are supported Default N A Command mode Global configuration mode Usage guidelines If the AAA Login authentication security service is enabled on the device users must use AAA for Login authentication negotiation You must use aaa authentication login to configure a default or optional method list for Login authentication The next method can ...

Page 909: ...ethod list aaa authentication ppp default list name method1 method2 no aaa authentication ppp default list name Parameter description Parameter Description default When this parameter is used the following defined authentication method list is used as the default method for PPP user authentication list name Name of the user authentication method list which could be any character strings method It ...

Page 910: ...cal user database is used for authentication DES 7210 config aaa authentication ppp rds_ppp group radius local Related commands Command Description aaa new model Enable the AAA security service ppp authentication Associate a specific method list with the PPP user username Define a local user database 45 1 5 login authentication Use this command to apply the Login authentication method list to the ...

Page 911: ...n login list 1 local DES 7210 config line vty 0 4 DES 7210 config line login authentication list 1 Related commands Command Description aaa new model Enable the AAA security service login authentication Configure the Login authentication method list username Define a local user database 45 2 Authorization Related Commands At present DES 7210 supports authorization to the network protocols 45 2 1 a...

Page 912: ...command AAA sends this command to the security server This command is to be executed if the security server allows to Otherwise it will prompt command deny It is necessary to specify the command level when configuring the command authorization and this specified command level is the default command level The configured command authorization method must be applied to terminal line which requires fo...

Page 913: ...r example privileged EXEC mode you can use the no form of this command to disable the authorization function in the configuration mode and execute the commands in the configuration mode and its sub mode without command authorization Examples The following example enables the configuration command authorization function DES 7210 config aaa authorization config commands Related commands Command Desc...

Page 914: ...function DES 7210 config aaa authorization console Related commands Command Description aaa new model Enable the AAA security service aaa authorization commands Define the AAA command authorization authorization commands Apply the command authorization to the terminal line 45 2 4 aaa authorization exec Use this command to authorize the users logged in the NAS CLI and assign the authority level The...

Page 915: ...e guidelines DES 7200 supports authorization of users logged in the NAS CLI and assignment of CLI authority level 0 15 The aaa authorization exec function is effective on condition that Login authentication function has been enabled It can not enter the CLI if it fails to enable the aaa authorization exec You must apply the exec authorization method to the terminal line otherwise the configured me...

Page 916: ...on group Use the server group for authorization At present the RADIUS server group is supported Default Disabled Command mode Global configuration mode Usage guidelines DES 7200 supports authorization of all the service requests related to the network such as PPP and SLIP If authorization is configured all the authenticated users or interfaces will be authorized automatically Three different autho...

Page 917: ...commands level default list name no authorization commands level Parameter description Parameter Description level The authorized command level 0 15 default Use the default command authorization command list name Apply a defined method list of the command authorization Default Disabled Command mode Line configuration mode Usage guidelines Once the default command authorization method list has been...

Page 918: ...el Enable the AAA security service aaa authorization commands Define the method list of the AAA command authorization 45 2 7 aaa authorization exec Use this command to apply the Exec authorization methos list to the specified terminal lines in the line configuration mode The no form of this command is used to disable the authorization function authorization exec default list name no authorization ...

Page 919: ...line vty 0 4 DES 7210 config line authorization exec exec 1 Related commands Command Description aaa new model Enable the AAA security service aaa authorization commands Define the method list of AAA Exec authorization 45 3 Accounting Related commands At present DES 7210 supports network accounting using RADIUS 45 3 1 aaa accounting commands Use this command to account users in order to count the ...

Page 920: ...g command function after enabling the login authentication After enabling the accounting function it sends the command information to the security service The configured accounting command method must be applied to the terminal line that needs accounting command otherwise it is ineffective Examples The following example performs accounting of the network service requests from users using TACACS an...

Page 921: ...able One method list can contain up to four methods Keyword Description none Do not perform accouting group Use the server group for acouting the RADIUS and TACACS server group is supported Default Disabled Command mode Global configuration mode Usage guidelines DES 7200 enables the exec accounting function after enabling the login authentication After enabling the accounting function it sends the...

Page 922: ... no form of this command is used to disable the accounting function aaa accounting network default list name start stop group radius no aaa accounting network default list name Parameter description Parameter Description network Perform accounting of the network related service requests including dot1x PPP etc resource Perform accounting of resource related service requests list name Name of the a...

Page 923: ... a network authorization method list aaa authentication Define AAA authentication username Define a local user database 45 3 4 aaa accounting update Use this command to enable the accounting update function The no form of this command is used to disable the accounting update function aaa accounting update no aaa accounting update Parameter description N A Default Disabled Command mode Global confi...

Page 924: ...on Parameter Description interval Interval of sending the accounting update message in minute The shortest interval is 1 minute Default 5 minutes Command mode Global configuration mode Usage guidelines If the AAA security service is not enabled the accounting update function cannot be used This command is used to set the accounting interval if the AAA security service has been enabled Examples The...

Page 925: ... default command accouting method list has been configured it is applied to all terminals automatically Once the non default command accounting method list has been configured it is applied to the line instead of the default method list If you attempt to apply a undefined method list a warning message will prompt that the command authorization in this line is ineffective till the accounting comman...

Page 926: ... configuration mode Usage guidelines Once the default exec accouting method list has been configured it is applied to all terminals automatically Once the non default exec accounting method list has been configured it is applied to the line instead of the default method list If you attempt to apply a undefined method list a warning message will prompt that the exec accounting in this line is ineff...

Page 927: ...no aaa group server radius tacacs name Parameter description Parameter Description name Name of the server group It cannot be the keywords radius and tacacs Command mode Global configuration mode Usage guidelines This command is used to configure the AAA server group Currently the RADIUS and TACACS server groups are supported Examples The following example configures an AAA server group DES 7210 c...

Page 928: ...server groups Examples The following example selects the VRF for the server group DES 7210 config aaa group server radius ss DES 7210 config gs radius server 192 168 4 12 DES 7210 config gs radius server 192 168 4 13 DES 7210 config gs radius ip vrf forwarding vrf_name DES 7210 config gs radius end Related commands Command Description aaa group server Configure the AAA server group show aaa group ...

Page 929: ...fied Examples The following example adds a server to the server group DES 7210 config aaa group server radius ss DES 7210 config gs radius server 192 168 4 12 acct port 5 authen port 6 DES 7210 config gs radius end DES 7210 show aaa group Group name ss Group Type radius Referred 2 Server List IP Address 192 168 4 12 Authentication Port 6 Accounting Port 5 Referred 1 Related commands Command Descri...

Page 930: ...Group Name ss Group Type radius Referred 2 Server List IP Address 192 168 217 64 Authentication Port 1812 Accounting Port 1813 Referred 1 Related commands Command Description aaa group server Configure the AAA server group 45 5 Other AAA Commands 45 5 1 aaa local authentication attempts Use this command to configure login attempt times aaa local authentication attempts max attempts Parameter descr...

Page 931: ...n parameter of current login 45 5 2 aaa local authentication lockout time Use this command to configure the length of lockout time when the login user has attempted for more than the limited times aaa local authentication lockout time lockout time Parameter description In the range of 1 to 2147483647 Default 15 hours Command mode Global configuration mode Usage guidelines Use this command to confi...

Page 932: ...new model Parameter description N A Default Disabled Command mode Global configuration mode Usage guidelines Use this command to enable AAA If AAA is not enabled none of the AAA commands can be configured Examples The following example shows how to enable the AAA security service DES 7210 config aaa new model Related commands Command Description aaa authentication Define a user authentication meth...

Page 933: ...ar aaa local user lockout all Related commands Command Description show running config Show the current configuration of the switch show aaa lockout Show the lockout configuration parameter of current login 45 5 5 debug aaa Use this command to turn on the AAA service debugging switch The no form of this command is used to turn off the debugging switch debug aaa event no debug aaa event Parameter d...

Page 934: ...dius aaa authentication dot1x san f local group angel group rain none aaa authentication enable default group radius Accounting method list aaa accounting network default start stop group radius Authorization method list aaa authorizating network default group radius Related commands Command Description aaa authentication Define a user authentication method list aaa authorization Define a user aut...

Page 935: ...sage guidelines Use this command to show the lockout user list and show how long the lockout time is Examples DES 7210 show aaa user lockout all Related commands Command Description show running config Show the current configuration of the switch show aaa lockout Show the lockout configuration parameter of current login ...

Page 936: ......

Page 937: ...radius set qos cos radius vendor specific extend 46 1 1 ip radius source interface Use this command to specify the source IP address for the RADIUS packets Use the no form of this command to delete the source IP address for the RADIUS packet ip radius source interface interface no radius source interface Parameter description Parameter Description Interface Interface that the source IP address of ...

Page 938: ...e fastEthernet 0 0 Related commands Command Description radius server host Define the RADIUS server ip address Configure the IP address of the interface 46 1 2 radius server host Use this command to specify a RADIUS security server host The no form of this command is used to delete the RADIUS security server host radius server host hostname ip address auth port port number acct port port number no...

Page 939: ... 7210 config radius server host 192 168 12 1 Related commands Command Description aaa authentication Define the AAA authentication method list radius server key Define a shared password for the RADIUS security server radius server retransmit Define the number of RADIUS packet retransmissions radius server timeout Define the timeout for the RADIUS packet 46 1 3 radius server key Use this command to...

Page 940: ...r the RADIUS security server DES 7210 config radius server key aaa Related commands Command Description radius server host Define the RADIUS security server radius server retransmit Define the number of RADIUS packet retransmissions radius server timeout Define the timeout for the RADIUS packet 46 1 4 radius server retransmit Use this command to configure the number of packet retransmissions befor...

Page 941: ...to 4 DES 7210 config radius server retransmit 4 Related commands Command Description radius server host Define the RADIUS security server radius server key Define a shared password for the RADIUS server radius server timeout Define the timeout for the RADIUS packet 46 1 5 radius server timeout Use this command to set the time for the device to wait for a response from the security server after ret...

Page 942: ...6 1 6 radius server deadtime If the device has not received any response from the sever within the specified time it considers the server dead The time t is called deadtime DES 7200 operating system supports to set the RADIUS deadtime Use this command to set the deadtime The no format of this command is used to restore it to the default setting radius server deadtime minnutes no radius server dead...

Page 943: ...ribute radius attribute id down rate limit dscp mac limit up rate limit vendor type type no radius attribute id down rate limit dscp mac limit up rate limit vendor type Parameter description Parameter Description id Function ID in the range 1 to 255 type Private attribute type Default Only the default configuration of private attributes in DES 7210 is recognized id Function Type 1 max down rate 1 ...

Page 944: ...ilige 22 23 login privilige 42 Extended attributes id Function Type 1 max down rate 76 2 qos 77 3 user ip 3 4 vlan id 4 5 version to client 5 6 net ip 6 7 user name 7 8 password 8 9 file diractory 9 10 file count 10 11 file name 0 11 12 file name 1 12 13 file name 2 13 14 file name 3 14 15 file name 4 15 16 max up rate 75 17 version to server 17 18 flux max high32 18 19 flux max low32 19 20 proxy ...

Page 945: ...s value sent by the RADIUS server as the cos value of the interface 46 1 8 radius set qos cos Use this command to set the qos value sent by the RADIUS server as the cos value of the interface Use the no form of this command to restore it to the default setting radius set qos cos no radius set qos cos Parameter description N A Default Set the qos value sent by the RADIUS server as the dscp value Co...

Page 946: ...no radius vendor specific extend Parameter description N A Default Only the private vendor IDs of DES 7210 are recognized Command mode Global configuration mode Usage guidelines Use this command to identify the attributes of all vendor IDs by type Examples The following example extends RADIUS not to differentiate the IDs of private vendors DES 7210 config radius vendor specific extend Related comm...

Page 947: ... no debug radius event detail Parameter Description N A Command mode Privileged EXEC configuration mode 46 2 2 show radius server Use this command to show the configuration of the RADIUS server show radius server Parameter description N A Default N A Command mode Privileged EXEC mode Usage guidelines N A Examples DES 7210 show radius server server ip 192 168 4 12 acct port 23 authen port 77 server...

Page 948: ...ameter Use this command to show the global parameters of the RADIUS server show radius parameter Parameter description N A Default N A Command mode Privileged EXEC mode Usage guidelines N A Examples DES 7210 show radius parameter Server Timout 5 Seconds Server Deadtime 5 Minutes Server Retries 3 Server Key Related commands Command Description radius server host Define the RADIUS security server ra...

Page 949: ... guidelines N A Examples DES 7210 show radius vendor specific id vendor specific type value 1 max down rate 76 2 qos 77 3 user ip 3 4 vlan id 4 5 version to client 5 6 net ip 6 7 user name 7 8 password 8 9 file diractory 9 10 file count 10 11 file name 0 11 12 file name 1 12 13 file name 2 13 14 file name 3 14 15 file name 4 15 16 max up rate 75 17 version to server 17 18 flux max high32 18 19 flu...

Page 950: ...ber 50 Related commands Command Description radius server host Define the RADIUS security server radius server retransmit Define the number of RADIUS packet retransmissions radius server key Define a shared password for the RADIUS server radius server timeout Define the packet transmission timeout ...

Page 951: ...cs server host tacacs server key tacacs server timeout 47 1 1 aaa group server tacacs Use this command to configure TACACS group server dividing different TACACS servers to the different groups aaa group server tacacs group name no aaa group server tacacs group name Parameter description Parameter Description group_name TACACS server group name Default Configuration No TACACS server group is confi...

Page 952: ...ng Configure VRF name supported by TACACS server group 47 1 2 server TACACS Use this command to configure server address in TACACS group server server ip address no server ip address Parameter description Parameter Description ip address server address in TACACS group server Default Configuration N A Command mode TACACS group server configuration mode Usage guidelines You must enter TACACS server ...

Page 953: ...CS server group 47 1 3 ip vrf forwarding TACACS Use this command to configure vrf name used by TACACS group server this command exists in the device supporting VRF ip vrf forwarding vrf name no ip vrf forwarding Parameter description Parameter Description vrf name VRF name Default Configuration N A Command mode TACACS group server configuration mode Usage guidelines Specify vrf name to the specifi...

Page 954: ...e source address of TACACS packet is set on network layer Command mode Global configuration mode Usage guidelines To decrease the work of maintaining massive NAS messages in TACACS server use this command to set the source address of TACACS packet This command specifies the first ip address of the specified interface as the source address of TACACS packet and is used on L3 devices Examples The fol...

Page 955: ...Timeout time of TACACS host key string Shared keyword of TACACS client and server 0 7 Password encryption type 0 no encryption 7 simply encrypted Default Configuration No specified TACACS host Command mode Global configuration mode Usage guidelines To use TACACS to implement AAA security service you must define TACACS secure server You can define one or multiple TACACS secure servers by using taca...

Page 956: ...ation No specified shared password Command mode Global configuration mode Usage guidelines The device and TACACS secure server communicates with each other successfully on the basis of the shared password Therefore in order to make the device and TACACS secure server communicate with each other the same shared password must be defined on both of them When we need to specify different passwords to ...

Page 957: ...nge 1 to 1000s Default Configuration 5s Command mode Global configuration mode Usage guidelines Use this command to adjust the timeout time of reply packet When we need to specify different timeout time to every server use timeout option in host command We can set a timeout to all the servers that have not set timeout option in global configuration mode Examples The following example shows how to ...

Page 958: ... off the TACACS debugging switch debug tacacs no debug tacacs Parameter description N A Command mode Privileged EXEC mode 47 2 2 show tacacs Use this command to show the interoperation condition with each TACACS server show tacacs Parameter description N A Default configuration N A Command mode Privileged EXEC mode Usage guidelines Use this command to show the interoperation condition with each TA...

Page 959: ...ds 47 9 Tacacs Server 172 19 192 80 49 Socket Opens 0 Socket Closes 0 Total Packets Sent 0 Total Packets Recv 0 Reference Count 0 Related commands Command Description tacacs server host Define and show TACACS secure server host which interacts with every TACACS server ...

Page 960: ......

Page 961: ...to generate a public key on the SSH server crypto key generate rsa dsa Parameter description Parameter Description rsa Generate an RSA key dsa Generate a DSA key Default configuration By default the SSH server does not generate a public key Command mode Global configuration mode Usage guidelines When you need to enable the SSH Server service use this command to generate a public key on the SSH ser...

Page 962: ...ver crypto key zeroize rsa dsa Delete DSA and RSA keys and disable the SSH Server function Version description The software version must be R10 1 and later 48 1 2 crypto key zeroize In global configuration mode use this command to delete the public key on the SSH server crypto key zeroize rsa dsa Parameter description Parameter Description rsa Delete the RSA key dsa Delete the DSA key Default conf...

Page 963: ...sion Parameter description Parameter Description 1 Support the SSH1 client connection request 2 Support the SSH2 client connection request Default configuration SSH1 and SSH2 are compatible by default When a version is set the connection sent by the SSH client of this version is accepted only The no ip ssh version command can also be used to restore it to the default setting Command mode Global co...

Page 964: ... it to the default setting ip ssh time out time no ip ssh time out Parameter description Parameter Description time Authentication timeout Default configuration The timeout value is 120s by default Command mode Global configuration mode Usage guidelines The authentication is considered timeout and failed if the authentication is not successful within 120s starting from receiving a connection reque...

Page 965: ...cation retry times is 3 Command mode Global configuration mode Usage guidelines User authentication is considered failed if authentication is not successful when the configured authentication retry times on the SSH server is exceeded Use the show ip ssh command to view the configuration of the SSH Server Examples The following example sets the authentication retry times to 2 DES 7210 configure ter...

Page 966: ... including version enablement state authentication timeout and authentication retry times Note If no key is generated for the SSH Server the SSH version is still unavailable even if this SSH version has been configured Examples DES 7210 show ip ssh Related commands Command Description ip ssh version 1 2 Configure the version for the SSH Server ip ssh time out time Set the authentication timeout fo...

Page 967: ...TY number of connection SSH version encryption algorithm message authentication algorithm connection status and user name Examples DES 7210 show ssh Related commands N A Version description The software version must be R10 1 and higher 48 2 3 show crypto key mypubkey Use this command to show the information about the public key part of the public key on the SSH Server show crypto key mypubkey rsa ...

Page 968: ...and RSA keys Version description The software version must be R10 1 and higher 48 2 4 disconnect ssh Use this command to disconnect the established SSH connection disconnect ssh vty session id Parameter description Parameter Description session id ID of the established SSH connection session Default configuration N A Command mode Privileged EXEC mode Usage guidelines You can disconnect a SSH conne...

Page 969: ...ation Commands 48 9 Related commands Command Description show ssh Show the information about the established SSH connection clear line vty line_number Disconnect the current VTY connection Version description The software version must be R10 1 and higher ...

Page 970: ......

Page 971: ...mmand to set the bandwidth for the CPU port to receive the specified type of packets cpu protect type arp bpdu dhcp ipv6mc igmp rip ospf vrrp pim ttl1 unknown ipmc dvmrp pps pps_value Parameter description Parameter Description pps_value Packets per second Default The default bandwidth that the CPU uses to receive various types of packets is 1000 pps Command mode Global configuration mode Examples...

Page 972: ...priority in the range 0 to 7 Default The default is 0 for various types of packets Command mode Global configuration mode Examples The following example sets the priority of the BPDU packets as 7 DES 7210 config cpu protect type bpdu pri 7 Set packet type bpdu pri 7 Related commands Command Description cpu protect type packet type pps pps_value Set the bandwidth for the CPU to receive the specifie...

Page 973: ... 500 19 0 bpdu 200 24 0 dhcp 0 0 0 gvrp 0 0 0 ipv6 mc 0 0 0 dvmrp 0 0 0 igmp 0 0 0 ospf 0 0 0 pim 0 0 0 rip 0 0 0 vrrp 0 0 0 unknown ipmc 0 0 0 ttl1 0 0 0 Related commands Command Description show cpu protect slot slot num Show the statistics of the CPU protection on the specified line card 49 2 2 show cpu protect slot Use this command to show the CPP statistics on the specified line card show cpu...

Page 974: ...200 0 0 ipv6 mc 200 0 0 dvmrp 200 0 0 igmp 200 0 0 ospf 200 0 0 pim 200 0 0 rip 200 0 0 vrrp 200 0 0 unknown ipmc 200 0 0 ttl1 20 3 0 Related commands Command Description show cpu protect mboard Show the CPU protect information on the management board 49 2 3 show cpu protect type Use this command to show the statistics of the specified type of packets show cpu protect type arp bpdu dhcp ipv6mc igm...

Page 975: ...istics of the BPDU packets by using the show cpu protect type bpdu command DES 7210 config show cpu protect type arp Slot Type Pps Total Drop MainBoard bpdu 100 30 0 Slot 2 bpdu 100 30 0 Related commands Command Description show cpu protect type packet type Show the statistics of the packets of a specified type of CPU protection ...

Page 976: ......

Page 977: ...onds system guard same dest ip attack packets number system guard same dest ip attack packets number system guard detect maxnum number system guard exception ip ip mask clear system guard interface interface id ip address ip address 50 1 1 system guard enable Use this command to enable the anti attack function The no format of the command disables the anti attack function system guard enable no sy...

Page 978: ... guard isolate time Parameter description Parameter Description seconds Isolation time of the unauthorized users in the range 30s to 3600s 120s by default The isolated IP address will automatically recover the communications after the specified period of isolation time Default The default isolation time is 120 seconds Command mode Interface configuration mode Usage guidelines No communication is a...

Page 979: ...0 packets per second Command mode Interface configuration mode Usage guidelines The less the threshold is set the poorer the accuracy of the attack judgment is It is easy to isolate the normal host online incorrectly It is recommended that administrators configure a threshold according to the security degree of the actual network environment Examples Configure the maximum number of the packets as ...

Page 980: ...nistrators configure a corresponding threshold according to the security degree of the actual network environment Examples Configure the maximum number of IP packets as 100 DES 7210 config if system guard scan dest ip attack packets 100 Related commands Command Description system guard enable Enable the anti attack function 50 1 5 system guard detect maxnum number Use this command to set the maxim...

Page 981: ...ata of the currently monitored hosts Examples Set the maximum quantity of the attacked hosts as 200 DES 7210 config system guard detect maxnum 200 Related commands Command Description system guard enable Enable the anti attack function 50 1 6 system guard exception ip ip mask Use this command to set the exceptional IP addresses free from monitoring Use the no form of the command to restore it to t...

Page 982: ...2 168 5 145 24 Related commands Command Description system guard enable Enable the anti attack function 50 1 7 clear system guard interface interface id ip address Use this command to clear the isolated IP address clear system guard interface interface id ip address Parameter description Parameter Description interface interface id The interface ip address The IP address Default N A Command mode P...

Page 983: ...meter description Parameter Description interface interface id Show the anti attack configuration on the interface Default N A Command mode Privileged EXEC mode Examples DES 7210 show system guard detect maxnum number 100 Maximum number of hosts monitored by the device isolated host number 11 Number of hosts isolated by the device interface state isolate time same attack pkts scan attack pkts Fa 0...

Page 984: ...esses of the interface Default N A Command mode Privileged EXEC mode Examples DES 7210 show system guard isolated ip interface ip address isolate reason remain time second Fa 0 1 192 168 5 119 scan ip attack 110 Fa 0 1 192 168 5 109 same ip attack 61 Related commands Command Description system guard enable Enable the anti attack function 50 2 3 show system guard detect ip interface interface id Us...

Page 985: ...how system guard exception ip interface interface id Use this command to show the anti attack information of the exceptional IP addresses show system guard exception ip interface interface id Parameter description Parameter Description interface interface id Show the anti attack information of the exceptional IP addresses of the interface Command mode Privileged EXEC mode Examples DES 7210 show sy...

Page 986: ......

Page 987: ... If the parameter vlan id is neglected the DAI inspection function of all VLANs will be disabled ip arp inspection vlan vlan id no ip arp inspection vlan vlan id Parameter description Parameter Description vlan id VLAN ID Default The DAI inspection function of all VLANs is disabled Command mode Global configuration mode Usage guidelines To execute this command enable the DAI function firstly Examp...

Page 988: ... ARP message received by some interface pass the DAI inspection unconditionally you can set the interface to a trusted port indicating that you do not need to check whether the ARP message received by this interface is legal Examples The configuration example below sets the gigabitEthernet 0 19 interface as the trusted port DES 7210 config interface gigabitEthernet 0 19 DES 7210 config if ip arp i...

Page 989: ... VLAN is enabled and the L2 port which receives the ARP message is configured to be a untrusted port the validity of the ARP message is needed to check based on the DHCP Snooping database If no configuration is carried out for the database the ARP message passes the validity check For the configuration on the DHCP Snooping refer to the DHCP Snooping Configuration ...

Page 990: ......

Page 991: ...tic user information to IP source address binding database The no form of this command deletes the corresponding static user no ip source binding mac address vlan vlan id ip address interface interface id Parameter description Parameter Description mac address Add user MAC address statically vlan id Add user vlan id statically ip address Add user IP address statically interface id Add user interfa...

Page 992: ...tal number of bindings 1 Related commands Command Description show ip source binding View the binding information of IP source address and database 52 2 IP Source Guard Command in the Interface Mode In the interface configuration mode the command of IP Source Guard is ip verify source 52 2 1 ip verify source Use this command to enable IP Source Guard function on the interface The no form of this c...

Page 993: ...Guard on fastEthernet 0 1 DES 7210 configure terminal DES 7210 config interface fastEthernet 0 1 DES 7210 config if ip verify source DES 7210 config if end DES 7210 show ip verify source Interface Filter type Filter mode Ip addressMac address VLAN FastEthernet 0 1 ip active 192 168 4 243 00d0 f801 0101 1 Related commands Command Description show ip verify source View user filtering entry of IP Sou...

Page 994: ... Show binding information of static user vlan id Show user binding information of corresponding vlan Interface id Show user binding information of corresponding interface Default configuration N A Command mode Privileged EXEC mode Usage guidelines N A Examples DES 7210 show ip source binding MacAddress IpAddress Lease sec Type VLAN Interface 00d0 f801 0101 192 168 4 243 infinite static 1 FastEther...

Page 995: ...ve no snooping vlan the interface isn t within the range of DHCP Snooping VLAN and IP Source Guard is inactive inactive trust port the interface is the trusted port controlled by DHCP Snooping and IP Source Guard is inactive active the interface is the untrusted port ontrolled by DHCP Snooping and IP Source Guard is active Examples DES 7210 show ip verify source Interface Filter type Filter mode I...

Page 996: ...e Guard Configuration Commands DES 7200 CLI Reference Guide 52 6 Command mode Privileged EXEC mode Usage guidelines Use this command to view the debug information of IP Source Guard Examples DES 7210 debug ip source bind ...

Page 997: ...out arp guard rate limit arp guard attack threshold arp guard scan threshold clear arp guard users clear arp guard scan 53 1 1 cpu protect sub interface manage protocol route pps Use this command to configure the traffic bandwidth of each type of packets cpu protect sub interface manage protocol route pps pps_vaule Parameter description Parameter Description pps_value The rate limit threshold rang...

Page 998: ...ce manage protocol route percent Use this command to configure the percent value of each type of packets occupied in the buffer area cpu protect sub interface manage protocol route percent percent_vaule Parameter description Parameter Description percent_value The percent value ranging from 1 to 100 Default The default percent values of each type of packets occupied in the buffer area are Manage p...

Page 999: ... default isolate time in the global configuration mode is 0 indicating no isolation No default isolate time in the interface configuration mode Command mode Global or interface configuration mode Usage guidelines The attack isolate time can be configured in the global or interface configuration mode For a port if the port based isolate time is not configured the isolate time is configured in the g...

Page 1000: ... the default rate limit of each port is 100pps Command mode Global configuration mode Examples DES 7210 config arp guard rate limit 2 per src ip DES 7210 config arp guard rate limit 3 per src mac DES 7210 config arp guard rate limit 50 per port Related commands Command Description show arp guard configuration View the arp guard configuration 53 1 5 arp guard attack threshold Use this command to co...

Page 1001: ...e the attack attributes willnot be saved in the isolated user ta ble if the isolated time is 0 If the administrator sets the isolated time to 0 the TRA P message sent when the attack action was detected c ontains the following information if vlan 0 it is a route port ARP DoS attack from user IP N A MAC 0000 0000 0004 port Gi4 1 VLAN 1 detected If the administrator sets the isolated time to any val...

Page 1002: ...t hardware resources 4 It prompts ARPGUARD 4 NO_MEMORY failed to alloc memory to inform the administrator of this even t 5 It is worth mentioning that in order to prevent the fr equent printing from exhausting the CPU memory you shall limit the message rate by printing the messages at 30s interval Examples DES 7210 config arp guard attack threshold 2 per src ip DES 7210 config arp guard attack thr...

Page 1003: ...attribute and the packet amount exceeds the scan threshold user with this MAC address is scanning the ARP packets When the ARP scan is detected it will prompt Dec 27 15 34 16 ARPGUARD 4 SCAN ARP scan was detected If the administrator wants to view the detailed information please execute the show arp guard scan command The ARP scan table only save the latest 256 pieces of records When the ARP scan ...

Page 1004: ...ac address Parameter description Parameter Description vid VLAN ID interface id Interface name and interface id ip address The IP address mac address The MAC address Command mode Privileged EXEC mode Usage guidelines Use the command without any parameters to clear all isolated users Examples The example below shows how to clear the isolated users on interface gigabitEthernet 0 1 in VLAN 1 DES 7210...

Page 1005: ...uard scan Show the arp guard scan table 53 2 Showing and Monitoring Commands 53 2 1 show arp guard configuration Use this command to show the arp guard configuration show arp guard configuration Command mode Privileged EXEC mode Examples DES 7210 show arp guard configuration Rate limit 10000 pps per src ip 1 pps per src mac 100 pps per port Attack threshold 10000 pps per src ip 1 pps per src mac 2...

Page 1006: ...interface id ip address mac address Parameter description Parameter Description statistics Show the statistics of the isolated users vid VLAN ID interface id Interface name and interface id ip address The IP address mac address The MAC address Command mode Privileged EXEC mode Examples The following example shows the statistics of the isolated users DES 7210 show arp guard users statistics Success...

Page 1007: ...ommands Command Description arp guard attack threshold Configure the arp guard attack threshold clear arp guard users Clear the isolated users 53 2 3 show arp guard scan Use this command to show the arp guard scan table show arp guard scan statistics vlan vid interface interface id mac address Parameter description Parameter Description statistics Show the record statistics in the arp guard scan t...

Page 1008: ... 25 10 4 Gi0 4 0000 0000 0004 2008 01 23 16 26 10 Total 4 record s timestamp records the timestamp of the detected ARP scan For example 2008 01 23 16 23 10 indicates that the ARP scan was detected at 16 23 10 Jan 23 rd 2008 DES 7210 show arp guard scan vlan 1 interface g 0 1 0000 0000 0001 VLAN interface MAC address timestamp 1 Gi0 1 0000 0000 0001 2008 01 23 16 23 10 Total 1 record s Related comm...

Page 1009: ... number For IPv6 this field can be IPv6 icmp tcp udp and numbers 0 to 255 For IPv4 it can be one of eigrp gre ipinip igmp nos ospf icmp udp tcp and ip or it can be numbers 0 to 255 that represent the IP protocol It is described when some important protocols such as icmp tcp udp are listed individually interface idx Interface index src Packet source IP address host address or network address src wi...

Page 1010: ... message ICMP message type name 0 to 255 operator port port Operator lt smaller eq equal gt greater neq unequal range range port indicates the port number Dyadic operation needs two port numbers while other operators only need one port number src mac addr Physical address of the source host dst mac addr Physical address of the destination host VID vid VLAN ID VID inner vid VID of the tag ethernet ...

Page 1011: ...eld 18 S Destination IP address 42 F SSAP Source Service Access Point field 19 T TCP soure port 46 G Ctrl field 20 U TCP destination port 48 H Org Code field 21 V Sequence number 50 I Encapsulated data type 24 W Confirmation field 54 J IP version number 26 XY IP header length and reserved bits 58 K TOS field 27 Z Resrved bits and flags bit 59 L Length of IP packet 28 a Windows size field 60 M ID 3...

Page 1012: ...n any precedence precedence tos tos fragments time range time range name 3 Extended MAC access list 700 to 799 access list id deny permit any host source mac address any host destination mac address ethernet type cos out inner in 4 Extended expert access list 2700 to 2899 access list id deny permit protocol ethernet type cos out inner in VID out inner in source source wildcard host source any host...

Page 1013: ...cess list id deny permit tcp VID out inner in source source wildcard host Source any host source mac address any operator port port destination destination wildcard host destination any host destination mac address any operator port port precedence precedence tos tos fragments time range time range name match all tcp flag User Datagram Protocol UDP access list id deny permit udp VID out inner in s...

Page 1014: ...ation Specify the destination IP address host address or network address destination wildcard Wildcard of the destination IP address It can be discontinuous for example 0 255 0 32 fragments Packet fragment filtering precedence Specify the packet priority precedence Packet precedence value 0 to 7 time range Time range of packet filtering time range name Time range name of packet filtering tos Speci...

Page 1015: ...ne a series of rule statements by using the access list You can use ACLs of the appropriate types according to the security needs The standard IP ACL 1 to 99 1300 to 1999 only controls the source IP addresses The extended IP ACL 100 to 199 2000 to 2699 can enforce strict control over the source and destination IP addresses The extended MAC ACL 700 to 799 can match against the source destination MA...

Page 1016: ...s are as below administratively prohibited dod host prohibited dod net prohibited echo echo reply fragment time exceeded general parameter problem host isolated host precedence unreachable host redirect host tos redirect host tos unreachable host unknown host unreachable information reply information request mask reply mask request mobile redirect net redirect net tos redirect net tos unreachable ...

Page 1017: ...ble redirect device advertisement device solicitation source quench source route failed time exceeded timestamp reply timestamp request ttl exceeded unreachable The TCP ports are as follows A port can be specified by port name and port number bgp chargen cmd daytime discard domain echo exec finger ftp ftp data gopher hostname ident irc klogin kshell ldp login nntp pim auto rp ...

Page 1018: ...acacs talk telnet time uucp whois www The UDP ports are as follows A UDP port can be specified by port name and port number biff bootpc bootps discard dnsix domain echo isakmp mobile ip nameserver netbios dgm netbios ns netbios ss ntp pim auto rp rip snmp snmptrap sunrpc syslog tacacs talk tftp time who ...

Page 1019: ...onfig access list 102 permit tcp any any eq domain DES 7210 config access list 102 permit udp any any eq domain DES 7210 config access list 102 permit icmp any any echo DES 7210 config access list 102 permit icmp any any echo reply 3 Example of the extended MAC ACL This example shows how to deny the host with the MAC address 00d0f8000c0c to provide service with the protocol type 100 on gigabit Eth...

Page 1020: ...cess group Apply the extended MAC ACL on the interface Platform description The software version must be R10 0 and higher 54 1 2 ip access list Use this command to create a standard IP ACL or extended IP ACL Use the no form of the command to remove the ACL ip access list extended standard id name no ip access list extended standard id name Parameter description Parameter Description id ID of the A...

Page 1021: ...onfig std nacl show access lists ip access list standard std acl DES 7210config std nacl Related commands Command Description show access lists Show the ACLs Platform description The software version must be R10 0 and higher 54 1 3 mac access list Use this command to create an extended MAC ACL Use the no form of the command to remove the ACL mac access list extended id name no mac access list exte...

Page 1022: ...ccess lists mac access list extended 704 DES 7210 config mac nacl Red Giant config mac nacl Related commands Command Description show access lists Show the extended MAC ACLs Platform description The software version must be R10 0 and higher 54 1 4 expert access list Use this command to create an extended expert ACL Use the no form of the command to remove the ACL expert access list extended id nam...

Page 1023: ... list extended 2704 DES 7210 config exp nacl show access lists expert access list extended 2704 DES 7210 config exp nacl Related commands Command Description show access lists Show the extended expert ACLs Platform description The software version must be R10 0 and higher 54 1 5 ipv6 access list Use this command to create an extended IPV6 ACL Use the no form of the command to remove the ACL ipv6 a...

Page 1024: ...t resequence Use this command to reassign the sequence of the IP ACL entries and create an extended IPv6 ACL Use the no form of this command to restore it to the default configuration ip access list resequence id name start sn inc sn no ip access list resequence id name Parameter description Parameter Description Id ACL ID name ACL name start sn Start sequence inc sn Sequence increment Default con...

Page 1025: ...to forward or discard the packet In ACL configuration mode you can modify the existent ACL or configure according to the protocol details Use this command to set deny rules 1 Standard IP ACL sn deny source source wildcard host source any 2 Extended IP ACL sn deny protocol source source wildcard destination destination wildcard precedence precedence tos tos fragments time range time range name Exte...

Page 1026: ...estination wildcard host destination any host destination mac address any precedence precedence tos tos fragments time range time range name When you select the ethernet type field or cos field sn deny ethernet type cos out inner in VID out inner in source source wildcard host source any host source mac address any destination destination wildcard host destination any host destination mac address ...

Page 1027: ...estination destination wildcard host destination any host destination mac address any operator port port precedence precedence tos tos fragments time range time range name 5 Extended IPv6 ACL sn deny protocol source ipv6 prefix prefix length any host source ipv6 address destination ipv6 prefix prefix length any hostdestination ipv6 address dscp dscp flow label flow label fragments time range time ...

Page 1028: ...me range time range name For the parameters that are not mentioned below please refer to the access list Parameter description Parameter Description Sn ACL entry sequence number source ipv6 prefix Source IPv6 network address or network type destination ipv6 prefix Destination IPv6 network address or network type prefix length Prefix mask length source ipv6 address Source IPv6 address destination i...

Page 1029: ...ce 1 The configuration procedure is as below DES 7210 config ip access list extended ip ext acl DES 7210 config ext nacl deny tcp host 192 168 4 12 eq 100 any DES 7210 config ext nacl show access lists ip access list extended ip ext acl 10 deny tcp host 192 168 4 12 eq 100 any DES 7210 config ext nacl exit DES 7210 config interface gigabitethernet 1 1 DES 7210 config if ip access group ip ext acl ...

Page 1030: ... is as below DES 7210 config ipv6 access list extended v6 acl DES 7210 config ipv6 nacl 11 deny ipv6 host 192 168 4 12 any DES 7210 config ipv6 nacl show access lists ipv6 access list extended v6 acl 11 deny ipv6 host 192 168 4 12 any DES 7210 config ipv6 nacl exit DES 7210 config interface gigabitethernet 1 1 DES 7210 config if ipv6 traffic filter v6 acl in Related commands Command Description sh...

Page 1031: ...cmp source source wildcard host source any destination destination wildcard host destination any icmp type icmp type icmp code icmp message precedence precedence tos tos fragments time range time range name Transmission Control Protocol TCP sn permit tcp source source wildcard host Source any operator port port destination destination wildcard host destination any operator port port precedence pre...

Page 1032: ... tos fragments time range time range name Extended expert ACLs of some important protocols Internet Control Message Protocol ICMP sn permit icmp VID out inner in source source wildcard host source any host source mac address any destination destination wildcard host destination any host destination mac address any icmp type icmp type icmp code icmp message precedence precedence tos tos fragments t...

Page 1033: ...de icmp message dscp dscp flow label flow label fragments time range time range name Transmission Control Protocol TCP sn permit tcp source ipv6 prefix prefix length host source ipv6 address any operator port port destination ipv6 prefix prefix length host destination ipv6 address any operator port port dscp dscp flow label flow label fragments time range time range name match all tcp flag User Da...

Page 1034: ...h the IP address 192 168 4 12 to provide services through the TCP port 100 and apply the ACL to Interface 1 The configuration procedure is as below DES 7210 config ip access list extended 102 DES 7210 config ext nacl permit tcp host 192 168 4 12 eq 100 any DES 7210 config ext nacl show access lists ip access list extended 102 10 permit tcp host 192 168 4 12 eq 100 any DES 7210 config ext nacl exit...

Page 1035: ...purpose is to permit the host with the IP address 192 1 1 1 and apply the ACL to Interface 1 The configuration procedure is as below DES 7210 config ipv6 access list extended v6 acl DES 7210 config ipv6 nacl 11 permit ipv6 host 192 168 4 12 any DES 7210 config ipv6 nacl show access lists ipv6 access list extended v6 acl 11 permit ipv6 host 192 168 4 12 any DES 7210 config ipv6 nacl exit DES 7210 c...

Page 1036: ...mode Usage guidelines N A Examples DES 7210 ip access list extended 102 DES 7210 config ext nacl list remark this acl is to filter the host 192 168 4 12 DES 7210 config ext nacl show access lists ip access list extended 102 deny ip host 192 168 4 12 any 1000 hits this acl is to filter the host 192 168 4 12 DES 7210 config ext nacl Related commands Command Description show access list Show the ACLs...

Page 1037: ...92 168 4 12 any 12 deny ipv6 any any DES 7210 config ipv6 nacl no 12 DES 7210 config ipv6 nacl show access lists ipv6 access list extended v6 acl 10 permit ipv6 host 192 168 4 12 any DES 7210 config ipv6 nacl Related commands Command Description show access list Show all the ACLs ip access list Define the IP ACL ipv6 access list Define the extended IPV6 ACL deny Define the deny rule permit Define ...

Page 1038: ...s The following example applies the ACL 120 on the fastEthernet0 0 to filter the incoming packets DES 7210 config interface fastEthernet 0 0 DES 7210 config if ip access group 120 in Related commands Command Description access list Define the ACL show access lists Show all the ACLs show ip access list Show the IP ACL 1 to 199 1300 to 2699 3000 to 3199 Platform description The software version must...

Page 1039: ...elines N A Examples The following example shows how to apply the access list accept_00d0f8xxxxxx only to Gigabit interface 1 DES 7210 config interface GigaEthernet 1 1 DES 7210 config if mac access group accept__00d0f8xxxxxx_only in Related commands Command Description show access group Show the ACL configuration Platform description The software version must be R10 0 and higher 54 1 13 expert acc...

Page 1040: ...A Examples The following example shows how to apply the access list accept_00d0f8xxxxxx only to Gigabit interface 1 DES 7210 config interface GigaEthernet 0 1 DES 7210 config if expert access group accept_00d0f8xxxxxx_only in Related commands Command Description show access group Show the ACL configuration Platform description The software version must be R10 0 and higher 54 1 14 ipv6 traffic filt...

Page 1041: ...ecified interface to control the interface traffic You can view the configuration by command show ipv6 traffic filter Examples The following example shows how to apply the access list v6 acl to Gigabit interface 1 DES 7210 config interface GigaEthernet 0 1 DES 7210 config if ipv6 traffic filter v6 acl in Related commands Command Description show access group Show the ACL configurations Platform de...

Page 1042: ...the specified ACL If no ID or name is specified all the ACLs will be shown Examples DES 7210 show access lists n_acl ip access list standard n_acl DES 7210 show access lists 102 ip access list extended 102 DES 7210 show access lists ip access list standard n_acl ip access list extended 101 mac access list extended mac acl expert access list extended exp acl ipv6 access list extended v6 acl Related...

Page 1043: ...P ACL configured of the interface If no interface is specified the associated IP ACLs of all the interfaces will be shown Examples DES 7210 show ip access group interface gigabitethernet 0 1 ip access group aaa in Applied On interface GigabitEthernet 0 1 Related commands Command Description ip access list Define the IP ACL Platform description The software version must be R10 0 and higher 54 2 3 s...

Page 1044: ...st Define the extended expert ACL Platform description The software version must be R10 0 and higher 54 2 4 show mac access group Use this command to show the configured MAC ACL of the interface show mac access group interface interface Parameter description Parameter Description interface Interface ID Command mode Privileged mode Usage guidelines Show the MAC ACL associated with the interface If ...

Page 1045: ...sage guidelines Show the IPv6 ACL associated with the interface If no interface is specified the associated IPv6 ACLs of all the interfaces will be shown Examples DES 7210 show ipv6 traffic filter interface gigabitethernet 0 4 ipv6 access group v6 in Applied On interface GigabitEthernet 0 4 Related commands Command Description ipv6 access list Define the type of IPv6 ACL Platform description The s...

Page 1046: ...Applied On interface GigabitEthernet 0 3 ip access list extended 102 Applied On interface GigabitEthernet 0 8 Related commands Command Description ip access group Define the IP ACL mac access group Define the extended MAC ACL expert access group Define the extended expert ACL ipv6 traffic filter Define the extended IPv6 ACL Platform description The software version must be R10 0 and higher 54 3 Se...

Page 1047: ...L name Command mode Global configuration mode Usage guidelines Use this command to configure the global security channel Examples DES 7210 security global access group 1 Platform description The software version must be R10 2 and higher 54 3 2 security access group Use this command to configure the security channel on the interface security access group id name no security access group Parameter d...

Page 1048: ...must be R10 2 and higher 54 3 3 security uplink enable Use this command to configure the uplink port of the security channel on the interface security uplink enable no security uplink enable Command mode Interface configuration mode Usage guidelines Use this command to configure the uplink port of the security channel on the interface Examples DES 7210 security uplink enable Platform description T...

Page 1049: ...an access map all Map_name with the same map_name will be deleted that is to say the hostmap is deleted When map_sn is not specified deleting vlan access map will delete the specified submap When the hostmap to which the specified submap belongs does not includes submaps then the hostmap will be deleted automatically and vice versa One hostmap can include 6553 submaps at most 55 1 1 vlan access ma...

Page 1050: ...ddress acl_name acl_id Caution _indicates associating at least one acl It can associate 8 acls at most Parameter description Parameter Description acl_name Name acl acl_id Numbered acl Command mode Config access map mode that is vacl mode Note 1 One submap can only be associated with ip acl or map acl You can not associate a submap with both ip acl and map acl 2 One submap can only be associated w...

Page 1051: ...op redirect Use this command to set forward action of submap in vacl mode The no form of this command removes the configuration By default the action is forward action forward no action forward Use this command to set drop action of submap in vacl mode The no form of this command removes the configuration By default the action is forward action drop no action drop Use this command to set redirect ...

Page 1052: ..._name vlan list vlan_id Parameter description Parameter Description map_name Hostmap keyword vlan id Vlan id Command mode Global configuration mode Usage guidelines When applying vlan access map to multiple vlans you shall separate the vlans in comma or input the vlan range For example vlan filter aa vlan list 1 33 means applying map to vlans from 1 to 33 Examples The following example applies vla...

Page 1053: ...map DES 7210 config show vlan access map Vlan access map aa 10 match mac address 700 710 m1 720 action forward Vlan access map aa 20 match ip address 10 20 30 sp1 sp2 60 50 80 action drop Vlan access map dd 20 match mac address 710 720 m1 760 action forward DES 7210 config The following example is a result of executing show vlan access map map_name DES 7210 config show vlan access map dd Vlan acce...

Page 1054: ...xample is a result of executing Show vlan filter access map aa DES 7210 config show vlan filter VLAN Map aa Configured on VLANs 1 5 6 DES 7210 config Related commands Command Function show vlan filter access map map_name View the application of a specified hostmap in vlan show vlan filter vlan vlan_id View the hostmap application ina specified vlan ...

Page 1055: ...e restriction given in Configuring Security ACLs The QoS function is disabled by default Namly the device processes all the packets in the same way But if you associate a policy map with an interface and the trust mode on one interface the QoS of this interface is enabled automatically To disable the QoS function of the interface simply resolve the policy map setting of the interface and set the i...

Page 1056: ...24 32 40 48 56 CoS 0 1 2 3 4 5 6 7 56 2 Related Configuration Commands 56 2 1 mls qos trust Use this command to configure the trust mode on an interface Use the no form of this command to restore it to the default mls qos trust cos dscp ip precedence no mls qos trust Parameter description Parameter Description cos The QoS trust mode of the port is CoS dscp The QoS trust mode of the port is DSCP ip...

Page 1057: ...ls qos cos Use this command to configure the CoS value of an interface Use the no form of this command to restore it to the default mls qos cos default cos no mls qos cos Parameter description Parameter Description default cos 0 7 no Restore it to the default value Default configuration The CoS value is 0 Command mode Interface configuration mode Examples DES 7210 config interface gigabitethernet ...

Page 1058: ...group acl name acl id Parameter description Parameter Description acl name Name of the created ACL acl id ID of the created ACL class map name Name of the class map to be created no class map class map name Delete the existed class map no match access group acl name acl id Delete the match Command mode Global configuration mode Examples Create an extended MAC ACL named me DES 7210 config mac acces...

Page 1059: ...IP packets which does not take effect for non IP packets set ip dscp new dscp no set ip dscp Use the following command to limit the bandwidth and specify the method of handling the excessive part police rate bps burst byte exceed action drop dscp dscp value no police Parameter description Parameter Description policy map name Name of the policy map to be created no policy map policy map name Delet...

Page 1060: ...the new DSCP value of 16 DES 7210 config pmap c police 1000000 4096 exceed action dscp 16 Related commands show policy map 56 2 5 service policy Use this command to apply the policy map on the interface or the virtual group service policy input output policy map name no service policy input output Parameter description Parameter Description policy map name Name of the created policy map no Cancel ...

Page 1061: ...e Parameter description Parameter Description priority queue Set the output queue scheduling algorithm to SP for DES 7200 no priority queue Set the output queue scheduling algorithm to WRR Default configuration The output queue scheduling algorithm is WRR Command mode Global configuration mode Examples DES 7210 config no priority queue Related commands show mls qos queuing 53 2 7 priority queue co...

Page 1062: ... 1 0 1 Related commands show mls qos queuing 56 2 7 wrr queue bandwidth Use this command to set the weight ratio for the WRR algorithm Use the no form of the command to restore it to the default wrr queue bandwidth weight1 weightn no war queue bandwidth Parameter description Parameter Description weight1 weightn Weight value specified for the output queues For the number of weights and its range s...

Page 1063: ...on dscp Specify the DSCP value no Restore to the default value Default configuration See the default configuration Command mode Global configuration mode Examples DES 7210 config mls qo map cos dscp 8 10 16 18 24 26 32 34 Related commands Command Description show mls qos maps Show DSCP COS COS DSCP and IP prec DSCP maps 56 2 9 mls qos map dscp cos Use this command to map the DSCP value to the COS ...

Page 1064: ... 2 10 interface rate limit Use this command to configure rate limitation on the interface Use the no form of the command to restore it to the default rate limit input output bps burst size no rate limit Parameter description Parameter Description input Specify the input speed limit output Specify the output speed limit bps Bandwidth limitation per second burst size Burst traffic limit Kbyte Its ra...

Page 1065: ...ute priority scheduling rr Round robin scheduling wrr Frame count weighted round robin scheduling drr Frame length weighted round robin scheduling no Restore to the default value Default configuration The queue scheduling algorithm is wrr by default Command mode Global configuration mode Examples DES 7210 config mls qos scheduler sp Related commands show mls qos scheduler 56 2 12 drr queue bandwid...

Page 1066: ...config drr queue bandwidth 1 2 3 4 5 6 7 8 Related commands show mls qos queuing 56 2 13 mls qos map ip prec dscp Use this command to map the IP precedence to the DSCP value Use the no form of this command to disable the mapping mls qos map ip prec dscp dscp1 dscp8 no mls qos map ip prec dscp Parameter description Parameter Description dscp Specify the DSCP value no Restore to the default value De...

Page 1067: ...guration Min the minimum interface bandwidth in kbps Max the maximum interface bandwidth in kbps Command mode Interface configuration mode Usage guidelines Use this command to configure the minimum and maximum interface bandwidth on the condition that the queue uses wrf schedule algorithm Examples The following example sets the queue to use wrf schedule algorithm DES 7210 config mls qos scheduler ...

Page 1068: ...store to the default value Default configuration SP is not used Command mode Global configuration mode Usage guidelines Use this command to enable the queue to use sp wrf schedule algorithm on the condition that the queue uses wrf schedule algorithm Examples The following example enables the queue to use wrf schedule algorithm DES 7210 config mls qos scheduler wrf DES 7210 config show mls qos sche...

Page 1069: ...al port belongs to no virtual group Command mode Interface configuration mode Usage guidelines The member port joined the virtual group must be physical port or Aggregate Port The virtual group member ports must be in the same line card for the chassis shaped switch or in the same switch for the box shaped switch If the line card or switch has 48 ports then all member ports shall be distributed on...

Page 1070: ...ription Parameter Description class name Name of the class map Default configuration All class maps are shown by default Command mode Privileged EXEC mode Examples DES 7210 show class map 56 3 2 show policy map Use this command to show the information of the policy map show policy map policy name class class name Parameter description Parameter Description policy name Name of the policy name class...

Page 1071: ...with the interface Default configuration The QoS information of all ports is shown Command mode Privileged EXEC mode Examples DES 7210 show mls qos interface fastEthernet 0 1 56 3 4 show mls qos virtual group Use this command to display the police information associated with the virtual group show mls qos virtual group virtual group number policers Parameter description Parameter Description virtu...

Page 1072: ...scription DES 7200 series show cos to queue map wrr weight and drr weight 56 3 6 show mls qos scheduler Use this command to show the information on queue scheduling algorithm show mls qos scheduler Command mode Privileged EXEC mode Examples DES 7210 show mls qos scheduler Platform description This command is supported on DES 7200 series 56 3 7 show mls qos maps Use this command to show QoS maps sh...

Page 1073: ...limit on the interface show mls qos rate limit interface interface id Parameter description Parameter Description interface Interface ID Command mode Privileged EXEC mode Examples DES 7210 show mls qos rate limit 56 3 9 show virtual group Use this command to show the virtual group information show virtual group virtual group number summary Parameter description Parameter Description virtual group ...

Page 1074: ...thentication vrrp delay vrrp description vrrp ip vrrp preempt vrrp priority vrrp timers advertise vrrp timers learn vrrp track 57 1 1 vrrp authentication Use this command to enable VRRP authentication The no format of this command disables the function vrrp group authentication string no vrrp group authentication Parameter description Parameter Description group VRRP group number string String for...

Page 1075: ...he example below sets the authentication password for VRRP group 1 vrrp 1 authentication x30dn78k Related commands Command Description DES 7210 config if vrrp group ip ipaddress secondary Enable the VRRP function and set the IP address for the virtual device 57 1 2 vrrp delay Use this command to set the reload latency of the VRRP group on the interface vrrp delay minimum min seconds reload reload ...

Page 1076: ...0 Examples The example below sets the VRRP reload latency on E0 to 10s When E0 is up VRRP group 1 shall be reloaded in 10s interface FastEthernet 0 0 shutdown ip address 10 0 1 1 255 255 255 0 vrrp delay minimum 10 vrrp 1 ip 10 0 1 20 no shutdown show vrrp 1 Related commands Command Description DES 7210 config if vrrp group ipaddress secondary Enable the VRRP function and set the IP address for th...

Page 1077: ...A Marketing and Administration interface FastEthernet 0 0 ip address 10 0 1 1 255 255 255 0 vrrp 1 ip 10 0 1 20 vrrp 1 description Building A Marketing and Administration Related commands Command Description DES 7210 config if vrrp group ip ipaddress secondary Enable the VRRP function and set the IP address for the virtual device 57 1 4 vrrp ip Use this command to enable VRRP on the interface and ...

Page 1078: ...bles the VRRP function on Ethernet interface 0 The VRRP group number is 1 primary IP address of the virtual device is 10 0 1 20 and secondary IP address is 10 0 2 20 interface FastEthernet 0 0 no switchport ip address 10 0 1 1 255 255 255 0 ip address 10 0 2 1 255 255 255 0 secondary vrrp 1 ip 10 0 1 20 vrrp 1 ip 10 0 2 20 secondary Related commands Command Description DES 7210 show vrrp brief gro...

Page 1079: ...ice of the VRRP group In case the VRRP group is using the Ethernet interface IP address the setting of the preemption mode does not make sense because that VRRP group has the highest priority and thus automatically becomes the master device in the VRRP group Examples In the example below once the VRRP group finds its priority 200 is higher than that of the current master device it will declare its...

Page 1080: ...VRRP group 1 as 254 vrrp 1 priority 254 Related commands Command Description DES 7210 config if vrrp group ip ipaddress secondary Enable the VRRP function and set the IP address for the virtual device DES 7210 config if vrrp group preempt delay seconds Set the VRRP in the preemption mode 57 1 7 vrrp timers advertise Use this command to specify the interval for the master device to send the VRRP ad...

Page 1081: ...isement interval as 4 seconds vrrp 1 timers advertise 4 Related commands Command Description DES 7210 config if vrrp group ip ipaddress secondary Enable the VRRP function and set the IP address for the virtual device DES 7210 config if vrrp group timers learn Enable the timer learning function 57 1 8 vrrp timers learn Use this command to enable the timer learning function The no format of it disab...

Page 1082: ...0 config if vrrp group timers advertise msec interval Set the VRRP advertising interval 57 1 9 vrrp track Use the vrrp group track interface type number command to enable the VRRP track in the interface configuration mode Use the vrrp group track ip_address command to enable the VRRP IP address track Use the vrrp group track bfd command to track the specified neighbor IP addrss via BFD Use the no ...

Page 1083: ...This command can be used to monitor the outlet links Note that layer 3 routable logical interfaces can be monitored such as Routed Port SVI Loopback and Tunnel This command can also be used to monitor the reachability of the specified IP address Examples The example below enables the VRRP group 1 to monitor the routed port Fa1 1 If the Fa1 1 link is disconnected the priority of the VRRP group decr...

Page 1084: ...secondary Enable the VRRP function and set the IP address for the virtual device DES 7210 config if vrrp group priority level Set the VRRP group priority 57 2 VRRP Monitoring and Maintenance Commands VRRP monitoring and maintenance commands include debug vrrp debug vrrp errors debug vrrp events debug vrrp packets debug vrrp state 57 2 1 debug vrrp Use this command to turn on the VRRP error prompt ...

Page 1085: ...gging switch DES 7210 debug vrrp events Turning on the VRRP event debugging switch DES 7210 debug vrrp state Turning on the VRRP state debugging switch 57 2 2 debug vrrp errors Use this command to turn on the VRRP error prompt debug switch The no form of this command turns off the switch debug vrrp errors no debug vrrp errors Default configuration By default the VRRP error debug switch is turned o...

Page 1086: ...ity VRRP Grp 1 Event Advert higher or equal priority VRRP Grp 1 Event Advert higher or equal priority 57 2 4 debug vrrp packets Use this command to turn on the VRRP packet debug switch The no form of this command turns off the switch debug vrrp packets no debug vrrp packets Default configuration By default the VRRP packet debug switch is turned off Command mode Privileged mode Examples In the exam...

Page 1087: ... form of this command turns off the switch debug vrrp state no debug vrrp state Default configuration By default the VRRP debug switch is turned off Command mode Privilege mode Examples In the example below the user turns on the VRRP status debug switch DES 7210 debug vrrp state DES 7210 VRRP 6 STATECHANGE FastEthernet 0 0 Grp 2 state Master Backup VRRP 6 STATECHANGE FastEthernet 0 0 Grp 2 state B...

Page 1088: ...c Preemption is enabled min delay is 0 sec Priority is 100 Master Device is 192 168 201 213 pritority is 120 Master Advertisement interval is 3 sec Master Down interval is 9 sec FastEthernet 0 0 Group 2 State is Master Virtual IP address is 192 168 201 2 configured Virtual MAC address is 0000 5e00 0102 Advertisement interval is 3 sec Preemption is enabled min delay is 0 sec Priority is 120 Master ...

Page 1089: ...ileged mode Examples The example below shows the VRRP information on Ethernet interface E1 0 DES 7210 show vrrp interface fastethernet 0 0 FastEthernet 0 0 Group 1 State is Backup Virtual IP address is 192 168 201 1 configured Virtual MAC address is 0000 5e00 0101 Advertisement interval is 3 sec Preemption is enabled min delay is 0 sec Priority is 100 Master Device is 192 168 201 213 pritority is ...

Page 1090: ... Reference Guide 57 36 Master Advertisement interval is 3 sec Master Down interval is 9 sec Related commands Command Description DES 7210 config if vrrp group ip ip address secondary Enable the VRRP function and set the IP address for the virtual device ...

Page 1091: ...onfiguration commands The global mode configuration commands include rerp enable rerp hello interval rerp fail interval rerp region The RERP region mode configuration commands include ring edge ring major ring 58 1 1 rerp enable Use this command to enable RERP globally Use the no form of this command to disable the function rerp enable no rerp enable Parameter description N A Default Disabled Comm...

Page 1092: ...ch the RERP sends the Hello message on the primary port Use the no form of this command to restore it to the default value rerp hello interval interval no rerp hello interval Parameter description Parameter Description interval Interval of sending the Hello message in the range 1 to 6 seconds Default 1 seconds Command mode Global configuration mode Usage guidelines The detection interval must be l...

Page 1093: ...m Maximum waiting time in the range 3 to 18 seconds Default 3 seconds Command mode Global configuration mode Usage guidelines This command is used together with the detection interval and must be larger than the detection interval Examples The following example shows how to set the failure interval as 6 seconds DES 7210 config rerp fail interval 6 Related commands Command Description rerp hello in...

Page 1094: ...ring num role master backup transit ctrl vlan vid primary port interface interface id secondary port interface interface id no ring num Parameter description Parameter Description num Ring ID master backup transit Configure the device as a master backup slave device vid Control vlan ID Interface id Interface identifier Default N A Command mode RERP region configuration mode Usage guidelines Each d...

Page 1095: ...ondary edge ctrl vlan vid shared port interface interface id sub port interface interface id no ring num Parameter description Parameter Description num Ring ID primary edge secondary edge The device on the primary secondary edge vid Control VLAN ID Interface id Interface identifier Default N A Command mode RERP region configuration mode Usage guidelines The shared port must have been configured i...

Page 1096: ...ring vlan vid Parameter description Parameter Description num Major ring ID vid Control VLAN ID Default N A Command mode RERP region configuration mode Usage guidelines Major ring must have been configured before this command execution Examples The example below demonstrates how to use this command DES 7210 config rerp region 1 DES 7210 config rerp major ring 1 edge ring vlan 100 Related commands ...

Page 1097: ...dge interval 1 300 ms rerp local bridge 001a a902 fe0b region 1 ring 1 rerp oper hello interval 1 rerp oper fail interval 3 ring master 001a a902 fe0b ctrl vlan 100 edge vlan role master primary port Gi 0 4 forwarding secondary port Gi 0 21 down 58 2 2 show rerp statistics Use this command to show the RERP message statistics show rerp statistics region num ring ring_id Command mode Privileged EXEC...

Page 1098: ...packets 0 TX flush packets 0 RX flush packets 0 TX down packets 0 RX down packets 0 TX up packets 0 RX up packets 0 TX major fail packets 0 RX major fail packets 0 TX major resume packets 0 RX major resume packets 0 TX sub complete packets 0 RX sub complete packets 0 58 2 3 clear rerp statistics Use this command to clear the RERP message statistics clear rerp statistics Command mode Privileged EXE...

Page 1099: ...DES 7200 CLI Reference Guide Chapter 58 RERP Configuration Commands 58 9 Command mode Privileged EXEC mode ...

Page 1100: ......

Page 1101: ...e interface mode configuration commands include switchport backup interface interface id preemption mode forced bandwidth off delay delay time mac address table update group 59 1 1 switchport backup interface interface id Use this command to configure the REUP dual link backup interface switchport backup interface interface id no switchport backup Parameter description Parameter Description Interf...

Page 1102: ...reemption function switchport backup interface interface id preemption mode forced bandwidth o ff switchport backup interface interface id preemption delay delay time no switchport backup interface interface id preemption delay Parameter description Parameter Description interface id The interface id of the backup link delay time The preemption delay time Default The preemption function is disable...

Page 1103: ...face fa 0 2 preemption delay 40 Related commands Command Description show interface switchport backup View the dual link backup configuration 59 1 3 mac aadress table move update receive Use this command to enable REUP to receive the mac address table update messages mac address table move update receive no mac address table move update receive Default Disabled Command mode Global configuration mo...

Page 1104: ...Command mode Global configuration mode Usage guidelines In order to reduce the link switchover and the loss of the downstream data flow it is necessary to enable the switch of receiving the MAC address update messages on the uplink switch Examples DES 7210 config mac address table move update transit Related commands Command Description mac address table move update transit Enable REUP to receive ...

Page 1105: ...n be restored rapidly Examples DES 7210 config if mac address table update group 2 Related commands Command Description show mac address table update group detail Show the mac address table update group information 59 2 Showing and Monitoring Commands The following commands are included show interfaces interface id switchport backup detail show mac address table update group detail 59 2 1 show int...

Page 1106: ...4 Active Up Backup Standby Interface Pair Gi0 23 Gi0 24 Preemption Mode Off Preemption Delay 35 seconds Bandwidth Gi0 23 1000 Mbits Gi0 24 1000 Mbits 59 2 2 show mac address table update group detail Use this command to show the mac address table update group information show mac address table update group detail Parameter description Parameter Description detail Show the detailed information abou...

Page 1107: ...mands 59 7 Examples DES 7210 show mac address table update group detail Mac address table Update Group 1 Received mac address table update message count 0 Group member Receive Count Last Receive Switch ID Receive Time Gi0 1 0 0000 0000 0000 Gi0 2 0 0000 0000 0000 ...

Page 1108: ......

Page 1109: ... configuration commands include rldp enable rldp detect interval rldp detect max The interface mode configuration commands include rldp port unidirection detect bidirection detect loop detect warning shutdown svi shutdown port block The privilege mode commands include rldp reset 60 1 1 rldp enable Use this command to enable RLDP globally Use the no form of this command to disable the function rldp...

Page 1110: ...form of this command to restore it to the default value rldp detect interval interval no rldp detect interval Parameter description Parameter Description interval Detection interval in the range 2 to 15 seconds Default 3 seconds Command mode Global configuration mode Usage guidelines In the environment where STP is enabled it is recommended that the product of interval multiplying the maximum numb...

Page 1111: ...uidelines This command is used together with the detection interval to specify the maximum number of detections Examples The following example shows how to set the maximum number of detections as 5 DES 7210 config rldp detect max 5 Related commands Command Description rldp detect interval Set the detection interval 60 1 4 rldp port Use this command to enable RLDP on the port and specify detection ...

Page 1112: ...s The RLDP detection on the port takes effect only when the global RLDP is enabled Examples The following example demonstrates how to configure RLDP detection on fas 0 1 specify the detection type as loop detection and troubleshooting method as block DES 7210 config interface fas 0 1 DES 7210 config if rldp port loop detect block Related commands Command Description rldp enable Enable RLDP globall...

Page 1113: ... 2 1 show rldp Use this command to show the RLDP information show rldp interface interface id Parameter description Parameter Description interface id Interface ID Command mode Privileged EXEC mode 60 2 2 debug rldp Use this command to turn on the RLDP service debugging switch The no form of this command is used to turn off the debugging switch debug rldp packet event error undebug rldp packet eve...

Page 1114: ...Chapter 60 RLDP Configuration Command DES 7200 CLI Reference Guide 60 6 Command mode Privileged EXEC mode ...

Page 1115: ...abled Command mode Global configuration mode Usage guidelines The topology protection function is enabled by default so as to protect the network against topology oscillation due to attacks It should be used with the cpu topology limit command Examples The following example shows how to enable and disable the global topology protection function DES 7210 config topology guard DES 7210 config no top...

Page 1116: ...this port will be notified when the CPU utilization of the local device is too high or there are other problems with the local device This command is applicable to the layer 2 switching interfaces and routing interfaces Other interfaces including AP member port do not support this command Examples The following example shows how to configure the topology protection function for the port DES 7210 c...

Page 1117: ... Privileged EXEC mode Usage guidelines This command is used to view the current TPP configuration and port detection Examples The following example shows how to display information about the topology protection function DES 7210 show tpp Related commands Command Description topology guard Enable the topology protection function globally ...

Page 1118: ......

Page 1119: ...lobal configuration mode commands include redundancy The redundant mode commands include auto sync auto sync time period switchover timeout The privileged mode commands include redundancy reload redundancy forceswitch 62 1 1 redundancy Use this command to enter redundancy configuration mode in the global configuration mode redundancy Command mode Global configuration mode Usage guidelines Enter th...

Page 1120: ...up config Parameter description Parameter Description standard Synchronize all the system files running config Synchronize the runtime configuration files startup config Synchronize the startup configuration files Default All the files are synchronized by default Command mode Redundancy configuration mode Usage guidelines Generally the standard synchronization should be used if there is no special...

Page 1121: ...eriod interval second Default Auto sync with 1 hour 3600 seconds time period interval Command mode Redundancy configuration mode Usage guidelines Use standard synchronization if there is no particular demand Examples The following example only synchronizes startup config file DES 7210 config redundancy DES 7210 config rdnd auto sync time period 60 Redundancy auto sync time period enabled 60 second...

Page 1122: ...mmand mode Redundancy configuration mode Usage guidelines When the slave device has not received a heartbeat message of the master device within the timeout period the switchover will occur If you are not sure do no modify the default value Examples DES 7210 config terminal DES 7210 config redundancy DES 7210 config rdnd DES 7210 config rdnd switchover timeout 4000 DES 7210 config rdnd exit DES 72...

Page 1123: ...C mode use this command to enforce Slave supervisor engine to switchover redundancy forceswitch Parameter description N A Command mode Privileged EXEC mode Usage guidelines This command allows you to select the slot in which the supervisor engine serves as the master supervisor engine and that as the slave supervisor engine or the slot in which the supervisor engine is superior to that in another ...

Page 1124: ...description Parameter Description states Show the redundancy status of the master or the slave devices Default N A Command mode User mode or privileged EXEC mode Usage guidelines N A Examples DES 7210 enable DES 7210 configure terminal Enter configuration commands one per line End with CNTL Z DES 7210 show redundancy states Redundancy stats My state 19 ACTIVE peer state 37 STANDBY HOT 62 2 2 show ...

Page 1125: ...w redundancy auto sync Redundancy auto sync mode auto sync standard 62 2 3 show redundancy switchtimeout Use show redundancy switchtimeout command to show current redundanct switchover timeout time in user EXEC or privileged EXEC mode Default N A Command mode User mode or Privileged EXEC mode Examples DES 7210 enable DES 7210 show redundancy switchtimeout redundancy switch timeout is 4000 ms ...

Page 1126: ......

Page 1127: ...ds 63 1 Configuration Related Commands The file system provides the following commands cd cp is makefs mkdir mv pwd rm rmdir 63 1 1 cd Use this command to enter the specified directory cd directory Parameter description Parameter Description directory Specified directory Default N A Command mode Privileged EXEC mode ...

Page 1128: ...tory DES 7210 cd tmp Related commands Command Description ls Show the contents in the current directory 63 1 2 cp Use this command to copy a file to the specified file or directory cp dest destine_file directory sour source_file cp sour source_file dest destine_file directory Parameter description Parameter Description destine_file Destination file directory Destination file or directory source_fi...

Page 1129: ...nd mode Privileged EXEC mode Usage guidelines Enter the specified directory to show the information of all the files in that directory If no parameter is specified the information of the files in the current directory is shown by default This command does not support wildcard Examples Show the information of all the files in the current directory DES 7210 ls Show the information of all the files i...

Page 1130: ...iles on the devices you can use this command to clear all the data on the device Examples See the following example If the jffs2 is the file system to be used and the dev mtdblock 1 is the device to be managed by the file system DES 7210 makefs dev dev mtdblock 1 fs jffs2 63 1 5 mkdir Use this command to create a directory mkdir directory Parameter description Parameter Description directory Name ...

Page 1131: ...pecified file to the standard output device according to the parameters inputted on the command line Pay attention to the following two points a Input of the keywords for example type and file b Use of the help key If you are not sure which parameter to input you can press the key to show the prompt message Examples The following example moves the log txt to the upeer level directory and renames i...

Page 1132: ...ncluding the path Default N A Command mode Privileged EXEC mode Usage guidelines This command does not support the wildcard and the deletion across file systems and across partitions In addition if a hard connection or symbol connection is deleted the contents of the file are not affected Examples Delete the log txt file in the current directory DES 7210 rm log txt Related commands Command Descrip...

Page 1133: ...be empty Default N A Command mode Privileged EXEC mode Usage guidelines This command does not support the wildcards and the directory to be deleted must be empty Since this command supports abbreviations you can also use the rm command to delete empty directories Examples If there is tmp directory in the current directory and the directory does not contain any files DES 7210 rmdir tmp DES 7210 ls ...

Page 1134: ......

Page 1135: ...system memory state and usage information including the system physical memory amount the number of free pages in the current system the free memory statistics Examples DES 7210 show memory System Memory Statistic Free pages 13031 watermarks min 378 lower 756 low 1534 high 1912 System Total Memory 128MB Current Free Memory 54892KB Used Rate 58 The above information includes the following parts 1 F...

Page 1136: ...the overflow state the routers do not learn new routes any more The commands are not allowed to be executed when the memory lacks high A plenty of memory resources Each route protocol attempts to restore the state from OVERFLOW to normal 3 System total memory current free memory and used rate 64 1 2 memory lack exit policy Use this command to set the exit policy of the upper route protocol when th...

Page 1137: ...es The user can configure the BGP exit policy when the memory lacks Specifying the disabled route protocol to take precedence to exit the policy can not help the system obtain enough memory resources Note The exit policy is used to protect the important network services to some degree All route protocols will exit if more memory resources are exhausted 2 minutes later the route protocol will be at...

Page 1138: ...cols Note Different switches and versions support different route protocols The main route protocols are BGP OSPF RIP LDP PIM ISIS ect Examples This example shows the result of the command show memory protocols DES 7210 config show memory protocols protocol memory byte BGP 102000000 OSPF 24000000 RIP 10000000 PIM 50000000 LDP 20000000 Total 206000000 Related commands Command Description show memor...

Page 1139: ... show cpu Command mode Privileged EXEC mode Usage guidelines Use this command to show the system CPU utilization information in 5sec 1 min and 5 min and the CPU utilization of every task in 5sec 1 min and 5 min Examples DES 7210 show cpu CPU Using Rate Information CPU utilization in five seconds 25 CPU utilization in one minute 20 CPU utilization in five minutes 10 NO 5Sec 1Min 5Min Process 0 0 0 ...

Page 1140: ...sk 20 0 0 0 secu_policy_task 21 0 0 0 dhcpa_task 22 0 0 0 dhcpsnp_task 23 0 0 0 igmp_snp 24 0 0 0 mstp_event 25 0 0 0 GVRP_EVENT 26 0 0 0 rldp_task 27 0 2 1 rerp_task 28 0 0 0 reup_event_handler 29 0 0 0 tpp_task 30 0 0 0 ip6timer 31 0 0 0 rtadvd 32 0 0 0 tnet6 33 2 0 0 tnet 34 0 0 0 Tarptime 35 0 0 0 gra_arp 36 0 0 0 Ttcptimer 37 8 1 0 ef_res 38 0 0 0 ef_rcv_msg 39 0 0 0 ef_inconsistent_daemon 40...

Page 1141: ...k_daemon 64 0 0 0 pbr_guard 65 0 0 0 vrrpd 66 0 0 0 psnpd 67 0 0 0 igsnpd 68 0 0 0 coa_recv 69 0 0 0 co_oper 70 0 0 0 co_mac 71 0 0 0 radius_task 72 0 0 0 tac _acct_task 73 0 0 0 tac _task 74 0 0 0 dhcpd_task 75 0 0 0 dhcps_task 76 0 0 0 dhcpping_task 77 0 0 0 dhcpc_task 78 0 0 0 uart_debug_file_task 79 0 0 0 ssp_init_task 80 0 0 0 rl_listen 81 0 0 0 ikl_msg_operate_thread 82 0 0 0 bcmDPC 83 0 0 0...

Page 1142: ...mic_pause_detect 110 1 1 1 stat_get_and_send 111 0 1 0 rl_con 112 75 80 90 idle In the list above the first 3 lines indicates the system CPU utilization in 5sec 1min and 5min including LISR HISR and task Then it describes the detailed CPU utilization distribution No Sequence number 5Sec CPU utilization of the tasks in 5sec 1Min CPU utilization of the tasks in 1min 5Min CPU utilization of the tasks...

Page 1143: ...uidelines Use this command to configure the low and high threshold of the cpu log utilization limit manually When the CPU using rate is more than the high threshold it prompts the message but if the CPU using rate exceeds the high threshold continuously it only prompts the message for one time When the CPU using rate is less than the low threshold it prompts the message and advertises that the cur...

Page 1144: ...ing most cpu s task is ktimer 94 The console prompts as follows when the CPU utilization rate is less than 70 Oct 20 15 47 01 SYSCHECK 5 CPU_USING_RATE CPU utilization in one minute 68 Using most cpu s task is ktimer 60 Oct 20 15 47 01 SYSCHECK 5 CPU_USING_RATE The CPU using rate has down ...

Page 1145: ...devices Command mode Global configuration mode Usage guidelines DES 7200 can not only show the log information in the Console window and VTY window but also record it in different equipments such as the memory buffer the FLASH and Syslog Server This command is the total log switch If this switch is turned off no log will be displayed or recorded unless the severity level is greater than 1 Examples...

Page 1146: ...d on the VTY window Command mode Privileged EXEC mode Usage guidelines This command only sets the temporary attributes of the current VTY As the temporary attribute it is not stored permanently At the end of the VTY terminal session the system will use the default setting and the temporary setting is lost Note For easy management the DES 7200 allows the use the command on the console The no form o...

Page 1147: ...To show the log information in the memory buffer run show logging at the privileged user level The logs in the memory buffer are temporary and will be cleared in case of device restart or the execution of command clear logging by privileged user To trace a problem it is required to record logs in flash or send them to Syslog Server The log information of the DES 7200 is classified into the followi...

Page 1148: ...buffer 66 1 4 Logging server Use this command to record the logs in the specified Syslog Sever The no form of the command disables the function logging server ip address vrf vrf name ipv6 ipv6 address no logging server ip address vrf vrf name ipv6 ipv6 address Parameter description Parameter Description ip address Receive IP address of the log server vrf vrf name Specify VRF VPN device forwarding ...

Page 1149: ...g server 66 1 5 logging file flash Use this command to record logs in the flash The no format of the command disables the function logging file flash filename max file size level no logging file Parameter description Parameter Description filename Name of the log file of txt type max file size Maximal size of the log file in the range 128K to 6M bytes 128K bytes by default level The severity of lo...

Page 1150: ... of the new file based on the original filename in the format of filename_number with the suffix txt The maximum number is 15 The first file will be overwritten if the number reaches 15 Therefore up to 16 files will be generated in the FLASH when configuring the command to write one syslog to the FLASH Examples The example below records the logs in flash with the name trace txt file size 64K and l...

Page 1151: ...og Examples The example below sets the severity of log that is allowed to be displayed on the console as 6 DES 7210 config logging console informational Related commands Command Description logging on Record logs on different devices show logging Show the logs and related log configuration parameters in the buffer 66 1 7 logging monitor Use this command to set the severity of logs that are allowed...

Page 1152: ...TY window as 6 DES 7210 config logging monitor informational Related commands Command Description logging on Record logs on different devices show logging Show the logs and related log configuration parameters in the buffer 66 1 8 logging trap Use this command to set the severity of logs that are allowed to be sent to the syslog server The no format of the command restores it to the default value ...

Page 1153: ...fig logging 202 101 11 22 DES 7210 config logging trap informational Related commands Command Description logging on Reocrd logs on different devicds logging Record logs to the Syslog server show logging Show the logs and related log configuration parameters in the buffer 66 1 9 logging source interface Use this command to configure the source interface of logs The no format of the command restore...

Page 1154: ... server 66 1 10 logging source ip ipv6 Use this command to configure the source IP address of logs The no format of the command restores it to the default value logging source ip ip address ipv6 ipv6 address no logging source ip ipv6 Parameter description Parameter Description ip address Specify the source IPV4 address sending the logs to IPV4 log server ipv6 address Specify the source IPV6 addres...

Page 1155: ...ormat of the command restores it to the default device value 23 logging facility facility type no logging facility Parameter description Parameter Description facility type Syslog device value Default configuration Local7 23 Command mode Global configuration mode Usage guidelines The following table Table 56 2 is the possible device value of Syslog Numerical Code Facility 0 kernel messages 1 user ...

Page 1156: ...ocal6 23 local use 7 local7 The default device value of DES 7200 is 23 local 7 Examples Following is to set the device value of Syslog as kernel DES 7210 config logging facility kern Related commands Command Description logging console Set the severity of logs that are allowed to be displayed on the console 66 1 12 logging count Use this command to enable the log statistics function The no format ...

Page 1157: ...e log rate limit function to limit the output logs in a second in the global configuration mode The no form of this command disables log rate limit function logging rate limit number all number console number all number except severity no logging rate limit Parameter description Parameter Description number The number of logs processed in a second with the range from 1 to 10000 all Set rate limit ...

Page 1158: ... Command Description show logging count Show the log statistics show logging Show the logs in the buffer 66 1 14 logging synchronous Use this command to enable synchronization function of user input and log output in the line configuration mode to prevent the user from interrupting when keying in the characters The no form of this command disables this function logging synchronous no logging synch...

Page 1159: ...DES 7210 configue terminal the input command by the user is output again rather than being intererupted Related commands Command Description show running config View the configuration 66 1 15 service sequence numbers Use this command to attach sequential numbers into the logs The no format of the command removes the sequential numbers in the logs service sequence numbers no service sequence number...

Page 1160: ...arameter Description message type The type of log including Log and Debug The log type means the log information with severity levels of 0 to 6 The debug type means that with severity level 7 uptime Device start time in the format of Day Hour Minute Second for example 07 00 10 41 datetime Current time of the device in the format of Month Date Hour Minute Second for example Jul 27 16 53 07 msec Cur...

Page 1161: ...isecond display DES 7210 config service timestamps debug datetime msec DES 7210 config service timestamps log datetime msec DES 7210 config end DES 7210 config Oct 8 23 04 58 301 SYS 5 CONFIG I configured from console by console Related commands Command Description logging on Record logs on different devices service sequence numbers Attach sequential number to logs 66 1 17 service sysname Use this...

Page 1162: ...he logs in the buffer 66 1 18 more flash Use this command to show the contents of the logs stored in the FLASH more flash filename Parameter description Parameter Description filename Log file name Command mode Privileged EXEC mode Usage guidelines In the FLASH the log file means the files with the prefix f2 f3 This command only allows you to view the log files You cannot use this command to view ...

Page 1163: ... packets from the memory buffer You cannot clear the statistics of the log packets Examples The following example clears the log packets from the memory buffer DES 7210 clear logging Related commands Command Function logging on Record logs on different devices show logging Show the logs in the buffer logging buffered Record the logs to the memory buffer 66 2 Showing Related Command 66 2 1 show log...

Page 1164: ...01 2004 11 17 10 20 59 DES 7210 7 LINK CHANGED Interface FastEthernet 0 0 changed state to up 00002 2004 11 17 10 20 59 DES 7210 7 LINE PROTOCOL CHANGE Interface FastEthernet 0 0 changed state to UP 00003 2004 11 17 10 57 18 DES 7210 7 LINK CHANGED Interface FastEthernet 0 1 changed state to administratively down 00004 2004 11 17 10 57 21 DES 7210 7 LINK CHANGED Interface FastEthernet 0 1 changed ...

Page 1165: ...66 2 2 show logging count Use this command to show the log statistics show logging count Parameter description N A Command mode Privileged EXEC mode Usage guidelines To use the log packet statistics function run logging count in the global configuration mode The show logging count can show the information of a log occurrence times and the last occurrence time You can use show logging to check whet...

Page 1166: ...nfiguration Commands DES 7200 CLI Reference Guide 66 22 Related commands Command Function logging count Enable the log statistics function show logging Show the logs in the buffer clear logging Clear the logs in the buffer ...

Page 1167: ...dule detail show version slots reset module slot num 67 1 1 install slot num moduletype Use this command to install the module manually install slot num moduletype Parameter description Parameter Description slot num Slot number moduletype Module type Command mode Global configuration mode Usage guidelines This command is used to install the module driver manually After the installation all config...

Page 1168: ... Configured Module Type M8606 24SFP 12GT Ports 24 Version DES 7210 Related commands Command Description no install slot num Uninstall the module in the slot show version module detail Show the detailed information of a module show version slots Show slot details 67 1 2 no install slot num Use this command to unistall the module manually no install slot num Parameter description Parameter Descripti...

Page 1169: ...Device 1 Slot 2 User Status none Software Status none Online Module Type Ports 0 Version Configured Module Type Ports Version DES 7210 Related commands Command Description install slot num moduletype Install a module in the slot show version slots Show slot details 67 1 3 remove configuration module slot num Use this command to remove the module configurations remove configuration module slot num ...

Page 1170: ...d mode Privileged EXEC mode Examples DES 7210 reset module 4 67 2 Showing Related Command 67 2 1 show version module detail module num Use this command to show the details of the module show version module detail module num Parameter description Parameter Description module num Optional Module number Command mode Privileged EXEC mode Examples DES 7210 show version module detail 2 Device 1 Slot 2 U...

Page 1171: ... description Parameter Description num Optional Slot number Command mode Privileged EXEC mode Examples DES 7210 show version slots Dev Slot Configured Module Online Module User Status Software Status 1 1 none none 1 2 M8606 24SFP 12GT M8606 24SFP 12GT installed none 1 3 M8606 2XFP M8606 2XFP uninstalled cannot startup 1 4 M8606 24GT 12SFP M8606 24GT 12SFP installed ok 1 M1 M8606 CM M8606 CM master...

Page 1172: ......

Page 1173: ... no form of this command to restore the default value lcd trap number num no lcd rap number Parameter description Parameter Description num An integer in the range of 1 to1000 Default configuration The default value is 100 Command mode Global configuration mode Usage guidelines Use this command to view the recently generated alarms By default 100 latest alarms are displayed You can use this comman...

Page 1174: ...d memory rate rising threshold num Parameter description Parameter Description num An integer in the range of 1 to 100 Default configuration The default value is 80 Command mode Global configuration mode Usage guidelines If the num is 80 the result of show running config does not show the memory rate rising threshold 80 Examples DES 7210 config memory rate rising threshold 60 ...

Page 1175: ...emove command 69 1 1 show usb Use this command to show the information about the inserted USB device in the system show usb Default N A Command mode Privileged EXEC mode Usage guidelines Device information is displayed if there is a USB device Otherwise there is no output Examples The following example shows the information about the USB device DES 7210 sh usb Device USB Mass Storage Device ID 778...

Page 1176: ...tion Parameter Description device_ID Device ID of USB to be removed Default N A Command mode Privileged EXEC mode Usage guidelines Before pulling out the USB device you need to remove the device using a command so as to prevent errors that may occur because the system is using the device If the device is removed successfully the system will show a prompt when you can pull out the device If the dev...

Page 1177: ...nnect mode mode 70 1 1 poe enable Use this command to enable the POE Power over Ethernet function on the interface Use the no form of this command to disable this function poe enable no poe enable Command mode Interface configuration mode Examples DES 7210 config if poe enable DES 7210 config if no poe enable 70 1 2 poe power lower lower Use this command to the minimum allowed voltage Use the no f...

Page 1178: ...10 config poe power lower 46000 DES 7210 config end 70 1 3 poe power upeer upper Use this command to the maximum allowed voltage Use the no form of this command to restore to the default value poe power upper upper no poe power upper Parameter description Parameter Description upper Maximum allowed voltage within the range 55000 to 57000 mv Command mode Global configuration mode Examples The follo...

Page 1179: ...ac dc Command mode Global configuration mode Examples Set the disconnect detection mode of the current POE system as dc DES 7210 configure DES 7210 config poe disconnect mode dc DES 7210 config end 70 2 Show Related Command There are the following POE showing commands show poe interfaces show poe powersupply 70 2 1 show poe interfaces Use this command to view the POE status on the interface show p...

Page 1180: ...e 48082 mV Port trouble cause normal 70 2 2 show poe powersupply Use this command to view the POE power supply status show poe powersupply Command mode Privileged EXEC mode Examples DES 7210 show poe powersupply PSE Total Power 379971 mW PSE Total Power Consumption 0 mW PSE Available Power 379971 mW PSE Peak Value 0 mW PSE Min Allow Voltage 45000 mV PSE Max Allow Voltage 57000 mV PSE Disconnect Se...

Search results

Summary of Contents for DES-7200

Reviews:

Related manuals for DES-7200

Brands by name

Popular brands

D-Link DES-7200, Cli Reference Manual

Search results

Summary of Contents for DES-7200

Reviews:

Related manuals for DES-7200

Brands by name

Popular brands