Home
/
D-Link
/
DGS-3700 Series
/
Reference Manual

D-Link DGS-3700 Series, Reference Manual

Share

538 pages before
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557

Page: 553 / 557

D-Link DGS-3700 Series Reference Manual Download Page 553

DGS-3700 Series Layer 2 Managed Gigabit Ethernet Switch CLI Reference Guide

Page | 553

or modify the data before forwarding it (man-in-the-middle attack). The hacker cheats the victim PC that it
is a router and cheats the router that it is the victim. As can be seen in Figure 5 all traffic will be then sniffed
by the hacker but the users will not discover.

P

REVENT

ARP

S

POOFING VIA

P

ACKET

C

ONTENT

ACL

D-Link managed switches can effectively
mitigate common DoS attacks caused by
ARP spoofing via a unique Package Content
ACL.

For the reason that basic ACL can only filter
ARP packets based on packet type, VLAN
ID, Source, and Destination MAC
information, there is a need for further
inspections of ARP packets. To prevent ARP
spoofing attack, we will demonstrate here
via using Packet Content ACL on the Switch
to block the invalid ARP packets which
contain faked gateway’s MAC and IP
binding.

«
...
551
552
553
554
555
...
»

Summary of Contents for DGS-3700 Series

Page 1: ...DGS 3700 Series Layer 2 Managed Gigabit Ethernet Switch CLI Reference Guide Page 1 CLI Reference Guide Product Model DGS 3700 Series Layer 2 Managed Gigabit Ethernet Switch Release 2 00 ...

Page 2: ...Corporation is strictly forbidden Trademarks used in this text D Link and the D LINK logo are trademarks of D Link Corporation Microsoft and Windows are registered trademarks of Microsoft Corporation Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products D Link Corporation disclaims any proprietary interest in tr...

Page 3: ...Engine Commands 127 sFlow Commands 129 SNMP Commands 137 Switch Port Commands 160 Time and SNTP Commands 165 Layer 2 Features Section 171 BPDU Attack Protection Commands 171 Ethernet Ring Protection Switching ERPS Commands 175 Filter DHCP Server NetBIOS Commands 183 Forwarding Database Commands 188 IGMP Multicast VLAN Commands 194 IGMP Snooping Commands 202 IPMC Commands 218 Layer 2 Protocol Tunne...

Page 4: ... IP MAC Port Binding IMPB Commands 424 MAC based Access Control Commands 442 Compound Authentication Commands 454 SSH Commands 460 SSL Commands 467 Web based Access Control Commands 472 Network Application Section 481 DHCP Local Relay Commands 481 DHCP Relay Commands 484 DHCP Server Commands 498 Object Access Method OAM Section 511 CFM EXTENSION ITU T Y 1731 511 Connectivity Fault Management Comma...

Page 5: ...resent in this manual may refer to either member of this series and may show different port counts but are universal to this series of switches unless otherwise stated Configuration and management of the Switch via the Web based management agent is discussed in the User Guide NOTE For the remainder of this manual the DGS 3700 12 DGS 3700 12G switches will be referred to as simply the Switch or the...

Page 6: ...it Ethernet Switch Command Line Interface Firmware Build 2 00 B023 Copyright C 2009 D Link Corporation All rights reserved UserName There is no initial username or password Just press the Enter key twice to display the CLI input cursor DGS 3700 12 5 This is the command line where all commands are input ...

Page 7: ...the Switch must be set before it can be managed with the Web based manager The Switch IP address can be automatically set using BOOTP or DHCP protocols in which case the actual address assigned to the Switch must be known The IP address may be set using the Command Line Interface CLI over the console serial port as follows 1 Starting at the command line prompt enter the commands config ipif System...

Page 8: ... statistic counter clear log clear mac_based_access_control auth_mac clear mld_snooping data_driven_group clear mld_snooping statistic counter clear port_security_entry clear vlan_counter statistics CTRL C ESC q Quit SPACE n Next Page ENTER Next Entry a All When users enter a command without its required parameters the CLI will prompt users with a Next possible completions message DGS 3700 12 5 co...

Page 9: ...he help prompts are the same as presented in this manual angle brackets indicate a numerical value or character string braces indicate optional parameters or a choice of parameters and brackets indicate required parameters If a command is entered that is unrecognized by the CLI the top level commands will be displayed under the Available commands prompt DGS 3700 12 5 the Available commands cable_d...

Page 10: ...st_addr link_aggregation lldp local_loopback log log_save_timing loopdetect mac_based_access_control mac_based_access_control_local mac_based_vlan mac_notification max_mcast_group mcast_filter_profile mef_l2_protocols mgmt_pkt_priority mirror mld_snooping multicast multicast_fdb out_band_ipif packet port port_security port_security_entry port_vlan ports pvid qinq radius router_ports rspan safeguar...

Page 11: ...CKETS Purpose Encloses a required value or set of required arguments One value or argument can be specified Syntax create vlan_counter vlan vlan_name vlanid vidlist ports portlist all all_frame broadcast multicast unicast packet byte Description In the above syntax example users must specify either an admin or a user level account to be created Do not type the square brackets Example Command creat...

Page 12: ... the previously entered command Each time the up arrow is pressed the command previous to that displayed appears This way it is possible to review the command history for the current session Use the down arrow to progress sequentially forward through the command history list Down Arrow The down arrow will display the next command in the command history entered in the current session This displays ...

Page 13: ...tion When a port is in link up status the diagnostic will obtain the distance of the cable Since the status is link up the cable will not have any problem Since this diagnostic is for copper cable the port with fiber cable will be skipped from the diagnostic If the link is up the abnormal results won t be shown and the cable length item indicates the length of the cable If the link is down the rea...

Page 14: ...5 cable_diag ports 1 7 Command cable_diag ports 1 7 Perform Cable Diagnostics Port Type Link Status Test Result Cable Length M 1 GE Link Down No Cable 2 GE Link Down No Cable 3 GE Link Up OK 55 4 GE Link Down No Cable 5 GE Link Down No Cable 6 GE Link Down No Cable 7 GE Link Up OK 5 DGS 3700 12 5 ...

Page 15: ...sted along with the appropriate parameters in the following table COMMAND PARAMETERS config ddm log enable disable config ddm trap enable disable config ddm ports portlist all temperature_threshold voltage_threshold bias_current_threshold tx_power_threshold rx_power_threshold high_alarm float low_alarm float high_warning float low_warning float 1 state enable disable shutdown alarm warning none 1 ...

Page 16: ...t 1 state enable disable shutdown alarm warning none 1 Description This command is used to configure a DDM threshold or action Parameters portlist Specify a range of ports to be configured all Specify to configure all ports temperature_threshold Specify the temperature thresholds of the specified ports voltage_threshold Specify the voltage thresholds of the specified ports bias_current_threshold S...

Page 17: ...ower threshold when the operating parameter rises above this value action associated with warning is taken The range of this parameter is 0 to 6 5535 mW For the received power threshold when the operating parameter rises above this value action associated with warning is taken The range of this parameter is 0 to 6 5535 mW low_warning Specify low threshold for warning For the temperature threshold ...

Page 18: ...ccess DGS 3700 12 5 To configure port 9 s voltage threshold DGS 3700 12 5 config ddm ports 9 voltage_threshold high_alarm 4 25 low_alarm 2 5 high_warning 3 5 low_warning 3 Command config ddm ports 9 voltage_threshold high_alarm 4 25 low_alarm 2 5 high_warning 3 5 low_warning 3 Success DGS 3700 12 5 To configure port 9 s bias current threshold DGS 3700 12 5 config ddm ports 9 bias_current_threshold...

Page 19: ...00 12 5 show ddm Command show ddm DDM Log Enabled DDM Trap Disabled Success DGS 3700 12 5 show ddm ports Purpose To display DDM status or configuration Syntax show ddm ports portlist status configuration Description This command is used to display DDM status or configuration The configuration parameter displays the current configurations of the SFP modules There are two types of threshold the admi...

Page 20: ...Guide Page 20 show ddm ports Restrictions None Example usage To display the DDM status for ports 8 to 12 DGS 3700 12 5 show ddm ports 8 12 Command show ddm ports 8 12 Port Temperature Voltage Bias Current TX Power RX Power in Celsius V mA mW mW 8 9 10 11 12 DGS 3700 12 5 ...

Page 21: ...can only operate in one loop back mode at a time When external an loop back mode is enabled the MAC PHY is set to external loop back mode When external loop back mode is disabled the MAC PHY reverts to normal operation Parameters ports portlist all The port s to be set mac phy Select the layer on which the loop back is performed medium_type Specify the medium on which the loop back test is taken f...

Page 22: ... is used to display local loop back configurations on the Switch Parameters ports portlist all The port s to be set Restrictions None Example usage To show loop back configuration DGS 3700 12 5 show local_loopback ports 1 9 Command show local_loopback ports 1 9 Port Loopback Mode 1 None 2 None 3 None 4 None 5 None 6 None 7 None 8 None 9 Internal PHY Fiber DGS 3700 12 5 ...

Page 23: ...ble password encryption show session show switch show device_status show environment config temperature trap log state enable disable config temperature threshold high temperature low temperature show serial_port config serial_port baud_rate 9600 19200 38400 115200 auto_logout never 2_minutes 5_minutes 10_minutes 15_minutes enable clipaging disable clipaging enable telnet tcp_port_number 1 65535 d...

Page 24: ...Used to change the password of user existing accounts Syntax config account username encrypt plain_text sha_1 password Description When the password information is not specified in the command the system will prompt the user to input the password interactively For this case the user can only input the plain text password If the password is present in the command the user can select to input the pa...

Page 25: ... Example usage To display the accounts that have been created DGS 3700 12 5 show account Command show account Current Accounts Username Access Level dlink Admin Total Entries 1 DGS 3700 12 5 delete account Purpose Used to delete an existing user account Syntax delete account username Description This command is used to delete an existing account Parameters username Name of the user who will be del...

Page 26: ...ommand enable password encryption Success DGS 3700 12 5 disable password encryption Purpose Used to disable password encryption Syntax disable password encryption Description The user account configuration information will be stored in the configuration file and can be applied to the system later If the password encryption is enabled the password will be in encrypted form when it is stored in the ...

Page 27: ...ommand Example usage To display a list of current logged in users DGS 3700 12 5 show session Command show session ID Live Time From Level Name 8 00 00 16 250 Serial Port 5 Anonymous Total Entries 1 CTRL C ESC q Quit SPACE n Next Page p Previous Page r Refresh show switch Purpose Used to display general information about the Switch Syntax show switch Description This command is used to display info...

Page 28: ...Enabled TCP 23 Web Enabled TCP 80 SNMP Disabled SSL Status Disabled CTRL C ESC q Quit SPACE n Next Page ENTER Next Entry a All show device_status Purpose Used to display the current Switch power temperature and fan status Syntax show device_status Description This command is used to display status of both the Switch s internal and external power temperature and fan status Parameters None Restricti...

Page 29: ...mperature trap or log state Syntax config temperature trap log state enable disable Description This command is used to configure the warning temperature trap or log state Parameters trap Specify to configure the warning temperature trap log Specify to configure the warning temperature log state Enable or disable either the trap or log state for a warning temperature event The default state is ena...

Page 30: ...ow Specify the low threshold value Restrictions Only Administrator and Operator level users can issue this command Example usage To configure a warming temperature threshold high of 80 DGS 3700 12G 5 config temperature threshold high 80 Command config temperature threshold high 80 Success DGS 3700 12G 5 show serial_port Purpose Used to display the current console port settings Syntax show serial_p...

Page 31: ...t for 15 minutes Restrictions Only Administrator and Operator level users can issue this command Example usage To configure baud rate DGS 3700 12 5 config serial_port baud_rate 115200 Command config serial_port baud_rate 115200 Success DGS 3700 12 5 enable clipaging Purpose Used to pause the scrolling of the console screen when a command displays more than one page Syntax enable clipaging Descript...

Page 32: ...2 5 disable clipaging Command disable clipaging Success DGS 3700 12 5 enable telnet Purpose Used to enable communication with and management of the Switch using the Telnet protocol Syntax enable telnet tcp_port_number 1 65535 Description This command is used to enable the Telnet protocol on the Switch The user can specify the TCP or UDP port number the Switch will use to listen for Telnet requests...

Page 33: ...itch will use to listen for Telnet requests Parameters tcp_port_number 1 65535 The TCP port number TCP ports are numbered between 1 and 65535 The well known port for the Web based management software is 80 Restrictions Only Administrator and Operator level users can issue this command Example usage To enable HTTP and configure port number DGS 3700 12 5 enable web 80 Command enable web 80 Success D...

Page 34: ...ntax reboot force_agree Description This command is used to restart the Switch Parameters force_agree When force_agree is specified the reboot command will be executed immediatedly without further confirmation Restrictions Only Administrator level users can issue this command Example usage To restart the Switch DGS 3700 12 5 reboot Command reboot Are you sure you want to proceed with the system re...

Page 35: ...all of the Switch s parameters to their default values DGS 3700 12 5 reset config Command reset config Are you sure you want to proceed with system reset y n y Success DGS 3700 12 5 login Purpose Used to log in a user to the Switch s console Syntax login Description This command is used to initiate the login procedure The user will be prompted for a Username and Password Parameters None Restrictio...

Page 36: ...0 12 5 clear Command clear config terminal width Purpose To configure the terminal width Syntax config terminal width Description This command is used to configure the terminal width Parameters default Specify the default terminal width value value 80 200 Specify a terminal width value between 80 and 200 characters Restrictions None Example usage To configure the terminal width DGS 3700 12 5 confi...

Page 37: ...debug stp show information debug stp state disable enable debug dhcpv6_relay state enable disable debug dhcpv6_relay output buffer console debug dhcpv6_relay packet all receiving sending state enable disable debug dhcpv6_relay hop_count state enable disable debug dhcpv6_client output buffer console packet all state enable disable receiving state enable disable sendingstate enable disable state ena...

Page 38: ...isplay the debug buffer s state or dump and clear or upload the debug buffer to TFTP server Syntax debug buffer utilization dump clear upload_toTFTP ipaddr path_filename 64 Description Display the debug buffer s state or dump and clear or upload the debug buffer to TFTP server The buffer here refers to the module debug message stored in RAM Parameters utilization Display the debug buffer s state d...

Page 39: ...Done DGS 3700 12 5 debug config state Purpose To set the debug state Syntax debug config state enable disable Description This command is used to set the debug state Parameters enable Enable the debug state disable Disable the debug state Restrictions Only Administrator level users can issue this command Example usage To enable the debug state DGS 3700 12 5 debug config state enable Command debug ...

Page 40: ... debug message output to debug buffer or local console Syntax debug output module module_list buffer console all buffer console Description This command is used to set a specified module s debug message output to debug buffer or local console If the user uses the command in a Telnet session the error message also is output to the local console Parameters module module_list Specify the module list ...

Page 41: ...MSTP Debug Global State Enabled MSTP Disabled DGS 3700 12 5 To show the debug state DGS 3700 12G 5 debug show status Command debug show status Debug Global State Enabled MSTP Disabled IMPB Disabled ERPS Disabled DGS 3700 12G 5 debug stp clear counter Purpose To clear the STP counters Syntax debug stp clear counter ports portlist all Description This command is used to clear the STP counters Parame...

Page 42: ...debug level to brief detail Sets the debug level to detail Restrictions Only Administrator and Operator level users can issue this command Example usage To configure the per port STP debug level DGS 3700 12 5 debug stp config ports all all state brief Command debug stp config ports all all state brief Success DGS 3700 12 5 debug stp show counter Purpose To display the STP counters Syntax debug stp...

Page 43: ...age r Refresh debug stp show flag Purpose To display the per port STP debug level Syntax debug stp show flag ports portlist Description This command is used to display the per port STP debug level Parameters ports portlist Specify the STP ports to display If no parameter is specified all ports on the switch will be displayed Restrictions Only Administrator and Operator level users can issue this c...

Page 44: ...ge 59863 5A FF 39 F6 3B 38 External Root Cost 465303671 Regional Root Bridge 57299 FB DB 71 FF 5F BA Internal Root Cost 403276225 Designated Bridge 58939 69 B7 1E FB 5E 1F Designated Port 21995 Message Age 29175 Max Age 22950 Forward Delay 39295 Hello Time 59827 CTRL C ESC q Quit SPACE n Next Page p Previous Page r Refresh debug stp state Purpose To configure the STP debug state Syntax debug stp s...

Page 45: ..._relay output Purpose This command is used to set the debug message to output to the buffer or the console Syntax debug dhcpv6_relay output buffer console Description This command is used to set the debug message to output to the buffer or the console Parameters output See below buffer Let the debug message output to buffer console Let the debug message output to console Restrictions Only Administ...

Page 46: ...t option Restrictions Only Administrator and Operator level users can issue this command Example usage To enable the DHCPv6 Relay hop count debugging DGS 3700 12G 5 debug dhcpv6_relay hop_count state enable Command debug dhcpv6_relay hop_count state enable Success DGS 3700 12G 5 debug dhcpv6_client Purpose This command is used to configure the DHCPv6 client debugging state Syntax debug dhcpv6_clie...

Page 47: ... DGS 3700 12G 5 debug show error_reboot state Purpose Use the command to show the error reboot status Syntax debug show error_reboot state Description Show the error reboot status Parameters None Restrictions Only Administrator and Operator level users can issue this command Example usage To show the error reboot status DGS 3700 12G 5 debug show error_reboot state Command debug show error_reboot s...

Page 48: ...ss after the system has booted up successfully and loaded the runtime image to 100 Boot Procedure V1 00 B002 Power On Self Test 100 MAC Address 00 80 C2 11 22 00 H W Version A1 Please wait loading V2 00 B023 Runtime image 100 Password Recovery Mode _ reset config Purpose Used to reset the configuration Syntax reset config force_agree Description This command is used to reset the configuration para...

Page 49: ...ete the created account Syntax reset account Description This command is used to delete all of the created user accounts The banner messages for password recover mode is Password Recovery Mode Parameters None Restrictions This command is only available in password recovery mode Example usage To reset or delete an account reset account Command reset account Success reset password Purpose Used to re...

Page 50: ...he created account Syntax show account Description This command is used to display all already created accounts Parameters None Restrictions None Example usage To view the created account show account Command show account Current Accounts Username Password Access Level admin Empty Admin user1 Empty user Total Entries 2 ...

Page 51: ...turns off and wakes up once a second to send a single link pulse When the port is turned off a simple receive energy detect circuit is continuously monitoring energy on the cable At the moment when energy is detected the port turns on fully per IEEE specification requirements The power saving function is performed while no link is detected and it will not effect the port capabilities while it is l...

Page 52: ...DGS 3700 Series Layer 2 Managed Gigabit Ethernet Switch CLI Reference Guide Page 52 DGS 3700 12 5 show power_saving Command show power_saving Power Saving State Enabled DGS 3700 12 5 ...

Page 53: ...80 include exclude begin filter_string 80 filter_string 80 filter_string 80 include exclude begin filter_string 80 filter_string 80 filter_string 80 log_toTFTP ipaddr ipv6addr dest_file path_filename 64 attack_log_toTFTP ipaddr ipv6addr dest_file path_filename 64 enable autoconfig disable autoconfig show autoconfig config configuration config_id 1 2 boot_up delete active ping ipaddr times value 1 ...

Page 54: ...on Restrictions The TFTP server must be on the same IP subnet as the Switch Only Administrator level users can issue this command Example usage To download firmware from TFTP DGS 3700 12 5 download firmware_fromTFTP 10 54 71 1 src_file px had Command download firmware_fromTFTP 10 54 71 1 src_file px had Connecting to server Done Download firmware Done Do not power off Please wait programming flash...

Page 55: ...the content of the current configuration the configuration to be used in next boot or the configuration file specified by the command The output stream of the configuration data can be filtered by the expression specified at the end of the command The expression can contain up to three multiple filter evaluations A filter evaluation begins with a filter type include exclude and begin followed by u...

Page 56: ... Specifies the current configuration config_id Specifies the configuration file ID filter_string A filter string is enclosed by symbol Thus the filter string itself cannot contain the character The filter string is case sensitive information Displays the configuration file information Restrictions Only Administrator level users can issue this command Example usage To view the current configuration...

Page 57: ...the location of the switch configuration file on the TFTP server This file will be replaced by the uploaded file from the switch The maximum length is 64 characters include Includes lines that contain the specified filter string exclude Excludes lines that contain the specified filter string begin The first line that contains the specified filter string will be the first line of the output filter_...

Page 58: ...rator and Operator level users can issue this command Example usage To enable autoconfiguration on the Switch DGS 3700 12 5 enable autoconfig Command enable autoconfig Success DGS 3700 12 5 When autoconfig is enabled and the Switch is rebooted the normal login screen will appear for a few moments while the autoconfig request i e download configuration is initiated The console will then display the...

Page 59: ...3700 12 5 DGS 3700 12 5 DGS 3700 12 5 End of configuration file for DGS 3700 12 Saving configurations and logs to NV RAM Done Logout disable autoconfig Purpose Use this to deactivate autoconfiguration from DHCP Syntax disable autoconfig Description This command is used to instruct the Switch not to accept autoconfiguration instruction from the DHCP server This does not change the IP settings of th...

Page 60: ...e active Description This command is used to configure a specific boot up image Parameters config_id Specifies the configuration file ID boot_up Specifies it as a boot up file active Specifies to apply the configuration delete Specifies to delete the configuration Restrictions You must have Administrator level privileges Example usage To configure the specific configuration file as boot up DGS 370...

Page 61: ...Pv6 network devices Syntax ping6 ipv6addr times value 1 255 size value 1 6000 timeout value 1 10 Description This command is used to send Internet Control Message Protocol ICMPv6 echo messages to a remote IP address The remote IPv6 address will then echo or return the message This is used to confirm connectivity between the Switch and the remote device Parameters ipv6addr Specifies the IPv6 addres...

Page 62: ...30000 to 64900 timeout Specify the timeout period while waiting for a response from the remote device A value of 1 to 65535 seconds can be specified The default is 5 seconds probe Specify the number of probes The range is from 1 to 9 If unspecified the default value is 1 Restrictions Only Administrator and Operator level users can issue this command Example usage To trace the routed path between t...

Page 63: ...be 3 Command traceroute6 3000 1 probe 3 1 10 ms 1345 142 11 2 10 ms 2011 14 100 3 10 ms 3000 1 Trace complete DGS 3700 12 5 Trace the IPv6 routed path between the switch and 1210 100 11 with port 40000 DGS 3700 12 5 traceroute6 1210 100 11 port 40000 Command traceroute6 1210 100 11 port 40000 1 10 ms 3100 25 2 10 ms 4130 100 3 10 ms 1210 100 11 Trace complete DGS 3700 12 5 telnet Purpose To login ...

Page 64: ...thernet Switch CLI Reference Guide Page 64 DGS 3700 12 5 telnet 10 1 1 1 Command telnet 10 1 1 1 DES 3810 28 Fast Ethernet Switch Command Line Interface Firmware Build 1 00 B039 Copyright C 2009 D Link Corporation All rights reserved UserName ...

Page 65: ...e Switch may become unaccessable when dumping the tech support data NOTE The management session may time out if the dumping tech support data takes longer than the configured session timeout period It s strongly recommended to set the serial port time out to never and to disable the auto disconnection of the console session Example usage To display technical support information show tech_support T...

Page 66: ...ide Page 66 Example usage To upload technical support information DGS 3700 12 5 upload tech_support_toTFTP 10 0 0 66 tech_suppport txt Command upload tech_support_toTFTP 10 0 0 66 tech_suppport txt Connecting to server Done Upload techsupport file Done Success DGS 3700 12 5 ...

Page 67: ...mmand_history Each command is listed in detail in the following sections Purpose Used to display all commands in the Command Line Interface CLI Syntax command Description This command will display all of the commands available through the Command Line Interface CLI Parameters command Entering the question mark with an appropriate command will list all the corresponding parameters for the specified...

Page 68: ...All To display the parameters for a specific command DGS 3700 12 5 config stp Command config stp Command config stp Usage maxage value 6 40 maxhops value 1 20 hellotime value 1 2 forwarddelay value 4 30 txholdcount value 1 10 fbpdu enable disable nni_bpdu_addr dot1d dot1ad Description Used to update the STP Global Configuration config stp instance_id config stp mst_config_id config stp mst_ports c...

Page 69: ...ax show command_history Description This command is used to display currently used command history Parameters None Restrictions None Example usage To display the command history DGS 3700 12 5 show command_history Command show command_history config command_history 20 config stp DGS 3700 12 5 DGS 3700 12 5 config command_history 20 Command config command_history 20 Success DGS 3700 12 5 ...

Page 70: ...ort SIM This enables the user to manage a switch that are more than one hop away from the CS The SIM group is a group of switches that are managed as a single entity The DGS 3700 Series may take on three different roles Commander Switch CS This is a switch that has been manually configured as the controlling device for a group and takes on the following characteristics o It has an IP Address o It ...

Page 71: ...unction This feature is accomplished through the use of Discover packets and Maintain packets that previously set SIM members will emit after a reboot Once a MS has had its MAC address and password saved to the CS s database if a reboot occurs in the MS the CS will keep this MS information in its database and when a MS has been rediscovered it will add the MS back into the SIM tree automatically N...

Page 72: ...ministrator and Operator level users can issue this command Example usage To enable SIM on the Switch DGS 3700 12 5 enable sim Command enable sim Success DGS 3700 12 5 disable sim Purpose Used to disable Single IP Management SIM on the Switch Syntax disable sim Description This command will disable SIM globally on the Switch Parameters None Restrictions Only Administrator and Operator level users ...

Page 73: ...e SIM group To view a specific candidate include that candidate s ID number listed from 1 to 100 members member_id 1 32 Entering this parameter will display information concerning members of the SIM group To view a specific member include that member s id number listed from 1 to 32 group commander_mac macaddr Entering this parameter will display information concerning the SIM group To view a speci...

Page 74: ... MAC Address Platform Hold Firmware Device Name Capability Time Version 1 00 01 02 03 04 00 DGS 3700 12 L2 Switch 40 2 00 B023 The Man 2 00 55 55 00 55 00 DGS 3700 12 L2 Switch 140 2 00 B023 default master Total Entries 2 DGS 3700 12 5 To show other groups information in summary if group is specified DGS 3700 12 5 show sim group Command show sim group SIM Group Name default ID MAC Address Platform...

Page 75: ...istrator and Operator level users can issue this command Example usage To connect to the MS with member ID 2 through the CS using the command line interface DGS 3700 12 5 reconfig member_id 2 Command reconfig member_id 2 DGS 3700 12 5 Login config sim_group Purpose Used to add candidates and delete members from the SIM group Syntax config sim_group add candidate_id 1 100 password delete member_id ...

Page 76: ...h will send out discovery packets Returning information to the CS will include information about other switches connected to it Ex MS CaS The user may set the dp_interval from 30 to 90 seconds hold time sec 100 300 Using this parameter the user may set the time in seconds the CS will hold information sent to it from other switches utilizing the discovery interval protocol The user may set the hold...

Page 77: ...name of a group DGS 3700 12 5 config sim commander group_name Trinity Command config sim commander group_name Trinity Success DGS 3700 12 5 download sim_ms Purpose Used to download firmware or configuration file to an indicated device Syntax download sim_ms firmware_from_tftp configuration_from_tftp ipaddr path_filename members mslist 1 32 all Description This command will download a firmware file...

Page 78: ...rom_tftp 10 53 13 94 c dgs3700 had members all This device is updating firmware Please wait several minutes Download Status ID MAC Address Result 1 00 01 02 03 04 00 Success 2 00 07 06 05 04 03 Success 3 00 07 06 05 04 04 Success DGS 3700 12 5 To download configuration files DGS 3700 12 5 download sim_ms configuration_from_tftp 10 53 13 94 c dgs3700 txt members all Command download sim_ms firmware...

Page 79: ...eter to specify the members to which the user prefers to upload the switch configuration or log files The user may specify a member or members by adding one of the following mslist Enter a value or values to specify which members of the SIM group will upload the switch configuration or log all Add this parameter to specify all members of the SIM group will upload the switch configuration or log Re...

Page 80: ...iption Use this command to add or delete a static entry into the switch s DNS resolution table Parameters primary Specify to indicate that the IP address below is the address of the primary DNS server secondary Specify to indicate that the IP address below is the address of the secondary DNS server nameserver Specify the IP address of the DNS nameserver add Specify to add the DNS relay function de...

Page 81: ...ription Use this command to enable DNS relay Parameters cache Specify to enable the cache lookup for the DNS relay on the switch static Specify to enable the static table lookup for the DNS relay on the switch Restrictions Only Administrator and Operator level users can issue this command Example usage To enable DNS relay DGS 3700 12 5 enable dnsr Command enable dnsr Success DGS 3700 12 5 To enabl...

Page 82: ...2 5 disable dnsr Command disable dnsr Success DGS 3700 12 5 To disable cache lookup for DNS relay DGS 3700 12 5 disable dnsr cache Command disable dnsr cache Success DGS 3700 12 5 To disable static table lookup for DNS relay DGS 3700 12 5 disable dnsr static Command disable dnsr static Success DGS 3700 12 5 show dnsr Purpose To display the current DNS relay status Syntax show dnsr static Descripti...

Page 83: ...DGS 3700 12 5 show dnsr Command show dnsr DNSR Status Disabled Primary Name Server 0 0 0 0 Secondary Name Server 0 0 0 0 DNSR Cache Status Disabled DNSR Static Table Status Disabled DNS Relay Static Table Domain Name IP Address www 123 com tw 10 12 12 123 Total Entries 1 DGS 3700 12 5 ...

Page 84: ...he command prompt will reset to factory default command prompt Restrictions Only Administrator and Operator level users can issue this command Other restrictions include If the reset command is executed the modified command prompt will remain modified However the reset config reset system command will reset the command prompt to the original factory banner Example usage To modify the command promp...

Page 85: ... the save command to save it into FLASH Only valid in threshold level Example usage To modify the banner DGS 3700 12 5 config greeting_message Command config greeting_message Greeting Messages Editor DGS 3700 12G Gigabit Ethernet Switch Command Line Interface Firmware Build 2 00 B023 Copyright C 2009 D Link Corporation All rights reserved Function Key Control Key Ctrl C Quit without save left righ...

Page 86: ...itch CLI Reference Guide Page 86 DGS 3700 12 5 show greeting_message Command show greeting_message DGS 3700 12G Gigabit Ethernet Switch Command Line Interface Firmware Build 2 00 B023 Copyright C 2009 D Link Corporation All rights reserved DGS 3700 12 5 ...

Page 87: ...erface previously created on the switch Parameters ipif_name 12 Enter the IPv6 interface name previously created using the overstriking create ipif command ipv6addr Enter the IPv6 address of the neighbor device to be added as an IPv6 neighbor of the IP interface previously entered in this command macaddr Enter the MAC address of the neighbor device to be added as an IPv6 neighbor of the IP interfa...

Page 88: ...m 3FFC 1 Success DGS 3700 12 5 show ipv6 neighbor_cache ipif Purpose Used to display the NDP table Syntax show ipv6 neighbor_cache ipif ipif_name 12 all ipv6address ipv6addr static dynamic all Description Users can display a specific entry all static entries all dynamic entries or all entries Parameters ipif_name 12 Enter the IP interface for which to view IPv6 neighbors This will display all IPv6...

Page 89: ...bor Solicitation messages sent from the switch These messages are used to detect IPv6 neighbors on the switch Parameters ipif_name 12 Specify the name of the interface retrans_time Specify the neighbor solicitation s retransmit timer in milliseconds Restrictions Only Administrator level users can issue this command Example usage To configure the retrans time of a configured IP interface DGS 3700 1...

Page 90: ...Gigabit Ethernet Switch CLI Reference Guide Page 90 Example usage To display the neighbor detection parameters for IPv6 DGS 3700 12 5 show ipv6 nd Command show ipv6 nd Interface Name System NS Retransmit Time 1000000 ms DGS 3700 12 5 ...

Page 91: ...lanid vidlist enable disable dot1_tlv_vlan_name vlan all vlan_name 32 vlanid vidlist enable disable dot1_tlv_protocol_identity all eapol lacp gvrp stp enable disable dot3_tlvs all mac_phy_configuration_status link_aggregation maximum_frame_size enable disable show lldp ports portlist config lldp_med fast_start repeat_count value 1 10 config lldp_med log state enable disable config lldp_med notific...

Page 92: ...ble LLDP Syntax disable lldp Description Use this command to disable LLDP The switch will stop the sending and receiving of LLDP advertisement packets Parameters None Restrictions Only Administrator and Operator level users can issue this command Example usage To disable LLDP DGS 3700 12 5 disable lldp Command disable lldp Success DGS 3700 12 5 config lldp Purpose To configure LLDP timer values Sy...

Page 93: ..._multiplier Specify the range is from 2 to 10 The default setting is 4 tx_delay Specify the range is from 1 to 8192 seconds The default setting is 2 seconds Note tx_delay should be less than or equal to 0 25 msgTxInterval reint_delay Specify the range is from 1 to 10 seconds The default setting is 2 seconds Restrictions Only Administrator and Operator level users can issue this command Example usa...

Page 94: ... Repeater Bridge LLDP Configurations LLDP State Enabled LLDP Forward Status Disabled Message TX Interval 30 Message TX Hold Multiplier 4 ReInit Delay 2 TX Delay 2 Notification Interval 5 DGS 3700 12 5 config lldp forward_message Purpose To configure LLDP forwarding messages Syntax config lldp forward_message enable disable Description Use this command to configure LLDP forwarding messages When LLD...

Page 95: ...le mgt_addr ipv4 ipaddr ipv6 ipv6addr enable disable basic_tlvs all port_description system_name system_description system_capabilities enable disable dot1_tlv_pvid enable disable dot1_tlv_protocol_vid vlan all vlan_name 32 vlanid vidlist enable disable dot1_tlv_vlan_name vlan vlan_name 32 vlanid vidlist enable disable dot1_tlv_protocol_identity all eapol lacp gvrp stp enable disable dot3_tlvs all...

Page 96: ...ertisements This TLV optional data type indicates whether the corresponding Local System s Protocol Identity instance will be transmitted on the port The Protocol Identity TLV provides a way for stations to advertise protocols that are important to the operation of the network Spanning Tree Protocol the Link Aggregation Control Protocol and numerous vendor proprietary variations are responsible fo...

Page 97: ...ndividual port or group of ports to include one or more of optional TLV data types from outbound LLDP advertisements dot1_tlv_pvid This TLV optional data type determines whether the IEEE 802 1 organizationally defined port VLAN ID TLV transmission is allowed on a given LLDP transmission capable port The default state is disabled enable Enable port VLAN ID TLV transmission on a given LLDP transmiss...

Page 98: ...nts disable Disable configuration an individual port or group of ports to include one or more of IEEE 802 1 Organizationally protocol identity TLV data types from outbound LLDP advertisements dot3_tlvs An individual port or group of ports to include one or more of IEEE 802 3 Organizationally Specific TLV data types from outbound LLDP advertisements all Configure all of the TLV optional data types ...

Page 99: ... config lldp ports 1 5 admin_status tx_and_rx Success DGS 3700 12 5 To enable ports 1 to 5 to manage address entries DGS 3700 12 5 config lldp ports 1 5 mgt_addr ipv4 192 168 254 10 enable Command config lldp ports 1 5 mgt_addr ipv4 192 168 254 10 enable Success DGS 3700 12 5 To include the system name TLV from the outbound LLDP advertisements for all ports DGS 3700 12 5 config lldp ports all basi...

Page 100: ... dot1_tlv_protocol_identity all enable Command config lldp ports all dot1_tlv_protocol_identity all enable Success DGS 3700 12 5 To include the MAC PHY configuration status TLV from the outbound LLDP advertisements for all ports DGS 3700 12 5 config lldp ports all dot3_tlvs mac_phy_configuration_status enable Command config lldp ports all dot3_tlvs mac_phy_configuration_status enable Success DGS 3...

Page 101: ...s command to configure the fast start repeat count When an LLDP MED Capabilities TLV is detected for an MSAP identifier not associated with an existing LLDP remote system MIB the application layer shall start the fast start mechanism and set the medFastStart timer to medFastStartRepeatCount times 1 The default value is 4 Parameters value 1 10 Specify a fast start repeat count value between 1 and 1...

Page 102: ...le the SNMP trap notification of topology change detected disable Disable the SNMP trap notification of topology change detected The default notification state is disabled Restrictions Only Administrator and Operator level users can issue this command Example usage To enable topology change notification on ports 1 to 2 DGS 3700 12 5 config lldp_med notification topo_change ports 1 2 state enable C...

Page 103: ...lities on ports 1 to 2 DGS 3700 12 5 config lldp_med ports 1 2 med_transmit_capabilities all state enable Command config lldp_med ports 1 2 med_transmit_capabilities all state enable Success DGS 3700 12 5 show lldp_med ports Purpose To display LLDP MED per port configuration for advertisement options Syntax show lldp_med ports portlist Description Use this command to display LLDP MED per port conf...

Page 104: ...k Model Name DGS 3700 12 Gigabit Ethernet Swi Asset ID LLDP MED Configuration Fast Start Repeat Count 4 LLDP MED Log State Disabled Success DGS 3700 12 5 show lldp_med local_ports Purpose To display the per port LLDP MED information currently available for populating outbound LLD MED advertisements Syntax show lldp_med local_ports portlist Description Use this command to display the per port LLDP ...

Page 105: ...pport Inventory Support Network Policy Application Type Voice VLAN ID 100 Priority 7 DSCP 0 Unknown False Tagged True DGS 3700 12 5 show lldp_med remote_ports Purpose To display LLDP MED information learned from neighbors Syntax show lldp_med remote_ports portlist Description Use this command to display LLDP MED information learned from neighbors Parameters portlist Specify a range of ports to be ...

Page 106: ... Via MDI Support Inventory Support LLDP MED Capabilities Enabled Capabilities Enabled Network Policy Enabled Location Identification Enabled Extended Power Via MDI Enabled Inventory Enabled Network Policy Application Type Voice VLAN ID Priority DSCP Unknown True Tagged Application Type Softphone Voice VLAN ID 200 Priority 7 DSCP 5 Unknown False Tagged True Location Identification Location Subtype ...

Page 107: ...to display the information in detailed mode Restrictions None Example usage To display LLDP local port information for port 1 DGS 3700 12 5 show lldp local_ports 1 Command show lldp local_ports 1 Port ID 1 Port ID Subtype MAC Address Port ID 00 01 02 03 04 80 Port Description D Link DGS 3700 12 R2 00 B023 Po rt 1 on Unit 1 Port PVID 1 Management Address Count 1 PPVID Entries Count 0 VLAN Name Entr...

Page 108: ... When a port list is not specified information for all ports will be displayed mode See below brief Specify to display the information in brief mode normal Specify to display the information in normal mode This is the default display mode detailed Specify to display the information in detailed mode Restrictions None Example usage To display LLDP information for remote ports 1 and 2 DGS 3700 12 5 s...

Page 109: ...ption Use this command to display LLDP statistic information for individual ports Parameters portlist Specify the ports to be displayed When a port list is not specified information for all ports will be displayed Restrictions None Example usage To display LLDP statistic information for port 1 DGS 3700 12 5 show lldp statistics ports 1 Command show lldp statistics ports 1 Port ID 1 LLDPStatsTXPort...

Page 110: ...yslog create syslog host index 1 4 ipaddress ipaddr ipv6addr severity emergency alert critical error warning notice informational debug level 0 7 facility local0 local1 local2 local3 local4 local5 local6 local7 udp_port udp_port_number state enable disable config syslog host index all severity emergency alert critical error warning notice informational debug level 0 7 facility local0 local1 local2...

Page 111: ...2 5 show packet port 2 Command show packet port 2 Port Number 2 Frame Size Type Frame Counts Frames sec 64 0 0 65 127 0 0 128 255 0 0 256 511 0 0 512 1023 0 0 1024 1518 0 0 Unicast RX 0 0 Multicast RX 0 0 Broadcast RX 0 0 Frame Type Total Total sec RX Bytes 0 0 RX Frames 0 0 TX Bytes 0 0 TX Frames 0 0 DGS 3700 12 5 show error ports Purpose Used to display the error statistics for a range of ports ...

Page 112: ...ion statistics Syntax show utilization cpu ports Description This command will display the real time port and CPU utilization statistics for the Switch Parameters cpu Entering this parameter will display the current cpu utilization of the Switch ports Entering this parameter will display the current port utilization of the Switch Restrictions None Example usage To display the port utilization stat...

Page 113: ... KB Used DRAM 123879 KB Utilization 94 CTRL C ESC q Quit SPACE n Next Page p Previous Page r Refresh show utilization flash Purpose Used to display real time utilization statistics for the flash memory Syntax show utilization flash Description This command will display the real time utilization statistics for the flash memory on the Switch Parameters None Restrictions None To display the current u...

Page 114: ...This command is used to display statistics about the packets sent and received by the switch For 15 minute counters five historical statistic entries are supported Users can select which entry to show For statistics based on a day only two historical statistic entries are supported Parameters packet Displays valid packets error Displays error packets portlist Specifies a range of ports to be shown...

Page 115: ...l_utilization cpu memory 15_minute slot index 1 5 1_day slot index 1 2 Description This command is used to show the historical utilization of the cpu and the memory For 15 minutes cpu or memory utilization five historical statistic entries are supported Users can select which entry to show For statistics based on a day only two historical statistic entries are supported Parameters cpu Displays the...

Page 116: ...on 1 Day Slot 1 7 Jan 2009 20 27 51 6 Jan 2000 20 27 51 10 1 Day Slot 2 6 Jan 2009 20 27 51 5 Jan 2000 20 27 51 0 CTRL C ESC q Quit SPACE n Next Page p Previous Page r Refresh To show the cpu utilization of the current 1 day statistic count DGS 3700 12 5 show historical_utilization memory 1_day slot 1 show historical_utilization memory 1_day slot 1 Memory Utilization Starttime 7 Jan 2009 20 29 47 ...

Page 117: ...Switch s history log Parameters index value_list This parameter specifies the range of log index to show For example show log index 1 5 will display the history log from 1 to 5 If no parameter is specified all history log entries will be displayed Restrictions None Example usage To display the switch history log DGS 3700 12 5 show log index 1 5 Command show log index 1 5 Index Date Time Log Text 5...

Page 118: ...yslog Purpose Used to disable the system log to be sent to up to 4 remote hosts Syntax disable Syslog Description This command is used to disable the system log to be sent to up to 4 remote hosts Parameters None Restrictions Only Administrator and Operator level users can issue this command Example usage To disable the syslog function on the Switch DGS 3700 12 5 disable syslog Command disable sysl...

Page 119: ...e remote host where syslog messages will be sent ipv6addr Specifies the IPv6 address of the remote host where syslog messages will be sent severity Severity level indicator These are described in the following Bold font indicates that the corresponding severity level is currently supported on the Switch Numerical Severity Code 0 Emergency system is unusable 1 Alert action must be taken immediately...

Page 120: ...This corresponds to number 21 from the list above local6 Specifies that local use 6 messages will be sent to the remote host This corresponds to number 22 from the list above local7 Specifies that local use 7 messages will be sent to the remote host This corresponds to number 23 from the list above udp_port udp_port_number Specifies the UDP port number that the syslog protocol will use to send mes...

Page 121: ... of the local use facilities or they may use the user level Facility Those Facilities that have been designated are shown below This facility setting will be put in the syslog packet when it is sent to a specific syslog server local0 user defined Facility local1 user defined Facility local2 user defined Facility local3 user defined Facility local4 user defined Facility local5 user defined Facility...

Page 122: ...r available indexes numbered 1 through 4 all Specifies that the command will be applied to all hosts Restrictions Only Administrator and Operator level users can issue this command Example usage To delete a previously configured syslog host DGS 3700 12 5 delete syslog host 4 Command delete syslog host 4 Success DGS 3700 12 5 show syslog host Purpose Used to display the syslog hosts currently confi...

Page 123: ... Parameters time_interval save log to flash every xxx minutes if no log happen in this period don t save on_demand save log to flash whenever user type save log or save all This is also the default log_trigger save log to flash whenever log arrives Restrictions Only Administrator and Operator level users can issue this command Example usage To configure log_save_timing DGS 3700 12 5 config log_sav...

Page 124: ...isplayed Restrictions None Example usage To show dangerous messages on master DGS 3700 12 5 show attack_log Command show attack_log Index Time Log Text 2 00000 days 01 25 43 Possible spoofing attack from 000d01002301 port 6 1 00000 days 01 25 43 Possible spoofing attack from 000d01002301 port 6 DGS 3700 12 5 clear attack_log Purpose Used to clear the switch s dangerous log Syntax clear attack_log ...

Page 125: ... an event occurs on the Switch a message will be sent to the SNMP agent trap the Switch s log or both Events occurring on the Switch are separated into three main categories these categories are NOT precisely the same as the parameters of the same name see below Information Events classified as information are basic events occurring on the Switch that are not deemed as problematic such as enabling...

Page 126: ...l Success DGS 3700 12 5 show system_severity Purpose To display system_severity level of an alert required for log entry or trap message Syntax show system_severity Description This command is used to display system_severity level of an alert required for log entry or trap message Parameters None Restrictions None Example usage To display the system severity settings for critical traps and log DGS...

Page 127: ... addresses and their packets this limiting the CPU utilization The Safeguard Engine commands in the Command Line Interface CLI are listed along with the appropriate parameters in the following table COMMAND PARAMETERS config safeguard_engine state enable disable utilization rising value 20 100 falling value 20 100 trap_log enable disable mode strict fuzzy show safeguard_engine Each command is list...

Page 128: ...h and will stop receiving all unnecessary broadcast IP packets until the storm has subsided The default value is fuzzy Restrictions Only Administrator and Operator level users can issue this command Example usage To configure the safeguard engine for the Switch DGS 3700 12 5 config safeguard_engine state enable utilization rising 45 Command config safeguard_engine state enable utilization rising 4...

Page 129: ... 20 120 config sflow counter_poller ports portlist all interval disable sec 20 120 delete sflow counter_poller ports portlist all show sflow counter_poller create sflow analyzer_server value 1 4 owner name 16 timeout sec 1 2000000 infinite collectoraddress ipaddr collectorport udp_port_number 1 65535 maxdatagramsize value 300 1400 config sflow analyzer_server value 1 4 timeout sec 1 2000000 infini...

Page 130: ...the sFlow function settings on the Swicth Parameters None Restrictions None Example usage To display sflow DGS 3700 12 5 show sflow Command show sflow sFlow Version 1 00 sFlow Address 10 24 73 21 sFlow State Disabled DGS 3700 12 5 create sflow flow_sampler ports Purpose Used to create the sflow flow_sampler Syntax create sflow flow_sampler ports portlist all analyzer_server_id value 1 4 rate value...

Page 131: ... flow_sampler parameters Syntax config sflow flow_sampler ports portlist all rate value 0 65535 maxheadersize value 18 256 Description This command is used to configure the sflow flow sampler parameters If the user wants the change the analyzer server ID the user needs to delete the flow sampler and create a new one Parameters ports Specifies the list of ports to be configured rate The sampling ra...

Page 132: ...value There are two types of rates ConfigRate is configed by the user In order to limit the number of packets sent to the CPU when the rate of traffic to the CPU is high the sampling rate will be decreased This is specified as the active rate Parameters None Restrictions None Example usage To show the sflow flow_sampler DGS 3700 12 5 show sflow flow_sampler Command show sflow flow_sampler Port Ana...

Page 133: ...rameters If the user wants the change the analyzer_server_id he needs to delete the counter_poller and create a new one Parameters ports Specifies the list of ports to be configured interval The maximum number of seconds between successive statistic counter information If set to disable the counter poller is disabled If an interval is not specified its default value is disable Restrictions Only Ad...

Page 134: ...0 Description This command creates the analyzer server You can specify more than one analyzer server with the same IP address but with different UDP port numbers You can have up to four unique combinations of IP addresses and UDP port numbers Parameters owner The entity making use of this sflow analyzer_server When owner is set or modified the timeout value will become 400 automatically timeout Th...

Page 135: ... that analyzer_server never times out If not specified its default value is 400 collectoraddress The IP address of the analyzer_server If not specified the address will be 0 0 0 0 which means that the entry will be inactive collectorport The destination UDP port for sending the sFlow datagrams If not specified the default value is 6364 maxdatagramsize The maximum number of data bytes that can be p...

Page 136: ...to show the sflow analyzer server information The Timeout field specifies the time configured by user The current countdown times is the current time remaining before the server timesout Parameters None Restrictions None Example usage To show the sflow analyzer_server DGS 3700 12 5 show sflow analyzer_server Command show sflow analyzer_server sFlow Analyzer_server Information Server ID 1 Owner mon...

Page 137: ...hms AuthPriv DES 56 bit encryption is added based on the CBC DES DES 56 standard The network management commands in the Command Line Interface CLI are listed along with the appropriate parameters in the following table COMMAND PARAMETERS enable snmp disable snmp create snmp user user_name 32 groupname 32 encrypted by_password auth md5 auth_password 8 16 sha auth_password 8 20 priv none des priv_pa...

Page 138: ... authenticate_traps config snmp system_contact sw_contact config snmp system_location sw_location config snmp system_name sw_name enable snmp linkchange_traps disable snmp linkchange_traps config snmp linkchange_traps ports all portlist enable disable config snmp coldstart_traps enable disable config snmp warmstart_traps enable disable config rmon trap rising_alarm enable disable falling_alarm ena...

Page 139: ...5 auth_password 8 16 sha auth_password 8 20 priv none des priv_password 8 16 by_key auth md5 auth_key 32 32 sha auth_key 40 40 priv none des priv_key 32 32 Description This command is used to create a new SNMP user and adds the user to an SNMP group that is also created by this command SNMP ensures Message integrity Ensures that packets have not been tampered with during transit Authentication Det...

Page 140: ...n hex form to define the key that will be used to authorize the agent to receive packets for the host priv Adding the priv privacy parameter will allow for encryption in addition to the authentication algorithm for higher security The user may choose des Adding this parameter will allow for a 56 bit encryption to be added using the DES 56 standard using priv_password 8 16 An alphanumeric string of...

Page 141: ...d on the Switch DGS 3700 12 5 show snmp user Command show snmp user Username Group Name VerAuthPriv initial initial V3 NoneNone Total Entries 1 DGS 3700 12 5 create snmp view Purpose Used to assign views to community strings to limit which MIB objects and SNMP manager can access Syntax create snmp view view_name 32 oid view_type included excluded Description This command is used to assign views to...

Page 142: ...all Specifies that all of the SNMP views on the Switch will be deleted oid The object ID that identifies an object tree MIB tree that will be deleted from the Switch Restrictions Only Administrator level users can issue this command Example usage To delete a previously configured SNMP view from the Switch DGS 3700 12 5 delete snmp view dlinkview all Command delete snmp view dlinkview all Success D...

Page 143: ...accessible to the SNMP community read_write or read_only level permission for the MIB objects accessible to the SNMP community Syntax create snmp community community_string 32 view view_name 32 read_only read_write Description This command is used to create an SNMP community string and to assign access limiting characteristics to this community string Parameters community_string 32 An alphanumeric...

Page 144: ...te SNMP managers access to MIB objects in the Switch s SNMP agent Restrictions Only Administrator level users can issue this command Example usage To delete the SNMP community string dlink DGS 3700 12 5 delete snmp community dlink Command delete snmp community dlink Success DGS 3700 12 5 show snmp community Purpose Used to display SNMP community strings configured on the Switch Syntax show snmp co...

Page 145: ...r level users can issue this command Example usage To give the SNMP agent on the Switch the name 0035636666 DGS 3700 12 5 config snmp engineID 0035636666 Command config snmp engineID 0035636666 Success DGS 3700 12 5 show snmp engineID Purpose Used to display the identification of the SNMP engine on the Switch Syntax show snmp engineID Description This command is used to display the identification ...

Page 146: ...s of messages to prevent it being viewed by an unauthorized source noauth_nopriv Specifies that there will be no authorization and no encryption of packets sent between the Switch and a remote SNMP manager auth_nopriv Specifies that authorization will be required but there will be no encryption of packets sent between the Switch and a remote SNMP manager auth_priv Specifies that authorization will...

Page 147: ...elete the SNMP group named sg1 DGS 3700 12 5 delete snmp group sg1 Command delete snmp group sg1 Success DGS 3700 12 5 show snmp groups Purpose Used to display the group names of SNMP groups currently configured on the Switch The security model level and status of each group are also displayed Syntax show snmp groups Description This command is used to display the group names of SNMP groups curren...

Page 148: ...me ReadGroup ReadView Name CommunityView WriteView Name Notify View Name CommunityView Security Model SNMPv1 Security Level NoAuthNoPriv Total Entries 5 DGS 3700 12 5 create snmp host Purpose Used to create a recipient of SNMP traps generated by the Switch s SNMP agent Syntax create snmp host ipaddr v6host ipv6addr v1 v2c v3 noauth_nopriv auth_nopriv auth_priv auth_string 32 Description This comma...

Page 149: ...nd a remote SNMP manager auth_priv Specifies that authorization will be required and that packets sent between the Switch and a remote SNMP manger will be encrypted auth_string 32 An alphanumeric string used to authorize a remote SNMP manager to access the Switch s SNMP agent Restrictions Only Administrator level users can issue this command Example usage To create an SNMP host to receive SNMP mes...

Page 150: ...e 10 48 76 23 V2c private 10 48 74 100 V3 authpriv public Total Entries 2 DGS 3700 12 5 show snmp v6host Purpose Used to display the recipient of SNMP traps generated by the Switch s SNMP agent Syntax show snmp v6host ipv6addr Description This command is used to display the IP addresses and configuration information of remote SNMP managers that are designated as recipients of SNMP traps generated ...

Page 151: ...usted host for HTTP https Specify the trusted host for HTTPs ping Specify the trusted host for Ping Restrictions Only Administrator and Operator level users can issue this command Example usage To create the trusted host DGS 3700 12 5 create trusted_host 10 62 32 1 Command create trusted_host 10 62 32 1 Success config trusted_host Purpose To configure the access interfaces for the trusted host Syn...

Page 152: ...ters ipaddr Specify the IP address of the trusted host ipv6address Specify the IPv6 address of the trusted host network Specify the network address of the trusted network ipv6_prefix Specify the IPv6 network address of the trusted network all Specify that all trusted hosts will be deleted Restrictions Only Administrator and Operator level users can issue this command Example usage To delete a trus...

Page 153: ...eate trusted_host command above Parameters ipaddr The IP address of the trusted host ipv6addr The IPv6 address of the trusted host network The network address of the trusted network ipv6_prefix The IPv6 subnet prefix address of the trusted network all All trusted hosts will be deleted Restrictions Only Administrator and Operator level users can issue this command Example usage To delete the truste...

Page 154: ...le snmp authenticate_traps Success DGS 3700 12 5 show snmp traps Purpose Used to show SNMP trap support on the Switch Syntax show snmp traps Description This command is used to view the SNMP trap support status currently configured on the Switch Parameters None Restrictions None Example usage To view the current SNMP trap support DGS 3700 12G 5 show snmp traps Command show snmp traps SNMP Traps En...

Page 155: ...system_contact sw_contact Description This command is used to enter the name and or other information to identify a contact person who is responsible for the Switch A maximum of 255 character can be used Parameters sw_contact A maximum of 255 characters is allowed A null string is accepted if there is no contact Restrictions Only Administrator and Operator level users can issue this command Exampl...

Page 156: ...ed to configure the SNMP system name for the switch Parameters sw_name A maximum of 255 characters is allowed A null string is accepted if no name is desired Restrictions Only Administrator and Operator level users can issue this command Example usage To configure the Switch name for DGS 3700 12 Switch DGS 3700 12 5 config snmp system_name DGS 3700 12 Switch Command config snmp system_name DGS 370...

Page 157: ...nkchange traps and per port control for sending of change traps Parameters all Specify all ports portlist Specify a port range enable Enable sending of the link change trap for this port disable Disable sending of the link change trap for this port Restrictions Only Administrator and Operator level users can issue this command Example usage To enable SNMP linkchange traps for ports 1 to 4 DGS 3700...

Page 158: ...d config snmp warmstart_traps enable Success DGS 3700 12 5 config rmon trap Purpose To configure the trap state for RMON events Syntax config rmon trap rising_alarm enable disable falling_alarm enable disable Description This command is used to configure the trap state for RMON events Parameters rising alarm Specify the trap state for rising alarm The default state is enabled falling alarm Specify...

Page 159: ...Managed Gigabit Ethernet Switch CLI Reference Guide Page 159 Example usage To display current RMON settings DGS 3700 12 5 show rmon Command show rmon RMON Rising Alarm Trap Enabled RMON Falling Alarm Trap Enabled DGS 3700 12 5 ...

Page 160: ...rnet ports Only the ports listed in the portlist will be affected Parameters all Configure all ports on the Switch portlist Specifies a port or range of ports to be configured speed Allows the user to adjust the speed for a port or range of ports The user has a choice of the following auto Enables auto negotiation for the specified range of ports 10 100 1000 Configures the speed in Mbps for the sp...

Page 161: ...o_negotiation restart remote_fault_advertised disable offline link_fault auto_negotiation_error Description The config ports command changes switch port settings Support of this command is project depent The remote_fault_advertised configuration option is only valid for fiber module Parameters portlist Specified a range of ports to be configured UnitID port number For set all ports in the system y...

Page 162: ...a standalone switch DGS 3700 12 5 show ports Command show ports Port State Settings Connection Address MDIX Speed Duplex FlowCtrl Speed Duplex FlowCtrl Learning 1 Enabled Auto Disabled Link Down Enabled 2 Enabled Auto Disabled Link Down Enabled 3 Enabled Auto Disabled 1000M Full None Enabled 4 Enabled Auto Disabled Link Down Enabled 5 Enabled Auto Disabled Link Down Enabled 6 Enabled Auto Disabled...

Page 163: ...ion 8 Enabled Auto Disabled Link Down Enabled Description DGS 3700 12 5 NOTE Connection status displays the following status Link Down Speed Duplex FlowCtrl link up or Err Disabled Example usage To display disabled ports including connection status and reason for being disabled on a standalone switch DGS 3700 12 5 show ports err_disabled Command show ports err_disabled Port Port Connection Status ...

Page 164: ...ly Administrator and Operator level users can issue this command Example usage To disable the jumbo frame DGS 3700 12 5 disable jumbo_frame Command disable jumbo_frame Success DGS 3700 12 5 show jumbo_frame Purpose Used to show the status of the jumbo frame function on the Switch Syntax show jumbo_frame Description This command will show the status of the jumbo frame function on the Switch Paramet...

Page 165: ..._date end_date 1 31 e_mth end_mth 1 12 e_time end_time hh mm offset 30 60 90 120 show time Each command is listed in detail in the following sections config sntp Purpose Used to setup SNTP service Syntax config sntp primary ipaddr secondary ipaddr poll interval int 30 99999 Description This command is used to configure SNTP service from an SNTP server SNTP must be enabled for this command to funct...

Page 166: ...how sntp Current Time Source System Clock SNTP Disabled SNTP Primary Server 10 1 1 1 SNTP Secondary Server 10 1 1 2 SNTP Poll Interval 30 sec DGS 3700 12 5 enable sntp Purpose To enable SNTP server support Syntax enable sntp Description This command will enable SNTP support SNTP service must be separately configured see config sntp Enabling and configuring SNTP support will override any manually c...

Page 167: ...ample 03aug2003 time Express the system time using the format hh mm ss that is two numerical characters each for the hour using a 24 hour clock the minute and second For example 19 42 30 Restrictions Only Administrator and Operator level users can issue this command Manually configured system time and date settings are overridden if SNTP support is enabled Example usage To manually set system time...

Page 168: ...nd is used to enable and configure DST When enabled this will adjust the system clock to comply with any DST requirement DST adjustment effects system time for both manually configured time and time set using SNTP service disable Disable the DST seasonal time adjustment for the Switch repeating Using repeating mode will enable DST seasonal time adjustment Repeating mode requires that the DST begin...

Page 169: ... minutes e_time Configure the time of day to end DST end_time hh mm Time is expressed using a 24 hour clock in hours and minutes s_date Configure the specific date day of the month to begin DST start_date 1 31 The start date is expressed numerically e_date Configure the specific date day of the month to begin DST end_date 1 31 The end date is expressed numerically offset 30 60 90 120 Indicates num...

Page 170: ...witch s System clock DGS 3700 12 5 show time Command show time Current Time Source System Clock Boot Time 3 Jan 2000 22 45 36 Current Time 4 Jan 2000 01 56 30 Time Zone GMT 00 00 Daylight Saving Time Disabled Offset In Minutes 60 Repeating From Apr 1st Sun 00 00 To Oct last Sun 00 00 Annual From 29 Apr 00 00 To 12 Oct 00 00 DGS 3700 12 5 ...

Page 171: ...otection function for the ports on the switch In generally there are two states in BPDU protection function One is normal state and another is under attack state The under attack state have three modes drop block and shutdown A BPDU protection enabled port will enter under attack state when it receives one STP BPDU packet And it will take action based on the configuration Thus BPDU protection can ...

Page 172: ...red manually or by the auto recovery mechanism This command is used to configure the auto recovery timer To manually recover the port the user needs to disable and re enable the port Parameters sec 60 1000000 Specify the timer in seconds used by the Auto Recovery mechanism to recover the port The valid range is 60 to 1000000 infinite Specify the port will not be auto recovered Restrictions Only Ad...

Page 173: ..._protection Description This command is used to enable BPDU protection globally for the entire switch Parameters None Restrictions Only Administrator and Operator level users can issue this command Example usage To enable BPDU protection for the entire switch DGS 3700 12 5 enable bpdu_protection Command enable bpdu_protection Success DGS 3700 12 5 disable bpdu_protection Purpose To disable BPDU pr...

Page 174: ...nd Operator level users can issue this command Example usage To display BPDU protection information for the entire switch DGS 3700 12 5 show bpdu_protection Command show bpdu_protection BPDU Protection Global Settings BPDU Protection Status Disabled BPDU Protection Recover Time 60 seconds BPDU Protection Trap State None BPDU Protection Log State Both DGS 3700 12 5 To display BPDU protection status...

Page 175: ...tion state enable disable config erps log enable disable config erps trap enable disable show erps raps_vlan vlanid sub_ring Each command is listed in detail in the following sections enable erps Purpose To enable the global ERPS function on the switch Syntax enable erps Description This command is used to enable the global ERPS function on a switch When both the global state and the specified rin...

Page 176: ...hould be only one R APS VLAN used to transfer R APS messages Note that the R APS VLAN must already have been created by the create vlan command Parameters vlanid Specify the VLAN which will be the R APS VLAN Restrictions Only Administrator and Operator level users can issue this command Example usage To create an ERPS RAPS VLAN DGS 3700 12 5 create erps raps_vlan 4094 Command create erps raps_vlan...

Page 177: ...e port that participates in the ERPS ring Restrictions apply for ports that are included in a link aggregation group A link aggregation group can be configured as a ring port by specifying the master port of the link aggragation port Only the master port can be specified as a ring port If the specified link aggregation group is eliminated the master port retains its ring port status If the ring po...

Page 178: ... failure recovers This timer is only used by the RPL owner When the RPL owner in protection state receives R APS PDU with an NR flag it will start the WTR timer The RPL owner will block the original unblocked RPL port and start to send R APS PDU with an RB flag after the link recovery is confirmed within this period of time Parameters vlanid The VLAN ID associated with the R APS VLAN state specify...

Page 179: ... issue this command Example usage To enable the R APS DGS 3700 12 5 config erps raps_vlan 4094 state enable Command config erps raps_vlan 4094 state enable Success DGS 3700 12 5 To set the R APS west ring port parameter to 5 DGS 3700 12 5 config erps raps_vlan 4094 ring_port west 5 Command config erps raps_vlan 4094 ring_port west 5 Success DGS 3700 12 5 To set the R APS east ring port parameter t...

Page 180: ...mmand config erps raps_vlan 4094 add sub_ring raps_vlan 4093 Success DGS 3700 12 5 To configure the state of topology change propagation DGS 3700 12 5 config erps raps_vlan 4094 sub_ring raps_vlan 4093 tc_propagation state enable Command config erps raps_vlan 4094 sub_ring raps_vlan 4093 tc_propagation state enable Success DGS 3700 12 5 config erps log Purpose To configure the ERPS log state Synta...

Page 181: ...y ERPS configuration and operation information The port state of the ring port may be as Forwarding Blocking Signal Fail Forwarding indicates that traffic is able to be forwarded Blocking indicates that traffic is blocked by ERPS and a signal failure is not detected on the port Signal Fail indicates that a signal failure is detected on the port and traffic is blocked by ERPS Parameters vlanid Spec...

Page 182: ... MEL 2 Holdoff Time 0 milliseconds Guard Time 500 milliseconds WTR Time 5 minutes Current Ring State Idle R APS VLAN 4094 ERPS Status Enabled West Port Virtual Channel East Port 12 Forwarding RPL Port None Owner Disabled Protected VLANs 250 300 Ring MEL 2 Holdoff Time 0 milliseconds Guard Time 500 milliseconds WTR Time 5 minutes Current Ring State Idle Total Ring 2 DGS 3700 12 5 show erps raps_vla...

Page 183: ...bled first Once all settings are complete all DHCP Server packets will be filtered from a specific port except those that meet the Server IP Address and Client MAC Address binding When the NetBIOS filter is enabled all NetBIOS packets will be filtered from the specified port Enabling the NetBIOS filter will create one access profile and create three access rules per port UDP port numbers 137 and 1...

Page 184: ...ent_mac Specify the MAC address of the DHCP client ports See Below portlist Specify the range of ports to be configured all Specify to configure all ports delete permit server_ip Delete permit server IP address state See Below enable Enable the state disable Disable the state illegal_server_log_suppress_duration See Below 1min Specify an illegal server log suppression duration of 1 minute 5min Spe...

Page 185: ...ts Trap Log State Disabled Illegal Server Log Suppress Duration 5 minutes Filter DHCP Server Client Table Server IP Address Client MAC Address Port 10 255 255 254 00 00 00 00 00 01 1 12 Total Entries 1 DGS 3700 12 5 config filter netbios Purpose Used to configure the switch to filter NetBIOS packets from specified ports Syntax config filter netbios portlist all state enable disable Description Thi...

Page 186: ...ts from specified ports Syntax config filter extensive_netbios portlist all state enable disable Description This command will configure the switch to filter 802 3 frame NetBIOS packets from the specified ports Parameters portlist all The list of port numbers to which the NetBIOS filter will be applied state enable disable Used to enable disable the NetBIOS filter on the switch Restrictions Only A...

Page 187: ...ter extensive_netbios specified ports Parameters None Restrictions Only Administrator level users can issue this command Example usage To display the extensive NetBIOS filter status DGS 3700 12 5 show filter extensive_netbios Command show filter extensive_netbios Enabled Ports 1 3 DGS 3700 12 5 ...

Page 188: ... vlan vlan_name 32 Each command is listed in detail in the following sections create fdb Purpose Used to create a static entry to the unicast MAC address forwarding table database Syntax create fdb vlan_name 32 macaddr port port drop Description This command will make an entry into the Switch s unicast MAC address forwarding database Parameters vlan_name 32 The name of the VLAN on which the MAC ad...

Page 189: ...dd ports to the forwarding table delete will remove ports from the multicast forwarding table portlist Specifies a port or range of ports to be configured Restrictions Only Administrator and Operator level users can issue this command Example usage To add multicast MAC forwarding DGS 3700 12 5 config multicast_fdb default 01 00 00 00 00 01 add 1 5 Command config multicast_fdb default 01 00 00 00 0...

Page 190: ...s entry to the Switch s MAC address forwarding database Parameters vlan_name 32 The name of the VLAN on which the MAC address resides macaddr The MAC address wanted be deleted from the forwarding table Restrictions Only Administrator and Operator level users can issue this command Example usage To delete a permanent FDB entry DGS 3700 12 5 delete fdb default 00 00 00 00 01 02 Command delete fdb de...

Page 191: ...ss that is present in the forwarding database table Restrictions None Example usage To display multicast MAC address table of default VLAN DGS 3700 12 5 show multicast_fdb vlan default Command show multicast_fdb vlan default VLAN Name default MAC Address 01 00 00 00 00 01 Egress Ports 1 5 Mode Static Total Entries 1 DGS 3700 12 5 show fdb Purpose Used to display the current unicast MAC address for...

Page 192: ...e Used to configure the the multicast packet filtering mode for VLANs Syntax config multicast vlan_filtering_mode vlanid vidlist vlan vlan_name 32 all forward_all_groups forward_unregistered_groups filter_unregistered_groups Description This command is used to configure the multicast packet filtering mode for VLANs Port filtering mode and VLAN filtering mode are mutual exclusive Parameters vidlist...

Page 193: ...ng mode for VLAN Parameters vidlist Specifies a range of vlans to be configured vlan_name 32 Specifies the name of the VLANs to be configured If no parameter specified the deivce will show all multicast filtering settings in the device Restrictions None Example usage To display multicast VLAN filtering mode for VLANs DGS 3700 12 5 show multicast vlan_filtering_mode Command show multicast vlan_filt...

Page 194: ...e igmp_snooping multicast_vlan disable igmp_snooping multicast_vlan show igmp_snooping multicast_vlan vlan_name 32 create igmp_snooping multicast_vlan_group_profile profile_name 1 32 config igmp_snooping multicast_vlan_group_profile profile_name 1 32 add delete mcast_address_list delete igmp_snooping multicast_vlan_group_profile profile_name profile_name 1 32 all show igmp_snooping multicast_vlan_...

Page 195: ...ipaddr remap_priority value 0 7 none replace_priority 1 Description This command allows you to add a member port add a tag member port and add a source port to the port list The member port will automatically become the untagged member of the IGMP multicast VLAN the tag member port and the source port will automatically become the tagged member of the IGMP multicast VLAN To change the port list th...

Page 196: ... packet will be learned with the IGMP multicast VLAN that contains the destination multicast group If the destination multicast group of the join packet can not be classified into any IGMP multicast VLAN that this port belongs to then the join packet will be learned with the natural VLAN of the packet When an IGMP packet is received first it will check whether to be processed by the IGMP snooping ...

Page 197: ...G Command config igmp_snooping multicast_vlan_group mv1 add profile_name RG Success DGS 3700 12 5 show igmp_snooping multicast_vlan_group Purpose Used to display the multicast groups configured for the specified IGMP Multicast VLAN Syntax show igmp_snooping multicast_vlan_group vlan_name 32 Description This command is used to display the multicast groups configured for the specified IGMP Multicast...

Page 198: ...s the IGMP Multicast VLAN function The IGMP Multicast VLAN will take effect when igmp snooping multicast vlan is enabled By default the IGMP Multicast VLAN is in a disabled state Parameters None Restrictions Only Administrator and Operator level users can issue this command Example usage To enable IGMP Multicast VLAN DGS 3700 12 5 enable igmp_snooping multicast_vlan Command enable igmp_snooping mu...

Page 199: ... max length is 32 If not specified all IPv4 multicast VLAN group profiles will be displayed Restrictions Only Administrator and Operator level users can issue this command Example usage To create an IGMP multicast VLAN group profile p1 DGS 3700 12 5 create igmp_snooping multicast_vlan_group_profile p1 Command create igmp_snooping multicast_vlan_group_profile p1 Success DGS 3700 12 5 config igmp_sn...

Page 200: ... command deletes an IGMP Multicast VLAN group profile on the switch Parameters profile_name 32 Specifies the IGMP Multicast VLAN profile name max length is 32 all All IGMP Multicast VLAN group profiles will be deleted Restrictions Only Administrator and Operator level users can issue this command Example usage To delete the IGMP multicast VLAN group profile p1 DGS 3700 12 5 delete igmp_snooping mu...

Page 201: ...the switch receives an IGMP packet it will match the packet against the multicast profile to determine the multicast VLAN to be associated with If the packet does not match any profiles the packet will be forwarded or dropped based on the the setting By default the packet will be dropped Parameters enable The unmatched packet will be flooded on the VLAN disable The unmatched packet will be dropped...

Page 202: ... 1 1000 no_limit show igmp_snooping forwarding vlan vlan_name 32 vlanid vlanid_list show igmp_snooping static_group vlan vlan_name 32 vlanid vlanid_list ipaddr create igmp_snooping static_group vlan vlan_name 32 vlanid vlanid_list ipaddr delete igmp_snooping static_group vlan vlan_name 32 vlanid vlanid_list ipaddr config igmp_snooping static_group vlan vlan_name 32 vlanid vlanid_list ipaddr add de...

Page 203: ...ng DGS 3700 12 5 config igmp_snooping vlan default state enable fast_leave enable report_suppression disable Command config igmp_snooping vlan default state enable fast_leave enable report_suppression disable Success DGS 3700 12 5 config igmp_snooping querier Purpose Used to configure the the time in seconds between general query transmissions the maximum time in seconds to wait for reports from m...

Page 204: ...he switch to be selected as a IGMP Querier sends IGMP query packets It the state is disabled then the switch can not play the role as a querier Note that if the Layer 3 router connected to the switch provide only the IGMP proxy function but not provide the mutlicast routing function then this state must be configured as disabled Otherwise if the Layer 3 router is not selected as the querier it wil...

Page 205: ...s will not be forwarded to this port regardless of protocol etc Parameters vlan_name 32 The name of the VLAN on which the router port resides vlanid_list The VIDs of the VLAN on which the forbidden router port resides add delete Specifies whether to add or delete forbidden router ports of the specified VLAN portlist Specifies a range of ports that will be configured as forbidden router ports Restr...

Page 206: ...command Example usage To disable IGMP snooping on the Switch DGS 3700 12 5 disable igmp_snooping Command disable igmp_snooping Success DGS 3700 12 5 show igmp_snooping Purpose Used to show the current status of IGMP snooping on the Switch Syntax show igmp_snooping vlan vlan_name 32 vlanid vlanid_list Description This command will display the current IGMP snooping configuration on the Switch Parame...

Page 207: ...ble Data Driven Group Expiry Time 260 Total Entries 1 DGS 3700 12 5 show router_ports Purpose Used to display the currently configured router ports on the Switch Syntax show router_ports vlan vlan_name 32 vlanid vlanid_list all static dynamic forbidden Description This command will display the router ports currently configured on the Switch Parameters vlan_name 32 The name of the VLAN on which the...

Page 208: ...e Switch Syntax show igmp_snooping group vlan vlan_name 32 vlanid vlanid_list ports portlist ipaddr data_driven Description This command will display the current IGMP setup currently configured on the Switch Parameters vlan_name 32 The name of the VLAN for which to view IGMP snooping group information vlanid_list The VIDs of the VLAN for which to view IGMP snooping group information portlist The l...

Page 209: ...ime 3 Expiry Time 257 Filter Mode INCLUDE Source Group 29 1 1 3 229 1 1 1 VLAN Name VID default 1 Member Ports 12 Up Time 3 Expiry Time 257 Filter Mode INCLUDE Source Group 29 1 1 4 229 1 1 1 VLAN Name VID default 1 Member Ports 12 Up Time 3 Expiry Time 257 Filter Mode INCLUDE Total Entries 6 DGS 3700 12 5 show igmp_snooping rate_limit Purpose Used to show rate limitation Syntax show igmp_snooping...

Page 210: ... exceeds the limited rate will be dropped The default setting is no_limit no_limit Allows users to configure the rate limitation to no limit Restrictions Only Administrator and Operator level users can issue this command Example usage To configure rate limitation DGS 3700 12 5 config igmp_snooping rate_limit ports 1 100 Command config igmp_snooping rate_limit ports 1 100 Success DGS 3700 12 5 show...

Page 211: ...on if not specified all static groups will be displayed ipaddr The static group address for which to view IGMP snooping static group information Restrictions None Example usage To view the current IGMP snooping static group information DGS 3700 12 5 show igmp_snooping static_group Command show igmp_snooping static_group VLAN ID Name IP Address Static Member Ports 1 default 225 1 1 1 1 3 Total Entr...

Page 212: ...tor level users can issue this command Example usage To create a static group 226 1 1 1 for VID 1 DGS 3700 12 5 create igmp_snooping static_group vlanid 1 226 1 1 1 Command create igmp_snooping static_group vlanid 1 226 1 1 1 Success DGS 3700 12 5 delete igmp_snooping static_group Purpose Used to delete the current IGMP snooping static group on the Switch Syntax delete igmp_snooping static_group v...

Page 213: ...add delete portlist Portlist to add or delete Restrictions Only Administrator and Operator level users can issue this command Example usage To add port 5 to static group 226 1 1 1 on VID 1 DGS 3700 12 5 config igmp_snooping static_group vlanid 1 226 1 1 1 add 5 Command config igmp_snooping static_group vlanid 1 226 1 1 1 add 5 Success DGS 3700 12 5 show igmp_snooping statistic counter Purpose Used...

Page 214: ...tion 0 Dropped By Max Group Limitation 0 Dropped By Group Filter 0 Dropped By Multicast VLAN 0 Transmit Statistics Query IGMP v1 Query 0 IGMP v2 Query 0 IGMP v3 Query 14 Total 14 Report Leave IGMP v1 Report 0 IGMP v2 Report 0 IGMP v3 Report 0 IGMP v2 Leave 0 Total 0 Total Entries 1 DGS 3700 12 5 clear igmp_snooping statistic counter Purpose Used to clear the current IGMP snooping statistic on the ...

Page 215: ...strictions None Example usage To display the host IP information DGS 3700 12 5 show igmp_snooping host vlan default Command show igmp_snooping host vlan default VLAN ID Group Port No IGMP Host 1 225 0 1 0 2 198 19 1 2 1 225 0 1 0 2 198 19 1 3 1 225 0 1 0 3 198 19 1 4 1 225 0 1 2 2 198 19 1 3 1 225 0 1 3 3 198 19 1 4 Total Entries 5 DGS 3700 12 5 config igmp_snooping data_driven_learning max_learne...

Page 216: ...arning is enabled and data driven table is not full the multicast filtering mode for all ports are ignored The multicast packets will be forwarded to router ports If the data driven learning table is full the multicast packets will be forwarded according to the multicast filtering mode Note If a data driven group is created and IGMP member ports are learned later the entry will become an ordinary ...

Page 217: ... group learned by data driven Parameters all Delete all groups learnt by data driven vlan_name vlan_name The name of the VLAN for which IGMP snooping data driven learning group is to be deleted vlanid vlanid_list The VID of the VLAN for which IGMP snooping data driven learning group is to be deleted ipaddr The group address for which IGMP snooping data driven learning group is to be deleted on the...

Page 218: ... is listed in detail in the following sections show ipfdb Purpose Used to show IP address forwarding table on the switch Syntax show ipfdb ipaddr Description This command is used to display the IP address forwarding table on the switch Parameters ipaddr Specify the IP address of the forwarding table Restrictions None Example usage To display the IP address forwarding table on the switch DGS 3700 1...

Page 219: ... on the Q in Q VLAN configuration and the tunnel uplink settings When the device is operated without Q in Q enabled the BPDU will have its DA replaced by the tunnel multicast address and be transmitted out based on the VLAN configuration and the tunnel uplink settings The tunnel multicast address for STP BPDU is 01 05 5d 00 00 00 The tunnel multicast address for GVRP BPDU is 01 05 5d 00 00 21 Para...

Page 220: ...command is used to enable the BPDU Tunnelling function By default the BPDU Tunneling is disabled Parameters None Restrictions Only Administrator and Operator level users can issue this command Example usage To enable bpdu_tunnel DGS 3700 12 5 enable bpdu_tunnel Command enable bpdu_tunnel Success DGS 3700 12 5 disable bpdu_tunnel Purpose Used to disable the BPDU Tunnelling function Syntax disable b...

Page 221: ...escription This command will create a link aggregation group with a unique identifier Parameters value 1 6 Specifies the group ID The Switch allows up to six link aggregation groups to be configured The group number identifies each of the groups type Specify the type of link aggregation used for the group If the type is not specified the default type is static lacp This designates the port group a...

Page 222: ...t Master port ID Specifies which port by port number of the link aggregation group will be the master port All of the ports in a link aggregation group will share the port configuration with the master port ports portlist Specifies a port or range of ports that will belong to the link aggregation group state enable disable Allows users to enable or disable the specified link aggregation group Rest...

Page 223: ...r and Operator level users can issue this command Example usage To configure link aggregation algorithm for mac source dest DGS 3700 12 5 config link_aggregation algorithm mac_source_dest Command config link_aggregation algorithm mac_source_dest Success DGS 3700 12 5 show link_aggregation Purpose Used to display the current link aggregation configuration on the Switch Syntax show link_aggregation ...

Page 224: ...ynamically as needs require In order to utilize the ability to change an aggregated port group that is to add or subtract ports from the group at least one of the participating devices must designate LACP ports as active Both devices must support LACP passive LACP ports that are designated as passive cannot process LACP control frames In order to allow the linked port group to negotiate adjustment...

Page 225: ...Page 225 show lacp_port ports Restrictions None Example usage To display LACP port mode settings DGS 3700 12 5 show lacp_port 1 10 Command show lacp_port 1 10 Port Activity 1 Active 2 Active 3 Active 4 Active 5 Active 6 Active 7 Active 8 Active 9 Active 10 Active DGS 3700 12 5 ...

Page 226: ...value 1 60 profile name name 1 32 config limited_multicast_addr ports ports portlist vlanid vlanid_list ipv4 ipv6 add delete profile_id value 1 60 profile_name name 1 32 access permit deny show limited_multicast_addr ports portlist vlanid vlanid_list ipv4 ipv6 config max_mcast_group ports portlist vlanid vlanid_list ipv4 ipv6 max_group value 1 1024 infinite action drop replace show max_mcast_group...

Page 227: ...rictions Only Administrator and Operator level users can issue this command Example usage To config an IPv4 multicast filter profile DGS 3700 12 5 config mcast_filter_profile profile_id 2 add 225 1 1 1 225 1 1 1 Command config mcast_filter_profile profile_id 2 add 225 1 1 1 Success DGS 3700 12 5 config mcast_filter_profile ipv6 Purpose This command adds or deletes a range of IPv6 multicast address...

Page 228: ...ator and Operator level users can issue this command Example usage To delete a multicast filter profile DGS 3700 12 5 delete mcast_filter_profile profile_id ipv4 2 Command delete mcast_filter_profile profile_id ipv4 2 Success DGS 3700 12 5 delete mcast_filter_profile profile_id ipv6 2 Command delete mcast_filter_profile profile_id ipv6 2 Success DGS 3700 12 5 show mcast_filter_profile Purpose This...

Page 229: ...address filtering function add Add a multicast address profile to a port delete Delete a multicast address profile to a port profile_id A profile to be added to or deleted from the port profile_name name 1 32 The name of the profile permit Specifies that the packet that match the addresses defined in the profiles will be permitted The default mode is permit deny Specifies that the packet that matc...

Page 230: ...ximum number of multicast groups that a port can join Syntax config max_mcast_group ports portlist vlanid vlanid_list ipv4 ipv6 max_group value 1 1024 infinite action drop replace Description This command configures the maximum number of multicast groups that a port can join Parameters portlist A range of ports to config the max_mcast_group vlanid_list A range of VLAN IDs to config the max_mcast_g...

Page 231: ..._group ports portlist vlanid vlanid_list ipv4 ipv6 Description This command is used to display the max number of multicast groups that a port can join Parameters portlist A range of ports to display the max number of multicast groups vlanid_list A range of VLAN IDs to display the max number of multicast groups Restrictions None Example usage To display the maximum number of multicast groups DGS 37...

Page 232: ...C address table notification on the Switch Syntax enable mac_notification Description This command is used to enable MAC address notification without changing configuration Parameters None Restrictions Only Administrator and Operator level users can issue this command Example usage To enable MAC notification without changing basic configuration DGS 3700 12 5 enable mac_notification Command enable ...

Page 233: ...n global settings DGS 3700 12 5 config mac_notification interval 1 historysize 500 Command config mac_notification interval 1 historysize 500 Success DGS 3700 12 5 config mac_notification ports Purpose Used to configure MAC address notification status settings Syntax config mac_notification ports portlist all enable disable Description This command is used to monitor MAC addresses learned and ente...

Page 234: ...e Used to display the Switch s MAC address table notification status settings Syntax show mac_notification ports portlist Description This command is used to display the Switch s MAC address table notification status settings Parameters portlist Specify a port or group of ports to be viewed Entering this command without the parameter will display the MAC notification table for all ports Restrictio...

Page 235: ...g multicast_vlan_group_profile profile_name 1 32 config mld_snooping multicast_vlan_group vlan_name 32 add delete profile_name profile_name 1 32 show mld_snooping multicast_vlan_group vlan_name 32 delete mld_snooping multicat_vlan vlan_name 32 enable mld_snooping multicast_vlan disable mld_snooping multicast_vlan show mld_snooping multicast_vlan vlan_name 32 config mld_snooping multicast_vlan forw...

Page 236: ...of the MLD multicast VLAN the tag_member_port and the source port will automatically become the tagged member of the MLD multicast VLAN To change the port list the new port list will replace the previous port list if add or delete is not specified The member port list and source port list can not overlap However the member port of one MLD multicast VLAN can overlap with another MLD multicast VLAN ...

Page 237: ...MLD multicast VLAN group profile name max length is 32 Restrictions Only Administrator and Operator level users can issue this command Example usage To create an MLD multicast VLAN group profile g1 DGS 3700 12 5 create mld_snooping multicast_vlan_group_profile g1 Command create mld_snooping multicast_vlan_group_profile g1 Success DGS 3700 12 5 config mld_snooping multicast_vlan_group_profile Purpo...

Page 238: ...1 32 all Description This command deletes an MLD multicast VLAN group profile on the switch Parameters profile_name 32 Specifies the MLD multicast VLAN profile name max length is 32 all All MLD multicast VLAN group profile will be deleted Restrictions Only Administrator and Operator level users can issue this command Example usage To delete the MLD multicast VLAN group profile g1 DGS 3700 12 5 del...

Page 239: ... the packet will be matched against the profile on this VLAN If matched the packet will be associated with this VLAN Otherwise the packet is an unmatched packet Otherwise if the packet is an untagged packet the packet will be matched against profiles on all MLD multicast VLANs If it matches profiles on one of the MLD multicast VLANs the packets will be associated with this VLAN If it does not matc...

Page 240: ...lay the multicast groups configured for an MLD multicast VLAN DGS 3700 12 5 show mld_snooping multicast_vlan_group Command show mld_snooping multicast_vlan_group VLAN Name VLAN ID Multicast Group Profiles mv1 2 g1 DGS 3700 12 5 delete mld_snooping multicast_vlan Purpose Used to delete an MLD muticast VLAN Syntax delete mld_snooping multicat_vlan vlan_name 32 Description This command is used to del...

Page 241: ... VLAN Parameters vlan_name The name of the multicast VLAN to be shown If not specified all MLD multicast VLANs will be displayed Restrictions None Example usage To show MLD multicast VLAN DGS 3700 12 5 show mld_snooping multicast_vlan mv1 Command show mld_snooping multicast_vlan mv1 MLD Multicast VLAN Global State Disabled MLD Multicast VLAN Forward Unmatched Disabled VLAN Name mv1 VID 23 Member U...

Page 242: ...t the packet will be dropped Parameters enable The unmatched packet will be flooded on the VLAN disable The unmatched packet will be dropped Restrictions Only Administrator and Operator level users can issue this command Example usage To set unmatched packet to be flooded on the VLAN DGS 3700 12 5 config mld_snooping multicast_vlan forward_unmatched enable Command config mld_snooping multicast_vla...

Page 243: ...portlist ipv6addr data_driven show mld_snooping mrouter_ports vlan vlan_name 32 vlanid vlanid_list all static dynamic forbidden show mld_snooping rate_limit ports portlist vlanid vlanid_list config mld_snooping rate_limit ports portlist vlanid vlanid_list value 1 1000 no_limit show mld_snooping forwarding vlan vlan_name 32 vlanid vlanid_list show mld_snooping static_group vlan vlan_name 32 vlanid ...

Page 244: ... MLD reports are done for a specific S G and will be intregrated into one report only before sending to the router port Restrictions Only Administrator and Operator level users can issue this command Example usage To configure the MLD snooping to the default vlan with state enable DGS 3700 12 5 config mld_snooping vlan default state enable Command config mld_snooping vlan default state enable Succ...

Page 245: ...ween group specific query messages including those sent in response to done group messages You might lower this interval to reduce the amount of time it takes a router to detect the loss of the last listener of a group state Allows you to enable or disable the MLD snooping function for the chosen VLAN version The version of MLD Query sent by the switch Restrictions Only Administrator and Operator ...

Page 246: ...d vlanid The VIDs of the VLAN for which MLD snooping is to be configured add delete Specifies to add or delete the router ports portlist Specifies a range of ports to be configured as forbidden router ports Restrictions Only Administrator and Operator level users can issue this command Example usage To set up port range 1 10 to static router ports DGS 3700 12 5 config mld_snooping mrouter_ports_fo...

Page 247: ... 3700 12 5 disable mld_snooping Command disable mld_snooping Success DGS 3700 12 5 show mld_snooping Purpose Used to the current status of MLD snooping on the switch Syntax show mld_snooping vlan vlan_name 32 vlanid vlanid_list Description This command is used to display the current MLD snooping configuration on the switch Parameters vlan The name of the VLAN for which you want to view the MLD sno...

Page 248: ...mld_snooping group Purpose Used to display the current MLD snooping group configuration on the switch Syntax show mld_snooping group vlan vlan_name 32 vlanid vlanid_list ports portlist ipv6addr data_driven Description This command is used to display the current MLD snooping group configuration on the switch Parameters vlan The name of the VLAN for which you want to view the MLD snooping group vlan...

Page 249: ...ng configuration all All the MLD router ports will be displayed static Displays router ports that have been statically configured dynamic Displays router ports that have been dynamically configured forbidden Displays forbidden router ports that have been statically configured If no parameter specified the system will display all currently configured router ports on the switch Restrictions None Exa...

Page 250: ...D control packets that the switch can process on a specific port The rate is specified in packets per second The packet that exceeds the limited rate will be dropped The default setting is no_limit no_limit Allows user to configure the rate limitation to no limit Restrictions Only Administrator and Operator level users can issue this command Example usage To configure rate limitation DGS 3700 12 5...

Page 251: ...vlan vlan_name 32 vlanid vlanid_list ipv6addr Description This command is used to display the current MLD snooping static group information on the Switch Parameters vlan The name of the VLAN for which to view MLD snooping static group information if not specified all static group will be displayed vlanid The list of the VLAN IDs for which to view MLD snooping static group information if not specif...

Page 252: ...ame of the VLAN for which to create MLD snooping static group information vlanid The list of the VLAN IDs for which to create MLD snooping static group information ipv6addr The static group IPv6 address for which to create MLD snooping static group information Restrictions Only Administrator and Operator level users can issue this command Example usage To create a static group FF12 1 for VID 1 DGS...

Page 253: ...mation add delete portlist Portlist to add or delete Restrictions Only Administrator and Operator level users can issue this command Example usage To add port 5 to static group FF12 1 on VID 1 DGS 3700 12 5 config mld_snooping static_group vlanid 1 FF12 1 add 5 Command config mld_snooping static_group vlanid 1 FF12 1 add 5 Success DGS 3700 12 5 show mld_snooping statistic counter Purpose Used to v...

Page 254: ...itation 0 Dropped By Max Group Limitation 0 Dropped By Group Filter 0 Dropped By Multicast VLAN 0 Transmit Statistics Query MLD v1 Query 0 MLD v2 Query 0 Total 0 Report Done MLD v1 Report 0 MLD v2 Report 0 MLD v1 Done 0 Total 0 Total Entries 1 DGS 3700 12 5 clear mld_snooping statistic counter Purpose Used to clear the current MLD snooping statistic on the Switch Syntax clear mld_snooping statisti...

Page 255: ...ntax config mld_snooping data_driven_learning all vlan_name vlan_name vlanid vlanid_list state enable disable aged_out enable disable expiry_time sec 1 65535 Description This command is used to enable disable the data driven learing of a MLD snooping group When data driven learning is enabled for the VLAN and the switch receives the IP multicast traffic on this VLAN a MLD snooping group will be cr...

Page 256: ...g data_driven_group Purpose Used to delete the MLD snooping group learnt by data driven Syntax clear mld_snooping data_driven_group all vlan_name vlan_name vlanid vlanid_list ipaddr all Description This command is used to delete the MLD snooping group learnt by data driven Parameters all Delete all groups learnt by data driven vlan_name The name of the VLAN for which MLD snooping data driven learn...

Page 257: ...nformation to be displayed ports Specify the port range It belongs to the host information to be displayed group Specify the group s IPv6 address It belongs to the host information to be displayed Restrictions None Example To display the IP information of hosts DGS 3700 12 5 show mld_snooping host vlan default Command show mld_snooping host vlan default VLAN ID 1 Group FF1E 1 Port 2 Host 2001 1 VL...

Page 258: ...nd full processing of frames regardless of administrative errors in defining VLANs and their respective spanning trees Each switch utilizing the MSTP on a network will have a single MSTP configuration that will have the following three attributes a A configuration name defined by an alphanumeric string of up to 32 characters defined in the config stp mst_config_id command as name string b A config...

Page 259: ...ol to be globally enabled on the Switch Parameters None Restrictions Only Administrator and Operator level users can issue this command Example usage To enable STP globally on the Switch DGS 3700 12 5 enable stp Command enable stp Success DGS 3700 12 5 disable stp Purpose Used to globally disable STP on the Switch Syntax disable stp Description This command allows the Spanning Tree Protocol to be ...

Page 260: ... Parameters maxage value 6 40 This value may be set to ensure that old information does not endlessly circulate through redundant paths in the network preventing the effective propagation of the new information Set by the Root Bridge this value will aid in determining that the Switch has spanning tree configuration values consistent with other devices on the bridged LAN If the value ages out and a...

Page 261: ...ax config stp ports portlist externalCost auto value 1 200000000 hellotime value 1 2 migrate yes no edge true false auto p2p true false auto state enable disable restricted_role true false restricted_tcn true false fbpdu enable disable Description This command is used to create and configure STP for a group of ports Parameters portlist Specify a range of ports externalCost Specify the path cost be...

Page 262: ...d STP BPDU when STP functionality is disabled disable Disable port from flooding STP BPDU when STP functionality is disabled Restrictions Only Administrator and Operator level users can issue this command Example usage To configure STP ports DGS 3700 12 5 config stp ports 1 externalCost auto Command config stp ports 1 externalCost auto Success DGS 3700 12 5 create stp instance_id Purpose Used to c...

Page 263: ...lan Along with the vid_range vidlist parameter this command will add VIDs to the previously configured STP instance_id remove_vlan Along with the vid_range vidlist parameter this command will remove VIDs to the previously configured STP instance_id vidlist Specify the VID range from configured VLANs set on the Switch Supported VIDs on the Switch range from ID number 1 to 4094 Restrictions Only Adm...

Page 264: ... default instance_id CIST internally set on the Switch Restrictions Only Administrator and Operator level users can issue this command Example usage To set the priority value for instance_id 2 as 4096 DGS 3700 12 5 config stp priority 4096 instance_id 2 Command config stp priority 4096 instance_id 2 Success DGS 3700 12 5 config stp mst_config_id Purpose Used to update the MSTP configuration identi...

Page 265: ...t Specifies a port or range of ports to be configured instance_id value 0 15 Enter a numerical value between 0 and 15 to identify the instance_id previously configured on the Switch An entry of 0 will denote the CIST Common and Internal Spanning Tree internalCost This parameter is set to represent the relative cost of forwarding packets to specified ports when an interface is selected within a STP...

Page 266: ...ions None Example usage To display the status of STP on the Switch Status 1 STP enabled with STP compatible version DGS 3700 12 5 show stp Command show stp STP Bridge Global Settings STP Status Enabled STP Version STP compatible Max Age 18 Hello Time 2 Forward Delay 15 Max Hops 15 TX Hold Count 6 Forwarding BPDU Disabled NNI BPDU Address dot1d DGS 3700 12 5 Status 2 STP enabled for RSTP DGS 3700 1...

Page 267: ...mation for the remaining ports Restrictions None Example usage To show STP ports information for port 1 STP enabled on Switch DGS 3700 12 5 show stp ports Command show stp ports MSTP Port Information Port Index 1 Hello Time 2 2 Port STP Enabled External PathCost 1 Edge Port False No P2P Auto Yes Port RestrictedRole False Port RestrictedTCN False Port Forward BPDU Enabled MSTI Designated Bridge Int...

Page 268: ...Bridge 32768 00 01 02 03 04 00 Internal Root Cost 0 Designated Bridge 32768 00 50 BA 97 D9 56 Root Port 7 Max Age 20 Forward Delay 15 Last Topology Change 0 Topology Changes Count 21 DGS 3700 12 5 show stp mst_config_id Purpose Used to display the MSTP configuration identification Syntax show stp mst_config_id Description This command displays the Switch s current MSTP configuration identification...

Page 269: ...the port will be placed in a Shutdown Forever mode which will produce a warning message to be sent to the Trap Receiver Once in Shutdown Forever mode one method of recovering this port is to manually recoup it using the Port Configuration window in the Administration folder and selecting the disabled port and returning it to an Enabled status and the port will be recovered automatically when auto ...

Page 270: ...e time_interval field as well which will provide packet count samplings from the Switch s chip to determine if a Packet Storm is occurring threshold value 0 255000 The upper threshold at which the specified traffic control is switched on The value is the number of broadcast multicast unicast packets in packets per second pps received by the Switch that will trigger the storm traffic control measur...

Page 271: ... Traffic Control Auto Recover Time 0 Minutes Port Thres Broadcast Multicast Unicast Action Count Time Shutdown hold Storm Storm Storm Down Interval Forever 1 131072 Disabled Disabled Disabled drop 0 5 2 131072 Disabled Disabled Disabled drop 0 5 3 131072 Disabled Disabled Disabled drop 0 5 4 131072 Disabled Disabled Disabled drop 0 5 5 131072 Disabled Disabled Disabled drop 0 5 6 131072 Disabled D...

Page 272: ...This command will configure all ports auto recover time from shutdown forever state Parameters min The time allowed for auto recovery from shutdown for a port The default value is 0 so no auto recovery is possible the port remains in shutdown forever mode This requires manual entry of the CLI command config ports portlist all state enable to return the port to a forwarding state The default value ...

Page 273: ... Don t logged the storm event when a storm occurs or be cleared Restrictions Only Administrator and Operator level users can issue this command Example usage To configure the traffic log state to enable DGS 3700 12 5 config traffic control log state enable Command config traffic control log state enable Success DGS 3700 12 5 ...

Page 274: ...t only traffic received by or sent by one or both is mirrored to the Target port Parameters port This specifies the Target port the port where mirrored packets will be received The target port must be configured in the same VLAN and must be operating at the same speed as the source port If the target port is operating at a lower speed the source port will be forced to drop its operating speed to m...

Page 275: ...ation into the Switch and then turn the port mirroring on and off without having to modify the port mirroring configuration Parameters None Restrictions Only Administrator and Operator level users can issue this command Example usage To enable mirroring configurations DGS 3700 12 5 enable mirror Command enable mirror Success DGS 3700 12 5 disable mirror Purpose Used to disable a previously entered...

Page 276: ... show the current port mirroring configuration on the Switch Syntax show mirror Description This command displays the current port mirroring configuration on the Switch Parameters None Restrictions None Example usage To display mirroring configuration DGS 3700 12 5 show mirror Command show mirror Current Settings Mirror Status Enabled Target Port 1 Mirrored Port RX TX 5 7 DGS 3700 12 5 ...

Page 277: ... following sections config port_security ports Purpose Used to configure port security settings Syntax config port_security ports portlist all admin_state enable disable max_learning_addr max_lock_no 0 16384 lock_address_mode permanent deleteontimeout deleteonreset 1 vlan vlan_name 32 vlanid vidlist max_learning_addr max_lock_no 0 16384 no_limit Description This command allows for the configuratio...

Page 278: ...C address previously learned by the port to delete Restrictions Only Administrator and Operator level users can issue this command Example usage To delete a port security entry DGS 3700 12 5 delete port_security_entry vlan rg mac_address 00 01 30 10 2C C7 Command delete port_security_entry vlan rg mac_address 00 01 30 10 2C C7 Success DGS 3700 12 5 clear port_security_entry Purpose Used to clear M...

Page 279: ... by their VLAN ID Restrictions None Example usage To display the port security configuration DGS 3700 12 5 show port_security ports 1 5 Command show port_security ports 1 5 Port Configuration Port State Lock Address Mode Max Learning Addr 1 Disabled DeleteOnReset 1 2 Disabled DeleteOnReset 1 3 Disabled DeleteOnReset 1 4 Disabled DeleteOnReset 1 5 Disabled DeleteOnReset 1 DGS 3700 12 5 enable port_...

Page 280: ... to set the maximum number of port security entries that can be learned by the system Syntax config port_security system max_learning_addr max_lock_no 1 16384 no_limit 99999 Description This command sets the maximum number of port security entries that can be authorized system wide There are four levels of limitations on the learned entry number for the entire system for a port for a VLAN and for ...

Page 281: ...y_entry No entry is found DGS 3700 12 5 config port_security vlan Purpose This command is used to set the maximum port security entries that can be learned on a specific VLAN Syntax config port_security vlan vlan_name vlanid vidlist max_learning_addr max_lock_no 0 16384 no_limit Description This command sets the maximum port security entries that can be learned on a specific VLAN There are four le...

Page 282: ...hernet Switch CLI Reference Guide Page 282 Example usage To configure the port security DGS 3700 12 5 config port_security vlan vlanid 1 max_learning_addr 64 Command config port_security vlan vlanid 1 max_learning_addr 64 Success DGS 3700 12 5 ...

Page 283: ...rdware config qinq inner_tpid hex 0x1 0xffff show qinq inner_tpid Each command is listed in detail in the following sections enable qinq Purpose Used to enable Q in Q mode Syntax enable qinq Description This command enables Q in Q mode When enable Q in Q all network port roles will be NNI port and their outer TPID will be set to 88A8 All existed static VLAN will run as SP VLAN All dynamically lear...

Page 284: ... the miss drop of port1 is disable the system will learn an FDB which VID 2 MAC 00 00 00 11 22 33 at port1 Parameters ports A range of ports to configure role Port role in QinQ mode uni Port is connecting to customer network nni Port is connecting to service provider network outer_tpid Outer TPID of a port use_inner_priority Specify whether to use the priority in the C VLAN tag as the priority in ...

Page 285: ...ow qinq Description This command is used to show the global Q in Q status Parameters None Restrictions None Example usage To show global Q in Q status DGS 3700 12 5 show qinq Commands show qinq QinQ Status Enabled DGS 3700 12 5 show qinq ports Purpose Used to show port s attributes in Q in Q mode Syntax show qinq ports portlist Description This command is used to show the Q in Q configuration for ...

Page 286: ...d packets by adding or replacing according the configured rule On egress at this port the SP VLAN tag will be recovered to C VLAN tag or be striped The priority will be the priority in the SP VLAN tag if the use_inner_priority flag is disabled for the receipt port This configuration is only effective for an UNI port This setting will not be effective when Q in Q mode is disabled Parameters portlis...

Page 287: ... Administrator and Operator level users can issue this command Example usage To delete vlan translation rule on ports 1 4 DGS 3700 12 5 delete vlan_translation ports 1 4 Command delete vlan_translation ports 1 4 Success DGS 3700 12 5 show vlan_translation Purpose Used to show pre created C VLAN based SP VLAN assignment rules Syntax show vlan_translation ports portlist cvid vidlist hardware Descrip...

Page 288: ...itch CLI Reference Guide Page 288 DGS 3700 12G 5 show vlan_translation Command show vlan_translation Port SPVID Action Priority CVID 2 10 Add 10 3 10 Add 10 4 10 Add 10 5 20 Add 20 6 20 Add 20 7 20 Add 20 8 20 Add 20 Resource Remain 1017 DGS 3700 12G 5 ...

Page 289: ...mirror the packets to the remote switch The packet travels from the switch where the monitored packet is received through an intermediate switch then to the switch where the sniffer is attached The first switch is also named the source switch To make the RSPAN work for the source switch the RSPAN VLAN source setting must be configured For the intermediate and the last switch the RSPAN VLAN redirec...

Page 290: ...ions Only Administrator and Operator level users can issue this command Example usage To create a RSPAN VLAN DGS 3700 12 5 create rspan vlan vlan_name v3 Command create rspan vlan vlan_name v3 Success DGS 3700 12 5 delete rspan vlan Purpose Used to delete a RSPAN VLAN Syntax delete rspan vlan vlan_name vlan_name vlan_id value 1 4094 Description This command is used to delete RSPAN VLANs Parameters...

Page 291: ...redirect port delete Specify to delete the redirect port ports Specify source portlist to add to or delete from the RSPAN source source If the ports are not specified by this command the source of RSPAN will come from the source specified by the mirror command or the flow based source specified by an ACL If no parameter is specified for source it deletes the configured source parameters add Specif...

Page 292: ...r 2 Managed Gigabit Ethernet Switch CLI Reference Guide Page 292 DGS 3700 12 5 show rspan vlan_id 63 Command show rspan vlan_id 63 RSPAN Enabled RSPAN VLAN ID 63 Source Ports RX 2 5 TX 2 5 Total RSPAN VLAN 1 DGS 3700 12 5 ...

Page 293: ...a static mac based VLAN entry When a static mac_based_vlan entry is created for a user the traffic from this user will be able to be serviced under the specified VLAN regardless of the authentiucation function operated on this port There is a global limitation of the maximum entries supported for the static mac based entry Parameters mac_address The MAC address vlan The VLAN to be associated with ...

Page 294: ...how mac_based_vlan Purpose Used to show the static or dynamic mac based vlan entry Syntax show mac_based_vlan mac_address macaddr vlan vlan_name 32 vlanid vlanid 1 4094 Description This command is used to display the static or dynamic MAC Based VLAN entry Parameters mac The MAC address vlan The VLAN to be associated with the MAC address vlanid Specify the VLAN ID to be associated with the MAC addr...

Page 295: ...anid vlanid 1 4094 priority value 0 7 Description This command is used to create a subnet VLAN entry A subnet VLAN entry is an IP subnet based VLAN classification rule If an untagged or priority tagged IP packet is received on a port its source IP address will be used to match the subnet VLAN entries If the source IP is in the subnet of an entry the packet will be classified to the VLAN defined fo...

Page 296: ...nistrator and Operator level users can issue this command Example usage To delete subnet VLAN DGS 3700 12 5 delete subnet_vlan network 172 168 1 1 24 Command delete subnet_vlan network 172 168 1 1 24 Success DGS 3700 12 5 show subnet_vlan Purpose This command is used to show static subnet VLAN entries Syntax show subnet_vlan network network_address ipv6network ipv6networkaddr vlan vlan_name 32 vla...

Page 297: ...ed_vlan If the parameter is specified the MAC based VLAN classification is given precedence over the subnet VLAN classification subnet_vlan If the parameter is specified the subnet VLAN classification is given precedence over the MAC based VLAN classification Restrictions Only Administrator and Operator level users can issue this command Example usage To configure VLAN precedence DGS 3700 12 5 con...

Page 298: ...segmentation forward_list Specifies a range of ports that will receive forwarded frames from the ports specified in the portlist above null No ports are specified all All ports are specified portlist Specifies a range of ports for the forwarding list This list must be on the same Switch previously specified for traffic segmentation i e following the portlist specified above for config traffic_segm...

Page 299: ...isplay the current traffic segmentation configuration on the Switch DGS 3700 12 5 show traffic_segmentation Command show traffic_segmentation Traffic Segmentation Table Port Forward Portlist 1 1 12 2 1 12 3 1 12 4 1 12 5 1 12 6 1 12 7 1 12 8 1 12 9 1 12 10 1 12 11 1 12 12 1 12 DGS 3700 12 5 ...

Page 300: ... vlanid vidlist ports portlist show port_vlan portlist create dot1v_protocol_group group_id id group_name name 32 config dot1v_protocol_group group_id id group_name name 32 add protocol ethernet_2 ieee802 3_snap ieee802 3_llc protocol_value config dot1v_protocol_group group_id id group_name name 32 delete protocol ethernet_2 ieee802 3_snap ieee802 3_llc protocol_value delete dot1v_protocol_group g...

Page 301: ... 2 Success DGS 3700 12 5 create vlan vlanid Purpose Used to create multiple VLANs by VLAN ID list on the switch Syntax create vlan vlanid vidlist advertisement Description This command is used to create multiple VLANs on the switch Parameters vidlist Specify the VLAN ID of the VLAN to be created advertisement Specify the VLAN as being able to be advertised out Restrictions Only Administrator level...

Page 302: ...name 32 add tagged untagged forbidden delete portlist advertisement enable disable 1 Description This command allows the user to add ports to the port list of a previously configured VLAN The user can specify the additional ports as tagged untagged or forbidden The default is to assign the ports as untagged Parameters vlan_name 32 The name of the VLAN add Entering the add parameter will add ports ...

Page 303: ...cify if the ports will join GVRP or not with the advertisement parameter The name parameter allows you to specify the name of the VLAN that needs to be modified Parameters vidlist Specifies the VLAN ID of the VLAN to add or delete ports to add Specifies to add ports to the VLAN tagged Specifies the additional ports as tagged untagged Specifies the additional ports as untagged forbidden Specifies t...

Page 304: ...e specified portlist acceptable_frame Specify the type of frame that will be accepted by the port tagged_only Only tagged frame will be received admit_all Both tagged and untagged frames will be accepted pvid Specifies the pvid of the port to be modified the value range is from 1to 4094 Restrictions Only Administrator and Operator level users can issue this command Example usage To set the ingress...

Page 305: ...tration Protocol GVRP DGS 3700 12 5 disable gvrp Command disable gvrp Success DGS 3700 12 5 show vlan Purpose Used to display the current VLAN configuration on the Switch Syntax show vlan vlan_name 32 vlanid vidlist ports portlist Description This command displays summary information about each VLAN including the VLAN ID VLAN name the tagged or untagged status and the Member Non member or Forbidde...

Page 306: ...ed Member Ports Static Ports Current Tagged Ports Current Untagged Ports Static Tagged Ports Static Untagged Ports Forbidden Ports Total Static VLAN Entries 2 Total GVRP VLAN Entries 0 DGS 3700 12 5 DGS 3700 12 5 show vlan ports 1 4 Command show vlan ports 1 4 Port VID Untagged Tagged Dynamic Forbidden 1 1 X 2 1 X 3 1 X 4 1 X DGS 3700 12 5 show port_vlan Purpose Used to display the GVRP status for...

Page 307: ...or and Operator level users can issue this command Example usage To create a protocol group DGS 3700 12 5 create dot1v_protocol_group group_id 1 group_name General_Group Command create dot1v_protocol_group group_id 1 group_name General_Group Success DGS 3700 12 5 config dot1v_protocol_group add protocol Purpose Add a protocol to a protocol group Syntax config dot1v_protocol_group group_id id group...

Page 308: ...s used to identify a set of protocols group_name The name of the protocol group The maximum length is 32 characters protocol_value The protoocl vlaue is used to identify a protocol of the frame type specified Depending on the frame type the octet string will have one of the following values The form of the input is 0x0 to 0xffff For ethernet II this is a 16 bit 2 octet hex value Example Ipv4 is 80...

Page 309: ...ons None Example usage To display the protocol group ID 1 DGS 3700 12 5 show dot1v_protocol_group group_id 1 Command show dot1v_protocol_group group_id 1 Protocol Group ID Protocol Group Name Frame Type Protocol Value 1 General Group EthernetII 86DD Total Entries 1 DGS 3700 12 5 config port dot1v Purpose Assign the VLAN for untagged packets ingress from the portlist based on the protocol group con...

Page 310: ...arketing_1 Command config port dot1v ports 3 add protocol_group group_id 1 vlan marketing_1 Success DGS 3700 12 5 show port dot1v Purpose Display the VLAN to be associated with untagged packet ingressed from a port based on the protocol group Syntax show port dot1v ports portlist Description This command is used to display the VLAN to be associated with untagged packet ingressed from a port based ...

Page 311: ...LAN The default setting is enabled Parameters None Restrictions Only Administrator and Operator level users can issue this command Example usage To enable the auto assign PVID DGS 3700 12 5 enable pvid auto_assign Command enable pvid auto_assign Success DGS 3700 12 5 show pvid auto_assign Purpose Show PVID auto assigment state Syntax show pvid auto_assign Description This command is used to displa...

Page 312: ... MAC address of NNI port in Q in Q mode will be set dot1d Specifies GVRP s PDU MAC address of NNI port using 802 1d s definement dot1ad Specifies GVRP s PDU MAC address of NNI port using 802 1ad s definement Restrictions Only Administrator and Operator level users can issue this command Example usage To set the Join time to 200 milliseconds DGS 3700 12 5 config gvrp timer join 200 Command config g...

Page 313: ... unicast packet byte Description This command is used to create control entries to count statistics for specific VLANs or to count statistics for specific ports on specific VLANs The statistics can be either byte count or packet count The statistics can be counted for different frame types Parameters vlan_name Specifies the VLAN name vidlist Specifies a list of VLANs by VLAN ID ports portlist To e...

Page 314: ...vels for all packets on VLAN 1 DGS 3700 12 5 delete vlan_counter vlanid 1 all Command delete vlan_counter vlanid 1 all Success DGS 3700 12 5 clear vlan_counter statistics Purpose Used to clear statistics gathered by the VLAN counter Syntax clear vlan_counter statistics all vlan vlan_name vlanid vidlist all ports portlist Description This command is used to clear statistic gathered by the VLAN coun...

Page 315: ...ys the VLAN level receives packets or receive byte statistics Syntax show vlan_counter statistics vlan vlan_name vlanid vidlist port portlist Description This command displays the VLAN level receives packet or receive byte statistics Parameters vlan_name Specifies the VLAN name vlanid Specifies a list of VLANs by VLAN ID When VLAN is not specified all VLAN counters will be displayed Restrictions N...

Page 316: ...tlist Each command is listed in detail in the following sections enable voice_vlan Purpose To enable the global voice VLAN function Syntax enable voice_vlan vlan_name 32 vlanid vlanid 1 4094 Description This command is used to enable the global voice VLAN function on a Switch To enable the voice VLAN the voice VLAN must be also assigned At the same time the VLAN must be an existing static 802 1Q V...

Page 317: ...voice traffic from data traffic Parameters int 0 7 Specify the priority of the voice VLAN The range is 0 to 7 The default priority is 5 Restrictions Only Administrator and Operator level users can issue this command Example usage To set the priority of the voice VLAN to be six DGS 3700 12 5 config voice_vlan priority 6 Command config voice_vlan priority 6 Success DGS 3700 12 5 config voice_vlan ou...

Page 318: ...of ports or mode per port Syntax config voice_vlan ports portlist all state enable disable mode auto manual Description This command is used to enable or disable the voice VLAN function on ports or mode per port Parameters portlist Specify a range of ports to set all Specify to set all ports state Specify the voice VLAN function state on ports The default state is disabled enable Specify to enable...

Page 319: ...VLAN log state DGS 3700 12 5 config voice_vlan log state enable Command config voice_vlan log state enable Success DGS 3700 12 5 config voice_vlan aging_time Purpose To configure the voice VLAN aging time Syntax config voice_vlan aging_time min 1 65535 Description This command is used to set the aging time of the voice VLAN The aging time is used to remove a port from voice VLAN if the port is an ...

Page 320: ...oice VLAN global information Parameters None Restrictions None Example usage To display voice VLAN information DGS 3700 12 5 show voice_vlan Command show voice_vlan Voice VLAN State Disabled Voice VLAN Unassigned Priority 5 Aging Time 720 minutes Log State Enabled DGS 3700 12 5 show voice_vlan oui Purpose To display OUI information for voice VLAN Syntax show voice_vlan oui Description This command...

Page 321: ...arameters portlist Specify a range of ports to display If all is specified all port voice VLAN information will be displayed Restrictions None Example usage To display voice VLAN ports 1 to 3 DGS 3700 12 5 show voice_vlan ports 1 3 Command show voice_vlan ports 1 3 Ports Status Mode 1 Disabled Auto 2 Disabled Auto 3 Disabled Auto DGS 3700 12 5 show voice_vlan voice_device ports Purpose To display ...

Page 322: ...d Gigabit Ethernet Switch CLI Reference Guide Page 322 DGS 3700 12 5 show voice_vlan voice_device ports 1 2 Command show voice_vlan voice_device ports 1 2 Ports Voice Device Start Time Last Active Time Total Entries 0 DGS 3700 12 5 ...

Page 323: ...is used to enter an IP address and the corresponding MAC address into the Switch s ARP table Parameters ipaddr The IP address of the end node or station macaddr The MAC address corresponding to the IP address above Restrictions Only Administrator and Operator level users can issue this command The Switch supports up to 255 static ARP entries Example usage To create a static arp entry for the IP ad...

Page 324: ... the Switch s ARP table Parameters ipaddr The IP address of the end node or station all Deletes all ARP entries Restrictions Only Administrator and Operator level users can issue this command Example usage To delete an entry of IP address 10 48 74 121 from the ARP table DGS 3700 12 5 delete arpentry 10 48 74 121 Command delete arpentry 10 48 74 121 Success DGS 3700 12 5 config arp_aging time Purpo...

Page 325: ...plays the ARP entry by MAC address If no parameter is specified all current effective ARP entries will be displayed Restrictions None Example usage To display the ARP table DGS 3700 12 5 show arpentry Command show arpentry ARP Aging Time 20 Interface IP Address MAC Address Type System 10 0 0 0 FF FF FF FF FF FF Local Broadcast System 10 24 73 21 00 01 02 03 04 00 Local System 10 48 74 121 00 50 BA...

Page 326: ...DGS 3700 Series Layer 2 Managed Gigabit Ethernet Switch CLI Reference Guide Page 326 DGS 3700 12 5 clear arptable Command clear arptable Success DGS 3700 12 5 ...

Page 327: ... command is listed in detail in the following sections See Switch Utility Commands for descriptions of all autoconfig commands config ipif Purpose Used to configure an IP interface on the switch Syntax config ipif ipif_name 12 ipaddress network_address vlan vlan_name 32 state enable disable boot dhcp ipv6 ipv6address ipv6networkaddr state enable disable ipv4 state enable disable dhcpv6_client enab...

Page 328: ...s 10 48 74 122 8 Success DGS 3700 12 5 create ipif Purpose Used to create an IP interface on the switch Syntax create ipif ipif_name 12 network_address vlan_name 32 state enable disable Description This command creates a IP interface This interface can be configured with IPv4 or IPv6 address Currently it has a restriction An interface can have only one IPv4 address defined But it can have multiple...

Page 329: ...terface DGS 3700 12 5 delete ipif if2 Command delete ipif if2 Success DGS 3700 12 5 To delete an IPv6 address from the interface DGS 3700 12 5 delete ipif if2 ipv6address 5001 3700 8 Command delete ipif if2 ipv6address 5001 3700 8 Success DGS 3700 12 5 enable ipif Purpose Used to enable an IP interface on the switch Syntax enable ipif ipif_name 12 all Description This command is used to enable the...

Page 330: ...and is used to display the configuration of an IP interface on the Switch Parameters ipif_name 12 The name created for the IP interface Restrictions None Example usage To display IP interface settings DGS 3700 12 5 show ipif System Command show ipif System IP Interface System VLAN Name default Interface Admin State Enabled DHCPv6 Client State Disabled Link Status LinkUp IPv4 Address 10 24 73 21 8 ...

Page 331: ...le autoconfig Command enable autoconfig Success DGS 3700 12 5 NOTE More detailed information for this command and related commands can be found in the section titled Switch Utility Commands disable autoconfig Purpose This command is used to automatically disable getting the configuration from the TFTP server Syntax disable autoconfig Description When auto configuration is disabled the switch will ...

Page 332: ...igured and IPv6 processing will be started Parameters ipif_name 12 The name of the IP interface all Indidcates all IP interfaces Restrictions Only Administrator and Operator level users can issue this command Example usage To enable the automatic configuration of link local address for an interface DGS 3700 12 5 enable ipif_ipv6_link_local_auto all Command enable ipif_ipv6_link_local_auto all Succ...

Page 333: ...ocal_auto ipif_name 12 Description This command is used to display the link local address automatic configuration state Parameters ipif_name 12 The name created for the IP interface Restrictions None Example usage To display the link local address automatic configuration state DGS 3700 12 5 show ipif_ipv6_link_local_auto Command show ipif_ipv6_link_local_auto IPIF System Automatic Link Local Addre...

Page 334: ...terval in seconds used by the Auto Recovery mechanism to decide how long to check if the loop status is gone The valid range is 60 to 1000000 Zero is a special value which means to disable the auto recovery mechanism The default value is 60 interval The time interval inseconds at which the remote device transmits all the CTP packets to detect the loop back event The default value is 10 with a vali...

Page 335: ...ally enable loop back detection on the switch Syntax enable loopdetect Description This command is used to globally enable loop back detection on the switch Parameters None Restrictions Only Administrator and Operator level users can issue this command Example usage To enable loop back detection on the switch DGS 3700 12 5 enable loopdetect Command enable loopdetect Success DGS 3700 12 5 disable l...

Page 336: ...on settings on the switch Syntax show loopdetect ports all portlist Description This command is used to display the current per port loop back detection settings on the switch Parameters portlist Specifies a range of ports for the loop back detection all Specifies all ports for the loop back detection Restrictions None Example usage To show loop detect ports DGS 3700 12 5 show loopdetect ports 1 3...

Page 337: ...cted Trap is sent when the loop condition is detected loop_cleared Trap is sent when the loop condition is cleared both Trap will be sent for both cases Restrictions Only Administrator and Operator level users can issue this command Example usage To config loop trap both DGS 3700 12 5 config loopdetect trap both Command config loopdetect trap both Success DGS 3700 12 5 ...

Page 338: ...th other management traffic Out of Band Management allows Management packets and ARP requests to pass between the CPU and the management interface while other packets will be dropped Parameters ipaddress network_address The IP address of the interface the parameter must give the mask state enable disable Allows users to enable or disable the IP interface gateway ipaddr Default gateway of out of ba...

Page 339: ...net Switch CLI Reference Guide Page 339 To display the out_band interface DGS 3700 12 5 show out_band_ipif Command show out_band_ipif Status Enable IP Address 192 168 0 1 Subnet Mask 255 255 255 0 GateWay 0 0 0 0 Link Status LinkDown DGS 3700 12 5 ...

Page 340: ...default static IP route entry to the Switch s IP routing table Parameters default Specifies to create the default IP route network_address Specifies the network address used ipaddr The gateway IP address for the next hop router metric 1 65535 Allows the entry of a routing protocol metric entry representing the number of routers between the Switch and the IP address above The default setting is 1 p...

Page 341: ...ress of the IP route to display static Specifies to display whether the route is static Restrictions None Example usage To display the contents of the IP routing table DGS 3700 12 5 show iproute Command show iproute Routing Table IP Address Netmask Gateway Interface Cost Protocol 10 0 0 0 8 10 48 74 122 System 1 Local Total Entries 1 DGS 3700 12 5 create ipv6route Purpose create an ipv6 default ga...

Page 342: ...lete an ipv6 route Parameters default Use this parameter to delete an IPv6 default gateway ipv6networkaddr Specifies the IPv6 network address used ipif_name 12 Enter the corresponding ipif name of the IPv6 address ipv6addr IPv6 address for the next hop router all This will delete all IPv6 default gateways Restrictions Only Administrator and Operator level users can issue this command Example usage...

Page 343: ...Gigabit Ethernet Switch CLI Reference Guide Page 343 DGS 3700 12G 5 show ipv6route Command show ipv6route IPv6 Prefix 0 Protocol Static Metric 1 Next Hop 3311 1 IPIF System Backup Primary Status Inactive Total Entries 1 DGS 3700 12G 5 ...

Page 344: ...ware priority queues in order beginning with the highest priority queue 7 to the lowest priority queue 0 Each hardware queue will transmit all of the packets in its buffer before permitting the next lower priority to transmit its packets When the lowest hardware priority queue has finished transmitting all of its packets the highest hardware priority queue will begin transmitting any packets it ma...

Page 345: ...o limit on the rate of packets received by the above specified ports value 64 1024000 Specifies the packet limit in Kbps that the above ports will be allowed to receive tx_rate Specifies that one of the parameters below no_limit or value 64 1024000 will be applied to the rate at which the above specified ports will be allowed to transmit packets no_limit Specifies that there will be no limit on th...

Page 346: ...eues in order from the highest priority queue hardware queue 7 to the lowest priority queue hardware queue 0 Each hardware queue will transmit all of the packets in its buffer before allowing the next lower priority queue to transmit its packets When the lowest hardware priority queue has finished transmitting all of its packets the highest hardware priority queue can again transmit any packets it...

Page 347: ...wish to configure all Choose this option to select all ports strict The highest queue first process That is the highest queue should be finished at first wrr Using weighted round robin algorithm to handle packets in priority queues Restrictions Only Administrator and Operation level users can issue this command Example usage To configure the traffic scheduling mechanism for port1 DGS 3700 12G 5 co...

Page 348: ...ommand is used to display the current traffic scheduling mechanism in use on the Switch Parameters portlist Specifies a range of ports to be displayed Restrictions None Example usage To display the scheduling mechanism DGS 3700 12 5 show scheduling_mechanism 1 4 Command show scheduling_mechanism 1 4 Port Mode 1 Strict 2 Strict 3 Strict 4 Strict DGS 3700 12 5 config 802 1p user_priority Purpose Use...

Page 349: ...ss_id 0 7 the number of the hardware queue with class_id 0 7 The number of the Switch s hardware priority queue The Switch has eight hardware priority queues available They are numbered between 0 the lowest priority and 7 the highest priority Restrictions Only Administrator and Operator level users can issue this command Example usage To configure 802 1p user priority on the Switch DGS 3700 12G 5 ...

Page 350: ...ket s priority field Syntax config 802 1p default_priority portlist all priority 0 7 Description This command allows the user to specify default priority handling of untagged packets received by the Switch The priority value entered with this command will be used to determine which of the eight hardware priority queues the packet is forwarded to Parameters portlist Specifies a port or range of por...

Page 351: ...on the Switch DGS 3700 12 5 show 802 1p default_priority Command show 802 1p default_priority Port Priority Effective Priority 1 0 0 2 0 0 3 0 0 4 0 0 5 0 0 6 0 0 7 0 0 8 0 0 9 0 0 10 0 0 11 0 0 12 0 0 DGS 3700 12 5 enable hol_prevention Purpose Used to enable the HOL prevention state Syntax enable hol_prevention Description This command enables the HOL prevention function on the switch Parameters...

Page 352: ...hol_prevention Command show hol_prevention Device HOL Prevention State Enabled DGS 3700 12 5 config mgmt_pkt_priority Purpose Used to configure the priority of managment packet Syntax config mgmt_pkt_priority default priority 0 7 Description This command is used to configure the priority of managment packet Parameters default Specifies to use the original management packet priority priority 0 7 Sp...

Page 353: ...ed from the queue will not be lower than the specified limit The specification of the minimum rate is effective regardless of whether the queue is operating in strict or WRR mode Parameters ports Specify a range of ports to be configured all To set all ports in the system use the all parameter If no parameter is specified the system will set all the ports cos_id_list 0 7 Specify a list of priority...

Page 354: ...h_control ports 1 10 1 max_rate 100 The setting value is not an integer multiple of granularity 64 The closest value 64 is chosen Success DGS 3700 12 5 show per_queue bandwidth _control Purpose To display the bandwidth control setting of per egress queue for each port Syntax show per_queue bandwidth _control portlist Description This command is used to display the bandwidth control setting of per ...

Page 355: ...cp 0 63 dscp_color dscp_list to green red yellow show dscp map portlist dscp_priotity dscp_dscp dscp_color dscp dscp_list config 802 1p map portlist all 1p_color priority_list to green red yellow show 802 1p map 1p_color portlist Each command is listed in detail in the following sections enable sred Purpose Used to enable the simple RED function Syntax enable sred Description This command is used ...

Page 356: ...d By default the value is 60 The range is 0 to 100 high High threshold that specifies the percent of queue space utilized By default the value is 80 The range is 0 to 100 drop_rate low Probabilistic drop rate if above the low threshold By default the value is 1 high Probabilistic drop rate if above the high threshold By default the value is 1 drop_green disable Probabilistic drop red colored packe...

Page 357: ..._id 0 7 This specifies which of the hardware CoS queues the config sred command will apply to Restrictions None Example usage To show sred DGS 3700 12 5 show sred Command show sred Simple RED Globale Status Disabled Port Class Drop Green Threshold Drop Rate Low High Low High 1 0 Disabled 60 80 1 1 1 1 Disabled 60 80 1 1 1 2 Disabled 60 80 1 1 1 3 Disabled 60 80 1 1 1 4 Disabled 60 80 1 1 1 5 Disab...

Page 358: ... config dscp trust Purpose Enable Disable DSCP trust state on selected portlist Syntax config dscp trust portlist all state enable disable Description This command is used to onfigure the port DSCP trust state When DSCP is not trusted 1p is trusted Parameters portlist Specifies a range of ports that will be configured all Specifies that all the ports will be configured state Enable disable to trus...

Page 359: ...mapping of DSCP to priority will be used to determine the priority of the packet which will be then used to determine the scheduling queue when the port is in DSCP trust state The mapping of DSCP to color will be used to determine the initial color of the packet when the policing function of the packet is color aware and the packet is DSCP trusted The DSCP to DSCP mapping is used in the swap of DS...

Page 360: ...ed to display the DSCP map configure parameter Syntax show dscp map portlist dscp_priotity dscp_dscp dscp_color dscp dscp_list Description This command is used to show DSCP trusted portlist and mapped color priority and DSCP Parameters portlist A range of ports to show If no parameter is specified all ports dscp mapping will be displayed If project only support global configure display global info...

Page 361: ...ity_list to green red yellow Description This command is used to configure mapping of 802 1p to packet s initial color The mapping of 802 1p to color will be used to determine the initial color of the packet when the policing function of the packet is color aware and the packet is 802 1p trusted Parameters portlist A range of ports to configure priority Source priority of incoming packets color Ma...

Page 362: ...en Green Green 3 Green Red Green Green Green Green Green Green 4 Green Red Green Green Green Green Green Green 5 Green Red Green Green Green Green Green Green 6 Green Red Green Green Green Green Green Green 7 Green Red Green Green Green Green Green Green 8 Green Red Green Green Green Green Green Green 9 Green Green Green Green Green Green Green Green 10 Green Green Green Green Green Green Green Gr...

Page 363: ...0xff user_define_mask hex 0x0 0xffffffff packet_content_mask offset_chunk_1 value 0 31 hex 0x0 0xffffffff offset_chunk_2 value 0 31 hex 0x0 0xffffffff offset_chunk_3 value 0 31 hex 0x0 0xffffffff offset_chunk_4 value 0 31 hex 0x0 0xffffffff ipv6 class flowlabel tcp src_port_mask hex 0x0 0xffff dst_port_mask hex 0x0 0xffff udp src_port_mask hex 0x0 0xffff dst_port_mask hex 0x0 0xffff source_ipv6_ma...

Page 364: ...ffffff hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff offset_32 47 hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff offset_48 63 hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff offset_64 79 hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff ipv6 class flowlabel source_ipv6_mask ipv6mask destination_ipv6_mask ...

Page 365: ...create an access profile that instructs the Switch to examine all of the relevant fields of each frame First create an access profile that uses IP addresses as the criteria for examination create access_profile profile_id 1 profile_name 1 ip source_ip_mask 255 255 255 0 Here we have created an access profile that will examine the IP field of each frame received by the Switch Each source IP address...

Page 366: ...ules used to define the access profiles are limited to a total of 1536 rules for the Switch create access_profile Purpose Used to create an access profile on the Switch and to define which parts of each incoming frame s header the Switch will examine Masks can be entered that will be combined with the values the Switch finds in the specified frame header fields Specific values for the rules are en...

Page 367: ...Internet Control Message Protocol ICMP field in each frame s header type Specifies that the Switch will examine each frame s ICMP Type field code Specifies that the Switch will examine each frame s ICMP Code field igmp Specifies that the Switch will examine each frame s Internet Group Management Protocol IGMP field type Specifies that the Switch will examine each frame s IGMP Type field tcp Specif...

Page 368: ...a part of the packet header that is similar to the Type of Service ToS or Precedence bits field in IPv4 flowlabel Entering this parameter will instruct the Switch to examine the flow label field of the IPv6 header This flow label field is used by a source to label sequences of packets such as non default quality of service or real time service packets tcp Specifies that the Switch will examine eac...

Page 369: ...packet should be forwarded or filtered If masks in the rules are not specified masks entered using the create access_profile command will be combined using a logical AND operational method with the values the Switch finds in the specified frame header fields Specific values for the rules are entered using the config access_profile command below Syntax config access_profile profile_id value 1 12 pr...

Page 370: ...ber of rules that can be created for a given port lease see the introduction to this chapter ethernet Specifies that the Switch will look only into the layer 2 part of each packet vlan vlan_name 32 vlan_id value 1 4094 Specifies that the access profile will apply to only to this VLAN source_mac macaddr Specifies that the access profile will apply to only packets with this source MAC address destin...

Page 371: ...a mask to be combined with the value found in the frame header and if this field contains the value entered here apply the following rules packet_content_mask Allows users to examine any up to four specified offset_chunk within a packet at one time and specifies that the Switch will mask the packet header beginning with the offset value specified as follows packet_content offset_chunk_1 hex 0x0 0x...

Page 372: ... 1p priority field of their header for incoming packets on the previously specified port replace_priority Allows users to specify a new value to be written to the priority field of an incoming packet on the previously specified port replace_dscp_with value 0 63 Allows users to specify a new value to be written to the DSCP field of an incoming packet on the previously specified port replace_tos_pre...

Page 373: ...d unique Packet Content ACL to prevent an ARP spoofing attack please see Appendix B at the end of this manual show access_profile Purpose Used to display the currently configured access profiles on the Switch Syntax show access_profile profile_id value 1 12 profile_name name 1 32 Description This command is used to display the currently configured access profiles Parameters profile_id value 1 12 S...

Page 374: ...mac macmask destination_mac macmask 802 1p ethernet_type ip vlan source_ip_mask netmask destination_ip_mask netmask dscp icmp type code igmp type tcp src_port_mask hex 0x0 0xffff dst_port_mask hex 0x0 0xffff flag_mask all urg ack psh rst syn fin udp src_port_mask hex 0x0 0xffff dst_port_mask hex 0x0 0xffff protocol_id_mask hex 0x0 0xff user_define_mask hex 0x0 0xffffffff packet_content_mask offset...

Page 375: ...e field code Specifies that the Switch will examine each frame s ICMP Code field igmp Specifies that the Switch will examine each frame s Internet Group Management Protocol IGMP field type Specifies that the Switch will examine each frame s IGMP Type field tcp Specifies that the Switch will examine each frames Transmission Control Protocol TCP field src_port_mask hex 0x0 0xffff Specifies a TCP por...

Page 376: ...f service or real time service packets source_ipv6_mask ipv6mask Specifies an IP address mask for the source IPv6 address destination_ipv6_mask ipv6mask Specifies an IP address mask for the destination IPv6 address Restrictions Only Administrator and Operator level users can issue this command Example usage To create a CPU access profile DGS 3700 12 5 create cpu access_profile profile_id 1 ip vlan...

Page 377: ...xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff offset_64 79 hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff hex 0x0 0xffffffff ipv6 class value 0 255 flowlabel hex 0x0 0xfffff source_ipv6 ipv6addr destination_ipv6 ipv6addr port portlist all permit deny time_range range_name 32 delete access_id value 1 100 Description This command is used to configure a CPU access profi...

Page 378: ...pply only to packets that have this TCP destination port in their TCP header urg ack psh rst syn fin Enters the appropriate flag_mask parameter All incoming packets have TCP port numbers contained in them as the forwarding criterion These numbers have flag bits associated with them which are parts of a packet that determine what to do with the packet The user may deny packets by denying certain fl...

Page 379: ...her be permitted or denied entry to the CPU time_range Specifies the time_range profile that has been associated with the ACL entries delete access_id value 1 100 Use this to remove a previously created access rule in a profile ID Restrictions Only Administrator and Operator level users can issue this command Example usage To configure CPU access list entry DGS 3700 12 5 config cpu access_profile ...

Page 380: ...ode Unused Rule Entries 99 Rule ID 1 Ports 1 Match on VLAN ID 1 Source IP 20 0 0 0 Dest IP 10 0 0 0 DSCP 3 ICMP Type 11 Code 32 Action Deny DGS 3700 12 5 enable cpu_interface_filtering Purpose Used to enable CPU interface filtering on the Switch Syntax enable cpu_interface_filtering Description This command is used in conjunction with the disable cpu_interface_filtering command below to enable and...

Page 381: ...able disable exceed permit replace_dscp value 0 63 drop counter enable disable violate permit replace_dscp value 0 63 drop counter enable disable sr_tcm cir value 0 1000000 cbs value 0 16384 ebs value 0 16384 conform permit replace_dscp value 0 63 counter enable disable exceed permit replace_dscp value 0 63 drop counter enable disable violate permit replace_dscp value 0 63 drop counter enable disa...

Page 382: ...mode cir value 0 1000000 Specify the committed information rate The unit is Kbps cbs value 0 16384 Specify the committed burst size 1 The unit is Kbyte That is to say 1 means 1Kbyte 2 The max set value is 16 1024 ebs value 0 16384 Specify the excess burst size 1 The unit is Kbyte That is to say 1 means 1 Kbyte 2 The max set value is 16 1024 conform Specify the action when packet is in green color ...

Page 383: ...e The maximum length is 32 characters access_id value 1 128 Specifies the access_ID Restrictions None Example usage To show the ACL flow meter state on the Switch DGS 3700 12 5 show flow_meter Command show flow_meter Flow Meter Information Profile ID 1 Access ID 1 Mode trTCM CIR Kbps 1000 CBS Kbyte 2000 PIR Kbps 2000 PBS Kbyte 2000 Action Conform Permit Replace DSCP 11 Counter Enabled Exceed Permi...

Page 384: ...delete Deletes a time range profile When a time_range profile has been associated with ACL entries the delete of this time_range profile will fail Restrictions Only Administrator and Operator level users can issue this command Example usage To config time range DGS 3700 12 5 config time_range 1 3_new hours start_time 11 21 20 end_time 11 44 40 weekdays mon fri Command config time_range 1 3_new hou...

Page 385: ...f the current configuration in user level of privilege The overall current configuration can be displayed by show config command which is accessible in administrator level of privilege Parameters None Restrictions None Example usage To show the current configuration access profile on the Switch DGS 3700 12 5 show current_config access_profile Command show current_config access_profile ACL create a...

Page 386: ... enable disable show 802 1x auth_state auth_configuration ports portlist all config 802 1x capability ports portlist all authenticator none config 802 1x auth_parameter ports portlist all default direction both in port_control force_unauth auto force_auth quiet_period sec 0 65535 tx_period sec 1 65535 supp_timeout sec 1 65535 server_timeout sec 1 65535 max_req value 1 10 reauth_period sec 1 65535 ...

Page 387: ...m state enable disable show accounting service Each command is listed in detail in the following sections enable 802 1x Purpose Used to enable the 802 1X server on the Switch Syntax enable 802 1x Description This command is used to enable the 802 1X Network Access control server application on the Switch To select between port based or MAC based use the config 802 1x auth_mode command Parameters N...

Page 388: ... test Command create 802 1x user test Enter a case sensitive new password Enter the new password again for confirmation Success DGS 3700 12 5 delete 802 1x user Purpose This command is used to delete an 802 1X local user Syntax delete 802 1x user username 15 Description This command is used to delete a specified user Parameters username Specifies deleting user name Restrictions Only Administrator ...

Page 389: ...er port max users is also limited It is specified by config 802 1X auth_parameter command Parameters max_users Specifies the maximum number of users The range is 1 to 1536 By default there is no limit on the max users Restrictions Only Administrator and Operator level users can issue this command Example usage To configure the 802 1X max users DGS 3700 12 5 config 802 1x max_users 100 Command conf...

Page 390: ...e To configure forwarding of EAPOL PDU for the system DGS 3700 12 5 config 802 1x fwd_pdu system enable Command config 802 1x fwd_pdu system enable Success DGS 3700 12 5 config 802 1x fwd_pdu ports Purpose Used to configure if the port will flood EAPOL PDU when 802 1X functionality is disabled Syntax config 802 1x fwd_pdu ports portlilst all enable disable Description This command is a per port se...

Page 391: ...strictions None Example usage To display the 802 1X authentication state DGS 3700 12 5 show 802 1x auth_state ports Command show 802 1x auth_state ports Status A Authorized U Unauthorized P Port Based 802 1X Port MAC Address PAE State Backend State Status VID Priority CTRL C ESC q Quit SPACE n Next Page p Previous Page r Refresh To display the 802 1X configurations DGS 3700 12 5 show 802 1x auth_c...

Page 392: ... Description This command is used to configure the parameters that control the operation of the authenticator associated with a port Parameters portlist Specifies a range of ports to be configured all Specifies all of ports to be configured default Sets all parameter to be default value direction Sets the direction of access control both For bidirectional access control in For unidirectional acces...

Page 393: ...iption This command is used to configure the authentication mode Parameters port_based Configure the authentication as port based mode mac_based Configure the authentication as MAC based mode Restrictions Only Administrator and Operator level users can issue this command Example usage To configure the authentication mode DGS 3700 12 5 config 802 1x auth_mode port_based Command config 802 1x auth_m...

Page 394: ...to re authorize 802 1X functions based only on the MAC address MAC addresses approved for re authorization can then be specified ports portlist Specifies a port or range of ports to be re authorized all Specifies all of the ports on the Switch mac_address macaddr Enter the MAC address to be re authorized Restrictions Only Administrator and Operator level users can issue this command Example usage ...

Page 395: ...ng the create vlan command Only one VLAN can be set as the 802 1X Guest VLAN Example usage To configure a previously created VLAN as a 802 1X Guest VLAN for the Switch DGS 3700 12 5 create 802 1x guest_vlan Trinity Command create 802 1x guest_vlan Trinity Success DGS 3700 12 5 config 802 1x guest_vlan ports Purpose Used to configure ports for a pre existing 802 1X guest VLAN Syntax config 802 1x g...

Page 396: ...one VLAN can be set as the 802 1X Guest VLAN Example usage To show 802 1X Guest VLAN DGS 3700 12 5 show 802 1x guest_vlan Command show 802 1x guest_vlan Guest VLAN Setting Guest VLAN Trinity Enable guest VLAN ports 5 8 Success DGS 3700 12 5 delete 802 1x guest_vlan Purpose Used to delete an 802 1X Guest VLAN Syntax delete 802 1x guest_vlan vlan_name 32 Description This command is used to delete an...

Page 397: ... and the Switch Up to 32 characters can be used default Uses the default UDP port number in both the auth_port and acct_port settings auth_port udp_port_number 1 65535 The UDP port number for authentication requests The default is 1812 acct_port udp_port_number 1 65535 The UDP port number for accounting requests The default is 1813 timeout int 1 255 The time in second for waiting for a server repl...

Page 398: ...ecifies that a password and encryption key will be used between the Switch and the RADIUS server passwd 32 The shared secret key used by the RADIUS server and the Switch Up to 32 characters can be used auth_port udp_port_number 1 65535 The UDP port number for authentication requests The default is 1812 acct_port udp_port_number 1 65535 The UDP port number for accounting requests The default is 181...

Page 399: ...ions None Example usage To display authenticator statistics information from port 1 DGS 3700 12 5 show auth_statistics ports 1 Command show auth_statistics ports 1 Port Number 1 EapolFramesRx 0 EapolFramesTx 0 EapolStartFramesRx 0 EapolReqIdFramesTx 0 EapolLogoffFramesRx 0 EapolReqFramesTx 0 EapolRespIdFramesRx 0 EapolRespFramesRx 0 InvalidEapolFramesRx 0 EapLengthErrorFramesRx 0 LastEapolFrameVer...

Page 400: ...hileAuthenticated 0 EapStartsWhileAuthenticated 0 EapLogoffWhileAuthenticated 0 BackendResponses 0 BackendAccessChallenges 0 BackendOtherRequestsToSupplicant 0 BackendNonNakResponsesFromSupplicant 0 BackendAuthSuccesses 0 BackendAuthFails 0 CTRL C ESC q Quit SPACE n Next Page p Previous Page r Refresh show auth_session_statistics Purpose Used to display authenticator session statistics information...

Page 401: ...nformation Parameters None Restrictions None Example usage To display authentication client information DGS 3700 12 5 show auth_client Command show auth_client radiusAuthClient radiusAuthClientInvalidServerAddresses 0 radiusAuthClientIdentifier radiusAuthServerEntry radiusAuthServerIndex 1 radiusAuthServerAddress 0 0 0 0 radiusAuthClientServerPortNumber 0 radiusAuthClientRoundTripTime 0 radiusAuth...

Page 402: ...entTimeouts 0 radiusAccClientUnknownTypes 0 radiusAccClientPacketsDropped 0 CTRL C ESC q Quit SPACE n Next Page p Previous Page r Refresh config accounting service Purpose Used to configure the state of the specified RADIUS accounting service Syntax config accounting service network shell system 1 state enable disable Description This command is used to enable or disable the specified RADIUS accou...

Page 403: ...able Success DGS 3700 12 5 show accounting service Purpose Used to show the RADIUS accounting services status Syntax show accounting service Description This command is used to show the state for radius accounting service Parameters None Restrictions None Example usage To show accounting service DGS 3700 12 5 show accounting service Command show accounting service Accounting Service Network Enable...

Page 404: ...uthentication and can be responsible for receiving user connection requests authenticating the user and returning all configuration information necessary for the client to deliver service through the user RADIUS may be facilitated on this Switch using the commands listed in this section In order for the TACACS XTACACS TACACS RADIUS security function to work properly a TACACS XTACACS TACACS RADIUS ...

Page 405: ...st_name string 15 config authen_login default method_list_name string 15 method tacacs xtacacs tacacs radius server_group string 15 local none delete authen_login method_list_name string 15 show authen_login default method_list_name string 15 all create authen_enable method_list_name string 15 config authen_enable default method_list_name string 15 method tacacs xtacacs tacacs radius server_group ...

Page 406: ...que for user authentication upon login Parameters None Restrictions Only Administrator level users can issue this command Example usage To enable the system access authentication policy DGS 3700 12 5 enable authen_policy Command enable authen_policy Success DGS 3700 12 5 disable authen_policy Purpose Used to disable system access authentication policy Syntax disable authen_policy Description This ...

Page 407: ...ntax create authen_login method_list_name string 15 Description This command is used to create a list for authentication techniques for user login The Switch can support up to eight method lists but one is reserved as a default and cannot be deleted Multiple method lists must be created and configured separately Parameters string 15 Enter an alphanumeric string of up to 15 characters to define the...

Page 408: ...ACS protocol from the remote TACACS server hosts of the TACACS server group list xtacacs Adding this parameter will require the user to be authenticated using the XTACACS protocol from the remote XTACACS server hosts of the XTACACS server group list tacacs Adding this parameter will require the user to be authenticated using the TACACS protocol from the remote TACACS server hosts of the TACACS ser...

Page 409: ... tacacs xtacacs local Success DGS 3700 12 5 Example usage To configure the default method list with authentication methods XTACACS TACACS and local in that order DGS 3700 12 5 config authen_login default method xtacacs tacacs local Command config authen_login default method xtacacs tacacs local Success DGS 3700 12 5 delete authen_login method_list_name Purpose Used to delete a previously configure...

Page 410: ...Group refers to the TACACS XTACACS TACACS and RADIUS security protocols which are permanently set in the Switch Keyword refers to authentication using a technique INSTEAD of TACACS XTACACS TACACS RADIUS which are local authentication through the user account on the Switch and none no authentication necessary to access any function on the Switch Restrictions Only Administrator level users can issue...

Page 411: ...ously on the Switch The sequence of methods implemented in this command will affect the authentication result For example if a user enters a sequence of methods like tacacs xtacacs local_enable the Switch will send an authentication request to the first TACACS host in the server group If no verification is found the Switch will send an authentication request to the second TACACS host in the server...

Page 412: ...l from a remote TACACS server radius Adding this parameter will require the user to be authenticated using the RADIUS protocol from a remote RADIUS server server_group string 15 Adding this parameter will require the user to be authenticated using a user defined server group previously configured on the Switch local_enable Adding this parameter will require the user to be authenticated using the l...

Page 413: ...authentication methods for promoting normal user level privileges to Administrator level privileges on the Switch Parameters default Entering this parameter will display the default method list for users attempting to gain access to Administrator level privileges on the Switch method_list_name string 15 Enter an alphanumeric string of up to 15 characters to define the given method list the user wi...

Page 414: ... user may choose one of the following five options to configure console Choose this parameter to configure the command line interface login method telnet Choose this parameter to configure the telnet login method ssh Choose this parameter to configure the Secure Shell login method http Choose this parameter to configure the web interface login method all Choose this parameter to configure all appl...

Page 415: ...t Syntax create authen server_host ipaddr protocol tacacs xtacacs tacacs radius port int 1 65535 key key_string 254 none timeout int 1 255 retransmit 1 20 Description This command will create an authentication server host for the TACACS XTACACS TACACS RADIUS security protocols on the Switch When a user attempts to access the Switch with authentication protocol enabled the Switch will send authenti...

Page 416: ...tacacs port 1234 timeout 10 retransmit 5 Success DGS 3700 12 5 config authen server_host Purpose Used to configure a user defined authentication server host Syntax config authen server_host ipaddr protocol tacacs xtacacs tacacs radius port int 1 65535 key key_string 254 none timeout int 1 255 retransmit 1 20 Description This command will configure a user defined authentication server host for the ...

Page 417: ...and a retransmit count of 4 DGS 3700 12 5 config authen server_host 10 1 1 121 protocol tacacs port 4321 timeout 12 retransmit 4 Command config authen server_host 10 1 1 121 protocol tacacs port 4321 timeout 12 retransmit 4 Success DGS 3700 12 5 delete authen server_host Purpose Used to delete a user defined authentication server host Syntax delete authen server_host ipaddr protocol tacacs xtacacs...

Page 418: ... Authentication key to be shared with a configured TACACS server only Parameters None Restrictions Only Administrator level users can issue this command Example usage To view authentication server hosts currently set on the Switch DGS 3700 12 5 show authen server_host Command show authen server_host IP Address Protocol Port Timeout Retransmit Key 10 53 13 94 TACACS 49 5 2 No Use Total Entries 1 DG...

Page 419: ...server protocol on the Switch Only server hosts utilizing the XTACACS protocol may be added to this group tacacs Use this parameter to utilize the built in TACACS server protocol on the Switch Only server hosts utilizing the TACACS protocol may be added to this group radius Use this parameter to utilize the built in RADIUS server protocol on the Switch Only server hosts utilizing the RADIUS protoc...

Page 420: ...roup group_1 Command delete authen server_group group_1 Success DGS 3700 12 5 show authen server_group Purpose Used to view authentication server groups on the Switch Syntax show authen server_group string 15 Description This command will display authentication server groups currently configured on the Switch This command will display the following fields Group Name The name of the server group cu...

Page 421: ...e Zero means there won t be a time out The default value is 0 seconds Restrictions Only Administrator level users can issue this command Example usage To configure the response timeout for 60 seconds DGS 3700 12 5 config authen parameter response_timeout 60 Command config authen parameter response_timeout 60 Success DGS 3700 12 5 config authen parameter attempt Purpose Used to configure the maximu...

Page 422: ...arameters None Restrictions Only Administrator level users can issue this command Example usage To view the authentication parameters currently set on the Switch DGS 3700 12 5 show authen parameter Command show authen parameter Response Timeout 30 seconds User Attempts 3 DGS 3700 12 5 enable admin Purpose Used to promote user level privileges to administrator level privileges Syntax enable admin D...

Page 423: ...ivileges to administrator privileges he or she will be prompted to enter the password configured here that is set locally on the Switch Parameters password 15 After entering this command the user will be prompted to enter the old password then a new password in an alphanumeric string of no more than 15 characters and finally prompted to enter the new password again for confirmation See the example...

Page 424: ... port based meaning a user can enable or disable the function on the individual port ACL Mode The user can enable or disable ACL mode per port the default mode of all port is ARP When user configure one port mode to ACL mode if the HW ACL table has no enough entries the operation fails in other words all entries of the port will go back to ARP mode Because IP MAC binding entries follow port s mode...

Page 425: ...address macaddr ipv6address ipv6addr mac_address macaddr blocked all vlan_name vlan_name mac_address macaddr ports portlist enable address_binding dhcp_snoop ipv6 all disable address_binding dhcp_snoop ipv6 all clear address_binding dhcp_snoop binding_entry ports portlist all ipv6 all show address_binding dhcp_snoop max_entry ports portlist binding_entry port port config address_binding dhcp_snoop...

Page 426: ...L mode entry may not be effective The status of the entry will display this information When an entry in not effective the check for IP packet will not be performed The check for the ARP packet will still be performed For the check of ARP packet both of the ARP request and reply packet will be checked The packet with source IP address not defined in the source validity binding entry or with source...

Page 427: ...posed that 0 0 0 0 is not configured in the binding list when it is set to enabled the ARP packet with this source IP address 0 0 0 0 is allowed when it is set to disable the ARP packet with this source IP address 0 0 0 0 is dropped This option does not affect the IP MAC Port binding ACL Mode forward_dhcppkt By default the dhcp packet with broadcast DA will be flooded When set to disabled the broa...

Page 428: ...ly the acl mode entries will be active acl This entry is specified as an acl mode entry If user enable acl mode this entry will be added as access entry Restrictions Only Administrator and Operator level users can issue this command Example usage To create address binding for all ports on the Switch DGS 3700 12 5 create address_binding ip_mac ipaddress 10 1 1 1 mac_address 00 00 00 00 00 11 Comman...

Page 429: ... 12 5 config address_binding ip_mac ipaddress Purpose To update a address_binding entry Syntax config address_binding ip_mac ipaddress ipaddr ipv6address ipv6addr mac_address macaddr ports portlist all mode acl arp Description This command is used to update an address binding entry Parameters ipaddress The IP address of the device where the IP MAC binding is made ipv6address The IPv6 address of th...

Page 430: ...ked MAC entries and port status Syntax show address_binding ip_mac all ipaddress ipaddr mac_address macaddr ipv6address ipv6addr mac_address macaddr blocked all vlan_name vlan_name mac_address macaddr ports portlist Description This command will display IP MAC Binding entries Three different kinds of information can be viewed ip_mac Address Binding entries can be viewed by entering the physical an...

Page 431: ... mode all of the binding entries are effective If the system is in ACL mode those ACL mode binding entries will be effective but the ARP mode binding entries will be inactive DGS 3700 12 5 show address_binding ip_mac all Command show address_binding ip_mac all M Mode D DHCP N ND S Static ST ACL Status A Active I Inactive IP Address MAC Address M ST Ports 10 1 1 1 00 00 00 00 00 11 S I 1 3 5 7 8 10...

Page 432: ...arning State State Threshold Mode 1 Disabled Disabled ARP Not Allow Forward 500 Normal 2 Disabled Disabled ARP Not Allow Forward 500 Normal 3 Disabled Disabled ARP Not Allow Forward 500 Normal 4 Disabled Disabled ARP Not Allow Forward 500 Normal 5 Disabled Disabled ARP Not Allow Forward 500 Normal 6 Disabled Disabled ARP Not Allow Forward 500 Normal 7 Disabled Disabled ARP Not Allow Forward 500 No...

Page 433: ...ry and the same IP MAC binding pair has been statically configured Supposed that the learned information is consitent with the static configured entry then the auto learned will not be created Supposed that the entry is statically configured in ARP mode then the auto learned entry will not be created Supposed that the entry is statically configured on one port and the entry is auto learned on anot...

Page 434: ...vel users can issue this command Example usage To clear address binding DHCP snooping binding entries on ports 1 3 DGS 3700 12 5 clear address_binding dhcp_snoop binding_entry ports 1 3 Command clear address_binding dhcp_snoop binding_entry ports 1 3 Success DGS 3700 12 5 show address_binding dhcp_snoop Purpose To show address binding auto learning database Syntax show address_binding dhcp_snoop m...

Page 435: ...it 50 5 No Limit 10 6 No Limit No Limit 7 No Limit No Limit 8 No Limit No Limit 9 No Limit No Limit 10 No Limit No Limit 11 No Limit No Limit 12 No Limit No Limit DGS 3700 12 5 config address_binding dhcp_snoop max_entry Purpose Specifies the max number of entries which can be learned by the specified ports Syntax config address_binding dhcp_snoop max_entry ports portlist all limit value 1 50 no_l...

Page 436: ... address binding trap log Syntax disable address_binding trap_log Description This command is used to disable address binding trap log Parameters None Restrictions Only Administrator and Operator level users can issue this command Example usage To disable address binding trap log DGS 3700 12 5 disable address_binding trap_log Command disable address_binding trap_log Success DGS 3700 12 5 enable ad...

Page 437: ...e address_binding arp_inspection Description This command can be used to disable ARP inspection on IMPB enabled ports When IMPB enabled ports works on strict mode ARP inspection will be enabled otherwise ARP inspection will be disabled Parameters None Restrictions Only Administrator and Operator level users can issue this command Example usage To disable ARP inspection on IMPB enabled ports DGS 37...

Page 438: ...D Snooping Syntax config address_binding nd_snoop ports portlist all max_entry value 1 10 no_limit Description By default per port maximum entry is no limit This command specifies the maximum number of entries which can be learned by the specified ports Parameters ports Specifies the list of ports that you would like to set the maximum number of entries which can be learned all Indicates all the p...

Page 439: ...nding recover_learning ports 5 7 Success DGS 3700 12G 5 show address_binding nd_snoop Purpose This command is used to display the status of ND Snooping on the switch Syntax show address_binding nd_snoop ports portlist Description This command allows the user to display ND Snooping state on switch Parameters ports Used to specify the ports that display ND Snooping information If no ports parameter ...

Page 440: ...vel users can issue this command Example usage To display the ND Snooping binding entry Note Inactive indicates that the entry is currently inactive due to port link down DGS 3700 12G 5 show address_binding nd_snoop binding_entry Command show address_binding nd_snoop binding_entry LT Lease Time ST Status A Active I Inactive IP Address MAC Address LT sec Port ST 2001 2222 1111 7777 5555 6666 7777 8...

Page 441: ...isplay the debug messages when the IMPB module receives the DHCP packets all Displays all debug messages Restrictions Only Administrator and Operator level users can issue this command Example usage Start IMPB debug event or DHCP debug event DGS 3700 12G 5 debug address_binding all Command debug address_binding all Success DGS 3700 12G 5 no debug address_binding Purpose Stop the IMPB debug startin...

Page 442: ... guest_vlanid vlanid 1 4094 create mac_based_access_control_local mac macaddr vlan vlan_name 32 vlanid vlanid 1 4094 config mac_based_access_control_local mac macaddr vlan vlan_name 32 vlanid vlanid 1 4094 clear_vlan delete mac_based_access_control_local mac macaddr vlan vlan_name 32 vlanid vlanid 1 4094 show mac_based_access_control ports portlist all show mac_based_access_control_local mac macad...

Page 443: ...disable the MAC based Access Control function Parameters None Restrictions Only Administrator and Operator level users can issue this command Example usage To disable mac_based_access_control DGS 3700 12 5 disable mac_based_access_control Command disable mac_based_access_control Success DGS 3700 12 5 config mac_based_access_control password Purpose Used to configure the password of the MAC based A...

Page 444: ...ging_time infinite min 1 1440 block_time second 0 300 max_users value 1 1000 no_limit Description This command is used to configure MAC Based Access Control setting If a port is a member of guest VLAN it only can access either guest VLAN unauthenticated or target VLAN administrative PVID VLAN authenticated the original 802 1Q VLAN configuration will not take effect For MAC_based_access_control ena...

Page 445: ...ts Purpose Used to configure the mac_based_access_control guest_vlan membership Syntax config mac_based_access_control guest_vlan ports portlist Description This command puts the specified port in guest vlan mode For those ports not contained in the portlist they are in non guest VLAN mode For detailed information for operation of guest VLAN mode please see the description for configuring mac base...

Page 446: ...st VLAN When the guest VLAN is de assigned the guest VLAN function is disabled Parameters guest_vlan Specifies the name of the guest VLAN guest_vlanid Specifies the VID of the guest VLAN Restrictions Only Administrator and Operator level users can issue this command Example usage To de assign a guest VLAN DGS 3700 12 5 delete mac_based_access_control guest_vlan default Command delete mac_based_acc...

Page 447: ... If the MAC address is authorized the port will be assigbed to this VLAN clear_vlan Specifies that the VLAN list will be cleared Restrictions Only Administrator and Operator level users can issue this command Example usage To configure the MAC based access control local entry DGS 3700 12 5 config mac_based_access_control_local mac 00 00 00 00 00 01 vlan default Command config mac_based_access_cont...

Page 448: ...uccess DGS 3700 12G 5 show mac_based_access_control Purpose Used to display the MAC based access control setting Syntax show mac_based_access_control ports portlist all Description This command is used to display the MAC based access control setting Parameters ports Display the MAC based access control port state portlist Specifies the specific MAC based access control port state all Specifies all...

Page 449: ..._access_control_local Purpose Used to display the MAC based Access Control local database Syntax show mac_based_access_control_local mac macaddr vlan vlan_name 32 vlanid vlanid 1 4094 Description This command is used to display the MAC based Access Control local database Parameters mac Display the MAC based access control local database by this MAC address vlan vlan_name 32 Display mac_based_acces...

Page 450: ...l_local vlanid 1 MAC Address VID 00 00 00 00 00 05 1 Total Entries 1 DGS 3700 12 5 clear mac_based_access_control auth_state Purpose To reset the current state of a user The re authentication will be started after the user traffic is received again Syntax clear mac_based_access_control auth_state ports all portlist mac_addr macaddr Description This command is used to clear the authentication state...

Page 451: ...le Description This command is used to enable or disable the acceptance of an authorized configuration When authorization is enabled for MAC based access controls with RADIUS authentication the authorized attributes for example VLAN 802 1p default priority and ACL assigned by the RADUIS server will be accepted if the global authorization status is enabled When authorization is enabled for MAC base...

Page 452: ... MAC based access control authentication MAC information DGS 3700 12 5 show mac_based_access_control auth_state ports Command show mac_based_access_control auth_state ports P Port based Port MAC Address State VID Priority Aging Time Block Time Total Authenticating Hosts 0 Total Authenticated Hosts 0 Total Blocked Hosts 0 DGS 3700 12 5 config mac_based_access_control log Purpose This command is use...

Page 453: ... config mac_based_access_control trap state enable Command config mac_based_access_control trap state enable Success DGS 3700 12G 5 config mac_based_access_control max_users Purpose This command is used to configure the maximum number of authorized clients Syntax config mac_based_access_control max_users value 1 1000 no_limit Description This command is used to configure the maximum number of auth...

Page 454: ...cation ports portlist enable authorization attributes disable authorization attributes show authorization config authentication server failover local permit block Each command is listed in detail in the following sections create authentication guest_vlan Purpose To assign a static VLAN to be a guest VLAN Syntax create authentication guest_vlan vlan vlan_name 32 vlanid vlanid 1 4094 Description Thi...

Page 455: ...Usage example To delete a guest VLAN setting DGS 3700 12 5 delete authentication guest_vlan vlan guestVLAN Command delete authentication guest_vlan vlan guestVLAN Success DGS 3700 12 5 config authentication guest_vlan Purpose To configure security port s as specified guest VLAN members Syntax config authentication guest_vlan vlan vlan_name 32 vlanid vlanid 1 4094 add delete ports portlist all Desc...

Page 456: ...based Every user can be authenticated individually multi_authen_methods Specify the method for multiple authentication none Multiple authentication is not enabled any If any one of the authentication methods 802 1X MBAC and WAC passes then pass dot1x_impb Dot1x will be verified first and then IMPB will be verified Both authentications need to be passed impb_wac IMPB will be verified first and then...

Page 457: ...VLAN setting Syntax show authentication guest_vlan Description This command is used to display guest VLAN information Parameters None Restrictions None Usage example To display the guest VLAN setting DGS 3700 12 5 show authentication guest_vlan Command show authentication guest_vlan Guest VLAN VID Guest VLAN Member Ports Total Entries 0 DGS 3700 12 5 show authentication ports Purpose To display th...

Page 458: ...uthorization global state DGS 3700 12 5 enable authorization attributes Command enable authorization attributes Success DGS 3700 12 5 disable authorization attributes Purpose To disable the authorization global state Syntax disable authorization attributes Description This command is used to disable the authorization global state Parameters None Restrictions Only Administrator and Operator level u...

Page 459: ...ient If the client fails on local authentication the client is regarded as un authenticated otherwise it authenticated Pass authentication The client is always regarded as authenticated If guest VLAN is enabled clients will stay on the guest VLAN otherwise they will stay on the original VLAN The client will be blocked if it can t pass authentication otherwise it will be authenticated Parameters lo...

Page 460: ...d the SSH Server Finally enable SSH on the Switch using the enable ssh command After following the above steps users can configure an SSH Client on the remote PC and manage the Switch using secure in band communication The Secure Shell SSH commands in the Command Line Interface CLI are listed along with the appropriate parameters in the following table COMMAND PARAMETERS enable ssh disable ssh con...

Page 461: ...nd is used to configure the SSH authentication mode for users attempting to access the Switch Parameters password This parameter may be chosen if the administrator wishes to use a locally configured password for authentication on the Switch publickey This parameter may be chosen if the administrator wishes to use a publickey configuration set on a SSH server for authentication hostbased This param...

Page 462: ...n never port tcp_port_number 1 65535 Description This command is used to configure the SSH server Parameters maxsession int 1 8 Allows the user to set the number of users that may simultaneously access the Switch The default setting is 8 contimeout sec 120 600 Allows the user to set the connection timeout The user may set a time between 120 and 600 seconds The default is 120 seconds authfail int 2...

Page 463: ...ord publickey Description This command is used to configure the SSH user authentication method Parameters username 15 Enter a username of no more than 15 characters to identify the SSH user authmode Specifies the authentication mode of the SSH user wishing to log on to the Switch The administrator may choose between hostbased This parameter should be chosen if the user wishes to use a remote SSH s...

Page 464: ...nistrator must create a user account on the Switch For information concerning configuring a user account please see the section of this manual entitled Basic Switch Commands and then the command create account config ssh algorithm Purpose Used to configure the SSH algorithm Syntax config ssh algorithm 3DES AES128 AES192 AES256 arcfour blowfish cast128 twofish128 twofish192 twofish256 MD5 SHA1 RSA ...

Page 465: ...ter will enable or disable the Secure Hash Algorithm encryption RSA This parameter will enable or disable the RSA encryption algorithm DSA This parameter will enable or disable the Digital Signature Algorithm encryption enable disable This allows the user to enable or disable algorithms entered in this command on the Switch Restrictions Only Administrator and Operator level users can issue this co...

Page 466: ...thm Encryption Algorithm 3DES Enabled AES128 Enabled AES192 Enabled AES256 Enabled Arcfour Enabled Blowfish Enabled Cast128 Enabled Twofish128 Enabled Twofish192 Enabled Twofish256 Enabled Data Integrity Algorithm MD5 Enabled SHA1 Enabled Public Key Algorithm RSA Enabled DSA Enabled CTRL C ESC q Quit SPACE n Next Page ENTER Next Entry a All ...

Page 467: ...d block of encrypted text is used in the encryption of the current block The Switch supports the 3DES_EDE encryption code defined by the Data Encryption Standard DES to create the encrypted text 3 Hash Algorithm This part of the ciphersuite allows the user to choose a message digest function which will determine a Message Authentication Code This Message Authentication Code will be encrypted with ...

Page 468: ..._MD5 This ciphersuite combines the RSA key exchange stream cipher RC4 encryption with 128 bit keys and the MD5 Hash Algorithm RSA_with_3DES_EDE_CBC_SHA This ciphersuite combines the RSA key exchange CBC Block Cipher 3DES_EDE encryption and the SHA Hash Algorithm DHE_DSS_with_3DES_EDE_CBC_SHA This ciphersuite combines the DSA Diffie Hellman key exchange CBC Block Cipher 3DES_EDE encryption and SHA ...

Page 469: ...thm RSA_with_3DES_EDE_CBC_SHA This ciphersuite combines the RSA key exchange CBC Block Cipher 3DES_EDE encryption and the SHA Hash Algorithm DHE_DSS_with_3DES_EDE_CBC_SHA This ciphersuite combines the DSA Diffie Hellman key exchange CBC Block Cipher 3DES_EDE encryption and SHA Hash Algorithm RSA_EXPORT_with_RC4_40_MD5 This ciphersuite combines the RSA Export key exchange stream cipher RC4 encrypti...

Page 470: ...ut for 7200 seconds DGS 3700 12 5 config ssl cachetimeout 7200 Command config ssl cachetimeout 7200 Success DGS 3700 12 5 show ssl cachetimeout Purpose Used to show the SSL cache timeout Syntax show ssl cachetimeout Description This command is used to view the SSL cache timeout currently implemented on the Switch Parameters None Restrictions None Example usage To view the SSL cache timeout on the ...

Page 471: ...uthentication and digital signatures Both the server and the client must have consistent certificate files for optimal use of the SSL function The Switch only supports certificate files with der file extensions Parameters ipaddr Enter the IP address of the TFTP server certfilename path_filename 64 Enter the path and the filename of the certificate file users wish to download keyfilename path_filen...

Page 472: ...dirpath config wac virtual_ip ipaddr config wac switch_http_port tcp_port_number 1 65535 http https create wac user username 15 vlan vlan_name 32 vlanid vlanid 1 4094 delete wac user username 15 all_users config wac user username 15 vlan vlan_name 32 vlanid vlanid 1 4094 clear_vlan show wac show wac ports portlist show wac user show wac auth_state ports portlist authenticated authenticating blocke...

Page 473: ...ata assigned by the RADUIS server will be accepted if the global authorization network is enabled When the authorization is enabled for WAC s local the authorized data assigned by the local database will be accepted Parameters radius If specified to enable the authorized data assigned by the RADUIS server will be accepted if the global authorization network is enabled The default state is enabled ...

Page 474: ...Indicates the authenticated host on the port will not ageout min 1 1440 Set the ageout between 1 and 1440 minutes idle_time A time period after which an authenticated host will be moved to un authenticated state if there is no traffic during that period The default value is infinite infinite Indicates the host will not be removed from the authenticated state due to idle of traffic min 1 1440 Set t...

Page 475: ...ig wac default_redirpath string 128 Description This command is used to configure the WAC default redirect path If default redirect path is configured the user will be redirected to the default redirect path after successful authentication When the string is cleared the client will be redirected to logout page after successful authentication Parameters string 128 Specify the URL that the client wi...

Page 476: ...is command Example usage To configure the WAC virtual IP address used to accept authentication requests from unauthenticated hosts DGS 3700 12 5 config wac virtual_ip 1 1 1 1 Command config wac virtual_ip 1 1 1 1 Success DGS 3700 12 5 config wac switch_http_port Purpose To configure the TCP port which the WAC switch listens to Syntax config wac switch_http_port tcp_port_number 1 65535 http https D...

Page 477: ...estrictions Only Administrator and Operator level users can issue this command Example usage To create a WAC account DGS 3700 12 5 create wac user vlan 123 Command create wac user vlan 123 Enter a case sensitive new password Enter the new password again for confirmation Success DGS 3700 12 5 delete wac Purpose This command is used to delete a local WAC user Syntax delete wac user username 15 all_u...

Page 478: ...ommand config wac user vlanid 100 Success DGS 3700 12 5 show wac Purpose To display the WAC global setting Syntax show wac Description This command is used to display the WAC global setting Parameters None Restrictions None Example usage To show WAC DGS 3700 12 5 show wac Command show wac Web Base Access Control State Disabled Method Local Redirect Path Virtual IP 0 0 0 0 Switch HTTP Port 80 HTTP ...

Page 479: ... wac user Command show wac user Username Password VID 123 1000 Total Entries 1 DGS 3700 12 5 show wac auth_state ports Purpose This command is used to display the WAC authentication state Syntax show wac auth_state ports portlist authenticated authenticating blocked Description This command is used to display the authentication state for ports Parameters portlist Specify the list of ports whose WA...

Page 480: ...n This command is used to clear the authentication state of a port The port will return to un authenticated state All the timer associated with the port will be reset Parameters ports Specify the list of ports whose WAC state will be cleared portlist Specify a range of ports all Specify to clear all ports authenticated Specify to clear all authenticated users for a port authenticating Specify to c...

Page 481: ... to enable or disable the DHCP local relay function for a specified VLAN When DHCP local relay is enabled for the VLAN the DHCP packet will be relayed as a broadcast without changing the source MAC address and gateway address DHCP option 82 will be automatically added Parameters vlan The name of the VLAN to be enabled for DHCP local relay state Enable or disable DHCP local relay for a specified VL...

Page 482: ...tion on the switch Parameters None Restrictions Only Administrator level users can issue this command Example usage To disable the DHCP local relay function DGS 3700 12 5 disable dhcp_local_relay Command disable dhcp_local_relay Success DGS 3700 12 5 show dhcp_local_relay Purpose To display the current DHCP local relay configuration Syntax show dhcp_local_relay Description This command is used to ...

Page 483: ...DGS 3700 Series Layer 2 Managed Gigabit Ethernet Switch CLI Reference Guide Page 483 ...

Page 484: ...how dhcp_relay option_61 config dhcp_relay option_61 delete mac_address macaddr string desc_long 255 all config dhcp_relay option_61 default relay ipaddr drop config dhcp_relay option_61 state enable disable config dhcp_relay option_82 state enable disable config dhcp_relay option_82 check enable disable config dhcp_relay option_82 remote_id default user_define desc 32 config dhcp_relay option_82 ...

Page 485: ...e of the IP interface in which DHCP relay is to be enabled ipaddr The DHCP server IP address Restrictions Only Administrator and Operator level users can issue this command Example usage To add an IP destination to the DHCP relay table DGS 3700 12 5 config dhcp_relay add ipif System 10 58 44 6 Command config dhcp_relay add ipif System 10 58 44 6 Success DGS 3700 12 5 config dhcp_relay delete ipif ...

Page 486: ...ermine the relay servers Parameters enable Enables the fuction disable Disables the fuction Restrictions Only Administrator level users can issue this command Example usage To configure DHCP relay option 60 state DGS 3700 12 5 config dhcp_relay option_60 state enable Command config dhcp_relay option_60 state enable Success DGS 3700 12 5 config dhcp_relay option_60 add Purpose This command is used ...

Page 487: ... Specify to drop the packet that has no matching option 60 rules relay The packet will be relayed based on the relay rules Restrictions Only Administrator can issue this command Example usage To configure the DHCP relay default option 60 DGS 3700 12 5 config dhcp_relay option_60 default mode drop Command config dhcp_relay option_60 default mode drop Success DGS 3700 12 5 config dhcp_relay option_6...

Page 488: ... Default Servers Matching Rules String Match Type IP Address abc Exact Match 10 90 90 1 Total Entries 1 DGS 3700 12 5 config dhcp_relay option_61 state Purpose This command is used to configure the DHCP relay option 61 state Syntax config dhcp_relay option_61 state enable disable Description This command decides whether dhcp_relay will process the DHCP option 61 or not When option_61 is enabled if...

Page 489: ...dware address of client string The client s client ID which is specified by administrator relay Specify to relay the packet to a IP address drop Specify to drop the packet Restrictions Only Administrator level users can issue this command Example usage To configure the DHCP relay option 61 DGS 3700 12 5 config dhcp_relay option_61 add mac_address 00 01 22 33 44 55 drop Command config dhcp_relay op...

Page 490: ...e default rule will be deleted Restrictions Only Administrator level users can issue this command Example usage To delete the DHCP relay option 61 rules DGS 3700 12 5 config dhcp_relay option_61 delete mac_address 00 11 22 33 44 55 Command config dhcp_relay option_61 delete mac_address 00 11 22 33 44 55 Success DGS 3700 12 5 show dhcp_relay option_61 Purpose This command displays DHCP relay option...

Page 491: ...on 82 field and forwards the packet to the switch port that connects to the DHCP client that sent the DHCP request disable If the field is toggled to disable the relay agent will not insert and remove DHCP relay information option 82 field in messages between DHCP servers and clients and the check and policy settings will have no effect Restrictions Only Administrator and Operator level users can ...

Page 492: ... config dhcp_relay option_82 remote_id default Command config dhcp_relay option_82 remote_id default Success DGS 3700 12G 5 config dhcp_relay option_82 policy Purpose Used to configure the reforwarding policy of relay agent information option 82 of the switch Syntax config dhcp_relay option_82 policy replace drop keep Description This command is used to configure the reforwarding policy of DHCP re...

Page 493: ...nt Information Option 82 State Disabled DHCP Relay Agent Information Option 82 Check Disabled DHCP Relay Agent Information Option 82 Policy Replace DHCP Relay Agent Information Option 82 Remote ID 00 21 91 AF 3C 07 Interface Server 1 Server 2 Server 3 Server 4 DGS 3700 12G 5 Example usage To show a single IP destination of the DHCP relay configuration DGS 3700 12G 5 show dhcp_relay ipif System Com...

Page 494: ...ictions Only Administrator and Operator level users can issue this command Example usage To disable DHCP relay DGS 3700 12 5 disable dhcp_relay Command disable dhcp_relay Success DGS 3700 12 5 config dhcpv6_relay hop_count Purpose Configure the DHCPv6 relay hop_count of the switch Syntax config dhcpv6_relay hop_count value 1 32 Description The command configures the DHCPv6 relay hop_count of the s...

Page 495: ...pif Purpose This command is used to configure the DHCPv6 relay state of one specific interface or all interfaces Syntax config dhcpv6_relay ipif ipif_name 12 all state enable disable Description The command is used to configure the DHCPv6 relay state of one specific interface or all interfaces Parameters ipif The name of the IP interface all Indicates all configured IP interfaces state See below e...

Page 496: ...18 FEFF FEFB 2 IP Interface Ipif_2 DHCPv6 Relay Status Enabled Server Address IP Interface System DHCPv6 Relay Status Enabled Server Address 2001 DB8 1234 0 218 FEFF FEFB 1 Server Address 3ffe 500 Server Address 3ffe 600 Server Address ff05 1 3 Ipif_1 Total Entries 3 DGS 3700 12 5 To show the DHCPv6 relay configuration of System interfaces DGS 3700 12 5 show dhcpv6_relay ipif System Command show d...

Page 497: ... dhcpv6_relay Command enable dhcpv6_relay Success DGS 3700 12G 5 disable dhcpv6_relay Purpose This command is used to disable DHCP version 6 relay Syntax disable dhcpv6_relay Description This command is used to disable DHCP version 6 relay Parameters None Restrictions Only Administrator and Operator level users can issue this command Example usage To disable the DHCPv6 relay option DGS 3700 12G 5 ...

Page 498: ... pool_name 12 ipaddr ipaddr ipaddr config dhcp pool netbios_node_type pool_name 12 broadcast peer_to_peer mixed hybrid config dhcp pool default_router pool_name 12 ipaddr ipaddr ipaddr config dhcp pool lease pool_name 12 day 0 365 hour 0 23 minute 0 59 infinite config dhcp pool boot_file pool_name 12 file_name 64 config dhcp pool next_server pool_name 12 ipaddr config dhcp ping_packets number 0 10...

Page 499: ...p excluded_address begin_address 10 10 10 1 end_address 10 10 10 10 Command create dhcp excluded_address begin_address 10 10 10 1 end_address 10 10 10 10 Success DGS 3700 12 5 delete dhcp excluded_address Purpose Used to delete the DHCP Server exclude address Syntax delete dhcp excluded_address begin_address ipaddr end_address ipaddr all Description This command is used to delete a DHCP server exc...

Page 500: ...iguration commands to configure parameters for the pool Parameters pool_name 12 Specify the name of the DHCP pool Restrictions Only Administrator level users can issue this command Example usage To create a DHCP pool DGS 3700 12 5 create dhcp pool netpool Command create dhcp pool netpool Success DGS 3700 12 5 delete dhcp pool Purpose Used to delete the current DHCP Server pool information Syntax d...

Page 501: ...the network of each DHCP pool Parameters pool_name 12 Specify the DHCP pool name network_address Specify the IP address that the DHCP server may assign to clients Restrictions Only Administrator level users can issue this command Example usage To configure the address range of the DHCP address pool DGS 3700 12 5 config dhcp pool network_addr netpool 10 10 10 0 24 Command config dhcp pool network_a...

Page 502: ...hat Microsoft DHCP clients use to correlate host names to IP addresses within a general grouping of networks If a NetBIOS name server is not specified the NetBIOS name server information will not be provided to the client If this command is input twice for the same pool the second command will overwrite the first command Parameters pool_name Specify the DHCP pool name ipaddr Specify the IP address...

Page 503: ... the default router should be on the same subnet as the client If the default router is not specified the default router information will not be provided to the client If this command is input twice for the same pool the second command will overwrite the first command The default router must be within the range the network defined for the DHCP pool Parameters pool_name 12 Specify the DHCP pool nam...

Page 504: ...ded to the client Parameters pool_name 12 Specify the DHCP pool name file_name 64 Specify the file name of the boot image Restrictions Only Administrator level users can issue this command Example usage To configure the boot file DGS 3700 12 5 config dhcp pool boot_file engineering boot had Command config dhcp pool boot_file engineering boot had Success DGS 3700 12 5 config dhcp pool next_server P...

Page 505: ...ator level users can issue this command Example usage To configure ping packets DGS 3700 12 5 config dhcp ping_packets 4 Command config dhcp ping_packets 4 Success DGS 3700 12 5 config dhcp ping_timeout Purpose Used to configure the DHCP Server feature of the switch Syntax config dhcp ping_timeout millisecond 10 2000 Description By default the DHCP server waits 10 milliseconds before timing out a ...

Page 506: ...fy the DHCP pool name ipaddr Specify the IP address which will be assigned to a specified client hardware_address Specify the hardware MAC address type See below Ethernet Specify Ethernet type IEEE802 Specify IEEE802 type Restrictions Only Administrator level users can issue this command Example usage To configure manual bindings DGS 3700 12 5 create dhcp pool manual_binding engineering 10 10 10 1...

Page 507: ... dhcp binding engineering 10 20 3 4 Command clear dhcp binding engineering 10 20 3 4 Success DGS 3700 12 5 show dhcp binding Purpose Used to display the current DHCP Server binding Syntax show dhcp binding pool_name 12 Description This command is used to display dynamic binding entries Parameters pool_name 12 Specify a DHCP pool name Restrictions None Example usage To display the current DHCP pool...

Page 508: ...ool_name 12 Specify a DHCP pool name Restrictions None Example usage To display the configured manual binding entries DGS 3700 12 5 show dhcp pool manual_binding Command config dhcp pool manual_binding Pool Name IP Address Hardware Address Type p1 192 168 0 1 00 80 C8 08 13 88 Ethernet p1 192 168 0 2 00 80 C8 08 13 99 Ethernet Total Entries 2 DGS 3700 12 5 enable dhcp_server Purpose Used to enable...

Page 509: ... dhcp_server Success DGS 3700 12 5 show dhcp_server Purpose To display the status of DHCP server Syntax show dhcp_server Description This command is used to display the current DHCP server configuration Parameters None Restrictions None Example usage To display the DHCP server status DGS 3700 12 5 show dhcp_server Command show dhcp_server DHCP Server Global State Disabled Ping Packet Number 2 Ping...

Page 510: ... The DHCP server will use ping packet to determine whether an IP address is conflicting with other hosts before binding this IP The IP address which has been identified in conflict will be moved to the conflict IP database The system will not attempt to bind the IP address in the conflict IP database unless the user clears it from the conflict IP database Parameters ipaddr Specify the IP address t...

Page 511: ... string 32 show cfm fault md string 22 ma string 22 Each command is listed in detail in the following sections config cfm ais Purpose Used to configure parameters of AIS function Syntax config cfm ais md string 22 ma string 22 mepid int 1 8191 period 1sec 1min level int 0 7 state enable disable 1 Description This command is used to configure the parameters of AIS function on a MEP The default stat...

Page 512: ...lient MD level is MD level at which the most immediate client layer MIPs and MEPs exist Note This default client MD level is not a fixed value It may change when creating or deleting higher level MD and MA on the device When the most immediate client layer MIPs and MEPs do not exist the default client MD level cannot be calculated If the default client MD level cannot be calculated and user doesn ...

Page 513: ... 32 mepid int 1 8191 md string 22 ma string 22 num int 1 65535 length int 0 1500 pattern string 1500 pdu_priority int 0 7 Description You can press Ctrl C to exit loopback test The MAC address represents that the destination MEP or MIP which can be reached by this MAC address The MAC address represents that the destination MEP or MIP which can be reached by this MAC address If the MAC address is m...

Page 514: ...c0 00 00 31 Remote MPID 52 Packets Sent 2 Received 1 Lost 1 50 loss Remote MPID 51 Packets Sent 2 Received 0 Lost 2 100 loss DGS 3700 12 5 show cfm Purpose This command is used to show CFM information Syntax show cfm md string 22 ma string 22 mepid int 1 8191 mepname string 32 Description This command is used to show CFM information Parameters md Specifies the maintenance domain name ma Specifies ...

Page 515: ...itted 1234 In order LBRs 0 received Out of order LBRs 0 received Next LTM Trans ID 27 Unexpected LTRs 0 received LBMs Transmitted 0 AIS PDUs 10 received AIS PDUs Transmitted 0 LCK PDUs 0 received LCK PDUs Transmitted 0 Remote MEPID MAC Address Status RDI PortSt IfSt LCK Detect Time 2 XX XX XX OK Yes Blocked Up Yes 2008 01 01 12 00 00 3 XX XX XX IDLE No No No Yes 2008 01 01 12 00 00 4 XX XX XX OK N...

Page 516: ...Specifies the maintenance domain name ma Specifies the maintenance association name Restrictions None Example usage To display CFM fault DGS 3700 12 4 show cfm fault Command show cfm fault MD Name MA Name MEPID Status AIS Status LCK Status op_domain op1 1 Cross connect CCM Received AIS Received Normal DGS 3700 12 4 ...

Page 517: ...ror_ccm xcon_ccm none alarm_time centisecond 250 1000 alarm_reset_time centisecond 250 1000 delete cfm mep mepname string 32 mepid int 1 8191 md string 22 ma string 22 delete cfm ma string 22 md string 22 delete cfm md string 22 enable cfm disable cfm config cfm ports portlist state enable disable show cfm ports portlist show cfm md string 22 ma string 22 mepid int 1 8191 mepname string 32 show cf...

Page 518: ...ose Used to configure parameters of a maintenance domain Syntax config cfm md string 22 mip none auto explicit sender_id none chassis manage chassis_manage Description Creation of MIPs on a MA is useful for tracing the link MIP by MIP It also allows the user to perform loop back from MEP to an MIP Parameters md Specifies the maintenance domain name mip Specifies and controls the creation of MIPs n...

Page 519: ...s manage chassis_manage defer ccm_interval 10ms 100ms 1sec 10sec 1min 10min mepid_list add delete mepid_list Description The MEP list specified for a MA can be located in different devices MEPs must be created on ports of these devices explicitly An MEP will transmit CCM packets periodically across the MA The receiving MEP will verify these received CCM packets from other MEPs against this MEP lis...

Page 520: ... 3700 12 5 create cfm mep Purpose Used to create a cfm MEP Syntax create cfm mep string 32 mepid int 1 8191 md string 22 ma string 22 direction inward outward port port Description Different MEP in the same MA must have different MEP ID MD name MA name and MEP ID together can identify a MEP Different MEP on the same device must have a different MEP name Before an MEP is created its MEPID should be...

Page 521: ...s the MEP MEPID It should be configured in MA s MEPID list md Specifies the maintenance domain name ma Specifies the maintenance association name state Specifies the MEP administrative state enable MEP is enabled disable MEP is disabled This is the default value ccm Specifies the CCM transmission state enable CCM transmission enabled disable CCM transmission disabled This is the default value pdu_...

Page 522: ...MEP name It s unique among all MEPs configured on the device mepid Specifies the MEP MEPID It should be configured in MA s MEPID list md Specifies the maintenance domain name ma Specifies the maintenance association name Restrictions Only Administrator and Operator level users can issue this command Example usage To delete CFM mep DGS 3700 12 5 delete cfm mep mepname mep1 Command delete cfm mep me...

Page 523: ...sue this command Example usage To delete a CFM md DGS 3700 12 5 delete cfm md 3 Command delete cfm md 3 Success DGS 3700 12 4 enable cfm Purpose This command is used to enable CFM globally Syntax enable cfm Description This command is used to enable CFM globally Parameters None Restrictions Only Administrator and Operator level users can issue this command Example usage To enable CFM DGS 3700 12 5...

Page 524: ...rocess CFM PDUs If the user issues a Loop back or Linktrace test on those MEPs it will prompt user that The MEP does not exist Parameters ports Specifies the logical port list state Is used to enable or disable CFM function Restrictions Only Administrator and Operator level users can issue this command Example usage To configure CFM ports DGS 3700 12 5 config cfm ports 2 5 state enable Command con...

Page 525: ...ies the MEP MEPID mepname Specifies the MEP name Restrictions None Example usage To display CFM DGS 3700 12 5 show cfm mep mep1 Command show cfm mep mep1 Name mep1 MEPID 1 Port 1 Direction Inward CFM Port Status Disabled MAC Address 00 21 91 AF 3C 08 MEP State Disabled CCM State Disabled PDU Priority 7 Fault Alarm Disabled Alarm Time 250 centisecond 1 100 s Alarm Reset Time 1000 centisecond 1 100 ...

Page 526: ...gabit Ethernet Switch CLI Reference Guide Page 526 DGS 3700 12 5 show cfm md op_domain Command show cfm md op_domain MD Level 2 MIP Creation Explicit SenderID TLV None VID MA Name 1 op1 DGS 3700 12 5 Example usage To display CFM mepname ...

Page 527: ...ross connect CCMs 0 received Error CCMs 0 received Normal CCMs 0 received Port Status CCMs 0 received If Status CCMs 0 received CCMs transmitted 0 In order LBRs 0 received Out of order LBRs 0 received Next LTM Trans ID 0 Unexpected LTRs 0 received LBMs Transmitted 0 AIS PDUs 0 received AIS PDUs Transmitted 0 LCK PDUs 0 received LCK PDUs Transmitted 0 DGS 3700 12G 5 show cfm fault Purpose This comm...

Page 528: ... inward Inward facing MEP outward Outward facing MEP If not specified both directions and MIPs are shown Vlanid VLAN identifier If not specified all VLANs are shown Restrictions None Example usage To display CFM ports DGS 3700 12 4 show cfm port 1 Command show cfm port 1 MAC Address 10 10 90 08 8g 12 MD Name MA Name MEPID Level Direction VID op_domain op1 1 2 inward 2 cust_domain cust1 8 4 inward ...

Page 529: ...l Specifies the linktrace message TTL value The default value is 64 pdu_priority The 802 1p priority to be set in the transmitted LTM If not specified it uses the same priority as CCMs sent by the MA Restrictions None Example usage To create a CFM linktrace DGS 3700 12 4 cfm linktrace 00 01 02 03 04 05 mep mep1 Command cfm linktrace 00 01 02 03 04 05 mep mep1 Transaction ID 26 Success DGS 3700 12 ...

Page 530: ...his command is used to delete received linktrace responses Syntax delete cfm linktrace md string 22 ma string 22 mepid int 1 8191 mepname string 32 Description This command deletes the stored link trace response data that is initiated by the specified MEP Parameters mepname Specifies the MEP name mepid Specifies the MEP MEPID md Specifies the maintenance domain name ma Specifies the maintenance as...

Page 531: ...ccess DGS 3700 12 5 cfm loopback Purpose Used to show MEPs and MIPs created on a port Syntax cfm loopback macaddr mepname string 32 mepid int 1 8191 md string 22 ma string 22 num int 1 65535 length int 0 1500 pattern string 1500 pdu_priority int 0 7 Description The MAC address represents that the destination MEP or MIP which can be reached by this MAC address The MEP represents the source MEP to i...

Page 532: ...fm pkt_cnt Purpose Used to show CFM packet RX TX counters Syntax show cfm pkt_cnt ports portlist rx tx rx tx ccm Description This command is used to display CFM packet counters Parameters ports Specifies which ports counter to show If not specified all ports will be shown rx tx Shows RX or TX packet counter If none is specified both of them are shown ccm Shows the CCM transmission state Restrictio...

Page 533: ... CCM LBR LBM LTR LTM Sum 1 0 0 0 0 0 0 2 284 0 0 0 4 292 3 578 0 0 0 0 578 4 578 0 0 0 0 578 5 578 0 0 0 0 578 6 578 0 0 0 0 578 clear cfm pkt_cnt Purpose Used to clear the CFM packet RX TX counters Syntax clear cfm pkt_cnt ports portlist rx tx rx tx ccm Description This command clears CFM packet counters Parameters ports Specifies which ports counter to show If not specified all ports will be sho...

Page 534: ...nly Administrator and Operator level users can issue this command Example usage To configure CFM mp linktrace DGS 3700 12 5 config cfm mp_ltr_all enable Command config cfm mp_ltr_all enable Success DGS 3700 12 4 show cfm mp_ltr_all Purpose To display the CFM mp linktrace settings on the switch Syntax show cfm mp_ltr_all Description This command is used to display the CFM mp linktrace settings on t...

Page 535: ...t all link_monitor error_frame_seconds threshold range 1 900 window millisecond 10000 900000 notify_state enable disable config ethernet_oam ports critical_link_event portlist all critical_link_event dying_gasp critical_event notify_state enable disable config ethernet_oam ports remote_loopback portlist all remote_loopback start stop config ethernet_oam ports received_remote_loopback portlist all ...

Page 536: ... port to start OAM discovery If a port is active it initiates the discovery otherwise it reacts only to the discovery received from its peer Disabling a port s OAM will cause the port to send out a dying gasp event to the peer and then disconnect the established OAM link Parameters portlist Specifies a range of ports to be configured Use all to specify all ports state Specifies to enable or disabl...

Page 537: ...ify_state enable Success DGS 3700 12 5 config ethernet_oam ports link_monitor error_frame Purpose Used to configure Ethernet OAM link monitoring error frame Syntax config ethernet_oam ports portlist all link_monitor error_frame threshold range 0 4294967295 window millisecond 1000 60000 notify_state enable disable 1 Description The command used to configure ports Ethernet OAM link monitoring error ...

Page 538: ...ports threshold Specifies the number of error frame seconds in the period that are required to be equal to or greater than in order for the event to be generated The default value of the threshold is 1 error frame window Specifies the period of the error frame period event The period is specified by a number of received frames The range for this setting is 148 810 to 100 000 000 The default value ...

Page 539: ...ate is enable Restrictions Only Administrator and Operator level users can issue this command Example usage To configure the error frame seconds threshold to 2 and period to 10000 ms for port 1 DES 3528 5 config ethernet_oam ports 1 link_monitor error_frame_seconds threshold 2 window 10000 notify_state enable Command config ethernet_oam ports 1 link_monitor error_frame_seconds threshold 2 window 1...

Page 540: ... the normal operation mode Restrictions Only Administrator and Operator level users can issue this command Example usage To start remote loop back on port 1 DGS 3700 12 5 config ethernet_oam ports 1 remote_loopback stop Command config ethernet_oam ports 1 remote_loopback stop Success DGS 3700 12 5 config ethernet_oam ports received_remote_loopback Purpose Used to configure the method to process th...

Page 541: ...vice Operational The local OAM entity learns that both it and the remote OAM entity have accepted the peering NonOperHalfDuplex Since Ethernet OAM functions are not designed to work completely over half duplex ports This value indicates Ethernet OAM is enabled but the port is in half duplex operation 3 OAM mode passive or active 4 Maximum OAMPDU size The largest OAMPDU that the OAM entity supports...

Page 542: ... Unidirection Not Supported Link Monitoring Support Variable Request Not Supported PDU Revision 1 Operation Status LinkFault Loopback Status No Loopback There is no peer entry information exist Port 2 Local Client OAM Disabled Mode Active Max OAMPDU 1518 Bytes Remote Loopback Support Unidirection Not Supported CTRL C ESC q Quit SPACE n Next Page ENTER Next Entry a All show ethernet_oam ports confi...

Page 543: ...l Frame Error Notify State Enabled Window 1000 milliseconds Threshold 2 Errored Frame Frame Period Error Notify State Enabled Window 1000000 Frames Threshold 10 Errored Frame CTRL C ESC q Quit SPACE n Next Page ENTER Next Entry a All show ethernet_oam ports statistics Purpose This command is used to show Ethernet OAM statistics Syntax show ethernet_oam ports portlist statistics Description This co...

Page 544: ...ation Specific OAMPDUs Tx 0 Organization Specific OAMPDUs Rx 0 Unsupported OAMPDU Tx 0 Unsupported OAMPDU Rx 0 Frames Lost Due To OAM 0 DGS 3700 12 5 Show Ethernet OAM event_log Purpose Used to show the Ethernet OAM event log Syntax show ethernet_oam portlist event_log index value_list Description This command is used to show ports Ethernet OAM event log information The switch can buffer 1000 even...

Page 545: ...istics Syntax clear ethernet_oam ports portlist all statistics Description This command is used to clear ports Ethernet OAM statistics information Parameters portlist Specifies a range of ports to clear the statistics Restrictions Only Administrator and Operator level users can issue this command Example usage To clear port 1 OAM statistics DGS 3700 12 5 clear ethernet_oam ports 1 statistics Comma...

Page 546: ...port and log an event normal only log an event when a unidirectional link is detected discovery_time Specifies these ports neighbor discovery time If the discovery is timeout the unidirectional link detection will start The default discovery time is 5 seconds Restrictions Only Administrator and Operator level users can issue this command Example usage To enable unidirectional link detection on por...

Page 547: ...irectional link Parameters portlist Specifies a range of ports to be configured Use all to specify all ports Restrictions None Example usage To show ports 1 4 unidirectional link detection information DES 3528 5 show duld ports 1 4 Commands show duld ports 1 4 port Admin State Oper Status Mode Link Status Discovery Time Sec 1 Enabled Enabled Shutdown Bidirectional 5 2 Enabled Enabled Normal RX Fau...

Page 548: ...n the Switch Parameters None Restrictions None Example usage To display the current external alarm on the Switch DGS 3700 12 5 show external_alarm Command show external_alarm Channel Status Alarm Message 1 Normal External Alarm 1 Occurred 2 Normal External Alarm 2 Occurred 3 Normal External Alarm 3 Occurred 4 Normal External Alarm 4 Occurred CTRL C ESC q Quit SPACE n Next Page p Previous Page r Re...

Page 549: ...naged Gigabit Ethernet Switch CLI Reference Guide Page 549 DGS 3700 12 5 config external_alarm channel 1 message Channel 1 alarm occurs Command config external_alarm channel 1 message Channel 1 alarm occurs Success DGS 3700 12 5 ...

Page 550: ...ress will be written into the Sender Protocol Address in the ARP payload As PC B s MAC address is unknown the Target H W Address will be 00 00 00 00 00 00 while PC B s IP address will be written into the Target Protocol Address shown in Table1 Figure 1 H W Type Protocol Type H W Address Length Protocol Address Length Operation Sender H W Address Sender Protocol Address Target H W Address Target Pr...

Page 551: ...e H W Address Length Protocol Address Length Operation Sender H W Address Sender Protocol Address Target H W Address Target Protocol Address ARP reply 00 20 5C 01 11 11 10 10 10 1 00 20 5C 01 22 22 10 10 10 2 Table 3 ARP Payload When PC B replies to the query the Destination Address in the Ethernet frame will be changed to PC A s MAC address The Source Address will be changed to PC B s MAC address...

Page 552: ... W address are filled with the same source MAC address itself The destination MAC address is the Ethernet broadcast address FF FF FF FF FF FF All nodes within the network will immediately update their own ARP table in accordance with the sender s MAC and IP address The format of Gratuitous ARP is shown in the following table Ethernet Header Gratuitous ARP Destination Address Source Address Etherne...

Page 553: ...not discover PREVENT ARPSPOOFING VIA PACKET CONTENT ACL D Link managed switches can effectively mitigate common DoS attacks caused by ARP spoofing via a unique Package Content ACL For the reason that basic ACL can only filter ARP packets based on packet type VLAN ID Source and Destination MAC information there is a need for further inspections of ARP packets To prevent ARP spoofing attack we will ...

Page 554: ...Offset Chunk6 Offset Chunk7 Offset Chunk8 Offset Chunk9 Offset Chunk10 Offset Chunk11 Offset Chunk12 Offset Chunk13 Offset Chunk14 Offset Chunk15 Byte 127 3 7 11 15 19 23 27 31 35 39 43 47 51 55 59 Byte 128 4 8 12 16 20 24 28 32 36 40 44 48 52 56 60 Byte 1 5 9 13 17 21 25 29 33 37 41 45 49 53 57 61 Byte 2 6 10 14 18 22 26 30 34 38 42 46 50 54 58 62 Offset Chunk Offset Chunk16 Offset Chunk17 Offset...

Page 555: ...ofile_id 2 profile_name 2 packet_content_mask offset_chunk_1 3 0x0000FFFF offset_chunk_2 7 0x0000FFFF offset_chunk_3 8 0xFFFF0000 Create access profile 2 The first chunk starts from Chunk 3 mask for Ethernet Type Blue in Table 6 13th and 14th bytes The second chunk starts from Chunk 7 mask for Sender IP in ARP packet Green in Table 6 29th and 30th bytes The third chunk starts from Chunk 8 mask for...

Page 556: ...le port of the device It is necessary for the user needs to attach a terminal or PC with terminal emulation to the console port of the switch 2 Power on the Switch After the UART init is loaded to 100 the Switch will allow 2 seconds for the user to press the hotkey Shift 6 to enter the Password Recovery Mode Once the Switch enters the Password Recovery Mode all ports on the Switch will be disabled...

Page 557: ...DGS 3700 Series Layer 2 Managed Gigabit Ethernet Switch CLI Reference Guide Page 557 show account The show account command displays all previously created accounts ...

Reviews:

No comments

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands