D-Link DGS-510 Page 87 Reference Manual Download | Manualshive

Page: 87 / 739

background image

DGS-1510 Series Gigabit Ethernet SmartPro Switch CLI Reference Guide

84

6.

ARP Spoofing Prevention Commands

6-1

ip arp spoofing-prevention

This command is used to configure an ARP Spoofing Prevention (ASP) entry of the gateway used for
preventing ARP poisoning attacks. Use the

no

form of this command to delete an ARP spoofing

prevention entry.

ip arp spoofing-prevention GATEWAY-IP GATEWAY-MAC interface INTERFACE-ID [,|-]

no ip arp spoofing-prevention GATEWAY-IP [interface INTERFACE-ID [,|-] ]

Parameters

GATEWAY-IP

Specifies the IP address of the gateway.

GATEWAY-MAC

Specifies the MAC address of the gateway. The MAC address
setting will replace the last configuration for the same gateway IP
address.

INTERFACE-ID

Specifies the interface that will be activated or removed from active
interface list (in the

no

form of this command). An ARP entry won't

be checked, if the receiving port is not included in the specified
interface list.

,

(Optional) Specifies a number of interfaces or separate a range of
interfaces from a previous range. No space before and after the
comma.

-

(Optional) Specifies a range of interfaces. No space before and
after the hyphen.

Default

By default, no entries exist.

Command Mode

Global Configuration Mode.

Command Default Level

Level: 12.

Usage Guideline

This command is used to configure the ARP spoofing prevention (ASP) entry to prevent spoofing of
the MAC address of the protected gateway. When an entry is created, ARP packets whose sender IP
address matches the gateway IP address, of an entry, but its sender MAC address field does not
match the gateway MAC address, of the entry, will be dropped by the system. The ASP will bypass
the ARP packets whose sender IP address doesn’t match the configured gateway IP address.

If an ARP address matches a configured gateway’s IP address, MAC address, and port list, then
bypass the Dynamic ARP Inspection (DAI) check no matter if the receiving port is ARP ‘trusted’ or
‘untrusted’.

Only physical ports and port channel interfaces are valid interface to be specified.

Example

This example shows how to configure an ARP spoofing prevention entry with an IP address of
10.254.254.251 and MAC address of 00-00-00-11-11-11 and activate the entry at port eth2/0/10 and
port channel 3.

«
...
85
86
87
88
89
...
»

Summary of Contents for DGS-510

Page 1: ...1 ...

Page 2: ...mands 176 19 DHCPv6 Client Commands 194 20 DHCPv6 Guard Commands 196 21 DHCPv6 Relay Commands 200 22 Digital Diagnostics Monitoring DDM Commands 205 23 D Link Discovery Protocol DDP Client Commands 214 24 Domain Name System DNS Commands 217 25 DoS Prevention Commands 222 26 Dynamic ARP Inspection Commands 226 27 Error Recovery Commands 239 28 Ethernet Ring Protection Switching ERPS Commands 242 29...

Page 3: ...oring RMON Commands 530 58 Router Advertisement RA Guard Commands 537 59 Safeguard Engine Commands 541 60 Secure Shell SSH Commands 548 61 Secure Sockets Layer SSL Commands 555 62 sFlow Commands 563 63 Simple Network Management Protocol SNMP Commands 569 64 Single IP Management SIM Commands 589 65 Spanning Tree Protocol STP Commands 600 66 Stacking Commands 613 67 Storm Control Commands 618 68 Sur...

Page 4: ...ence Guide Conventions Convention Description Boldface Font Commands command options and keywords are printed in boldface Keywords in the command line are to be entered exactly as they are displayed UPPERCASE ITALICS Font Parameters or values that must be specified are printed in UPPERCASE ITALICS Parameters in the command line are to be replaced with the actual values that are desired to be used ...

Page 5: ...line interface CLI The set of commands available to the user depends on both the mode the user is currently in and their privilege level For each case the user can see all the commands that are available in a particular command mode by entering a question mark at the system prompt The command line interface has three pre defined privilege levels Basic User Privilege Level 1 This user account level...

Page 6: ...ertain system administration tasks The system administration tasks that can be performed at this level except for any security related information Privileged EXEC Mode Administrator level This level is identical to privileged EXEC mode at the operator level except that a user at the administrator level can monitor and clear security related settings Global Configuration Mode Operator level For app...

Page 7: ... Global Configuration Mode Switch configure terminal Switch config The exit command is used to exit the global configuration mode and return to the privileged EXEC mode Switch config exit Switch The procedures to enter the different sub configuration modes can be found in the related chapters in this Configuration Guide The command modes are used to configure the individual functions Interface Con...

Page 8: ...mand enable to access the Privileged EXEC Mode After accessing the Privileged EXEC Mode we entered the command configure terminal to access the Global Configuration Mode The username command can be used in the Global Configuration Mode The command username user1 password pass1234 creates a user account with the username of user1 and a password of pass1234 The command username user1 privilege 15 as...

Page 9: ... Switch config if In the above example the notation 1 0 1 was used The terminology for each parameter is as follows Interface Unit s ID Open Slot s ID Port s ID The Interface Unit s ID is the ID of the stacking unit without the physical stack If stacking is disabled or this unit is a stand alone unit then this parameter is irrelevant The Open Slot s ID is the ID of the module plugged into the open...

Page 10: ...f the cursor and shifts the remainder of the line to the left Left Arrow Moves the cursor to the left Right Arrow Moves the cursor to the right CTRL R Toggles the insert text function on and off When on text can be inserted in the line and the remainder of the text will be shifted to the right When off text can be inserted in the line and old text will automatically be replaced with the new text R...

Page 11: ...gure terminal AAA START no aaa new model AAA END end PRIVMGMT configure terminal COMMAND LEVEL START COMMAND LEVEL END LEVEL START LEVEL END ACCOUNT START ACCOUNT END LOGIN START LOGIN END end CLI BASIC CTRL C ESC q Quit SPACE n Next Page ENTER Next Entry a All The example below shows how to use the include FILTER STRING parameter in a show command Switch show running config include DEVICE DEVICE ...

Page 12: ...ow command Switch show running config exclude DEVICE Building configuration Current configuration 30764 bytes DGS 1510 28XMP Gigabit Ethernet SmartPro Switch Configuration Firmware Build 1 40 014 Copyright C 2017 D Link Corporation All rights reserved STACK end end configure terminal end SSL CTRL C ESC q Quit SPACE n Next Page ENTER Next Entry a All ...

Page 13: ...nts associated with a command enter a question mark in place of a keyword or argument on the command line This form of help is called the command syntax help because it lists the keywords or arguments that apply based on the command keywords and arguments already entered Example This example shows how the help command is used to display a brief description of the help system Switch help The switch...

Page 14: ...Switch telnet A B C D IP address of a remote system WORD Telnet destination hostname X X X X X IPv6 address of a remote system Switch telnet 2 2 enable This command is used to enter the Privileged EXEC Mode enable PRIVILEGE LEVEL Parameters PRIVILEGE LEVEL Optional Specifies to set the privilege level for the user The privilege level is between 1 and 15 If not specified level 15 will be used Defau...

Page 15: ... Use this command to enter the privilege level which is lower than the current level When using this command to enter the privilege level that has a password configured no password is needed Example This example shows how to logout Switch disable Switch logout 2 4 configure terminal This command is used to enter the Global Configuration Mode configure terminal Parameters None Default None Command ...

Page 16: ...login to the Switch s interface When using Telnet if all attempts fail access will return to the command prompt If no information is entered within 60 seconds the session will return to the state when logged out Example This example shows how to login with username user1 Switch login Username user1 Password xxxxx Switch 2 6 login Line This command is used to set the line login method Use the no fo...

Page 17: ...from the login command in the line mode If the authentication type is password the following rules apply When AAA is enabled the AAA module is used When AAA is disabled the following rules are used When login is disabled the username and password is ignored Enter the details at Level 1 When the username and password option is selected use the username and password setup by the username command Whe...

Page 18: ...g line login local Switch config line 2 7 logout This command is used to close an active terminal session by logging off the Switch logout Parameters None Default None Command Mode User EXEC Mode Privilege EXEC Mode Command Default Level Level 1 Usage Guideline Use this command to close an active terminal session by logging out of the device Example This example shows how to logout Switch disable ...

Page 19: ... exit This command is used to end the configuration mode and go back to the last mode If the current mode is the User EXEC Mode or the Privilege EXEC Mode executing the exit command logs you out of the current session exit Parameters None Default None Command Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this command to exit the current configuration mo...

Page 20: ... Recalls commands in the history buffer beginning with the most recent command Repeat the key sequence to recall successively older commands CTRL N or the Down Arrow key Returns to more recent commands in the history buffer after recalling commands with Ctrl P or the Up Arrow key Repeat the key sequence to recall successively more recent commands Example This example shows how to display the comma...

Page 21: ...urrent Threshold Range 1 Central Temperature 1 29C 11 79C Status code temperature is out of threshold range Detail Fan Status Right Fan 1 OK Right Fan 2 OK Detail Power Status Unit Power Module Power Status 1 Power 1 in operation Switch Display Parameters Power status in operation The power rectifier is in normal operation failed The power rectifier not working normally empty The power rectifier i...

Page 22: ...n DGS 1510 28XMP Unit Serial Number Status Up Time 1 RZNV1F1234567 ok 0DT0H49M34S Unit Memory Total Used Free 1 DRAM 262144 K 71708 K 190436 K 1 FLASH 29937 K 26360 K 3577 K Switch 2 13 show cpu utilization This command is used to display the CPU utilization information show cpu utilization Parameters None Default None Command Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 ...

Page 23: ...fault Level Level 1 Usage Guideline This command displays version information about the Switch Example This example shows how to displays version information about the Switch Switch show version System MAC Address 3C 1E 04 A1 B9 E0 Unit ID Module Name Versions 1 DGS 1510 28XMP H W A1 Bootloader 1 00 012 Runtime 1 40 014 Switch 2 15 snmp server enable traps environment This command is used to enabl...

Page 24: ...ified Example This example shows how to enable the trap related to all environment devices Switch configure terminal Switch config snmp server enable traps environment Switch config 2 16 environment temperature threshold This command is used to configure the environment temperature thresholds Use the no form of this command to revert to the default setting environment temperature threshold unit UN...

Page 25: ... Use the no form of this command to revert the command string to the default setting level privilege MODE level PRIVILEGE LEVEL reset COMMAND STRING no privilege MODE COMMAND STRING Parameters MODE Specifies the command mode of the command level PRIVILEGE LEVEL Specifies the level of the execution right The value is from 1 to 15 reset Specifies to revert the command to the default setting level CO...

Page 26: ...ege level show privilege Parameters None Default None Command Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command is used to display current privilege level Example This example shows how to display the current privilege level Switch Switch show privilege Current privilege level is 15 Switch ...

Page 27: ...wed before and after the comma Optional Specifies a range of interfaces No space is allowed before and after the hyphen Default None Command Mode Privileged EXEC Mode Command Default Level Level 12 Usage Guideline This command is used to clear 802 1X counters diagnostics statistics and session statistics Example This example shows how to clear 802 1X counters diagnostics statistics and session sta...

Page 28: ...ll user traffic is blocked before authentication If the control direction is set to in then in addition to receiving and transmitting EAPOL packets the port can transmit user traffic but not receive user traffic before authentication Example This example shows how to configure the controlled direction of the traffic through Ethernet eth1 0 1 as unidirectional Switch configure terminal Switch confi...

Page 29: ... the port to the force unauthorized state Default By default this option is set as auto Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline This command takes effect only when IEEE 802 1X PAE authenticator is globally enabled by the dot1x system auth control command and is enabled for a specific port by using the dot1x PAE authenticator This command is only ava...

Page 30: ...e VLAN setting Example This example shows how to configure the forwarding of the dot1x PDU Switch configure terminal Switch config interface eth1 0 1 Switch config if dot1x forward pdu Switch config if 3 6 dot1x initialize This command is used to initialize the authenticator state machine on a specific port or associated with a specific MAC address dot1x initialize interface INTERFACE ID mac addre...

Page 31: ...Use the no form of this command to revert to the default setting dot1x max req TIMES no dot1x max req Parameters TIMES Specifies the number of times that the Switch retransmits an EAP frame to the supplicant before restarting the authentication process The range is 1 to 10 Default By default this value is 2 Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline Th...

Page 32: ...2 1X user based on the method list configured by the aaa authentication dot1x default command Example This example shows how to configure Ethernet port 1 0 1 as an IEEE 802 1X PAE authenticator Switch configure terminal Switch config interface eth1 0 1 Switch config if dot1x pae authenticator Switch config if This example shows how to disable IEEE 802 1X authentication on Ethernet port 1 0 1 Switc...

Page 33: ...tication on a switch Use the no form of this command to disable IEEE 802 1X authentication function dot1x system auth control no dot1x system auth control Parameters None Default By default this option is disabled Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline The 802 1X authentication function restricts unauthorized hosts from accessing the network Use the d...

Page 34: ... is 1 to 65535 tx period SECONDS Specifies the number of seconds that the Switch will wait for a response to an EAP Request Identity frame from the supplicant before retransmitting the request The range is 1 to 65535 Default The server timeout is 30 seconds The supp timeout is 30 seconds The tx period is 30 seconds Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guid...

Page 35: ...l configuration or interface configuration If the configuration command is entered without parameters the global configuration will be displayed Otherwise the configuration on the specified interface will be displayed Example This example shows how to display the dot1X global configuration Switch show dot1x 802 1X Enabled Trap State Enabled Switch This example shows how to display the dot1X config...

Page 36: ...l interfaces Otherwise the diagnostics on the specified interface will be displayed Example This example shows how to display the dot1X diagnostics on Ethernet port 1 0 1 Switch show dot1x diagnostics interface eth1 0 1 eth1 0 1 dot1x diagnostic information are following EntersConnecting 20 EAP LogoffsWhileConnecting 0 EntersAuthenticating 0 SuccessesWhileAuthenticating 0 TimeoutsWhileAuthenticati...

Page 37: ...to display 802 1X statistics Using this command without parameters will display information about all interfaces Otherwise the statistics on the specified interface will be displayed Example This example shows how to display dot1X statistics on Ethernet port 1 0 1 Switch show dot1x statistics interface eth1 0 1 eth1 0 1 dot1x statistics information EAPOL Frames RX 1 EAPOL Frames TX 4 EAPOL Start F...

Page 38: ...session statistics Using this command without parameters will display information about all interfaces Otherwise the session statistics on the specified interface will be displayed Example This example shows how to display dot1X session statistics on Ethernet port 1 0 1 Switch show dot1x session statistics interface eth1 0 1 eth6 0 1 session statistic counters are following SessionOctetsRX 0 Sessi...

Page 39: ...bal Configuration Mode Command Default Level Level 12 Usage Guideline This command can be used to enable or disable sending SNMP notifications for 802 1X authentication Example This example shows how to enable sending trap for 802 1X authentication Switch configure terminal Switch config snmp server enable traps dot1x Switch config ...

Page 40: ... of valid values is from 1 to 32 Default The default start sequence number is 10 The default increment is 10 Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline This feature allows the user to re sequence the entries of a specified access list with an initial sequence number determined by the STARTING SEQUENCE NUMBER parameter and continuing in the increments dete...

Page 41: ... 255 255 0 0 3 permit tcp any 10 20 0 0 255 255 0 0 5 permit tcp any host 10 100 1 2 7 permit icmp any any Switch config 4 2 acl hardware counter This command is used to enable the ACL hardware counter of the specified access list name for access group functions or access map for the VLAN filter function Use the no form of this command to disable the ACL hardware counter function acl hardware coun...

Page 42: ... configuration mode Use the no form of this command to revert to the default setting action forward drop redirect INTERFACE ID no action Parameters forward Specifies to forward the packet when matched drop Specifies to drop the packet when matched redirect INTERFACE ID Specifies the interface ID for the redirection action Only physical ports are allowed to be specified Default By default the actio...

Page 43: ... group ACCESS LIST NAME Specifies the name of the access list to be cleared access group ACCESS LIST NUMBER Specifies the number of the access list to be configured vlan filter ACCESS MAP NAME Specifies the name of the access map to be cleared Default None Command Mode Privileged EXEC Mode Command Default Level Level 12 Usage Guideline If no access list name or number is specified with the paramet...

Page 44: ...o the same interface The VLAN range and Layer 4 port range resources are shared The number of remaining entries in the range will be displayed after successfully applying the command Example This example shows how to apply an expert ACL to an interface The purpose is to apply the ACL exp_acl on the Ethernet port 1 0 2 to filter the incoming packets Switch configure terminal Switch config interface...

Page 45: ...assigned automatically Example This example shows how to create an extended expert ACL Switch configure terminal Switch config expert access list extended exp_acl Switch config exp nacl end Switch show access list Access List Name Type exp_acl ID 8999 expert ext acl Total Entries 1 Switch 4 7 ip access group This command is used to specify the IP access list to be applied to an interface Use the n...

Page 46: ...Control as an IP access group for an Ethernet port 1 0 2 Switch configure terminal Switch config interface eth1 0 2 Switch config if ip access group Strict Control The remaining applicable IP related access entries are 2500 remaining range entries are 32 Switch config if 4 8 ip access list This command is used to create or modify an IP access list This command will enter into the IP access list co...

Page 47: ... remove an IPv6 access list ipv6 access group NAME NUMBER in no ipv6 access group NAME NUMBER in Parameters NAME Specifies the name of the IPv6 access list to be applied NUMBER Specifies the number of the IPv6 access list to be applied in Optional Specifies that the IPv6 access list will be applied to check in the ingress direction If the direction is not specified in is used Default None Command ...

Page 48: ... list to be configured The maximum length is 32 characters NUMBER Specifies the ID number of the IPv6 access list For standard IPv6 access lists this value is from 11000 to 12999 For extended IPv6 access lists this value is from 13000 to 14999 Default None Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline The name must be unique among all access lists The charac...

Page 49: ...ess list Switch configure terminal Switch config ip access list extended R D Switch config ip ext acl list remark This access list is used to match any IP packets from the host 10 2 2 1 Switch config ip ext acl end Switch show access list ip Extended IP access list R D ID 3999 10 permit host 10 2 2 1 any This access list is used to match any IP packets from the host 10 2 2 1 Switch 4 12 mac access...

Page 50: ...ufficient to commit the command then an error message will be displayed Example This example shows how to apply the MAC access list daily profile to Ethernet port 5 0 1 Switch configure terminal Switch config interface eth5 0 1 Switch config if mac access group daily profile in The remaining applicable MAC access entries are 204 remaining range entries are 32 Switch config if 4 13 mac access list ...

Page 51: ...e match entry match ip address ACL NAME ACL NUMBER no match ip address Parameters ACL NAME Specifies the name of the ACL access list to be configured The name can be up to 32 characters ACL NUMBER Specifies the number of the IP ACL access list to be configured Default None Command Mode VLAN Access map Sub map Configuration Mode Command Default Level Level 12 Usage Guideline Use this command to ass...

Page 52: ...ess list or MAC access list IPv6 sub map just checks IPv6 packets The later command overwrites the previous setting Example This example shows how to set the match content in the sub map Switch configure terminal Switch config vlan access map vlan map 20 Switch config access map match ipv6 address sp1 Switch config access map 4 16 match mac address This command is used to associate MAC access list...

Page 53: ...DCARD host SRC MAC ADDR any eq lt gt neq PORT range MIN PORT MAX PORT DST IP ADDR DST IP WILDCARD host DST IP ADDR any DST MAC ADDR DST MAC WILDCARD host DST MAC ADDR any eq lt gt neq PORT range MIN PORT MAX PORT TCP FLAG cos OUTER COS vlan OUTER VLAN vlan range MIN VID MAX VID precedence PRECEDENCE tos TOS dscp DSCP time range PROFILE NAME SEQUENCE NUMBER permit deny udp SRC IP ADDR SRC IP WILDCA...

Page 54: ... corresponding to the bit value 1 will be ignored The bit corresponding to the bit value 0 will be checked precedence PRECEDENCE Optional Specifies that packets can be filtered by precedence level as specified by a number from 0 to 7 tos TOS Optional Specifies that packets can be filtered by type of service level as specified by a number from 0 to 15 dscp DSCP Optional Specifies the matching DSCP ...

Page 55: ...ccess list After the command is applied the new rule without specified sequence number will be assigned sequence based new sequence setting of the specified access list When you manually assign the sequence number it is better to have a reserved interval for future lower sequence number entries Otherwise it will create extra effort to insert an entry with a lower sequence number The sequence numbe...

Page 56: ...ENCE NUMBER Specifies the sequence number The range is from 1 to 65535 The lower the number is the higher the priority of the permit deny rule any Specifies any source IP address or any destination IP address host SRC IP ADDR Specifies a specific source host IP address SRC IP ADDR SRC IP WILDCARD Specifies a group of source IP addresses by using a wildcard bitmap The bit corresponding to the bit v...

Page 57: ...n reply information request mask reply mask request mobile redirect net redirect net tos redirect net tos unreachable net unreachable net unknown bad length option missing packet fragment parameter problem port unreachable precedence cutoff protocol unreachable reassembly timeout redirect message router advertisement router solicitation source quench source route failed time exceeded timestamp rep...

Page 58: ...ccess list This command is used to add a permit entry or deny entry to the IPv6 access list Use the no form of this command to remove an entry from the IPv6 access list Extended IPv6 Access List SEQUENCE NUMBER permit deny tcp any host SRC IPV6 ADDR SRC IPV6 ADDR PREFIX LENGTH eq lt gt neq PORT range MIN PORT MAX PORT any host DST IPV6 ADDR DST IPV6 ADDR PREFIX LENGTH eq lt gt neq PORT range MIN P...

Page 59: ...T Optional Specifies to match if greater than the specified port number eq PORT Optional Specifies to match if equal to the specified port number neq PORT Optional Specifies to match if not equal to the specified port number range MIN PORT MAX PORT Optional Specifies to match if fall within the range of ports PROTOCOL ID Optional Specifies the protocol ID The valid value is from 0 to 255 ICMP TYPE...

Page 60: ...f an access list If you enter a sequence number that is already present an error message will be shown Example This example shows how to create four entries for an IPv6 extended access list named ipv6 control These entries are permit TCP packets destined to network ff02 0 2 16 permit TCP packets destined to host ff02 1 2 permit all TCP packets go to port 80 and permit all ICMP packets Switch confi...

Page 61: ...LAN ID vlan range MIN VID MAX VID Optional Specifies the VLAN range Enter the minimum and maximum VLAN ID in the range here time range PROFILE NAME Optional Specifies the name of time period profile associated with the access list delineating its activation period Default None Command Mode MAC Access list Configuration Mode Command Default Level Level 12 Usage Guideline If a rule entry is created ...

Page 62: ...nformation for interface s show access group interface INTERFACE ID Parameters interface INTERFACE ID Optional Specifies the interface to be displayed Default None Command Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage Guideline If interface is not specified all of the interfaces that have access list configured will be displayed Example This example shows how to disp...

Page 63: ...igured access lists is displayed If the type of access list is specified detailed information of the access list will be displayed If the user enables the ACL hardware counter for an access list the counter will be displayed based on each access list entry Example This example shows how to display all access lists Switch show access list Access List Name Type simple ip acl ID 3998 ip ext acl simpl...

Page 64: ... of the VLAN access map being configured The name can be up to 32 characters Default None Command Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage Guideline If no access map name is specified all VLAN access map information will be displayed If the user enables the ACL hardware counter for an access map the counter will be displayed based on each sub map Example This ex...

Page 65: ... used to display the VLAN filter configuration of VLAN interfaces show vlan filter access map MAP NAME vlan VLAN ID Parameters MAP NAME Optional Specifies the name of the VLAN access map The name can be up to 32 characters VLAN ID Optional Specifies the VLAN ID Default None Command Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage Guideline The show vlan filter access ma...

Page 66: ...fault None Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline A VLAN access map can contain multiple sub maps For each sub map one access list IP access list IPv6 access list or MAC access list can be specified and one action can be specified After a VLAN access map is created the user can use the vlan filter command to apply the access map to VLAN s A sequence n...

Page 67: ...MAP NAME vlan list VLAN ID LIST no vlan filter MAP NAME vlan list VLAN ID LIST Parameters MAP NAME Specifies the name of the VLAN access map VLAN ID LIST Specifies the VLAN ID list Default None Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline A VLAN can only be associated with one VLAN access map Example This example shows how to apply the VLAN access map vlan ...

Page 68: ...ss lists are already applied an attempt to apply a new access list will be rejected until an applied access list is removed by the no form of this command Example This example shows how a standard IP access list is created and is specified as the access list to restrict access via Telnet Only the host 226 1 1 1 is allowed to access the server Switch configure terminal Switch config ip access list ...

Page 69: ...nal Switch config prompt BRANCH sA BRANCH A config This example shows how to set the command prompt back to the default setting BRANCH A configure terminal BRANCH A config no prompt Switch config 5 3 enable password This command is used to setup enable password to enter different privileged levels Use the no form of this command to return the password to the empty string enable password level PRIV...

Page 70: ...act password for a specific level needs to be used to enter the privilege level Each level has only one password to enter the level Example This example shows how to create an enable password at the privilege level 15 of MyEnablePassword Switch configure terminal Switch config enable password MyEnablePassword Switch disable Switch enable Password Switch show privilege Current privilege level is 15...

Page 71: ...ready declared an SSL service policy using the ssl service policy command When no keyword is specified a built in local certificate will be used for HTTPS Default By default this option is disabled Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline This command enables the HTTPS server function and uses the specified SSL service policy for HTTPS Example This exam...

Page 72: ...ist to access the HTTP server Only the host 226 1 1 1 is allowed to access the server Switch configure terminal Switch config ip access list http filter Switch config ip acl permit 226 1 1 1 255 255 255 255 Switch config ip acl exit Switch config ip http access class http filter Switch config 5 7 ip http service port This command is used to specify the HTTP service port Use the no form of this com...

Page 73: ...Specifies the idle timeout value This value is between 60 and 36000 Default By default this value is 180 seconds Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline This command is use to configure the idle timeout value of a http server connection in seconds Example This example shows how to configure the idle timeout value to 100 seconds Switch configure termina...

Page 74: ...m of this command to revert to the default setting ip telnet service port TCP PORT no ip telnet service port Parameters TCP PORT Specifies the TCP port number TCP ports are numbered between 1 and 65535 The well known TCP port for the TELNET protocol is 23 Default By default this value is 23 Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline This command configure...

Page 75: ...H terminal line and configures its access class as vty filter Switch configure terminal Switch config line ssh Switch config line access class vty filter Switch config line 5 12 service password encryption This command is used to enable the encryption of the password before stored in the configuration file Use the no form of this command to disable the encryption service password encryption 7 15 n...

Page 76: ...ain text The password affected by this command includes the user account password enable password and the authentication password Example This example shows how to enable the encryption of the password before stored in the configuration file Switch configure terminal Switch config service password encryption Switch config 5 13 show terminal This command is used to obtain information about the term...

Page 77: ...nfiguration mode show ip telnet server Parameters None Default None Command Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this command to display information about the Telnet server status Example This example shows how to display information about the Telnet server status Switch show ip telnet server Server State Enabled Switch 5 15 show ip http server...

Page 78: ... ip http secure server This command is used to obtain information about the SSL status Use this command in EXEC mode or any configuration mode show ip http secure server Parameters None Default By default the state is disabled Command Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this command to display information about the SSL status Example This exam...

Page 79: ...me Privilege Login Time IP address 0 console admin 15 4S Total Entries 1 Switch 5 18 telnet This command is used to login another device that supports Telnet telnet IP ADDRESS IPV6 ADDRESS Domain Name TCP PORT Parameters IP ADDRESS Specifies the IPv4 address of the host IPV6 ADDRESS Specifies the IPv6 address of the host Domain Name Specifies the Telnet destination host name TCP PORT Specifies the...

Page 80: ...onnection failed Try using port 3500 instead to login into the management interface Switch telnet 10 90 90 91 ERROR Could not open a connection to host on server port 23 Switch telnet 10 90 90 91 3500 DGS 1510 28XMP Gigabit Ethernet SmartPro Switch Command Line Interface Firmware Build 1 40 014 Copyright C 2017 D Link Corporation All rights reserved User Access Verification Username 5 19 terminal ...

Page 81: ...ore prompt At the More prompt press CTRL C q Q or ESC to interrupt the output and return to the prompt Press the Spacebar to display an additional screen of output or press Return to display one more line of output Setting the screen length to 0 turns off the scrolling feature and causes the entire output to display at once Unless the default keyword is used a change to the terminal length value a...

Page 82: ...Parameters MINUTES Specifies the timeout length in minutes 0 represents never timeout Default By default this value is 3 minutes Command Mode Line Configuration Mode Command Default Level Level 12 Usage Guideline This timer specifies the timeout for auto logout sessions established by the line that is being configured Example This example shows how to configure the console session to never timeout...

Page 83: ...e applies only to that session When the no form of this command is used the number of lines in the terminal display screen is reset to the default which is 80 characters The terminal width default command is available in the global configuration mode The command setting does not affect the current existing terminal sessions but affect the new terminal sessions that are activated later and just the...

Page 84: ...D5 The password length is fixed at 31 bytes It is case sensitive The password is encrypted If the password syntax is not specified the syntax is plain text PASSWORD Optional Specifies the password string based on the type Default By default the user name is admin password is admin and the privilege level is 15 Command Mode Global Configuration Mode Command Default Level Level 15 Usage Guideline Th...

Page 85: ...en 1 and 32 characters and can contain embedded spaces It is case sensitive If the password syntax cannot be specified the syntax remains plain text 7 Specifies the encrypted password based on SHA 1 The password length is fixed at 35 bytes It is case sensitive The password is encrypted If the password syntax is not specified the syntax is plain text 15 Specifies the encrypted password based on MD5...

Page 86: ...o disconnect an active session on the switch clear line LINE ID Parameters LINE ID Specifies the line ID to disconnect a connection session The value is from 1 to 22 Default None Command Mode Privilege EXEC Mode Command Default Level Level 15 Usage Guideline This command is used to disconnect an active session on the switch Example This example shows how to disconnect the line session 2 Switch cle...

Page 87: ...evious range No space before and after the comma Optional Specifies a range of interfaces No space before and after the hyphen Default By default no entries exist Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline This command is used to configure the ARP spoofing prevention ASP entry to prevent spoofing of the MAC address of the protected gateway When an entry i...

Page 88: ...spoofing prevention show ip arp spoofing prevention Parameters None Default None Command Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this command to display all ARP spoofing prevention entries Example This example shows how to display all ARP spoofing prevention entries Switch show ip arp spoofing prevention IP MAC Interfaces 10 254 254 251 00 00 00 1...

Page 89: ...ic vlan no asymmetric vlan Parameters None Default By default this feature is disabled Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline Use this command to enable or disable the asymmetric VLAN function Example This example shows how to enable asymmetric VLAN Switch configure terminal Switch config asymmetric vlan This example shows how to disable asymmetric VL...

Page 90: ...s in the given sequence Enter at least one method or enter up to four methods The following are keywords that can be used to specify a method group tacacs Specifies to use the servers defined by the TACACS server host command group GROUP NAME Specifies to use the server groups defined by the aaa group server tacacs command none Specifies no to perform accounting Default No AAA accounting method is...

Page 91: ... not to perform accounting Default No AAA accounting method is configured Command Mode Global Configuration Mode Command Default Level Level 15 Usage Guideline Use this command to configure the method list for EXEC accounting Example This example shows how to create a method list for accounting of user activities using RADIUS which will send accounting messages at the start and end time of access ...

Page 92: ...lt method list to take effect enable AAA first by using the aaa new model command The accounting system is disabled if the default method list is not configured Example This example shows how to enable accounting of the network access fees using RADIUS and sends the accounting messages at the start and end time of access Switch configure terminal Switch config aaa accounting network default start ...

Page 93: ... to enable accounting of the system events using RADIUS and sends the accounting messages while system event occurs Switch configure terminal Switch config aaa accounting system default start stop group radius Switch config 8 5 aaa authentication enable This command is used to configure the default method list used for determining access to the privileged EXEC level Use the no form of this command...

Page 94: ... group group2 Switch config 8 6 aaa authentication dot1x This command is used to configure the default method list used for 802 1X authentication Use the no form of this command to remove the default method list aaa authentication dot1x default METHOD1 METHOD2 no aaa authentication dot1x default Parameters METHOD1 METHOD2 Specifies the list of methods that the authentication algorithm tries in the...

Page 95: ...pecifies the list of methods that the authentication algorithm tries in the given sequence Enter at least one method or enter up to four methods The following are keywords that can be used to specify a method local Specifies to use the local database for authentication group radius Specifies to use the servers defined by the RADIUS server host command group GROUP NAME Specifies to use the server g...

Page 96: ...fies to use the server groups defined by the AAA group server command none Normally the method is listed as the last method The user will pass authentication if it is not denied by previous method s authentication Default No AAA authentication method list is configured Command Mode Global Configuration Mode Command Default Level Level 15 Usage Guideline Use this command to configure the authentica...

Page 97: ...ove the default method list aaa authentication mac auth default METHOD1 METHOD2 no aaa authentication mac auth default Parameters METHOD1 METHOD2 Specifies the list of methods that the authentication algorithm tries in the given sequence Enter at least one method or enter up to four methods The following are keywords that can be used to specify a method local Specifies to use the local database fo...

Page 98: ...roup GROUP NAME Specifies to use the server groups defined by the AAA group server none Normally the method is listed as the last method The user will pass authentication if it is not denied by previous method authentication Default No AAA authentication method is configured Command Mode Global Configuration Mode Command Default Level Level 15 Usage Guideline Use this command to configure the defa...

Page 99: ...erver hosts with the RADIUS server group Example This example shows how to create a RADIUS server group with two entries The second host entry acts as backup to the first entry Switch configure terminal Switch config aaa group server radius group1 Switch config sg radius server 172 19 10 100 Switch config sg radius server 172 19 11 20 Switch config sg radius exit Switch config 8 12 aaa group serve...

Page 100: ...for the authentication or accounting function Use the no form of this command to disable the AAA function aaa new model no aaa new model Parameters None Default By default this feature is disabled Command Mode Global Configuration Mode Command Default Level Level 15 Usage Guideline Use this command to enable AAA before the authentication and accounting via the AAA method lists take effect If AAA i...

Page 101: ...mand does not take effect The user can specify different method lists to account commands at different levels A level can only have one method list specified Example This example shows how to enable the command accounting level 15 configure command issued via the console using the accounting method list named cmd 15 on the console Switch configure terminal Switch config aaa accounting commands 15 ...

Page 102: ...nters servers This command is used to clear the authentication and accounting AAA server statistic counters clear aaa counters servers all radius IP ADDRESS IPV6 ADDRESS all tacacs IP ADDRESS IPV6 ADDRESS all sg NAME Parameters all Specifies to clear server counter information related to all server hosts radius IP ADDRESS Specifies to clear server counter information related to a RADIUS IPv4 host ...

Page 103: ...ST no ip http authentication aaa login authentication Parameters default Specifies to authenticate based on the default method list METHOD LIST Specifies the name of the method list to use Default By default this default option is used Command Mode Global Configuration Mode Command Default Level Level 15 Usage Guideline For authentication via the method list to take effect enable AAA first by usin...

Page 104: ...irst by using the aaa accounting exec command If the method list does not exist the command does not take effect Example This example shows how to specify that the method configured for AAA should be used for accounting for HTTP server users The AAA accounting method is configured as the RADIUS accounting method Switch configure terminal Switch config aaa accounting exec list 1 start stop group ra...

Page 105: ...dius server deadtime This command is used to specify the default duration of the time to skip the unresponsive server Use the no form of this command to revert to the default setting radius server deadtime MINUTES no radius server deadtime Parameters MINUTES Specifies the dead time The valid range is 0 to 1440 24 hours When the setting is 0 the unresponsive server will not be marked as dead Defaul...

Page 106: ...unting packets The range is 0 to 65535 Set the port number to zero if the server host is not for accounting purposes The default value is 1813 timeout SECONDS Specifies the server time out value The range of timeout is between 1 and 255 seconds If not specified the default value is 5 seconds retransmit COUNT Optional Specifies the retransmit times of requests to the server when no response is rece...

Page 107: ...he RADIUS group server configuration mode Use the server command to associate the RADIUS server hosts with the RADIUS server group The defined server group can be specified as the method list for authentication or accounting via the AAA authentication and AAA accounting command Use the radius server host command to create a server host entry A host entry is identified by IP Address Example This ex...

Page 108: ...or accounting via the aaa authentication and aaa accounting command The configured servers in the group will be attempted in the configured order Use the tacacs server host command to create a server host entry A host entry is identified by the IP Address Example This example shows how to create two TACACS server hosts A server group is then created with the two server hosts Switch configure termi...

Page 109: ...R Optional Specifies the UDP destination port number for sending request packets The default port number is 49 The range is 1 to 65535 timeout SECONDS Optional Specifies the time out value This value must be between 1 and 255 seconds The default value is 5 seconds 0 Optional Specifies the password in the clear text form This is the default option 7 Optional Specifies the password in the encrypted ...

Page 110: ...d to display statistics counters related to servers Example This example shows how to display the server related statistics counters Switch show radius statistics RADIUS Server 172 19 192 80 Auth Port 1645 Acct Port 1646 State is UP Auth Acct Round Trip Time 10 10 Access Requests 4 NA Access Accepts 0 NA Access Rejects 4 NA Access Challenges 0 NA Acct Request NA 3 Acct Response NA 3 Retransmission...

Page 111: ...ackets with an invalid length Bad authenticators or Signature attributes or unknown types are not included as malformed responses Bad Authenticators The number of RADIUS Response packets containing invalid authenticators or Signature attributes received from this server Pending Requests The number of RADIUS Request packets destined for this server that have not yet timed out or received a response...

Page 112: ...2 80 49 State is UP Socket Opens 0 Socket Closes 0 Total Packets Sent 0 Total Packets Recv 0 Reference Count 0 Display Parameters TACACS Server IP address of the TACACS server Socket Opens Number of successful TCP socket connections to the TACACS server Socket Closes Number of successfully closed TCP socket attempts Total Packets Sent Number of packets sent to the TACACS server Total Packets Recv ...

Page 113: ...l Level 12 Usage Guideline The ARP table keeps the network layer IP address to local data link MAC address association The association is kept so that the addresses will not have to be repeatedly resolved Use this command to add static ARP entries Example This example shows how to add a static ARP entry for a typical Ethernet host Switch configure terminal Switch config arp 10 31 7 19 0800 0900 18...

Page 114: ...to clear the dynamic ARP entries from the table clear arp cache all interface INTERFACE ID IP ADDRESS Parameters all Specifies to clear the dynamic ARP cache entries associated with all interfaces INTERFACE ID Specifies the interface ID IP ADDRESS Specifies the IP address of the specified dynamic ARP cache entry that will be cleared Default None Command Mode Privileged EXEC Mode Command Default Le...

Page 115: ...Usage Guideline The IPv4 address of an interface can be either manually assigned by the user or dynamically assigned by the DHCP server For manual assignment the user can assign multiple networks to a VLAN each with an IP address Among these multiple IP addresses one of them must be the primary IP address and the rest are secondary IP address The primary address will be used as the source IP addre...

Page 116: ...gure terminal Switch config interface vlan100 Switch config if ip proxy arp Switch config if 9 6 ip local proxy arp This command is used to enable the local proxy ARP feature on an interface Use the no form of this command to revert to the default setting ip local proxy arp no ip local proxy arp Parameters None Default By default this option is disabled Command Mode Interface Configuration Mode Co...

Page 117: ...ork INTERFACE ID Optional Specifies to display ARP entries that are associated with a specific network HARDWARE ADDRESS Optional Specifies to display ARP entries whose hardware address equal to this address Default None Command Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage Guideline Used to display a specific ARP entry all ARP entries dynamic entries or static entrie...

Page 118: ...me Example This example shows how to display the ARP aging time Switch show arp timeout Interface Timeout minutes vlan1 60 Total Entries 1 Switch 9 9 show ip interface This command is used to display the IP interface information show ip interface INTERFACE ID brief Parameters INTERFACE ID Optional Specifies to display information for the specified IP interface brief Optional Specifies to display a...

Page 119: ...ch show ip interface brief Interface IP Address Link Status vlan1 10 90 90 90 up Total Entries 1 Switch This example shows how to display the IP interface information for VLAN 1 Switch show ip interface Interface vlan1 is enabled Link status is up IP Address is 10 90 90 90 8 Manual ARP timeout is 20 minutes Helper Address is not set Proxy ARP is disabled IP Local Proxy ARP is disabled gratuitous s...

Page 120: ...rface VLAN 1 Switch clear ipv6 neighbors interface vlan1 Switch 10 2 ipv6 address This command is used to manually configure an IPv6 addresses on the interface Use the no form of this command to delete a manually configured IPv6 address ipv6 address IPV6 ADDRESS PREFIX LENGTH PREFIX NAME SUB BITS PREFIX LENGTH IPV6 ADDRESS link local no ipv6 address IPV6 ADDRESS PREFIX LENGTH PREFIX NAME SUB BITS ...

Page 121: ...ateful address configuration However within the same prefix only one IPv6 address can be configured When the IPv6 address is configured on an interface IPv6 processing is enabled for the interface The prefix of the configured IPv6 address will automatically be advertised as prefix in the RA messages transmitted on the interface Example This example shows how to configure an IPv6 address Switch con...

Page 122: ...nd to disable the using of DHCPv6 to get an IPv6 address ipv6 address dhcp rapid commit no ipv6 address dhcp Parameters rapid commit Specifies to proceed with two message exchange for address delegation The rapid commit option will be filled in the Solicit message to request two messages handshake Default None Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline...

Page 123: ...n the interface the IPv6 link local address is automatically generated and the IPv6 processing is started When the interface has no IPv6 address explicitly configured the IPv6 link local address is not generated and the IPv6 processing is not started Use the ipv6 enable command to auto generate the IPv6 link local address and start the IPv6 processing on the interface Example This example shows ho...

Page 124: ...g if ipv6 hop limit 255 Switch config if 10 7 ipv6 nd managed config flag This command is used to enable the management configure flag in the advertised RA message Use the no command to disable this flag ipv6 nd managed config flag no ipv6 nd managed config flag Parameters None Default By default this feature is disabled Command Mode Interface Configuration Mode Command Default Level Level 12 Usag...

Page 125: ...re terminal Switch config interface vlan1 Switch config if ipv6 nd other config flag Switch config if 10 9 ipv6 nd prefix This command is used to configure the IPv6 prefix to be advertised in RA messages Use the no command to remove the prefix ipv6 nd prefix IPV6 PREFIX PREFIX LENGTH VALID LIFETIME PREFERRED LIFETIME off link no autoconfig no ipv6 nd prefix IPV6 PREFIX PREFIX LENGTH Parameters IPV...

Page 126: ... advertised prefix can be modified but cannot be removed using this command If the IPv6 address is removed later the advertising of the corresponding prefix will also be stopped Example This example shows how to configure an IPv6 prefix 3ffe 501 ffff 100 64 with a valid lifetime of 30000 seconds and a preferred lifetime of 20000 seconds Switch configure terminal Switch config interface vlan1 Switc...

Page 127: ...e the IPv6 RA lifetime value for an interface Use the no command to return the RA lifetime value to the default value ipv6 nd ra lifetime SECONDS no ipv6 nd ra lifetime Parameters SECONDS Enter the RA lifetime value here The range is from 0 to 9000 seconds Default By default this value is 1800 seconds Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline The life...

Page 128: ... command is used to configure the reachable time used in the ND protocol Use the no command to return this to the default value ipv6 nd reachable time MILLI SECONDS no ipv6 nd reachable time Parameters MILLI SECONDS Enter the reachable time used in the ND protocol here The range is from 0 to 3600000 milliseconds in multiples of 1000 milliseconds Default The default value advertised in RA is 120000...

Page 129: ...fault The default value advertised in the RA is 0 The default value used by the router is 1000 milliseconds 1 second Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline The configured time is used by the router on the interface and is also advertised in RA message If the specified time is 0 the router will use 1 second on the interface and advertise 0 unspecifi...

Page 130: ...s will not be applied to the static entries The clear ipv6 neighbors command will clear the dynamic neighbor cache entries Use the no ipv6 neighbor command to delete a static neighbor entry Example This example shows how to create a static ipv6 neighbor cache entry Switch configure terminal Switch config ipv6 neighbor fe80 1 vlan1 00 01 80 11 22 99 Switch config 10 16 show ipv6 interface This comm...

Page 131: ... status is up FE80 201 1FF FE02 304 vlan2 is up Link status is down FE80 201 1FF FE02 305 200 2 vlan3 is up Link status is down FE80 201 1FF FE02 306 Total Entries 3 Switch 10 17 show ipv6 neighbors This command is used to display IPv6 neighbor information show ipv6 neighbors INTERFACE ID IPV6 ADDRESS Parameters IPV6 ADDRESS Specifies the IPv6 address to display its IPv6 neighbor cache entry INTER...

Page 132: ...ry S Static neighbor entry State INCMP Incomplete Address resolution is being performed on the entry but the corresponding neighbor advertisement message has not yet been received REACH Reachable Corresponding neighbor advertisement message was received and the reachable time in milliseconds has not elapsed yet It indicates that the neighbor was functioning properly STALE More than the reachable t...

Page 133: ... example shows how to enable the BPDU attack protection function globally Switch configure terminal Switch config spanning tree bpdu protection Switch config 11 2 spanning tree bpdu protection interface This command is used to enable the BPDU attack protection function on the port Use the no form of this command to revert to the default setting spanning tree bpdu protection drop block shutdown no ...

Page 134: ... err disabled state Example This example shows how to enable the BPDU attack protection with block mode on interface eth1 0 1 Switch configure terminal Switch config interface eth1 0 1 Switch config if spanning tree bpdu protection block Switch config if 11 3 show spanning tree bpdu protection This command is used to display the BPDU protection information show spanning tree bpdu protection interf...

Page 135: ...Shutdown Normal eth1 0 16 Disabled Shutdown Normal eth1 0 17 Disabled Shutdown Normal eth1 0 18 Disabled Shutdown Normal eth1 0 19 Disabled Shutdown Normal CTRL C ESC q Quit SPACE n Next Page ENTER Next Entry a All This example shows how to display the BPDU attack protection status of interface eth1 0 1 Switch show spanning tree bpdu protection interface eth1 0 1 Interface State Mode Status eth1 0...

Page 136: ...age Guideline Use this command to enable or disable the sending of the SNMP notifications for BPDU protection Example This example shows how to enable the sending of the SNMP notifications for BPDU protection Switch configure terminal Switch config snmp server enable traps stp bpdu protection Switch config ...

Page 137: ...blems Use the test cable diagnostics command to start the test The copper port can be in one of the following status Open The cable in the error pair does not have a connection at the specified position Short The cable in the error pair has a short problem at the specified position Open or Short The cable has an open or short problem but the PHY has no capability to distinguish between them Crosst...

Page 138: ... Example This example shows how to display the test results for the cable diagnostics Switch show cable diagnostics Port Type Link Status Test Result Cable Length M eth1 0 1 1000BASE T Link Up OK 65 eth1 0 2 1000BASE T Link Up OK eth1 0 3 1000BASE T Link Down Shutdown 25 eth1 0 4 1000BASE T Link Down Shutdown eth1 0 5 1000BASE T Link Down Unknown eth1 0 6 1000BASE T Link Down Pair 1 Crosstalk at 3...

Page 139: ...f interfaces from a previous range No space before and after the comma Optional Specifies a range of interfaces No space before and after the hyphen Default None Command Mode EXEC Mode Command Default Level Level 1 Usage Guideline This command is used to clear the test results for the cable diagnostics If the test is running on the interface an error message will be displayed Example This example ...

Page 140: ... successfully been configured to the Switch via the command line interface The requirement is to log the command itself along with information about the user account that entered the command into the system log Commands that do not cause a change in the Switch configuration or operation such as show will not be logged Information about saving or viewing the system log is described in the sys log f...

Page 141: ...ows how to enable and then disable the debug message output option Switch config debug enable Switch config no debug enable Switch config 14 2 debug output This command is used to specify the output for the debug messages of individual modules debug output module MODULE LIST all buffer console no debug output module MODULE LIST all Parameters MODULE LIST Specifies the module list to output the deb...

Page 142: ...ut to the debug buffer Switch debug output all buffer Switch 14 3 debug reboot on error This command is used to set the Switch to reboot when a fatal error occurs Use the no form of this command to set the Switch not to reboot when a fatal error occurs debug reboot on error no debug reboot on error Parameters None Default By default this option is enabled Command Mode Global Configuration Mode Com...

Page 143: ...Command Mode Privileged EXEC Mode Command Default Level Level 15 Usage Guideline None Example This example shows how to copy debug buffer information to a TFTP server 10 90 90 99 Switch debug copy buffer tftp 10 90 90 99 abc txt Address of remote host 10 90 90 99 Destination filename abc txt Accessing tftp 10 90 90 99 abc txt Transmission starts Finished network upload 65739 bytes Switch 14 5 debu...

Page 144: ...Guideline Use this command to clear the error log information Example This example shows how to clear the error log information Switch debug clear error log Switch 14 7 debug show buffer This command is used to display the content of the debug buffer or utilization information of the debug buffer debug show buffer utilization Parameters utilization Optional Specifies to display the utilization of ...

Page 145: ...n Switch debug show buffer utilization Debug buffer is allocated from system memory Total size is 2M Utilization is 30 Switch 14 8 debug show output This command is used to display the debug status and output information of the modules debug show output Parameters None Default None Command Mode Privileged EXEC Mode or Any Configuration Mode Command Default Level Level 15 Usage Guideline Use this c...

Page 146: ...r No BGP buffer No VRRP buffer No RIPNG buffer No Switch 14 9 debug show error log This command is used to display error log information debug show error log Parameters None Default None Command Mode Privileged EXEC Mode or Any Configuration Mode Command Default Level Level 15 Usage Guideline Use this command to display the content of the error log Example This example shows how to display error l...

Page 147: ... 8018C814 8028FF44 8028352C 801D703C 8013B8A4 802AE754 802A5E0C 802A5D6C debug log 2 level fatal clock 10000ms time 2013 09 11 15 00 00 SOFTWARE FATAL ERROR CLI_UTL_AllocateMemory Fail Current TASK CLI TASK STACKTRACE 802ACE98 802B4498 802B4B00 802BD140 802BCB08 Total Log 2 Output truncated 14 10 debug show tech support This command is used to display the information required by technical support ...

Page 148: ...Command Default Level Level 15 Usage Guideline Use this command to display technical support information The technical support information is used to collect the Switch s information needed by the engineers to troubleshoot or analyze a problem Example This example shows how to display technical support information of all the modules ...

Page 149: ...NG 2000 1 1 00 04 26 Topology Information Stable Topology My Box ID 1 Role Master Box Cnt 1 Topology Type Duplex Chain Unit Prio Device Runtime Stacking ID rity Role MAC Type option version version 1 32 32 Master 3C 1E 04 A1 CC 00 DGS 1510 28XMP 0x0001 1 40 014 2 0 1 2 NOT EXIST 3 NOT EXIST 4 NOT EXIST 5 NOT EXIST 6 NOT EXIST S means static box ID Temporary Topology Stable Cnt 48 Hot Swap Type Sta...

Page 150: ...ow cpu utilization Parameters None Default None Command Mode Privileged EXEC Mode or Any Configuration Mode Command Default Level Level 15 Usage Guideline Use this command to display the information about CPU and task utilization Example This example shows how to display the CPU utilization per process information Switch debug show cpu utilization Five seconds 12 One minute 12 Five minutes 12 Proc...

Page 151: ...NIT ID sio1 sio2 Parameters UNIT ID Specifies the stacking unit ID sio1 Specifies to represent the lower stacking port sio2 Specifies to represent the higher stacking port Default None Command Mode Privileged EXEC Mode Command Default Level Level 15 Usage Guideline Use this command to display the packet statistics information of the SIO ports Example This example shows how to display the informati...

Page 152: ...0 txHCTotalPkts 0 0 txHCUnicastPkts 0 0 txHCMulticastPkts 0 0 txHCBroadcastPkts 0 0 txHCOctets 0 0 txHCPkt64Octets 0 0 txHCPkt65to127Octets 0 0 txHCPkt128to255Octets 0 0 txHCPkt256to511Octets 0 0 txHCPkt512to1023Octets 0 0 txHCPkt1024to1518Octets 0 0 txHCPkt1519to2047Octets 0 0 txHCPkt2048to4095Octets 0 0 rxHCPkt4096to9216Octets 0 0 Switch 14 13 debug show error ports unit This command is used to ...

Page 153: ...ation of the SIO ports Switch debug show error ports unit 1 sio1 UNIT ID 1 SIO 1 RX Frames TX Frames CRC Error 0 CRC Error 0 Undersize 0 STP Drop 0 Oversize 0 HOL Drop 0 Fragment 0 COS0 HOL Drop 0 Jabber 0 COS1 HOL Drop 0 Symbol Error 0 COS2 HOL Drop 0 Buffer Full Drop 0 COS3 HOL Drop 0 ACL Drop 0 COS4 HOL Drop 0 Multicast Drop 0 COS5 HOL Drop 0 VLAN Ingress Drop 0 COS6 HOL Drop 0 Invalid IPv6 Dro...

Page 154: ...P server IP address from the DHCP server if the DHCP server has the TFTP server IP address and configuration file name and be configured to deliver this information in the data field of the DHCP reply packet The Switch will then download the configuration file from the TFTP server to configure the system if the TFTP server is running and have the requested configuration file in its base directory ...

Page 155: ... EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command is used to display the status of the auto configuration Example This example shows how to display the status of the auto configuration Switch show autoconfig Autoconfig State Disabled Switch ...

Page 156: ...lass identifier Option 60 to be sent with the DHCP discover message This specification only applies to the subsequent sending of the DHCP discover messages The setting only takes effect when the DHCP client is enabled on the interface to acquire the IP address from the DHCP server The vendor class identifier specifies the type of device that is requesting an IP address Example This example shows h...

Page 157: ...00 as the client ID sent in the discover message for VLAN 100 Switch configure terminal Switch config interface vlan 100 Switch config if ip dhcp client client id vlan 100 Switch config if 16 3 ip dhcp client hostname This command is used to specify the value of the host name option to be sent with the DHCP discover message Use the no form of this command to revert the setting to the default ip dh...

Page 158: ... lease option ip dhcp client lease DAYS HOURS MINUTES no ip dhcp client lease Parameters DAYS Specifies the day duration of the lease The range is from 0 to 10000 days HOURS Optional Specifies the hour duration of the lease The range is from 0 to 23 hours MINUTES Optional Specifies the minute duration of the lease The range is from 0 to 59 minutes Default The lease option is not sent Command Mode ...

Page 159: ...e relayed If there is no class configured in a relay pool the client will be relayed to the relay destination server specified for the matched relay pool when the client matches the relay pool Example This example shows how to a DHCP class Service A is configured defined with DHCP option 60 matching pattern 0x112233 and 0x102030 classified to the relay pool pool1 and is associated with relay targe...

Page 160: ...p dhcp pool DHCP Relay This command is used to configure a DHCP relay pool on a DHCP relay agent and enter the DHCP pool configuration mode Use the no form of this command to delete a DHCP relay pool ip dhcp pool NAME no ip dhcp pool NAME Parameters NAME Specifies the address pool name with a maximum of 32 characters Default None Command Mode Global Configuration Mode Command Default Level Level 1...

Page 161: ...y disable the check for Option 82 ip dhcp relay information check no ip dhcp relay information check Parameters None Default By default this option is disabled Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline This command takes effect when the DHCP service is enabled The ip dhcp relay information check command and the ip dhcp relay information check reply comma...

Page 162: ... global setting takes effect If the ip dhcp relay information check reply command is configured for an interface the interface setting takes effect When the check for Option 82 of the reply packet is enabled the device will check the validity of the Option 82 field in DHCP reply packets it receives from the DHCP server If the Option 82 field in the received packet is not present or the option is n...

Page 163: ... id command to specify a user defined string for the remote ID sub option Example This example shows how to enable the insertion of Option 82 during the relay of DHCP request packets Switch configure terminal Switch config ip dhcp relay information option Switch config 17 7 ip dhcp relay information option insert This command is used to enable or disable the insertion of Option 82 for an interface...

Page 164: ... relay information policy Parameters drop Specifies to discard the packet that already has the relay option keep Specifies that the DHCP requests packet that already has the relay option is left unchanged and directly relayed to the DHCP server replace Specifies that the DHCP request packet that already has the relay option will be replaced by a new option Default By default this option is replace...

Page 165: ...e DHCP service is enabled Use this command to configure the global policy for the insertion of Option 82 on packets that already have Option 82 Example This example shows how to configure the relay agent option re forwarding policy to keep and set the policy to drop for VLAN 100 The effective relay agent option re forwarding policy for VLAN 100 is drop and the effective relay agent option re forwa...

Page 166: ...ation option Switch config ip dhcp relay information option format remote id vendor2 Switch config This example shows how to configure a user defined string switch1 as the remote ID Switch configure terminal Switch config ip dhcp relay information option Switch config ip dhcp relay information option format remote id string switch1 Switch config 17 11 ip dhcp relay information option format type r...

Page 167: ... to configure the default circuit ID sub option ip dhcp relay information option format circuit id default string STRING vendor1 vendor2 vendor3 vendor4 vendor5 vendor6 no ip dhcp relay information option format circuit id Parameters default Specifies to use the default circuit ID sub option STRING Specifies to use a user defined string as the circuit ID Space characters are allowed in the string ...

Page 168: ...uit id vendor3 string Parameters vendor3 Specifies to the vender3 user defined string with the maximum 32 characters STRING Specifies the vendor defined string Default None Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline This command is used to configure each interface s vendor defined string for option 82 information circuit ID It is available for both phy...

Page 169: ...ce mode command ip dhcp relay information trusted Verify settings by entering the show ip dhcp relay information trusted sources command Example This example shows how to enable the DHCP relay agent to trust IP DHCP relay information for all interfaces The DHCP relay agent trusts the relay information for all interfaces regardless of what the setting of ip dhcp relay information trusted command Sw...

Page 170: ...nfig no ip dhcp relay information trust all Switch config interface vlan 100 Switch config if ip dhcp relay information trusted Switch config if 17 16 ip dhcp local relay vlan This command is used to enable local relay on a VLAN or a group of VLANs Use the no form of this command to disable the local relay function ip dhcp local relay vlan VLAN ID no ip dhcp local relay vlan VLAN ID Parameters vla...

Page 171: ...e When smart relay is enabled relay agent will count the number that a client retries sending of the DISCOVER message The relay agent will switch the gateway address to secondary address of the received interface after three retries Example This example shows how to enable the smart relay function Switch configure terminal Switch config ip dhcp smart relay Switch config 17 18 option hex DHCP relay...

Page 172: ...ed pattern of a DHCP class the packet will be classified to the DHCP class and forwarded based on the specified target The following are some common used option codes Option 60 vendor class identifier Option 61 client identifier Option 77 user class Option 124 vendor identifying vendor class Option 125 vendor identifying vendor specific information Example This example shows how to a DHCP class Se...

Page 173: ...f the packet is the source of the request If the request packet is not a relayed packet the subnet of the received interface is the source of the packet In a DHCP relay pool administrators can further use the class command and the relay target command to associate a list of relay target addresses with a DHCP class Example This example shows how a DHCP relay pool pool1 is created In the relay pool ...

Page 174: ...lay pool pool2 is created In the relay pool the subnet 172 19 18 0 0 255 255 255 0 is specified as the source subnet and 10 2 1 10 is specified as the relay destination address Switch configure terminal Switch config ip dhcp pool pool2 Switch config dhcp pool relay source 172 19 18 0 255 255 255 0 Switch config dhcp pool relay destination 10 2 1 10 Switch config dhcp pool 17 21 relay target This c...

Page 175: ...h config dhcp pool relay source 172 19 18 0 255 255 255 0 Switch config dhcp pool class Service A Switch config dhcp pool class relay target 10 2 1 2 Switch config dhcp pool class 17 22 service dhcp This command is used to enable the DHCP relay service on the Switch Use the no form of this command to disable the DHCP relay service service dhcp no service dhcp Parameters None Default By default thi...

Page 176: ...itch show ip dhcp relay information trusted sources List of trusted sources of relay agent information option vlan100 vlan200 vlan300 vlan400 vlan500 Total Entries 5 Switch This example shows how to display when all interfaces are trusted sources Note that the display output does not list the individual interfaces Switch show ip dhcp relay information trusted sources All interfaces are trusted sou...

Page 177: ...Option Insert vlan1 Enabled vlan2 Disabled vlan3 Not Configured Total Entries 3 Switch 17 25 show ip dhcp relay information policy action This command is used to display the relay option policy action configuration show ip dhcp relay information policy action Parameters None Default None Command Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this command...

Page 178: ...eries Gigabit Ethernet SmartPro Switch CLI Reference Guide 175 Switch show ip dhcp relay information policy action Interface Policy vlan1 Keep vlan2 Drop vlan3 Replace vlan4 Not configured Total Entries 4 Switch ...

Page 179: ...ace can be validated and a DHCP binding database will be constructed for the DHCP snooping enabled VLAN The binding database provides IP and MAC binding information that can be further used by the IP source guard and dynamic ARP inspection process Example This example shows how to enable DHCP snooping Switch configure terminal Switch config ip dhcp snooping Switch config 18 2 ip dhcp snooping info...

Page 180: ...h or a remote site Use the no form of this command to disable the storing or reset the parameters to the default setting ip dhcp snooping database URL write delay SECONDS no ip dhcp snooping database write delay Parameters URL Specifies the URL in one of the following forms tftp location filename NOTE The flash option only includes the external memory like CF SD USB storage write delay SECONDS Spe...

Page 181: ... is used to clear the DHCP binding database statistics clear ip dhcp snooping database statistics Parameters None Default None Command Mode Privileged EXEC Mode Command Default Level Level 12 Usage Guideline When you enter this command the Switch will clear the database statistics Example This example shows how to clear the snooping database statistics Switch clear ip dhcp snooping database statis...

Page 182: ...ameters URL Specifies load the bind entry database from the URL and add the entries to the DHCP snooping binding entry table Default None Command Mode Privileged EXEC Mode Command Default Level Level 12 Usage Guideline Using this command will cause the system to load the bind entry database from a URL and add the entries to the DHCP snooping binding entry table Example This example shows how to re...

Page 183: ...ne Use this command to create a dynamic DHCP snooping entry Example This example shows how to configure a DHCP snooping entry with IP address 10 1 1 1 and MAC address 00 01 02 03 04 05 at VLAN 2 and port eth3 0 10 with an expiry time of 100 seconds Switch ip dhcp snooping binding 00 01 02 03 04 05 vlan 2 10 1 1 1 interface eth3 0 10 expiry 100 Switch 18 8 ip dhcp snooping trust This command is use...

Page 184: ...nterface on which the message was received In addition to doing the validation DHCP snooping also create a binding entry based on the IP address assigned to client by the server in DHCP snooping binding database The binding entry contains information including MAC address IP address the VLAN ID and port ID where the client is located and the expiry of the lease time Example This example shows how ...

Page 185: ...d range is from 1 to 300 Default By default this option is disabled Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline When the rate of the DHCP packet exceeds the limitation the port will be changed to the error disable state Example This example shows how to configure number of DHCP messages that a switch can receive per second on port 3 0 3 Switch configure...

Page 186: ...dhcp snooping verify mac address This command is used to enable the verification that the source MAC address in a DHCP packet matches the client hardware address Use the no form of this command to disable the verification of the MAC address ip dhcp snooping verify mac address no ip dhcp snooping verify mac address Parameters None Default By default this option is enabled Command Mode Global Config...

Page 187: ...s disabled on all VLANs Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline Use this command to globally enable DHCP snooping and use the ip dhcp snooping vlan command to enable DHCP snooping for a VLAN The DHCP snooping function snoops the DHCP packets arriving at the untrusted interface on VLAN that is enabled for DHCP snooping With this function the DHCP packet...

Page 188: ...ing is enabled DHCP Snooping is enabled on VLANs 10 15 18 Verification of MAC address is disabled Information option of allowed on un trusted interface is disabled Interface Trusted Rate Limit eth3 0 1 no 10 eth3 0 8 no 50 eth3 0 9 yes no_limit Switch 18 15 show ip dhcp snooping binding This command is used to display DHCP snooping binding entries show ip dhcp snooping binding IP ADDRESS MAC ADDRE...

Page 189: ...nd to display DHCP snooping binding entries Example This example shows how to display DHCP snooping binding entries Switch show ip dhcp snooping binding MAC Address IP Address Lease seconds Type VLAN Interface 00 01 02 03 04 05 10 1 1 10 1500 dhcp snooping 100 eth3 0 5 00 01 02 00 00 05 10 1 1 11 1495 dhcp snooping 100 eth3 0 5 Total Entries 2 Switch This example shows how to display DHCP snooping...

Page 190: ...s 1 Switch This example shows how to display DHCP snooping binding entries by VLAN 100 Switch show ip dhcp snooping binding vlan 100 MAC Address IP Address Lease seconds Type VLAN Interface 00 01 02 03 04 05 10 1 1 10 1500 dhcp snooping 100 eth3 0 5 00 01 02 00 00 05 10 1 1 11 1495 dhcp snooping 100 eth3 0 5 Total Entries 2 Switch This example shows how to display DHCP snooping binding entries by ...

Page 191: ...mple This example shows how to display DHCP snooping database statistics Switch show ip dhcp snooping database URL tftp 10 0 0 2 store dhcp snp bind Write Delay Time 300 seconds Last ignored bindings counters Binding collisions 0 Expired lease 0 Invalid interfaces 0 Unsupported vlans 0 Parse failures 0 Checksum errors 0 Switch Display Parameters Binding Collisions The number of entries that create...

Page 192: ...ing entries restrict that only specific servers are allowed to offer addresses to service specific clients If a binding entry is defined without the client s MAC address then the server message with the specified server IP address in the payload will be permitted These binding entries restrict that only specific servers are allowed to offer DHCP server services Example This example shows how to co...

Page 193: ...ar ip dhcp snooping server screen log Switch 18 19 dhcp server screen profile This command is used to define a server screen profile and enter the server screen configure mode dhcp server screen profile PROFILE NAME no dhcp server screen profile PROFILE NAME Parameters PROFILE NAME Specifies the profile name with a maximum of 32 characters Default None Command Mode Global Configuration Mode Comman...

Page 194: ...nly forward trusted server packets If a server screen entry is defined with a profile that contains a client MAC address then the server message with the server IP address and the client addresses contained in the profile is forwarded If an entry is defined without the client s MAC address then the server message with the specified server IP address will be forwarded Each server can only have one ...

Page 195: ...record in the log buffer is cleared If the log buffer is full but more violation events occur packets will be discarded but the event will not be sent to the syslog module If the user specifies a buffer size less than the current entry number then the log buffer will automatically be cleared Example This example shows how to change the maximum buffer number to 64 Switch configure terminal Switch c...

Page 196: ...the no form of this command to disable sending SNMP notifications snmp server enable traps dhcp server screen no snmp server enable traps dhcp server screen Parameters None Default By default this option is disabled Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline When DHCP Server Screen is enabled and the Switch receives the forge DHCP Server packet the Switch...

Page 197: ...example shows how to restart the DHCPv6 client for interface VLAN 1 Switch clear ipv6 dhcp client vlan1 Switch 19 2 show ipv6 dhcp This command is used to display the DHCPv6 related settings on the interface show ipv6 dhcp interface INTERFACE ID Parameters INTERFACE ID Optional Specifies the VLAN interface to display the DHCPv6 related settings Default None Command Mode EXEC Mode or Any Configurat...

Page 198: ...n VLAN 1 is DHCPv6 disabled Switch show ipv6 dhcp interface vlan1 vlan1 is not in DHCPv6 mode Switch This example shows how to display the DHCPv6 setting for all VLANs Only VLANs that are DHCPv6 enabled are displayed Switch show ipv6 dhcp interface vlan1 is in client mode State is OPEN List of known servers Reachable via address FE80 200 11FF FE22 3344 Configuration parameters IA PD IA ID 1 T1 40 ...

Page 199: ...nfiguration mode DHCPv6 guard policies can be used to block DHCPv6 reply and advertisement messages that come from unauthorized servers Client messages are not blocked After the DHCPv6 guard policy was created use the ipv6 dhcp guard attach policy command to apply the policy on a specific interface Example This example shows how to create a DHCPv6 guard policy Switch configure terminal Switch conf...

Page 200: ...rd1 Switch config dhcp guard device role server Switch config dhcp guard 20 3 match ipv6 access list This command is used to verify the sender s IPv6 address in server messages Use the no form of this command to disable the verification match ipv6 access list IPV6 ACCESS LIST NAME no match ipv6 access list Parameters IPV6 ACCESS LIST NAME Specifies the IPv6 access list to be matched Default By def...

Page 201: ...and Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline This command is used to apply a DHCPv6 policy to an interface DHCPv6 guard policies can be used to block DHCPv6 server messages or filter server messages based on sender IP address If the policy name is not specified the default policy will set the device s role to client Example This example shows how to apply th...

Page 202: ... for all policies Example This example shows how to displayed for all policies Switch show ipv6 dhcp guard policy DHCP guard policy default Device Role DHCP client Target eth1 0 3 DHCP guard policy test1 Device Role DHCP server Source Address Match Access List acl1 Target eth1 0 1 Switch Display Parameters Device Role The role of the device The role is either client or server Target The name of th...

Page 203: ...sages being relayed can come from a client may be already relayed by a relay agent The destination address to be relayed can be a DHCPv6 server or another DHCPv6 relay agent The destination address can be a unicast or a multicast address both can be a link scoped address or a global scoped address For link scoped addresses the interface where the destination address is located must be specified Fo...

Page 204: ...onfigure terminal Switch config ipv6 dhcp relay remote id format cid with user define Switch config 21 3 ipv6 dhcp relay remote id option This command is used to enable the insertion of the relay agent remote ID Option 37 during the relay of DHCP for IPv6 request packets Use the no form of this command to disable the insert function ipv6 dhcp relay remote id option no ipv6 dhcp relay remote id opt...

Page 205: ...iguration Mode Command Default Level Level 12 Usage Guideline Use this command to configure the global policy for packets that already have Option 37 If the drop policy is selected relay agent s Remote ID option that has already been presented in the received packet from client the packet will be dropped If the keep policy is selected the Switch does not check if there is a relay agent Remote ID o...

Page 206: ...configure terminal Switch config ipv6 dhcp relay remote id udf hex 010c08 Switch config 21 6 show ipv6 dhcp This command is used to display the DHCPv6 related settings on the interface show ipv6 dhcp interface INTERFACE ID Parameters INTERFACE ID Optional Specifies the VLAN interface ID to display Default None Command Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage Gui...

Page 207: ...7 show ipv6 dhcp relay information option This command is used to display settings of the DHCPv6 relay information options show ipv6 dhcp relay information option Parameters None Default None Command Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this command to display the settings of the DHCPv6 relay information options Example This example shows how t...

Page 208: ...l Level 1 Usage Guideline Use this command to display the current SFP module operating transceiver monitoring parameters values for specified ports Example This example shows how to display current operating parameters for all ports valid for transceiver monitoring Switch show interfaces transceiver high alarm high warning low warning low alarm mA milliamperes mW milliwatts Transceiver Monitoring ...

Page 209: ... used to send all or the specified level of optical transceiver monitoring SNMP notifications Use the no form of this command to stop sending the notifications snmp server enable traps transceiver monitoring alarm warning no snmp server enable traps transceiver monitoring alarm warning Parameters alarm Optional Specifies to send or stop sending alarm level notification warning Optional Specifies t...

Page 210: ...threshold or go lower than the low alarm threshold A warning event occurs when the parameters being monitored go higher than the high warning threshold or go lower than the low warning threshold The port shutdown feature is controlled by the Error Disable module without a recover timer Users can manually recover the port by using the shutdown command and then the no shutdown command Example This e...

Page 211: ...ser configured threshold is stored in the system and the displayed value will be the user configured threshold If no user configured threshold exists the displayed value will always reflect the factory preset value defined by vendors The no form of this command has the effect to clear the configured threshold stored in the system It does not change the threshold stored in the SFP SFP transceivers ...

Page 212: ...his example shows how to enable transceiver monitoring on interface eth3 0 1 Switch configure terminal Switch config interface eth3 0 1 Switch config if transceiver monitoring enable Switch config if 22 6 transceiver monitoring rx power This command is used to configure the thresholds of the input power for the specified port Use the no form of this command to remove the configuration transceiver ...

Page 213: ...ent threshold values in newly inserted SFP SFP transceivers from being altered Example This example shows how to configure the RX power low warning threshold as 0 135 mW on interface eth3 0 1 Switch configure terminal Switch config transceiver monitoring rx power eth3 0 1 low warning mwatt 0 135 Switch config 22 7 transceiver monitoring temperature This command is used to configure the temperature...

Page 214: ...ltered Example This example shows how to configure the temperature high alarm threshold as 127 994 on interface eth3 0 1 Switch configure terminal Switch config transceiver monitoring temperature eth3 0 1 high alarm 127 994 WARNING A closest value 127 992 is chosen according to the transceiver monitoring precision definition Switch config 22 8 transceiver monitoring tx power This command is used t...

Page 215: ...mand to prevent threshold values in newly inserted SFP SFP transceivers from being altered Example This example shows how to configure the TX power low warning threshold to 0 181 mW on interface eth3 0 1 Switch configure terminal Switch config transceiver monitoring tx power eth3 0 1 low warning mwatt 0 181 Switch config 22 9 transceiver monitoring voltage This command is used to configure the thr...

Page 216: ...r configured threshold is just stored in the system and the displayed value will be the user configured threshold If there is no user configured threshold the displayed value will always reflect the factory preset value defined by the vendor The no form of this command has the effect to clear the configured threshold stored in system It does not change the threshold stored in the SFP SFP transceiv...

Page 217: ...e DDP client function globally or per physical port based When DDP is disabled on a port the port will neither process nor generate DDP message DDP messages received by the port are flooded in VLAN Example This example shows how to enable DDP globally Switch configure terminal Switch config ddp Switch config This example shows how to enable DDP on port 1 0 1 Switch configure terminal Switch config...

Page 218: ...ge Guideline Use this command to configure interval between two consecutive DDP report messages Example This example shows how to configure interval to 60 seconds Switch configure terminal Switch config ddp report timer 60 Switch config 23 3 show ddp This command is used to display the switch DDP configurations show ddp interfaces INTERFACE ID Parameters INTERFACE ID Specifies to the interface ID ...

Page 219: ...tch CLI Reference Guide 216 Switch show ddp D Link Discovery Protocol state Enabled Report timer 60 seconds Switch This example shows how to display DDP on port 1 0 1 Switch show ddp interface ethernet 1 0 1 Interface State eth1 0 1 Enabled Switch ...

Page 220: ...t Level Level 12 Usage Guideline Use this command to delete a host entry or all host entries which are dynamically learned by the DNS resolver or caching server Example This example shows how to delete the dynamically entry www abc com from the host table Switch clear host www abc com Switch 24 2 ip domain lookup This command is used to enable the DNS to carry out the domain name resolution Use th...

Page 221: ...PV6 ADDRESS no ip host HOST NAME IP ADDRESS IPV6 ADDRESS Parameters HOST NAME Specifies the host name of the equipment IP ADDRESS Specifies the IPv4 address of the equipment IPV6 ADDRESS Specifies the IPv6 address of the equipment Default None Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline The host name specified in this command needs to be qualified Use the ...

Page 222: ...e already configured the servers configured later will be added to the server list The user can configure up to 4 name servers Example This example shows how to configure the domain name server 192 168 5 134 and 5001 5 2 Switch configure terminal Switch config ip name server 192 168 5 134 5001 5 2 Switch config 24 5 ip name server timeout This command is used to configure the timeout value for the...

Page 223: ...ny Configuration Mode Command Default Level Level 1 Usage Guideline Use this command to display DNS related configuration information Example This example shows how to display DNS related configuration information Switch show hosts Number of Static Entries 2 Number of Dynamic Entries 1 Host Name www yes com IP Address 10 0 0 88 IPv6 Address 2001 1 1 Age 1334minutes Host Name www abc com IP Address...

Page 224: ...y Configuration Mode Command Default Level Level 1 Usage Guideline Use this command to display the DNS related configuration information Example This example shows how to display the DNS related configuration information Switch show ip name_server Name servers are 1 1 1 1 Name servers are 1000 1 Name servers are 2 2 2 2 Name servers are 2000 2 Switch ...

Page 225: ...to itself Land A LAND attack involves with IP packets where the source and destination address are set to address of the target device It may cause the target device reply to itself continuously TCP NULL scan Port scanning by using specific packets which contain a sequence number of 0 and no flags TCP SYN fin Port scanning by using specific packets which contain SYN and FIN flags TCP SYN SRCport l...

Page 226: ...disable the DoS prevention mechanism for all supported types Switch configure terminal Switch config no dos prevention all Switch config 25 2 show dos prevention This command is used to display the DoS prevention status and related drop counters show dos prevention DOS ATTACK TYPE Parameters DOS ATTACK TYPE Optional Specifies the DoS type to be displayed Default None Command Mode EXEC Mode or Any ...

Page 227: ...abled Switch 25 3 snmp server enable traps dos prevention This command is used to enable sending SNMP notifications for DoS attacking Use the no form of this command to disable sending SNMP notifications snmp server enable traps dos prevention no snmp server enable traps dos prevention Parameters None Default By default this option is disabled Command Mode Global Configuration Mode Command Default...

Page 228: ...DGS 1510 Series Gigabit Ethernet SmartPro Switch CLI Reference Guide 225 Switch configure terminal Switch config snmp server enable traps dos prevention Switch config ...

Page 229: ...uration Mode Command Default Level Level 12 Usage Guideline The name must be unique among all access lists The characters used in the name are case sensitive There is an implicit deny statement at the end of an access list Example This example shows how to configure an ARP access list with two permit entries Switch configure terminal Switch config arp access list static arp list Switch config arp ...

Page 230: ...Ns Default None Command Mode Privileged EXEC Mode Command Default Level Level 12 Usage Guideline This command is used to clear the Dynamic ARP Inspection DAI statistics Example This example shows how to clear the DAI statistics from VLAN 1 Switch clear ip arp inspection statistics vlan 1 Switch 26 4 ip arp inspection filter vlan This command is used to specify an ARP access list to be used for ARP...

Page 231: ...e address binding against the access list entries and the DHCP snooping database ARP ACLs take precedence over entries in the DHCP snooping binding database If the packet is explicitly denied by the access control list the packet is dropped If the packet is denied due to the implicit deny the packet will be further matched against the DHCP snooping binding entries if the keyword static is not spec...

Page 232: ...h config if ip arp inspection limit rate 30 burst interval 5 Switch config if 26 6 ip arp inspection log buffer This command is used to configure the ARP inspection log buffer parameter ip arp inspection log buffer entries NUMBER no ip arp inspection log buffer entries Parameters NUMBER Optional Specifies the buffer entry number The maximum number is 1024 Default By default this value is 32 Comman...

Page 233: ...e interface will not be inspected When an interface is in the untrusted state ARP packets arriving at the port and belongs to the VLAN that is enabled for inspection will be inspected Example This example shows how to configure port 3 0 3 to be trusted for DAI Switch configure terminal Switch config interface eth3 0 3 Switch config if ip arp inspection trust Switch config if 26 8 ip arp inspection...

Page 234: ...ormed during the dynamic ARP inspection check The specified check will be performed on packets arriving at the untrusted interface and belong to the VLANs that are enabled for IP ARP inspection If no parameters are specified all options are enabled or disabled Use the no form of this command with the specific option to disable the specific type of check Example This example shows how to enable sou...

Page 235: ... VLAN ID logging acl match permit all none dhcp bindings permit all none no ip arp inspection vlan VLAN ID logging acl match dhcp bindings Parameters vlan VLAN ID Specifies the VLAN to enable or disable the logging control function Optional Specifies a series of interfaces or separate a range of interfaces from a previous range No space is allowed before and after the comma Optional Specifies a ra...

Page 236: ...AC MASK no permit deny ip any host SENDER IP SENDER IP SENDER IP MASK mac any host SENDER MAC SENDER MAC SENDER MAC MASK Parameters ip any Specifies to match any source IP address ip host SENDER IP Specifies to match a single source IP address SENDER IP SENDER IP MASK Specifies to match a group of source IP addresses by using a bitmap mask The bit corresponding to bit value 1 will be checked The i...

Page 237: ...previous range No space is allowed before and after the comma Optional Specifies a range of interfaces No space is allowed before and after the hyphen vlan VLAN ID Optional Specifies a VLAN or range of VLANs Default None Command Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command is used to display the status of DAI for a specific range of VLANs Exam...

Page 238: ...hat are forwarded by ARP inspection Dropped The number of ARP packets that are dropped by ARP inspection DHCP Drops The number of ARP packets that are dropped by DHCP snooping binding database ACL Drops The number of ARP packets that are dropped by ARP ACL rule DHCP Permits The number of ARP packets that are permitted by DHCP snooping binding database ACL Permits The number of ARP packets that are...

Page 239: ...opped or permitted based on ACL matches None ACL matched packets are not logged Permit Logging when packets are permitted by the configured ACL Deny Logging when packets are dropped by the configured ACL All ACL matched packets are always logged DHCP Logging The state of logging for packets dropped or permitted based on DHCP bindings None Prevent logging when packets are dropped or permitted by th...

Page 240: ...ARP packet will be legal and not be authorized untrusted This interface is ARP inspection untrusted port all ARP packet will be authorized Rate pps The upper limit on the number of incoming packets processed per second Burst Interval The consecutive interval in seconds over which the interface is monitored for the high rate of the ARP packets 26 13 show ip arp inspection log This command is used t...

Page 241: ...h1 0 2 100 10 5 10 16 55 66 20 30 40 50 2 2014 04 02 00 11 54 eth1 0 3 100 10 58 2 30 10 22 33 44 50 60 1 2014 03 30 12 01 38 Total Entries 3 Switch Display Parameters Interface The name of interface that logging occurred VLAN The VLAN that logging occurred Sender IP The logging ARP s sender IP address Sender MAC The logging ARP s sender MAC address Occurrence The counter of logging entries occurr...

Page 242: ...r an error port caused by ARP rate limiting dhcp rate Specifies to enable the auto recovery option for an error port caused by DHCP rate limiting loopback detect Specifies to enable the auto recovery option for an error port caused by loop detection interval SECONDS Specifies the time in seconds to recover the port from the error state caused by the specified module The valid value is 5 to 86400 T...

Page 243: ... Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this command to verify the settings of the error disable recovery timer Example This example shows how to display the settings of the error disable recovery timer Switch config show errdisable recovery ErrDisable Cause State Interval Port Security enabled 120 seconds Storm Control enabled 120 seconds BPDU A...

Page 244: ...ge of the error disabled state Default By default all notification types are disabled and there is no limit for the notification rate Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline This command with the parameters asserted and cleared enables or disables the notifications for the state change of the error disabled state If you enter the command with one of th...

Page 245: ...or the ERP instances Example This example shows how to configure the description for the ERP instances Switch configure terminal Switch config ethernet ring g8032 major ring Switch config erp instance 1 Switch config erp instance description custom description Switch config erp instance 28 2 ethernet ring g8032 This command is used to create or modify an ITU T G 8032 ERP physical ring and enter th...

Page 246: ...g g8032 profile PROFILE NAME no ethernet ring g8032 profile PROFILE NAME Parameters PROFILE NAME Specifies the name of the G 8032 profile with the maximum of 32 characters Default None Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline This command is used to create modify or delete a G 8032 profile and enter the ERP profile configuration mode Example This exampl...

Page 247: ...y the APS channel VLAN for an ERP instance Use the no form of this command to delete the configuration r aps channel vlan VLAN ID no r aps channel vlan Parameters VLAN ID Specifies the VLAN ID The valid values are from 1 to 4094 Default None Command Mode ERP Instance Configuration Mode Command Default Level Level 12 Usage Guideline This command is used to assign the APS channel VLAN for an ERP ins...

Page 248: ...RP mechanism The range is 1 to 4094 Optional Specifies a series of VLANs or separate a range of VLANs from a previous range No spaces are required before and after the comma Optional Specifies a range of VLANs No spaces are required before and after the hyphen Default None Command Mode ERP Instance Configuration Mode Command Default Level Level 12 Usage Guideline This command is used to add or del...

Page 249: ...g2 Switch configure terminal Switch config ethernet ring g8032 ring2 Switch config erp instance 1 Switch config erp instance 28 8 level This command is used to configure ring MEL value of an ERP instance Use the no form of this command to revert to the default setting level MEL VALUE no level Parameters MEL VALUE Specifies the ring MEL of the specified ERP instance The valid values are from 0 to 7...

Page 250: ...RING NAME Parameters SUB RING NAME Specifies the name of the sub ring Default None Command Mode ERP Configuration Mode Command Default Level Level 12 Usage Guideline This command is used to specify or delete the sub ring of a physical ring Example This example shows how to configure the sub ring of the physical ring ring2 Switch configure terminal Switch config ethernet ring g8032 ring2 Switch con...

Page 251: ...fig erp instance 28 11 port0 This command is used to specify the first ring port of a physical ring Use the no form of this command to remove the settings port0 interface INTERFACE ID no port0 Parameters INTERFACE ID Specifies the interface ID of the first ring port The interface s can be a physical interface or a port channel Default None Command Mode ERP Configuration Mode Command Default Level ...

Page 252: ...ge Guideline This command is used to specify or remove the first ring port of a physical ring Use the port1 none command to indicate that the inter connect node is a local node endpoint of an open ring Example This example shows how to configure the inter connect node as a local end node of the G 8032 ring ring2 Switch configure terminal Switch config ethernet ring g8032 ring2 Switch config erp po...

Page 253: ...ing transport entity immediately and in some cases a second traffic interruption is even avoided by not reverting protect switching Example This example shows how to configure rings in the profile campus to operate in non revertive mode Switch configure terminal Switch config ethernet ring g8032 profile campus Switch config g8032 ring profile no revertive Switch config g8032 ring profile 28 14 rpl...

Page 254: ... to display information of the ERP instances show ethernet ring g8032 status brief Parameters status Specifies to display the status of the ERP instances brief Specifies to display the brief information of the ERP instances Default None Command Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command is used to display information of the ERP instances Exa...

Page 255: ...q Quit SPACE n Next Page ENTER Next Entry a All This example shows how to display the brief information of the ERP instances Switch show ethernet ring g8032 brief Profile Inst Status Port State ID 0 Deactivated p0 Forwarding p1 Forwarding 0 Deactivated p0 Forwarding p1 Forwarding campus 1 Deactivated p0 eth1 0 1 Forwarding RPL p1 Forwarding 0 Deactivated p0 Forwarding p1 Forwarding Total Entries 4...

Page 256: ...ances Inst ID Instance identifier of ERP instance RingType Indicates either major ring or sub ring Node Type RPL Owner Status Current status of ERP instance It can be one of the following values Deactivated The ERP instance is deactivated Init The instance is initializing Idle The instance is in normal state The RPL port is blocked Protection The instance detects failure at some ring port The RPL ...

Page 257: ...NUTES no timer guard hold off wtr Parameters guard MILLI SECONDS Optional Specifies the guard timer in milliseconds The value is range from 10 to 2000 hold off SECONDS Optional Specifies the hold off timer in seconds The value is range from 0 to 10 wtr MINUTES Optional Specifies the WTR timer in minutes The value is range from 1 to 12 Default The default guard timer is 500 milliseconds The default...

Page 258: ...vel Level 1 Usage Guideline If the URL is not specified then the current directory is not changed Example This example shows how to change the current directory to the directory log on file system c Switch dir Directory of c 1 d 0 Dec 29 2013 17 49 36 images 2 d 0 Jan 02 2013 18 42 53 configurations 3 d 0 Jan 02 2013 18 42 53 log 4 639 Jan 03 2013 12 09 32 new_config cfg 20578304 bytes total 31045...

Page 259: ... configuration file that is specified as the boot up file cannot be deleted Example This example shows how to delete the file named test txt from file system on the local flash Switch delete c test txt Delete test txt y n n y File is deleted Switch 29 3 dir This command is used to display the information for a file or the listing of files in the specified path name dir URL Parameters URL Optional ...

Page 260: ...w storage media command Example This example shows how to display the root directory in a standalone switch Switch dir Directory of 1 d 0 Jun 31 2013 17 49 36 c 2 d 0 Jun 31 2013 18 42 53 d 0 bytes total 0 bytes free Switch 29 4 mkdir This command is used to create a directory under the current directory mkdir DIRECTORY NAME Parameters DIRECTORY NAME Specifies the name of the directory Default Non...

Page 261: ...non standard printable characters the display will feature unreadable characters or even blank spaces Example This example shows how to display the contents of file usr_def conf Switch more c configuration usr_def conf DGS 1510 Firmware Version 1 40 014 Slot Model 1 DGS 1510 28XMP 2 3 DGS 1510 28XMP 4 DGS 1510 28XMP ip igmp snooping vlan 1 end Switch 29 6 rename This command is used to rename a fi...

Page 262: ...used to remove a directory in the file system rmdir DIRECTORY NAME Parameters DIRECTORY NAME Specifies the name of the directory Default None Command Mode Privileged EXEC Mode Command Default Level Level 15 Usage Guideline Use this command to remove a directory in the working directory Example This example shows how to remove a directory called newdir under the current directory Switch rmdir newdi...

Page 263: ...ommand Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this command to display the information of the storage media available on the system Example This example shows how to display the information of the storage media on all units Switch show storage media info Unit Drive Media Type Size FS Type Label 1 c FLASH 29M FFS 2 c FLASH 31M FFS 3 c FLASH 31M FFS...

Page 264: ... port or a port channel vlan VLAN ID Specifies the VLAN ID The valid values are from 1 to 4094 Default None Command Mode Privileged EXEC Mode Command Default Level Level 12 Usage Guideline Using this command only clears dynamic MAC address entries Only the dynamic unicast address entry will be cleared Example This example shows how to remove the MAC address 00 08 00 70 00 07 from the dynamic MAC a...

Page 265: ...on is disabled Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline The source MAC address triggered update function is always enabled The hit bit of MAC address entries corresponding to the port that receives the packet will be updated based on the source MAC address and the VLAN of the packet When the user enables the destination MAC address triggered update func...

Page 266: ... Guideline Use this commands to enable or disable MAC address learning on a physical port Example This example shows how to enable the MAC address learning option Switch configure terminal Switch config mac address table learning interface eth1 0 5 Switch config 30 5 mac address table notification change This command is used to enable or configure the MAC address notification function Use the no f...

Page 267: ...Switch config mac address table notification change history size 500 Switch config 30 6 mac address table static This command is used to add a static address to the MAC address table Use the no form of this command to remove a static MAC address entry from the table mac address table static MAC ADDR vlan VLAN ID interface INTERFACE ID drop no mac address table static all MAC ADDR vlan VLAN ID inte...

Page 268: ... eth1 0 1 Switch config This example shows how to add the static address C2 F3 22 0A 22 33 to the MAC address table It also specifies that when any packet received on VLAN 4 that has a destination MAC address of C2 F3 22 0A 22 33 will be forwarded to port channel 2 Switch configure terminal Switch config interface range eth1 0 5 6 Switch config if range channel group 2 mode on Switch config if ran...

Page 269: ...MAC address entry or the MAC address entries for a specific interface or VLAN show mac address table dynamic static address MAC ADDR interface INTERFACE ID vlan VLAN ID Parameters dynamic Optional Specifies to display dynamic MAC address table entries only static Optional Specifies to display static MAC address table entries only address MAC ADDR Optional Specifies the 48 bit MAC address interface...

Page 270: ...dress Type Ports 1 00 02 4B 28 C4 82 Static CPU 2 00 02 4B 28 C4 82 Static CPU 4 00 01 00 02 00 04 Static eth1 0 2 4 C2 F3 22 0A 12 F4 Static port channel2 6 00 01 00 02 00 07 Static eth1 0 1 6 00 01 00 02 00 10 Static Drop Total Entries 6 Switch This example shows how to display all the MAC address table entries for VLAN 1 Switch show mac address table vlan 1 VLAN MAC Address Type Ports 1 00 02 4...

Page 271: ...the MAC address learning state show mac address table learning interface INTERFACE ID Parameters INTERFACE ID Optional Specifies the interface to be display Optional Specifies a series of interfaces or separate a range of interfaces from a previous range No spaces before and after the comma Optional Specifies a range of interfaces No spaces before and after the hyphen Default None Command Mode EXE...

Page 272: ...ontent show mac address table notification change interface INTERFACE ID history Parameters interface INTERFACE ID Optional Specifies the interface to display history Optional Specifies to display the MAC address notification change history Default None Command Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage Guideline If no option is specified the global configuration ...

Page 273: ...16 Disabled Disabled eth1 0 17 Disabled Disabled eth1 0 18 Disabled Disabled eth1 0 19 Disabled Disabled eth1 0 20 Disabled Disabled eth1 0 21 Disabled Disabled eth1 0 22 Disabled Disabled eth1 0 23 Disabled Disabled eth1 0 24 Disabled Disabled eth1 0 25 Disabled Disabled eth1 0 26 Disabled Disabled eth1 0 27 Disabled Disabled eth1 0 28 Disabled Disabled Switch This example shows how to display th...

Page 274: ... show multicast filtering mode interface VLAN ID Parameters interface VLAN ID Optional Specifies the VLAN to display Default None Command Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage Guideline Example This example shows how to display the multicast filtering mode configuration for all VLANs Switch show multicast filtering mode Interface Layer 2 Multicast Filtering M...

Page 275: ... the no form of this command to revert to the default setting snmp trap mac notification change added removed no snmp trap mac notification change added removed Parameters added Specifies to enable the MAC change notification when a MAC address is added on the interface removed Specifies to enable the MAC change notification when a MAC address is removed from the interface Default By default this ...

Page 276: ...S 1510 Series Gigabit Ethernet SmartPro Switch CLI Reference Guide 273 Switch configure terminal Switch config interface eth1 0 2 Switch config if snmp trap mac notification change added Switch config if ...

Page 277: ...nterface a range of interfaces separated by a hyphen or a series of interfaces separated by comma Default None Command Mode Privileged EXEC Mode Command Default Level Level 12 Usage Guideline Use this command to clear the GVRP counters Example This example shows how to clear statistics for all interfaces Switch clear gvrp statistics all Switch 31 2 gvrp global This command is used to enable the GV...

Page 278: ...ble Parameters None Default By default this option is disabled Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline This command is available for both physical ports and port channel interface configuration This command only takes effect for hybrid mode and trunk mode Example This example shows how to enable the GVRP function on interface eth1 0 1 Switch configu...

Page 279: ...e required before and after the hyphen Default By default no VLANs are advertised Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline The command is available for both physical ports and port channel interface configuration Administrators can use the gvrp advertise command to enable the specified VLANs GVRP advertise function on the specified interface The comm...

Page 280: ...emove the port as a forbidden member of all VLANs gvrp forbidden all add remove VLAN ID no gvrp forbidden Parameters all Specifies that all VLANs except VLAN 1 are forbidden on the interface add Optional Specifies a VLAN or a list of VLANs to be added to the forbidden VLAN list remove Optional Specifies a VLAN or a list of VLANs to be removed from the forbidden VLAN list VLAN ID Optional Specified...

Page 281: ...and is used to configure the GVRP timer value on a port Use the no form of this command to revert the timer to the default setting gvrp timer join TIMER VALUE leave TIMER VALUE leave all TIMER VALUE no gvrp timer join leave leave all Parameters join Optional Specifies to set the timer for joining a group The unit is in a hundredth of a second leave Optional Specifies to set the timer for leaving a...

Page 282: ...figuration If the interface ID is not specified all interfaces are displayed INTERFACE ID Optional Specifies the interfaces used to display the configuration Specify a single interface or a range of interfaces separated by a hyphen or a series of interfaces separated by comma Default None Command Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command on...

Page 283: ...AN 1 3 Forbidden VLAN 5 8 Switch 31 9 show gvrp statistics This command is used to display the statistics for a GVRP port show gvrp statistics interface INTERFACE ID Parameters INTERFACE ID Optional Specifies the interfaces Specify a single interface a range of interfaces separated by a hyphen or a series of interfaces separated by commas Default None Command Mode EXEC Mode or Any Configuration Mo...

Page 284: ...nce Guide 281 Switch show gvrp statistics interface eth3 0 5 3 0 6 Port JoinEmpty JoinIn LeaveEmpty LeaveIn LeaveAll Empty eth3 0 5 RX 0 0 0 0 0 0 TX 4294967296 4294967296 4294967296 4294967296 4294967296 4294967296 eth3 0 6 RX 0 0 0 0 0 0 TX 0 0 0 0 0 0 Switch ...

Page 285: ...vel Level 12 Usage Guideline The system will learn gratuitous ARP packets in the ARP cache table by default Example This example shows how to disable the learning of gratuitous ARP request packets Switch configure terminal Switch config no ip arp gratuitous switch config 32 2 ip gratuitous arps This command is used to enable the transmission of gratuitous ARP request packets Use the no form of thi...

Page 286: ...atuitous ARP messages Switch configure terminal Switch config ip gratuitous arps dad reply switch config 32 3 arp gratuitous send This command is used to set the interval for regularly sending of gratuitous ARP request messages on the interface Use the no form of this command to disable this function on the interface arp gratuitous send interval SECONDS no arp gratuitous send Parameters SECONDS Sp...

Page 287: ...DGS 1510 Series Gigabit Ethernet SmartPro Switch CLI Reference Guide 284 ...

Page 288: ...MP snooping statistics Default None Command Mode Privileged EXEC Mode Command Default Level Level 12 Usage Guideline This command is used to clear the IGMP snooping related statistics Example This example shows how to clear all IGMP Snooping statistics Switch clear ip igmp snooping statistics all Switch 33 2 ip igmp snooping This command is used to enable the IGMP snooping function on the Switch U...

Page 289: ... snooping Switch config This example shows how to disable IGMP snooping on VLAN1 Switch configure terminal Switch config vlan 1 Switch config vlan no ip igmp snooping Switch config vlan 33 3 ip igmp snooping fast leave This command is used to configure IGMP Snooping fast leave on the interface Use the no form to disable the fast leave option on the specified interface ip igmp snooping fast leave n...

Page 290: ...Guideline The command is only available for VLAN interface configuration On receiving an IGMP leave message the IGMP snooping querier will assume that there are no local members on the interface if there are no reports received after the response time Users can lower this interval to reduce the amount of time it takes a switch to detect the loss of the last member of a group Example This example s...

Page 291: ...icast router port the valid interface can be a physical port or a port channel The specified multicast router port must be member port of the configured VLAN A multicast router port can be either dynamic learned or statically configured With the dynamic learning the IGMP snooping entity will learn IGMP PIM or DVMRP packet to identify a multicast router port Example This example shows how to add an...

Page 292: ...command is used to enable the capability of the entity as an IGMP querier Use the no form of this command to disable the querier function ip igmp snooping querier no ip igmp snooping querier Parameters None Default By default this option is disabled Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline This command is only available for VLAN interface configurati...

Page 293: ...ages on the network larger values cause IGMP Queries to be sent less often Example This example shows how to configure the IGMP snooping query interval to 300 seconds on VLAN 1000 Switch configure terminal Switch config vlan 1000 Switch config vlan ip igmp snooping query interval 300 Switch config vlan 33 9 ip igmp snooping query max response time This command is used to configure the maximum resp...

Page 294: ...ral query sent by the IGMP snooping querier Default By default this value is 3 Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline This command is only available for VLAN interface configuration The query version number setting will affect the querier electing When configured to version 1 IGMP snooping will always act as the querier and will not initiate new qu...

Page 295: ...ression time expired For report or leave messages to the same group only one report or leave message is forwarded The remaining report and leave messages are suppressed Example This example shows how to enable report suppression on VLAN 1 Switch configure terminal Switch config vlan 1 Switch config vlan ip igmp snooping report suppression Switch config vlan 33 12 ip igmp snooping robustness variab...

Page 296: ... default number is the value of the robustness variable Users can increase this value if a subnet is expected to be loose Example This example shows how to configure the robustness variable to be 3 on interface VLAN 1000 Switch configure terminal Switch config vlan 1000 Switch config vlan ip igmp snooping robustness variable 3 Switch config vlan 33 13 ip igmp snooping static group This command is ...

Page 297: ...igmp snooping suppression time SECONDS no ip igmp snooping suppression time Parameters SECONDS Specifies to configure the interval of suppressing duplicates IGMP reports The range is from 1 to 300 Default By default this value is 10 seconds Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline This command is only available for VLAN interface configuration The re...

Page 298: ... to restrict all IGMPv1 hosts to join VLAN 1 Switch configure terminal Switch config vlan 1 Switch config vlan ip igmp snooping minimum version 2 Switch config vlan This example shows how to restrict all IGMPv1 and IGMPv2 hosts disallowed to join VLAN 1 Switch configure terminal Switch config vlan 1 Switch config vlan ip igmp snooping minimum version 3 Switch config vlan This example shows how to ...

Page 299: ...ed host based Report suppression Disabled Suppression time 10 seconds Querier state Enabled Non active Query version v2 Query interval 300 seconds Max response time 20 seconds Robustness value 2 Last member query interval 3 seconds Proxy reporting Enabled Source 1 2 2 2 Switch 33 17 show ip igmp snooping groups This command is used to display IGMP snooping group information learned on the Switch s...

Page 300: ...382 2 0 7 Total Entries 1 Switch 33 18 show ip igmp snooping mrouter This command is used to display IGMP snooping router port information learned and configured on the Switch show ip igmp snooping mrouter vlan VLAN ID Parameters vlan VLAN ID Optional Specifies the VLAN If no VLAN is specified IGMP snooping information on all VLANs will be displayed of which IGMP snooping is enabled Default None C...

Page 301: ...ers GROUP ADDRESS Optional Specifies the group IP address to be displayed vlan VLAN ID Optional Specifies the VLAN ID to be displayed Default None Command Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command displays the IGMP snooping static group information Example This example shows how to display IGMP snooping static group information Switch show ...

Page 302: ... Command Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command displays the IGMP snooping related statistics information Example This example shows how to display IGMP snooping statistics information Switch show ip igmp snooping statistics vlan 1 VLAN 1 Statistics IGMPv1 Rx Report 1 Query 0 IGMPv2 Rx Report 0 Query 0 Leave 0 IGMPv3 Rx Report 0 Query 0 ...

Page 303: ...None Command Mode Privileged EXEC Mode Command Default Level Level 12 Usage Guideline Use this command to clear counters for a physical port interface Example This example shows how to clear the counters of interface eth1 0 1 Switch clear counters interface eth1 0 1 Switch 34 2 description This command is used to add a description to an interface description STRING no description Parameters STRING...

Page 304: ...aces Default None Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline This command enters the interface configuration mode for a specific interface The format of the interface number is dependent on the interface type For physical port interfaces the user cannot enter the interface if the Switch s port does not exist The physical port interface cannot be removed b...

Page 305: ...D Specifies the physical port interface Optional Specifies the interface range by delimiting a list of interface IDs with commas No spaces are allowed before and after the comma Optional Specifies an interface range by delimiting the start and the ending interface numbers with a hyphen No spaces are allowed before and after the hyphen Default None Command Mode Global Configuration Mode Command Def...

Page 306: ...s INTERFACE ID Specifies that the interface can be a physical port If no interface is specified counters of all interfaces will be displayed Default None Command Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this command to display the statistic counters for an interface Example This example shows how to display the counters for interface eth1 0 1 ...

Page 307: ...9to2047Octets 0 rxHCPkt2048to4095Octets 0 rxHCPkt4096to9216Octets 0 txHCPkt64Octets 0 txHCPkt65to127Octets 0 txHCPkt128to255Octets 0 txHCPkt256to511Octets 348 txHCPkt512to1023Octets 0 txHCPkt1024to1518Octets 0 txHCPkt1519to1522Octets 0 txHCPkt1519to2047Octets 0 txHCPkt2048to4095Octets 0 txHCPkt4096to9216Octets 0 rxCRCAlignErrors 0 rxUndersizedPkts 0 rxOversizedPkts 0 rxFragmentPkts 0 rxJabbers 0 r...

Page 308: ...kts Receive Multicast Packet Counter Incremented for each good Multicast packet received Excluding MAC control packets txHCMulticastPkts Transmit Multicast Packet Counter Incremented for each good Multicast packet transmitted Excluding MAC control frames rxHCBroadcastPkts Receive Broadcast Packet Counter Incremented for each good Broadcast packet received txHCBroadcastPkts Transmit Broadcast Packe...

Page 309: ...s Receive 2048 to 4095 Byte Frame Counter Incremented for each good or bad includes FCS Symbol Len Type error frame received which is 2048 to 4095 bytes in length inclusive excluding framing bits but including FCS bytes rxHCPkt4096to9216Octets Receive 4096 to 9216 Byte Frame Counter Incremented for each good or bad includes FCS Symbol Len Type error frame received which is 4096 to 9216 bytes in le...

Page 310: ...than 64 bytes in length excluding framing bits but including FCS octets and is otherwise well formed contains a valid FCS rxOversizedPkts Receive Oversized Frame Counter Incremented for each packet received which is longer than 1518 bytes in length excluding framing bits but including FCS octets and is otherwise well formed contain a valid FCS rxFragmentPkts Receive Fragment Counter Incremented fo...

Page 311: ...ernalMacTransmitErrors and dot3StatsCarrierSenseErrors ifInDiscards Receive Discards Packet Counter Incremented for packets received which are dropped due to any condition Such as MTU drop Buffer Full Drop ACL Drop Multicast Drop VLAN Ingress Drop Invalid IPv6 STP Drop Storm and FDB Discard and etc ifInUnknownProtos Receive Discards Unknown and Unsupported protocol Counter Incremented for packets ...

Page 312: ...ed which experienced a late collision during a transmission attempt dot3StatsExcessiveCollisions Transmit Excessive Collision Frame Counter 10 100 mode only incremented for each frame transmitted for which transmission fails due to excessive collisions dot3StatsInternalMacTransmitErr ors Transmit Internal MAC Error Frame counter Incremented for frames for which transmission fails due to an interna...

Page 313: ...splay the VLAN interface information for interface VLAN 1 Switch show interfaces vlan1 VLAN1 is enabled link status is down Interface type VLAN Interface description VLAN 1 for MIS MAC address 08 00 01 22 00 00 Switch This example shows how to display the NULL interface information for interface null0 Switch show interfaces null0 Null0 is enabled link status is up Interface type Null Interface des...

Page 314: ...X oversize 0 RX fragment 0 RX jabber 0 RX dropped Pkts 1212 RX MTU exceeded 0 TX CRC error 0 TX excessive deferral 0 TX single collision 0 TX excessive collision 0 TX late collision 0 TX collision 0 Switch 34 7 show interfaces counters This command is used to display counters on specified interfaces show interfaces INTERFACE ID counters errors Parameters errors Optional Specifies to display the er...

Page 315: ... eth1 0 2 0 0 0 0 eth1 0 3 0 0 0 0 eth1 0 4 0 0 0 0 eth1 0 5 0 0 0 0 eth1 0 6 0 0 0 0 eth1 0 7 0 0 0 0 eth1 0 8 0 0 0 0 Port OutOctets OutMcastPkts OutUcastPkts OutBcastPkts eth1 0 1 5387265 0 9381 0 eth1 0 2 0 0 0 0 eth1 0 3 0 0 0 0 eth1 0 4 0 0 0 0 eth1 0 5 0 0 0 0 eth1 0 6 0 0 0 0 eth1 0 7 0 0 0 0 eth1 0 8 0 0 0 0 Total Entries 8 Switch This example shows how to display switch ports error count...

Page 316: ...0 0 0 0 0 eth2 0 2 0 0 0 0 0 0 0 eth2 0 3 0 0 0 0 0 0 0 eth2 0 4 0 0 0 0 0 0 0 eth2 0 5 0 0 0 0 0 0 0 eth2 0 6 0 0 0 0 0 0 0 eth2 0 7 0 0 0 0 0 0 0 eth2 0 8 0 0 0 0 0 0 0 eth3 0 1 0 0 0 0 0 0 0 eth3 0 2 0 0 0 0 0 0 0 eth3 0 3 0 0 0 0 0 0 0 eth3 0 4 0 0 0 0 0 0 0 Port Giants Symbol Err SQETest Err DeferredTx IntMacTx IntMacRx eth2 0 1 0 0 0 0 0 0 0 eth2 0 2 0 0 0 0 0 0 0 eth2 0 3 0 0 0 0 0 0 0 eth2...

Page 317: ...sions in Display Parameters in the show counters command Carri Sen Refer to the item dot3StatsCarrierSenseErrors in the show counters command Runts Incremented for each packet whose size is less than 64 bytes in length Giants Incremented for each packet whose size is greater than 1518 bytes in length Symbol Err Refer to the item rxSymbolErrors in Display Parameters in the show counters command SQE...

Page 318: ...auto 1000BASE T eth1 0 6 not connected 1 auto auto 1000BASE T eth1 0 7 not connected 1 auto auto 1000BASE T eth1 0 8 connected trunk a full a 1000 1000BASE T eth3 0 1 connected 2 a full a 1000 1000BASE T eth3 0 2 not connected 1 auto auto 1000BASE T Total Entries 10 Switch 34 9 show interfaces utilization This command is used to display the Switch s port utilization show interfaces INTERFACE ID ut...

Page 319: ...This command is used to display detailed auto negotiation information of physical port interfaces show interfaces INTERFACE ID auto negotiation Parameters auto negotiation Specifies to display detailed auto negotiation information INTERFACE ID Optional Specifies the interface ID If no interface is specified the auto negotiation information on all physical port interfaces will be displayed Default ...

Page 320: ...mmand to enable an interface shutdown no shutdown Parameters None Default By default this option is no shutdown Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline The physical port is valid for this configuration This command is also configurable for port channel member ports The command will cause the port to enter the disabled state Under the disabled state ...

Page 321: ...DGS 1510 Series Gigabit Ethernet SmartPro Switch CLI Reference Guide 318 ...

Page 322: ...Level Level 12 Usage Guideline When the adjust priority is highest user defined ACLs cannot manage the traffic of the specific host allowed by IPSG When the adjust priority is changed as lowest user defined ACLs can manage the traffic of the specific host allowed by IPSG Example This example shows how to specify the adjust priority as lowest Switch configure terminal Switch config ip source guard ...

Page 323: ...mple shows how to enable IP Source Guard for eth3 0 1 Switch configure terminal Switch config interface eth3 0 1 Switch config if ip verify source vlan dhcp snooping Switch config if 35 3 ip source binding This command is used to create a static entry used for IP source guard Use the no form of this command to delete a static binding entry ip source binding MAC ADDRESS vlan VLAN ID IP ADDRESS inte...

Page 324: ...LAN 2 on interface eth3 0 10 Switch configure terminal Switch config no ip source binding 00 01 02 03 04 05 vlan 2 10 1 1 1 interface eth3 0 10 Switch config 35 4 show ip source binding This command is used to display an IP source guard binding entry show ip source binding IP ADDRESS MAC ADDRESS dhcp snooping static vlan VLAN ID interface INTERFACE ID Parameters IP ADDRESS Optional Specifies to di...

Page 325: ...to display IP Source Guard binding entries by IP address 10 1 1 10 Switch show ip source binding 10 1 1 10 MAC Address IP Address Lease sec Type VLAN Interface 00 01 01 01 01 01 10 1 1 10 infinite static 100 eth3 0 3 Total Entries 1 Switch This example shows how to display IP Source Guard binding entries by IP address 10 1 1 11 MAC address 00 01 01 01 01 10 at VLAN 100 on interface eth3 0 3 and le...

Page 326: ...one Command Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this command to display the hardware port ACL entries for a port in the hardware table It indicates the hardware filter behavior that IP source guard is verified upon Example This example shows how to display when DHCP snooping is enabled on VLANs 100 to 110 the interface with IP source filter mo...

Page 327: ...P inspection enabled Filter type The type of IP Source Guard in operation ip Just use an IP address to authorize IP packets ip mac Use the IP and MAC address to authorize IP packets Filter Mode active Actively verify IP source entries inactive trust port Enable DHCP snooping to trust ports with no IP source entry verification active inactive no snooping vlan No DHCP snooping VLAN configured with n...

Page 328: ...address used for the ping packet The specified IP address must one of the IP address configured for the Switch The destination address and the source IP must be the same type of address both are IPv4 or IPv6 Default If the timeout parameter is not specified the timeout value will be 1 second Command Mode EXEC Mode Command Default Level Level 1 Usage Guideline Use this command to verify the reachab...

Page 329: ...address field of the permit or deny entry defines the valid or invalid host To permit access via ping specify the source address field and any in the destination address field of the access list if the field is present Default None Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline This command specifies an access list to restrict access via ping The specified ac...

Page 330: ...Command Default Level Level 1 Usage Guideline To interrupt traceroute after the command has been issued press Ctrl C The traceroute command uses the TTL field in the IP header to cause routers and servers to generate specific return messages traceroute starts by sending a UDP datagram to the destination host with the TTL field set to 1 If a router finds a TTL value of 1 or 0 it drops the datagram ...

Page 331: ...he no form of this command to remove the specified forwarding target address ip helper address IP ADDRESS no ip helper address IP ADDRESS Parameters IP ADDRESS Specifies the forwarding target IP address More than one helper address can be specified for an interface Default None Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline This command is only available f...

Page 332: ...orwarded or not Default By default the commonly used application protocols are enabled Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline When the ip helper address command is configured the commonly used application protocols that will be forwarded by default are as follows Trivial File Transfer Protocol TFTP port 69 Domain Naming System port 53 Time service por...

Page 333: ...ommand to display all target addresses for the forwarding of UDP broadcast packets or specify the VLAN ID to display the target addresses for the VLAN interface Example This example shows how to display all helper addresses Switch show ip helper address Interface Helper address vlan100 172 50 71 123 Switch 36 7 show ip forward protocol udp This command is used to display all specified UDP ports sh...

Page 334: ...itch CLI Reference Guide 331 Example This example shows how to display all specified UDP ports Switch show ip forward protocol udp Application UDP Port Time Service 37 IEN 116 Name Service 42 TACACS 49 TFTP 69 NetBIOS NS 137 NetBIOS DS 138 Switch ...

Page 335: ...Command Default Level Level 12 Usage Guideline Use the command to delete the IMPB violation entry from the filtering database Example This example shows how to clear the entry blocked on interface eth1 0 4 Switch clear ip ip mac port binding violation interface eth1 0 4 Switch 37 2 ip ip mac port binding This command is used to enable the IMPB access control for port interfaces Use the no form of ...

Page 336: ...P source guard static binding entry or the DHCP snooping learned dynamic binding entry Example This example shows how to enable the strict mode IMPB access control on eth3 0 10 Switch configure terminal Switch config interface eth3 0 10 Switch config if ip ip mac port binding strict Switch config if 37 3 show ip ip mac port binding This command is used to display the IMPB configuration settings or...

Page 337: ... Strict eth3 0 2 Strict eth3 0 3 Loose eth3 0 4 Loose Total Entries 4 Switch 37 4 snmp server enable traps ip mac port binding This command is used to enable the sending of the SNMP notifications for IP MAC Port Binding Use the no form of this command to disable sending SNMP notifications snmp server enable traps ip mac port binding no snmp server enable traps ip mac port binding Parameters None D...

Page 338: ...Ethernet SmartPro Switch CLI Reference Guide 335 Example This example shows how to enable sending traps for IP MAC Port Binding Switch configure terminal Switch config snmp server enable traps ip mac port binding Switch config ...

Page 339: ...e an IPv6 snooping policy After an IPv6 snooping policy has been created use the ipv6 snooping attach policy command to apply the policy on a specific interface Example This example shows how to create an IPv6 snooping policy named policy1 Switch configure terminal Switch config ipv6 snooping policy policy1 Switch config ipv6 snooping 38 2 protocol This command is used to specify that addresses sh...

Page 340: ...oping Switch configure terminal Switch config ipv6 snooping policy policy1 Switch config ipv6 snooping protocol dhcp Switch config ipv6 snooping 38 3 limit address count This command is used to limit the maximum number of IPv6 snooping binding entries Use the no form of this command to revert to the default setting limit address count MAXIMUM no limit address count Parameters MAXIMUM Specifies the...

Page 341: ... use this command to apply the policy on a specific VLAN Example This example shows how to enable IPv6 snooping on VLAN 200 Switch configure terminal Switch config ipv6 snooping policy policy1 Switch config ipv6 snooping limit address count 100 Switch config ipv6 snooping exit Switch config vlan 200 Switch config vlan ipv6 snooping attach policy policy1 Switch config vlan 38 5 ipv6 snooping statio...

Page 342: ... config 38 6 show ipv6 snooping policy This command is used to display DHCPv6 guard information show ipv6 snooping policy POLICY NAME Parameters POLICY NAME Optional Specifies the DHCPv6 guard policy name Default None Command Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage Guideline If the policy name is specified only the specified policy information is displayed If t...

Page 343: ...DGS 1510 Series Gigabit Ethernet SmartPro Switch CLI Reference Guide 340 Target VLAN The name of the target The target is a VLAN list ...

Page 344: ...r of the manual binding entry Default None Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline The command is used to set the static manual binding entry of the binding table Example This example shows how to configure an IPv6 Source Guard entry with the IPv6 address of 2000 1 and MAC address of 00 01 02 03 04 05 at VLAN 2 on interface eth3 10 Switch configure ter...

Page 345: ...gured traffic Use the no form of this command to disable this function deny global autoconfig no deny global autoconfig Parameters None Default By default this option is permitted Command Mode Source guard Policy Configuration Mode Command Default Level Level 12 Usage Guideline The command is used to deny data traffic from auto configured global address It is useful when all global addresses on a ...

Page 346: ...t is send by the link local address Switch configure terminal Switch config ipv6 source guard policy policy1 Switch config source guard permit link local Switch config source guard 39 5 ipv6 source guard attach policy This command is used to apply IPv6 source guard on an interface Use the no form of this command to remove this source guard from the interface ipv6 source guard attach policy POLICY ...

Page 347: ...source guard policy This command is used to display the IPv6 source guard policy configuration show ipv6 source guard policy POLICY NAME Parameters POLICY NAME Specifies the name of the source guard policy Default None Command Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage Guideline The command is used to display the IPv6 source guard policy configuration If the polic...

Page 348: ...fied entries of the binding table Switch show ipv6 neighbor binding Codes D DHCPv6 Snooping S Static N ND Snooping IPv6 address MAC address Interface VLAN Time left N FE80 A8BB CCFF FE01 F500 AABB CC01 F500 eth0 0 100 8850 S FE80 21D 71FF FE99 4900 001D 7199 4900 eth0 1 100 N A N 2001 600 1 AABB CC01 F500 eth0 0 100 3181 D 2001 300 1 AABB CC01 F500 port channel3 100 9559 D 2001 100 2 AABB CC01 F60...

Page 349: ...e via a RADIUS server through PAP mschap Specifies that the authentication will be done via a RADIUS server through MS CHAP mschapv2 Specifies that the authentication will be done via a RADIUS server through MS CHAPv2 Default By default the JWAC authentication method is PAP Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline This command is used to specify the RAD...

Page 350: ...ct path http www website2 com Switch config jwac redirect destination jwac login page Switch config jwac system auth control Switch config interface eth1 0 1 Switch config if jwac enable Switch config if 40 3 jwac forcible logout This command is used to enable the JWAC forcible logout function Use the no form of this command to disable the JWAC forcible logout function jwac forcible logout no jwac...

Page 351: ...enticated The range is from 1 to 100 Default By default this value is 100 Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline This command is used to configure the maximum authenticating user number for JWAC on the specified interface Example This example shows how to configure the maximum authenticating user number for JWAC to 10 on interface eth1 0 1 Switch c...

Page 352: ...me title STRING password title STRING logout window title STRING copyright line LINE NUMBER title STRING no jwac page element japanese english page title login window title username title password title logout window title copyright line Parameters japanese Specifies to configure Japanese page element english Specifies to configure English page element page title STRING Specifies the title of the ...

Page 353: ...r success login to the network Example This example shows how to configure the page title to be Company Switch configure terminal Switch config jwac page element english page title Company Switch config This example shows how to configure the two line copyright information at the bottom of the authentication page with Line 1 Copyright 2017 All Rights Reserved Line 2 Site http support website com S...

Page 354: ...to the specified URL the quarantine server will request the PC user to input the username and password to authenticate Example This example shows how to configure the JWAC quarantine server URL to be http 10 90 90 88 authpage html Switch configure terminal Switch config jwac quarantine server url ipv4 http 10 90 90 88 authpage html Switch config This example shows how to configure the JWAC quarant...

Page 355: ...antine server timeout SECONDS Parameters SECONDS Specifies the timeout period The range is from 5 to 300 seconds Default By default this value is 30 seconds Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline When the Quarantine server monitor is enabled the JWAC switch will periodically check if the Quarantine server works If the switch does not receive any respo...

Page 356: ...tion When redirect is enabled all Web access is redirected to the quarantine server or JWAC login page When redirecting to the quarantine server is specified a quarantine server must be configured first before enabling the JWAC function globally When redirect is disabled all Web access is denied except for access to the quarantine server or JWAC login page Example This example shows how to enable ...

Page 357: ... the update server network that a PC needs to access in order to complete the JWAC authentication Use the no form of this command to revert to the default setting jwac update server IPV4 PREFIX PREFIX LENGTH IPV6 PREFIX PREFIX LENGTH tcp NUMBER udp NUMBER no jwac update server IPV4 PREFIX PREFIX LENGTH IPV6 PREFIX PREFIX LENGTH tcp NUMBER udp NUMBER Parameters IPV4 PREFIX PREFIX LENGTH Specifies t...

Page 358: ...witch configure terminal Switch config jwac update server 10 90 90 90 24 tcp 80 Switch config 40 13 jwac udp filtering This command is used to enable the JWAC UDP filtering function Use the no form of this command to disable the JWAC UDP filtering function jwac udp filtering no jwac udp filtering Parameters None Default By default this option is enabled Command Mode Global Configuration Mode Comma...

Page 359: ...st PCs subnet otherwise JWAC authentication cannot operate correctly The defined URL only takes effect when the virtual IP address is configured The users get the FQDN URL stored on the DNS server to get the virtual IP address The obtained IP address must match the virtual IP address configured by the command If the IPv4 virtual IP is not configured the IPv4 access cannot start JWAC authentication...

Page 360: ...alue is 1536 bytes Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline This command is available for physical ports configuration Oversize frames will be dropped and checks are carried out on ingress ports Use this command to transfer large frames or jumbo frames through the switch system to optimize server to server performance Example This example shows how t...

Page 361: ...oins a channel group An interface can only join one channel group If the mode on is specified in the command the channel group type is static If the mode active or passive is specified in the command the channel group type is LACP A channel group can only consist of either static members or LACP members Once the type of channel group has been determined other types of interfaces cannot join the ch...

Page 362: ... Example This example shows how to configure the port priority to 20000 on interfaces 1 0 4 to 1 0 5 Switch configure terminal Switch config interface range eth1 0 4 1 0 5 Switch config if lacp port priority 20000 Switch config if 42 3 lacp timeout This command is used to configure the LACP long or short timer Use the no form of this command to return to the default value lacp timeout short long n...

Page 363: ...35 Default The default LACP system priority is 32768 Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline During LACP negotiation the system priority and port priority of the local partner will be exchanged with the remote partner When the maximum number of actual members exceeds the limitation the Switch will use port priority to determine whether a port is operat...

Page 364: ... Switch should examine the MAC source and MAC destination address src ip Specifies that the Switch should examine the IP source address src mac Specifies that the Switch should examine the MAC source address Default The default load balance algorithm is src mac Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline Use this command to specify the load balance algorit...

Page 365: ... will be displayed Example This example shows how to display the detailed information of all port channels Switch show channel group channel detail Flag S Port is requesting Slow LACPDUs F Port is requesting fast LACPDU A Port is in active mode P Port is in passive mode LACP state bndl Port is attached to an aggregator and bundled with other ports hot sby Port is in a hot standby state indep Port ...

Page 366: ...eth1 0 2 32768 00 07 eb 49 5e 80 13 SP 32768 Switch This example shows how to display the load balance information for all channel groups Switch show channel group load balance load balance algorithm src dst mac Switch This example shows how to display the system identifier information Switch show channel group sys id System ID 32765 00 02 4b 29 3a 00 Switch This example shows how to display the s...

Page 367: ...de Privileged EXEC Mode Command Default Level Level 12 Usage Guideline Use this command with the interface keyword to reset LLDP statistics of the specified interface s If the command clear lldp counters is issued with the all keyword to clear global LLDP statistics and the LLDP statistics on all interfaces When no optional keyword is selected only the LLDP global counters will be cleared Example ...

Page 368: ...AN ID protocol identity PROTOCOL NAME Parameters port vlan Specifies the port VLAN ID TLV to send The Port VLAN ID TLV is an optional fixed length TLV that allows a VLAN bridge port to advertise the port s VLAN identifier PVID that will be associated with untagged or priority tagged frames protocol vlan Specifies the Port and Protocol VLAN ID PPVID TLV to send The PPVID TLV is an optional TLV that...

Page 369: ...V optional data type indicates whether to advertise the corresponding local system s protocol identity instance on the port The protocol identity TLV provides a way for devices to advertise protocols that are important to the operation of the network For example protocols like Spanning Tree Protocol Link Aggregation Control Protocol and numerous vendor proprietary variations are responsible for ma...

Page 370: ...ate settings of the sending IEEE 802 3 LAN node link aggregation Optional Specifies the Link Aggregation TLV to send The Link Aggregation TLV indicates contains the following information Whether the link is capable of being aggregated whether the link is currently in an aggregation and the aggregated port channel ID of the port If the port is not aggregated then the ID is 0 power Optional Specifie...

Page 371: ...alue must be between 1 and 10 Default By default this value is 4 Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline When an LLDP MED Capabilities TLV is detected the application layer will start the fast start mechanism This command is used to configure the fast start repeat count which indicates the number of LLDP message transmissions for one complete fast star...

Page 372: ...p hold multiplier 3 Switch config 43 7 lldp management address This command is used to configure the management address that will be advertised on the physical interface Use the no form of this command to remove the settings lldp management address IP ADDRESS IPV6 ADDRESS no lldp management address IP ADDRESS IPV6 ADDRESS Parameters IP ADDRESS Optional Specifies the IPv4 address that is carried in...

Page 373: ...range This example shows how to enable eth3 0 3 and eth3 0 4 for setting the management address entry IPv6 Switch configure terminal Switch config interface range eth3 0 3 3 0 4 Switch config if range lldp management address FE80 250 A2FF FEBF A056 Switch config if range This example shows how to delete the management address 10 1 1 1 from eth3 0 1 and eth3 0 2 If 10 1 1 1 is the last one no Manag...

Page 374: ...sical port configuration This command is used to enable or disable transmitting LLDP MED TLVs When disabling the transmission of the Capabilities TLV LLDP MED on the physical interface will be disabled at the same time In other words all LLDP MED TLVs will not be sent even when other LLDP MED TLVs are enabled to transmit By default the Switch only sends LLDP packets until it receives LLDP MED pack...

Page 375: ... lldp reinit This command is used to configure the minimum time of re initialization the delay interval on the Switch Use the no form of this command to revert to the default setting lldp reinit SECONDS no lldp reinit Parameters SECONDS Specifies the delay value for LLDP initialization on an interface This value must be between 1 and 10 seconds Default By default this value is 2 seconds Command Mo...

Page 376: ... lldp transmit command and the lldp receive command in the interface configuration mode LLDP takes effect on a physical interface only when it is enabled both globally and on the physical interface By advertising LLDP packets the Switch announces the information to its neighbor through physical interfaces On the other hand the Switch will learn the connectivity and management information from the ...

Page 377: ...description TLV allows network management to advertise the IEEE 802 LAN station s port description system capabilities Optional Specifies the system capabilities TLV to send The system capabilities field will contain a bit map of the capabilities that defines the primary functions of the system system description Optional Specifies the system description TLV to send The system description should i...

Page 378: ...it is enabled on all supported interfaces Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline This command is available for physical port configuration This command is used to enable LLDP transmission on a physical interface When LLDP is not running the Switch doesn t transmit LLDP messages Example This example shows how to enable LLDP transmission Switch confi...

Page 379: ...he transmission delay timer to 8 seconds Switch configure terminal Switch config lldp tx delay 8 Switch config 43 16 lldp tx interval This command is used to configure the LLDPDUs transmission interval on the Switch Use the no form of this command to revert to the default setting lldp tx interval SECONDS no lldp tx interval Parameters SECONDS Specifies the interval between consecutive transmission...

Page 380: ...eline Use the snmp server enable traps lldp command to enable the sending of LLDP notifications Use the snmp server enable traps lldp med command to enable the sending of LLDP MED notifications Example This example shows how to enable the LLDP MED trap Switch configure terminal Switch config snmp server enable traps lldp med Switch config 43 18 lldp notification enable This command is used to enab...

Page 381: ...ac address local Parameters port id Specifies the subtype of the port ID TLV mac address Specifies the subtype of the port ID TLV to MAC Address 3 and the field of port ID will be encoded with the MAC address local Specifies the subtype of the port ID TLV to use Locally assigned 7 and the field of port ID will be encoded with the port number Default The subtype of port ID TLV is local port number ...

Page 382: ...witch s general LLDP configuration show lldp Parameters None Default None Command Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command is used to display the LLDP system s global configurations Example This example shows how to display the LLDP system s global configuration status ...

Page 383: ...rnet Asset ID PoE Device Type PSE Device PoE PSE Power Source Primary LLDP Configurations LLDP State Disabled LLDP Forward State Disabled Message TX Interval 30 Message TX Hold Multiplier 4 ReInit Delay 2 TX Delay 2 LLDP MED Configuration Fast Start Repeat Count 4 Switch 43 21 show lldp interface This command is used to display the LLDP configuration at the physical interface show lldp interface I...

Page 384: ... 3 Organizationally Specific TLVs MAC PHY Configuration Status Disabled Power Via MDI Disabled Link Aggregation Disabled Maximum Frame Size Disabled LLDP MED Organizationally Specific TLVs LLDP MED Capabilities TLV Disabled LLDP MED Network Policy TLV Disabled LLDP MED Extended Power Via MDI PSE TLV Disabled LLDP MED Inventory TLV Disabled Switch Display Parameters Enabled Management Address Displ...

Page 385: ...fies the interface s ID Valid interfaces are physical interfaces Optional Specifies a series of interfaces or separate a range of interfaces from a previous range No spaces before and after the comma Optional Specifies a range of interfaces No spaces before and after the hyphen brief Optional Specifies to display the information in brief mode detail Optional Specifies to display the information in...

Page 386: ...C q Quit SPACE n Next Page ENTER Next Entry a All This example shows how to display the local information of port 1 in normal mode Switch show lldp local interface ethernet 1 0 1 Port ID eth1 0 1 Port ID Subtype Local Port ID eth1 0 1 Port Description D Link Corporation DGS 1510 28XMP 1 40 014 Port 1 on Unit 1 Port PVID 1 Management Address Count 2 PPVID Entries Count 0 VLAN Name Entries Count 1 P...

Page 387: ...ement address information show lldp management address IP ADDRESS IPV6 ADDRESS Parameters IP ADDRESS Optional Specifies to display the LLDP management information for a specific IPv4 address IPV6 ADDRESS Optional Specifies to display the LLDP management information for a specific IPv6 address Default None Command Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage Guidelin...

Page 388: ...p neighbors interface INTERFACE ID brief detail Parameters INTERFACE ID Specifies the interface ID Optional Specifies a series of interfaces or separate a range of interfaces from a previous range No spaces before and after the comma Optional Specifies a range of interfaces No spaces before and after the hyphen brief Optional Specifies to display the information in brief mode detail Optional Speci...

Page 389: ...DGS 1510 Series Gigabit Ethernet SmartPro Switch CLI Reference Guide 386 Example This example shows how to display information about neighboring devices learned by LLDP on eth4 0 9 in detailed mode ...

Page 390: ...ne Protocol ID Entries Count 0 None MAC PHY Configuration Status None Power Via MDI None Link Aggregation None Maximum Frame Size 0 Unknown TLVs Count 0 None LLDP MED capabilities LLDP MED device class Endpoint device class III LLDP MED capabilities support LLDP MED capabilities Support Network Policy Support Location identification Not Support Extended power via MDI Support Inventory Support LLDP...

Page 391: ...DGS 1510 Series Gigabit Ethernet SmartPro Switch CLI Reference Guide 388 Switch This example shows how to display remote LLDP information in the normal mode ...

Page 392: ... See Detail Network policy See Detail Extended Power Via MDI See Detail Inventory Management See Detail Unknown TLVs Count 2 Entity 2 Chassis ID Subtype MAC Address Chassis ID 00 01 02 03 04 02 Port ID Subtype Local Port ID eth2 0 1 Port Description RMON Port 1 on Unit 2 System Name Switch2 System Description Stackable Ethernet Switch System Capabilities Supported Repeater Bridge System Capabiliti...

Page 393: ...t 1 on Unit 4 Port ID eth3 0 2 Remote Entities Count 3 Entity 1 Chassis ID Subtype MAC Address Chassis ID 00 01 02 03 04 03 Port ID Subtype Local Port ID eth2 0 1 Port Description RMON Port 2 on Unit 1 Entity 2 Chassis ID Subtype MAC Address Chassis ID 00 01 02 03 04 04 Port ID Subtype Local Port ID eth2 0 2 Port Description RMON Port 2 on Unit 2 Entity 3 Chassis ID Subtype MAC Address Chassis ID ...

Page 394: ...onds Total Inserts Total number of inserts to the remote data table Total Deletes Total number of deletes from the remote data table Total Drops Total number of times the complete remote data received was not inserted due to insufficient resources Total Ageouts Total number of times a complete remote data entry was deleted because the Time to Live interval expired 43 26 show lldp traffic interface...

Page 395: ...LV Unknowns 0 Total Ageouts 0 Switch Display Parameters Total Transmits The total number of LLDP packets transmitted on the port Total Discards The total number of LLDP frames discarded on the port for any reason Total Errors The number of invalid LLDP frames received on the port Total Receives The total number of LLDP packets received on the port Total TLV Discards The number of TLVs discarded To...

Page 396: ... the port will periodically send VLAN based LBD packets for each VLAN that the port has membership of the VLAN is enabled for loop detection If the port is a tagged member of the detecting VLAN tagged LBD packets are sent If the port is an untagged member of the detecting VLAN untagged LBD packets are sent If there is a loop occurrence on the VLAN path then packet transmitting and receiving will b...

Page 397: ...e Interface Configuration Mode Command Default Level Level 12 Usage Guideline Use this command to enable the loopback detection function on an interface This command is available for port and port channel interface configuration Example This example shows how to enable the loopback detection function on interface eth3 0 1 Switch configure terminal Switch config interface eth3 0 1 Switch config if ...

Page 398: ...etection action none Switch config 44 4 loopback detection address type This command is used to configure the destination address type in LBD packets for loopback detection Use the no command to return this to the default setting loopback detection address type multicast broadcast no loopback detection address type Parameters multicast Specifies that only multicast LBD packet will be sent The dest...

Page 399: ...n Mode Command Default Level Level 12 Usage Guideline Use this command to configure the interval at which LBD packets are sent to discover the loop occurrence Example This example shows how to configure the time interval to 20 seconds Switch configure terminal Switch config loopback detection interval 20 Switch config 44 6 loopback detection vlan This command is used to configure the VLANs to be e...

Page 400: ... 200 for loop detection Switch configure terminal Switch config loopback detection vlan 100 200 Switch config 44 7 show loopback detection This command is used to display the current loopback detection control settings show loopback detection interface INTERFACE ID Parameters interface INTERFACE ID Optional Specifies the interface s ID to be displayed Optional Specifies a series of interfaces or s...

Page 401: ... detection interface eth1 0 1 Interface State Result Time Left sec eth1 0 1 Disabled Normal Switch Display Parameters Interface Indicates the port that has loopback detection enabled Status Indicates the function state on the port Result Indicates whether a loop is detected Time Left The remaining time before being auto recovered 44 8 snmp server enable traps loopback detection This command is use...

Page 402: ... 12 Usage Guideline Use this command to enable or disable the sending SNMP notifications of loopback detection Example This example shows how to enable the sending SNMP notifications of loopback detection Switch configure terminal Switch config snmp server enable traps loopback detection Switch config ...

Page 403: ...enticate a user by MAC address when the user is trying to access the network via the Switch The Switch itself can perform the authentication based on a local database or be a RADIUS client and perform the authentication process via the RADIUS protocol with a remote RADIUS server Example This example shows how to enable MAC authentication globally Switch configure terminal Switch config mac auth sy...

Page 404: ...ication Use the no form of this command to reset the password to the default setting mac auth password 0 7 STRING no mac auth password Parameters 0 Optional Specifies the password in the clear text form If neither 0 nor 7 are specified the default form will be clear text 7 Optional Specifies the password in the encrypted form If neither 0 nor 7 are specified the default form will be clear text pas...

Page 405: ...fault Level Level 12 Usage Guideline This command is used to configure the username used in the authentication of MAC address users The username is used in the authentication via both the local database and remote servers If the command is not configured the username for authentication of the MAC address user is formatted based on the MAC address Example This example shows how to configure the use...

Page 406: ...n Mode Command Default Level Level 12 Usage Guideline Use this command to enable or disable sending SNMP notifications for MAC authentication Example This example shows how to enable sending trap for MAC authentication Switch configure terminal Switch config snmp server enable traps mac auth Switch config ...

Page 407: ...are valid as destination interfaces for monitor sessions For a monitor session multiple source interfaces can be specified but only one destination interface can be specified An interface cannot be a source interface of one session and destination port of another session simultaneously An interface can be configured as the destination interface of multiple sessions but it can be a source interface...

Page 408: ...sage Guideline Both physical ports and port channels are valid as source interfaces of monitor sessions For a monitor session multiple source interfaces can be specified but only one destination interface can be specified An interface cannot be a source interface of one session and destination port of another session simultaneously An interface can be configured as destination interface of multipl...

Page 409: ... the session number 2 It assigns the MAC access list MAC Monitored flow as the monitor source Switch configure terminal Switch config monitor session 2 destination interface ethernet1 0 1 Switch config monitor session 2 source acl MAC Monitored flow Switch config 46 4 show monitor session This command is used to display all or a specific port mirroring session show monitor session SESSION NUMBER P...

Page 410: ...de 407 Switch show monitor session 1 Session 1 Session Type local session Destination Port Ethernet1 0 1 Source Ports Both Ethernet1 0 2 only for TX forwarding Ethernet1 0 3 only for TX forwarding Ethernet1 0 4 RX Ethernet1 0 5 TX Ethernet1 0 7 Total Entries 1 Switch ...

Page 411: ...s are cleared interface INTERFACE ID Specifies the interface used Default None Command Mode Privilege EXEC Mode Command Default Level Level 12 Usage Guideline This command is used to clear the statistic counter of the Switch Example This example shows how to clear all MLD snooping statistics Switch clear ipv6 mld snooping statistics all Switch 47 2 ipv6 mld snooping This command is used to enable ...

Page 412: ...MLD snooping on VLAN 1 Switch configure terminal Switch config vlan 1 Switch config vlan ipv6 mld snooping Switch config vlan 47 3 ipv6 mld snooping fast leave This command is used to configure MLD snooping fast leave on the interface Use the no form of this command to disable the fast leave option on the specified interface ipv6 mld snooping fast leave no ipv6 mld snooping fast leave Parameters N...

Page 413: ...nly available for VLAN interface configuration On receiving an MLD done message the MLD snooping querier will assume that there are no local members on the interface if there are no reports received after the response time Users can lower this interval to reduce the amount of time it takes a switch to detect the loss of the last member of a group Example This example shows how to configure the las...

Page 414: ...e configured VLAN The multicast router port can be either dynamically learned or statically configured into an MLD snooping entity With the dynamic learning the MLD snooping entity will listen to MLD and PIMv6 packet to identify whether the partner device is a router Example This example shows how to configure eth2 0 1 as an MLD snooping multicast router port and eth1 0 2 as an MLD snooping forbid...

Page 415: ...hows how to enable MLD snooping proxy reporting on VLAN 1 Switch configure terminal Switch config vlan 1 Switch config vlan ipv6 mld snooping proxy reporting Switch config vlan 47 7 ipv6 mld snooping querier This command is used to enable the MLD snooping querier on the Switch Use the no form of this command to disable the MLD snooping querier function ipv6 mld snooping querier no ipv6 mld snoopin...

Page 416: ...his value is 125 seconds Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline The command is only available for VLAN interface configuration The query interval is the interval between General Queries sent by the Querier By varying the query interval an administrator may tune the number of MLD messages on the network larger values cause MLD Queries to be sent les...

Page 417: ...ure terminal Switch config vlan 1000 Switch config vlan ipv6 mld snooping query max response time 20 Switch config vlan 47 10 ipv6 mld snooping query version This command is used to configure the general query packet version sent by the MLD snooping querier Use the no form of this command to revert to the default setting ipv6 mld snooping query version 1 2 no ipv6 mld snooping query version Parame...

Page 418: ...nly works for MLDv1 traffic When report suppression is enabled the Switch suppresses the duplicate reports sent by hosts The suppression for the same group report or leave will continue until the suppression time expired For report or leave messages to the same group only one report or leave message is forwarded The remaining report and leave messages are suppressed Example This example shows how ...

Page 419: ...esponse interval Last listener query count The number of group specific queries sent before the router assumes there are no local listeners of a group The default number is the value of the robustness variable User can increase this value if a subnet is expected to be loose Example This example shows how to configure the robustness variable to be 3 on interface VLAN 1000 Switch configure terminal ...

Page 420: ...ipv6 mld snooping suppression time SECONDS no ipv6 mld snooping suppression time Parameters SECONDS Specifies to configure the interval of suppressing duplicates MLD reports The range is 1 to 300 Default By default this value is 10 seconds Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline The command is only available for VLAN interface configuration Report s...

Page 421: ... MLDv1 hosts to join VLAN 1 Switch configure terminal Switch config vlan 1 Switch config vlan ipv6 mld snooping minimum version 2 Switch config vlan 47 16 show ipv6 mld snooping This command is used to display MLD snooping information on the Switch show ipv6 mld snooping vlan VLAN ID Parameters vlan VLAN ID Optional Specifies the VLAN to be displayed Default None Command Mode EXEC Mode or Any Conf...

Page 422: ...tries 1 Switch 47 17 show ipv6 mld snooping groups This command is used to display MLD snooping group related information learned on the Switch show ipv6 mld snooping groups IPV6 ADDRESS vlan VLAN ID Parameters IPV6 ADDRESS Optional Specifies the group IPv6 address If no IPv6 address is specified all MLD group information will be displayed vlan VLAN ID Optional Specifies the VLAN interface If no i...

Page 423: ...snooping multicast router port information automatically learned or manually configured on the Switch show ipv6 mld snooping mrouter vlan VLAN ID Parameters vlan VLAN ID Optional Specifies the VLAN If no VLAN is specified MLD snooping Multicast Router Information on all VLANs will be displayed Default None Command Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage Guideli...

Page 424: ...pv6 mld snooping static group GROUP ADDRESS vlan VLAN ID Parameters GROUP ADDRESS Specifies the group IPv6 address to be displayed vlan VLAN ID Specifies the VLAN ID to be displayed Default None Command Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command displays the MLD snooping static group information Example This example shows how to display MLD ...

Page 425: ...vel Level 1 Usage Guideline This command displays the MLD snooping related statistics information Example This example shows how to display MLD snooping statistics information Switch show ipv6 mld snooping statistics interface Interface eth4 0 1 Rx V1Report 1 v2Report 2 Query 1 v1Done 2 Tx v1Report 1 v2Report 2 Query 1 v1Done 2 Interface eth4 0 3 Rx V1Report 0 v2Report 0 Query 0 v1Done 0 Tx v1Repo...

Page 426: ...interfaces from a previous range No space is allowed before and after the comma Optional Specifies a range of VLAN No space is allowed before and after the hyphen Default None Command Mode MST Configuration Mode Command Default Level Level 12 Usage Guideline Any unmapped VLAN is mapped to the CIST instance When mapping the VLANs to an instance if the instance doesn t exist this instance will be cr...

Page 427: ...ferent Example This example shows how to configure the MSTP configuration name to MName Switch configure terminal Switch config spanning tree mst configuration Switch config mst name MName Switch config mst 48 3 revision This command is used to configure the revision number for the MST configuration Use the no form of this command to revert to the default setting revision VERSION no revision Param...

Page 428: ...e designated instance only Define multiple instances by using to specify a series of instances or to separate a range of instances from a previous range Use to specify a range of instances No space before and after the comma or hyphen interface INTERFACE ID Specifies to display the STP information for the specified interface Optional Specifies a series of interfaces or separate a range of interfac...

Page 429: ...0 00 00 00 priority 0 Regional Root address 00 00 00 00 00 00 priority 0 Designated bridge address 00 00 00 00 00 00 priority 0 port id 0 0 Switch This example shows how to display MSTP detailed information for interface eth1 0 1 Switch show spanning tree mst interface eth1 0 1 detail eth1 0 1 Configured link type auto operation status point to point Configured fast forwarding auto operation statu...

Page 430: ...xample shows how to display MSTP summary information for interfaces eth3 0 3 to eth 3 0 4 Switch show spanning tree mst interface eth3 0 3 4 eth3 0 3 Configured link type auto operation status point to point Configured fast forwarding auto operation status edge Bpdu statistic counter sent 4 received 0 Priority Instance Role State Cost Port MST00 designated forwarding 20000 128 3 MST01 backup block...

Page 431: ...s 0 21 4094 1 1 10 2 11 20 Switch 48 5 spanning tree mst This command is used to configure the path cost and port priority parameters for any MST instance including the CIST with instance ID 0 Use the no form of this command to revert to the default setting spanning tree mst INSTANCE ID cost COST port priority PRIORITY no spanning tree mst INSTANCE ID cost port priority Parameters INSTANCE ID Spec...

Page 432: ...tion Mode Use the no form of this command to revert to the default setting spanning tree mst configuration no spanning tree mst configuration Parameters None Default None Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline This command is used to enter the MST Configuration Mode Example This example shows how to enter the MST Configuration Mode Switch configure te...

Page 433: ... mst max hops 19 Switch config 48 8 spanning tree mst hello time This command is used to configure the per port hello time used in the MSTP version Use the no form of this command to revert to the default setting spanning tree mst hello time SECONDS no spanning tree mst hello time Parameters SECONDS Specifies to determine the time interval to send one BPDU at the designated port This value is eith...

Page 434: ...ority Parameters INSTANCE ID Specifies the MSTP instance identifier Instance 0 represents the default instance CIST PRIORITY Specifies the bridge priority value that must be divisible by 4096 The range is from 0 to 61440 Default By default this value is 32768 Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline The priority has same meaning with as the bridge prior...

Page 435: ...e Command Default Level Level 12 Usage Guideline This command is used to create an ND inspection policy This command will enter into the ND inspection policy configuration mode ND inspection is mainly for inspection of Neighbor Solicitation NS and Neighbor Advertisement NA messages Example This example shows how to create an ND policy name called policy1 Switch configure terminal Switch config ipv...

Page 436: ...is command is used to specify the role of the attached device Use the no form of this command to revert to the default setting device role host router no device role Parameters host Specifies to set the role of the device to host router Specifies to set the role of the device to router Default By default the device s role is host Command Mode ND Inspection Policy Configuration Mode Command Default...

Page 437: ...uideline This command is available for physical port and port channel configuration The command is used to apply the ND Inspection policy on a specified interface If no policy name is specified the behavior of the default policy is as follows NS NA messages are inspected Layer 2 header source MAC address validations are disabled Example This example shows how to apply ND inspection policy called p...

Page 438: ...f the policy name is specified only the specified policy information is displayed If the policy name is not specified information is displayed for all policies Example This example shows how to display the policy configuration for a policy named inspect1 and all the interfaces where the policy is applied Switch show ipv6 nd inspection policy inspect1 Policy inspect1 configuration Device Role host ...

Page 439: ... packets If the authentication host mode is set to multi host the port will be added as a guest VLAN member port and the PVID of the port will change to guest VLAN Traffic that comes from guest VLAN can be forward whatever whether authenticated Traffic that comes from other VLANs will still be dropped until it pass authentication When one host passes authentication the port will leave the guest VL...

Page 440: ...hentication mode is changed to multi host the previous authentication VLAN s on this port will be cleared Default By default multi auth is used Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline If the port is operated in the multi host mode and if one of the hosts is authenticated then all other hosts are allowed to access the port According to 802 1X authent...

Page 441: ...ctive session is terminated Use the no form of this command to disable the inactivity timer authentication timer inactivity SECONDS no authentication timer inactivity Parameters SECONDS Specifies to configure the timer after which an inactive session is terminated The range is from 120 to 65535 Default By default this option is disabled Command Mode Interface Configuration Mode Command Default Lev...

Page 442: ...lt this value is 3600 seconds Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline Use this command to configure the re authentication timer Example This example shows how to configure the re authentication timer value to 200 for eth1 0 1 Switch configure terminal Switch config interface eth1 0 1 Switch config if authentication timer reauthentication 200 Switch ...

Page 443: ...al database authentication username NAME password 0 7 PASSWORD vlan VLAN ID no authentication username NAME vlan Parameters NAME Specifies the username with a maximum of 32 characters 0 Optional Specifies the password in the clear text form If neither 0 nor 7 are specified the default form is clear text 7 Optional Specifies the password in the encrypted form If neither 0 nor 7 are specified the de...

Page 444: ...ce INTERFACE ID Specifies a port to clear sessions mac address MAC ADDRESS Specifies a specific user to clear session Default None Command Mode Privileged EXEC Mode Command Default Level Level 12 Usage Guideline Use this command to clear the authentication sessions Example This example shows how to remove authentication sessions on Ethernet port 1 0 1 Switch clear authentication sessions interface...

Page 445: ...he format is AABB CCDD EEFF 5 Multiple delimiters the format is AA BB CC DD EE FF If none is chosen for delimiter the number does not take effect Default The default authentication MAC address case is uppercase The default authentication MAC address delimiter is dot The default authentication MAC address delimiter number is 2 Command Mode Global Configuration Mode Command Default Level Level 12 Us...

Page 446: ...y but MAC based Access Control is disabled and JWAC and 802 1X are enabled then user must pass either the JWAC or 802 1X method If the method is mac jwac or mac wac the user is authorized after two methods are authenticate passed If any of the methods failed the user is rejected If the related method s global or port state is not enabled the user is rejected due to not authenticated pass After aut...

Page 447: ...the new maximum is less than the current number of users the command will be rejected and the error message will be prompted Example This example shows how to set the maximum authenticated users for system Switch configure terminal Switch config authentication max users 256 Switch config 50 12 authentication mac move deny This command is used to disable MAC move on the Switch Use the no form of th...

Page 448: ...moves to another port then this is treated as a violation error Example This example shows how to enable MAC move on the Switch Switch configure terminal Switch config authentication mac move deny Switch config 50 13 authorization disable This command is used to disable the acceptance of the authorized configuration Use the no form to enable the acceptance of the authorized configuration authoriza...

Page 449: ...s allowed before and after the comma Optional Specifies a range of interfaces No space is allowed before and after the hyphen mac address MAC ADDRESS Optional Specifies to display a specific user Default None Command Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this command without parameters to display the sessions associated with all ports Example Th...

Page 450: ...assed authentication Method The Authentication method such as 802 1X MAC Auth Web Auth JWAC and so on State The method authentication state Authenticating Host is under authentication by this method Success Host pass this method authentication Selected This method s authentication result is taken and parsed by system for the host Failure Host fail at this method authentication No Information Authe...

Page 451: ... the following values REQUEST Indicates that the state machine has received an EAP request packet from the authentication server and is relaying that packet to the Supplicant as an EAPOL encapsulated frame RESPONSE Indicates that the state machine has received an EAPOL encapsulated EAP Response packet from the supplicant and is relaying the EAP packet to the authentication Server SUCCESS Indicates...

Page 452: ...pt to modify the state of the server noquery Optional Specifies to deny all NTP control queries nopeer Optional Specifies to deny packets that might mobilize an association unless authenticated The packets include broadcast symmetric active and manycast server packets when a configured association does not exist Note that this flag does not apply to packets that do not attempt to mobilize an assoc...

Page 453: ... config ntp access group 128 175 0 0 mask 255 255 0 0 Switch config ntp access group 128 4 1 0 mask 255 255 255 0 notrust Switch config ntp access group 192 43 244 18 Switch config 51 2 ntp authenticate This command is used to enable NTP authentication Use the no form of this command to disable NTP authentication ntp authenticate no ntp authenticate Parameters None Default By default this option i...

Page 454: ...mmand to remove the key Example This example shows how to define an authentication key with the key ID 45 and key string NTPKey Switch configure terminal Switch config ntp authentication key 45 md5 NTPKey Switch config 51 4 ntp control key This command is used to define the key ID for the NTP control messages Use the no form of this command to remove the key ntp control key KEY ID no ntp control k...

Page 455: ...de Interface Configuration Mode Command Default Level Level 12 Usage Guideline This command is used to prevent an interface from receiving NTP packets Use the no form of this command to receive NTP packets on an interface Example This example shows how to prevent VLAN 1 interface from receiving NTP packets Switch configure terminal Switch config interface vlan1 Switch config if ntp disable Switch ...

Page 456: ...nd is used to configure the maximum number of NTP peers and clients on the Switch Use the no form of this command to revert to the default setting ntp max associations NUMBER no ntp max associations Parameters NUMBER Specifies the number of NTP associations This value must be between 1 and 64 Default By default the value is 32 Command Mode Global Configuration Mode Command Default Level Level 12 U...

Page 457: ...erval for NTP messages This value is calculated as 2 to the power of the minimum poll interval value specified For example if the value specified here is 6 the minimum poll interval that will be used is 64 seconds 26 64 INTERVAL Optional Specifies to enter the minimum poll interval value The default value is 6 max poll Optional Specifies the maximum poll interval for NTP messages This value is cal...

Page 458: ...h config 51 10 ntp server This command is used to enable the Switch to synchronize the time with an NTP server Use the no form of this command to disable this feature ntp server IP ADDRESS IPv6 ADDRESS version NUMBER key KEY ID prefer min poll INTERVAL max poll INTERVAL no ntp server IP ADDRESS IPv6 ADDRESS Parameters IP ADDRESS Specifies the IPv4 address of the NTP server IPv6 ADDRESS Specifies t...

Page 459: ...value is 10 Default None Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline This command is used to enable the Switch to synchronize the time with an NTP server Use the no form of this command to disable this feature Example This example shows how to configure the IP address of the NTP server to 192 168 10 33 using NTP version 2 Switch configure terminal Switch c...

Page 460: ...form of this command to disable this feature ntp update calendar no ntp update calendar Parameters None Default By default this option is disabled Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline This command is used to periodically update the hardware clock from an NTP source Use the no form of this command to disable this feature Example This example shows ho...

Page 461: ...to display the status of NTP associations show ntp associations detail Parameters detail Optional Specifies to display detail information about each NTP association Default Not applicable Command Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command is used to display the status of NTP associations Example This example shows how to display the NTP asso...

Page 462: ...ation 8356 Reach 000 Unreach 17 Flash 0x1400 Timer 840s flags Config Reference Timestamp 00000000 00000000 Thu Feb 7 2036 6 28 16 00000 Originate Timestamp 00000000 00000000 Thu Feb 7 2036 6 28 16 00000 Receive Timestamp 00000000 00000000 Thu Feb 7 2036 6 28 16 00000 Transmit Timestamp 00000000 00000000 Thu Feb 7 2036 6 28 16 00000 Filter Delay 0 00000 0 00000 0 00000 0 00000 0 00000 0 00000 0 000...

Page 463: ...nosing problems Timer The peer timer in seconds Flags The peer flags Reference Timestamp The time that the system clock was last set or corrected Originate Timestamp The time that the request departed for the server at the client Receive Timestamp The time that the request arrived from the client at the server Transmit Timestamp The time that replied to the client at the server Filter Delay Round ...

Page 464: ...00 s Switch Display Parameters Remote The IP address of the peer Local The IP address of the Switch Our mode Our mode relative to the peer This field can display the following modes active passive client server bdcast and bdcastclient Peer mode The peer s mode relative to us Leap Indicator Synchronized The Switch is synchronized to an NTP peer Unsynchronized The Switch is not synchronized to any N...

Page 465: ... Gigabit Ethernet SmartPro Switch CLI Reference Guide 462 Kernel The kernel support is enabled Stats System status control Jitter System jitter Stability Frequency stability wander s s Auth Delay Authentication Delay ...

Page 466: ...ed before and after the comma Optional Specifies a range of interfaces No space is allowed before and after the hyphen vlan VLAN ID Specifies to delete the auto learned secured entry learned with the specified VLAN Default None Command Mode Privileged EXEC Mode Command Default Level Level 12 Usage Guideline This command clears auto learned secured entries either dynamic or permanent Example This e...

Page 467: ...ax Curr Violation Violation Security Admin Current No No No Act Count Mode State State eth1 0 1 5 2 Restrict 0 D Enabled Forwarding eth1 0 2 10 10 Shutdown 0 D Enabled Err disabled eth1 0 3 10 0 Shutdown 0 P Disabled Switch 52 3 snmp server enable traps port security This command is used to enable sending SNMP notifications for port security address violation Use the no form of this command to dis...

Page 468: ...ddresses allowed If not specified the default value is 32 The valid range is from 0 to 6656 protect Optional Specifies to drop all packets from the insecure hosts at the port security process level but does not increment the security violation count restrict Optional Specifies to drop all packets from the insecure hosts at the port security process level and increments the security violation count...

Page 469: ...reases If the maximum number is changed to a lower value which is lower than the existing entry number the command is rejected A port security enabled port has the following restrictions The port security function cannot be enabled simultaneously with 802 1X MAC MAC based Access Control JWAC WAC and IMPB that provides more advanced security capabilities If a port is specified as the destination po...

Page 470: ...ies to set absolute aging type All the secure addresses on this port age out exactly after the time specified and is removed from the secure address list This is the default type inactivity Specifies to set the inactivity aging type The secure addresses on this port age out only if there is no data traffic from the secure source address for the specified time period Default By default the port sec...

Page 471: ...ecurity limit global Parameters VALUE Specifies the maximum number of port security entries that can be learned on the system The range is from 1 to 6656 If the setting is smaller than the number of current learned entries the command will be rejected Default None Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline Use this command to set the limit on the port sec...

Page 472: ...Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline This command is used to configure a description for the PD connected to the port Example This example shows how to configure the PoE PD description on interface eth3 0 1 Switch configure terminal Switch config interface eth3 0 1 Switch config if poe pd description For VOIP usage Switch config if 53 2 poe pd le...

Page 473: ...e port gains the second high priority low Specifies the PD connected to the port gains the lowest priority Default By default this option is set as low Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline Since the power budget is limited as more PDs are added to the system the power source may not be sufficient to supply the power The PoE system enters the powe...

Page 474: ...ower The PoE system enters the power critical section when the remaining power budget is not enough to serve the new added PD The poe policy preempt command configures whether to disconnect the PD which is powered with lower priority in order to release the power to the new connected PD with higher priority under power shortage condition If the policy preempt setting is disabled then the policy is...

Page 475: ...ed then the class of the PD automatically determines the maximum wattage that can be provisioned The PD will not be provisioned if it requests more wattage than the maximum wattage Use this command to also specify a time range with a port Once a PoE port is associated with a time range profile it will only be activated during the time frame specified in the profile That is the PD will not get powe...

Page 476: ...o be configured This parameter is only available if stacking is enabled PERCENTAGE Specifies the usage threshold to generate a log The valid range is from 1 to 99 The unit is percentage Default By default this value is 99 Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline When the usage threshold is configured if the utilization of the PSE exceeds the configured ...

Page 477: ...e Switch config 53 8 clear poe statistic This command is used to clear the statistic counters on the port clear poe statistic all interface INTERFACE ID Parameters all Specifies to clear PoE statistics for all interfaces interface INTERFACE ID Specifies the interface ID of an interface Optional Specifies a series of interfaces or separate a range of interfaces from a previous range No spaces befor...

Page 478: ...paces before and after the hyphen status Specifies to display the port PoE status configuration Specifies to display the port configuration information statistics Specifies to display the port error counters measurement Specifies to display the port voltage current consumed power and temperature lldp classification Specifies to display the data link layer classification using information of power ...

Page 479: ...e PoE interface ID State The port status can be of the following Disabled The PSE function is disabled Searching The remote PD is not connected Requesting The remote PD is inserted but the PSE doesn t provide power yet Delivering The remote PD is now powering by PoE system Faulty X The device detection or a powered device is in a faulty state X is the error code number 1 MPS Maintain Power Signatu...

Page 480: ...detected and maximum power is the user configured value Never The powered device will not be detected and no power to the port Priority The priority used to prioritize the service order when power constrain happens within at the power unit Legacy Support Enabled The legacy PD can be detected Disabled The legacy PD cannot be detected Time Range The time range profile name which sets the activation ...

Page 481: ... power to the attached PD then this counter is increased Invalid Signature Increased if the PSE detects a PD who has an invalid PD signature Example This example shows how to display the PoE power inline measurement Switch show poe power inline measurement Interface Voltage V Current mA Temperature C Power W eth3 0 1 54 2 109 35 5 9 eth3 0 2 55 196 38 10 8 Output suppressed eth4 0 1 54 6 197 32 10...

Page 482: ...2 0 2 PSE TX information Power type type 2 PSE Power source primary power source Power priority high PD requested power value 0 0W PSE allocated power value 0 0W Information from PD none Interface eth3 0 3 PSE TX information Power type type 2 PSE Power source primary power source Power priority low PD requested power value 20 0W PSE allocated power value 20 0W Information from PD Power type type 2...

Page 483: ...il Parameters UNIT ID Specifies the stacking unit s ID to be displayed This parameter is only available if stacking is enabled detail Optional Specifies to display more detailed chip parameter information Default None Command Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command displays the detailed power information and PoE chip parameters for PoE mo...

Page 484: ...e PoE sub system Device ID The hardware version of the PoE chip S W version The firmware version of the PoE chip 53 11 poe pd alive This command is used to enable the PD alive check function for the PD connected to the PoE port Use the no form of this command to disable the function poe pd alive ip IP ADDRESS interval INTERVAL TIME retry RETRY COUNT waiting time WAITING TIME action reset notify bo...

Page 485: ... be configured by using the poe pd alive ip command before executing the PD alive check The system needs to periodically monitor the specific PD by using the ping function When there is no response the system takes one of the actions configured by the poe pd alive action command The interval between retry attempts can be configured by the poe pd alive interval command The system implements the ret...

Page 486: ...example shows how to configure the interval between ping requests Switch configure terminal Switch config interface eth1 0 2 Switch config if poe pd alive interval 60 Switch config if This example shows how to configure the retry counts of ping requests Switch configure terminal Switch config interface eth1 0 2 Switch config if poe pd alive retry 4 Switch config if This example shows how to config...

Page 487: ... Mode Command Default Level Level 1 Usage Guideline Use this command to display the PD alive check settings on the specified ports When no optional parameter is specified information of all PoE ports will be displayed Example This example shows how to display the PD alive check settings on interface eth1 0 1 2 Switch show poe pd alive interface eth1 0 1 2 Port ID eth1 0 1 PD Alive State Enabled PD...

Page 488: ...ve power Example This example shows how to disable the port LED function Switch configure terminal Switch config dim led Switch config 54 2 power saving This command is used to enable individual power saving functions Use the no form of this command to disable these functions power saving link detection port shutdown dim led hibernation no power saving link detection port shutdown dim led hibernat...

Page 489: ... to enable power saving by shutting off the Switch s ports and toggle the Switch into the hibernation mode Switch configure terminal Switch config power saving port shutdown Switch config power saving hibernation Switch config 54 3 power saving eee This command is used to enable the Energy Efficient Ethernet EEE function on the specified port s Use the no form of this command to disable the EEE fu...

Page 490: ... length is 32 characters Default None Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline Use this command to add or delete a time range profile for the dim LED schedule When the schedule is up all port s LED will be turned off Example This example shows how to add a time range profile for the dim LED schedule Switch configure terminal Switch config power saving d...

Page 491: ... shows how to add a time range profile for the hibernation schedule Switch configure terminal Switch config power saving hibernation time range off duty Switch config 54 6 power saving shutdown time range This command is used to configure the time range profile for the port shutdown schedule Use the no form of this command to delete the specified time range profile power saving shutdown time range...

Page 492: ...tdown Optional Specifies to display the port shutdown state hibernation Optional Specifies to display the hibernation state eee Optional Specifies to display the EEE state Default None Command Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage Guideline If no optional keywords were specified all power saving configuration information will be displayed Example This example...

Page 493: ...DGS 1510 Series Gigabit Ethernet SmartPro Switch CLI Reference Guide 490 ...

Page 494: ...line Use this command to create an IP static route Floating static route is supported This means that there could be two routes with the same destination network address and different next hop If primary or backup is not specified the static route will be automatically determined to be a primary route or a backup route Primary route has higher priority than backup route and is always be used for f...

Page 495: ...etwork address and different next hop If primary or backup is not specified the static route will be automatically determined to be a primary route or a backup route Primary route has higher priority than backup route and is always be used for forwarding when it is active When primary is down the backup route will be used Example This example shows how to create a static route destined to the netw...

Page 496: ...C connected S static candidate default Gateway of last resort is not set C 10 0 0 0 8 is directly connected vlan1 Total Entries 1 Switch 55 4 show ip route summary This command is used to display the brief information for the working routing entries show ip route summary Parameters None Default None Command Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use ...

Page 497: ...X LENGTH Optional Specifies the prefix length for the specified network longer prefixes Optional Specifies to display the route and all of the more specific routes INTERFACE ID Optional Specifies the interface type connected Optional Specifies to display directly connected route static Optional Specifies to display the static route database Optional Specifies to display all the related entries in ...

Page 498: ...2001 0101 64 1 1 via fe80 0000 00ff 1111 2233 vlan1 S 2001 0102 64 1 1 via fe80 0000 00ff 1111 2233 vlan1 Total Entries 2 entries 2 routes Switch 55 6 show ipv6 route summary This command is used to display the current state of the IPv6 routing table show ipv6 route summary Parameters None Default None Command Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage Guideline W...

Page 499: ...DGS 1510 Series Gigabit Ethernet SmartPro Switch CLI Reference Guide 496 Switch show ipv6 route summary Route Source Networks Connected 2 Static 0 Total 3 Switch ...

Page 500: ...ll be classified as class default If the specified name of class map does not exist no traffic is classified to the class Example This example shows how to define a policy map policy1 which defines policies for the class class dscp red The packets that match DSCP 10 12 or 14 will all be marked as DSCP 10 and be policed by a single rate policer Switch configure terminal Switch config class map clas...

Page 501: ...h all or match any keyword to specify whether to evaluate the multiple match criteria based on either the logical AND or the logical OR Example This example shows how to configure the class_home_user as the name of a class map In this class map a match statement specifies that the traffic that matches the access control list acl_home_user and matches the IPv6 protocol will be included under the cl...

Page 502: ...VLAN identification number numbers or range of numbers to be matched Valid VLAN identification numbers must be in the range of 1 to 4094 Enter one or more VLAN values separated by commas or hyphens for a range list Default None Command Mode Class map Configuration Mode Command Default Level Level 12 Usage Guideline To use the match command first enter the class map command to specify the name of t...

Page 503: ...ch config cmap exit Switch config police map cos based treatment Switch config pmap class voice Switch config pmap c police 8000 1000 exceed action drop Switch config pmap c exit Switch config pmap class video n data Switch config pmap c police cir 500000 bc 10000 pir 1000000 be 10000 exceed action set dscp transmit 2 violate action drop Switch config pmap c exit Switch config pmap exit Switch con...

Page 504: ...e rate policing Specifies the action to take for those packets that did not conform to both CIR and PIR For a single rate policer If violation action is not specified it will create a single rate two color policer For a two rate policer if the violation action is not specified the default action is equal to the exceed action ACTION Specifies the action to take on packets Specify one of the followi...

Page 505: ...agged or untagged received by the port Default By default this CoS value is 0 Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline When the override option is not specified the CoS of the packets will be the packet s CoS if the packets are tagged and will be the port default CoS if the packet is untagged When the override option is specified the port default CoS...

Page 506: ...s received by the interface and QoS handles the packet with this new value The Switch sends the packet out the port with the new DSCP value Example This example shows how to map DSCP 30 to the mutated DSCP value 8 and then attach the ingress DSCP mutation map named mutemap1 to port eth3 0 1 Switch configure terminal Switch config mls qos map dscp mutation mutemap1 30 to 8 Switch config interface e...

Page 507: ...th3 0 1 Switch config if mls qos map cos color 1 7 to red Switch config if 56 8 mls qos map dscp color This command is used to define the DSCP to color map for the mapping of a packet s initial color Use the no form of this command to revert to the default setting mls qos map dscp color DSCP LIST to green yellow red no mls qos map dscp color DSCP LIST Parameters DSCP LIST Specifies the list of DSC...

Page 508: ...SCP values Default CoS Value 0 1 2 3 4 5 6 7 DSCP Value 0 7 8 15 16 23 24 31 32 39 40 47 48 55 56 63 Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline The DSCP to CoS map is used by a DSCP trust port to map a DSCP value to an internal CoS value In turn this CoS value is then mapped to the CoS queue based on the CoS to queue map configured by the priority queu...

Page 509: ...ands to map additional DSCP values to a mutated DSCP value Enter a separate command for each mutated DSCP value The DSCP CoS map and DSCP color map will still be based on the packet s original DSCP All the subsequent operations will base on the mutated DSCP Example This example shows how to map DSCP 30 to the mutated DSCP value 8 DSCP 20 to the mutated DSCP 10 with the mutation map named mutemap1 ...

Page 510: ...d a quantum of credits are added to each CoS queue credit counter The quantum for each CoS queue may be different based on the user configuration To set a CoS queue in the strict priority mode any higher priority CoS queue must also be in the strict priority mode WRR operates by transmitting permitted packets into the transmit queue in a round robin order Initially each queue sets its weight to a ...

Page 511: ...ansmit through the VLAN tunnel If the port is to trust CoS then the inner tag CoS will be the internal CoS of the packet and the CoS value in the packet s outer VLAN tag If the MLS QoS CoS override is configured then the CoS specified by command mls qos cos will be the internal CoS of the packet and the CoS value in the packet s outer VLAN tag If the port is to trust DSCP then the CoS mapped from ...

Page 512: ...and Mode Policy map Class Configuration Mode Command Default Level Level 12 Usage Guideline Use the police command to drop the packet or mark the packet with different quality of service QoS values based on conformance level of the packet The combination of parameters used in this command defines the behavior of this command The combinations mentioned below can be used followed by their descriptio...

Page 513: ...to the traffic class Example This example shows how to define a traffic class and associate the policy with the match criteria for the traffic class in a policy map The service policy command is then used to attach this service policy to the interface In this particular example traffic policing is configured with an average rate of 8 kilobits per second and a normal burst size of 1 kilobyte for al...

Page 514: ...ig pmap class class2 Switch config pmap c police aggregate agg_policer1 Switch config pmap c exit Switch config pmap class class3 Switch config pmap c police aggregate agg_policer1 Switch config pmap c 56 15 police cir This command is used to configure traffic policing for two rates the committed information rate CIR and the peak information rate PIR Use the no form of this command to remove two r...

Page 515: ...lt Level Level 12 Usage Guideline As a packet arrives at a port the packet will be initialized with a color The receiving port either trusts DSCP or CoS The initial color of the packet is mapped from the DSCP in the incoming packet if the receiving port trusts DSCP The initial color of the packet is mapped from the CoS in the incoming packet if the receiving port trusts CoS Both single rate three ...

Page 516: ...e name of the policy map The name can be a maximum of 32 alphanumeric characters Default None Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline Use the policy map command to enter the policy map configuration mode from where the user can configure or modify the policy for the traffic class A single policy map can be attached to more than one interface concurrent...

Page 517: ...e ID the CoS will be mapped COS1 Specifies the mapping CoS value Valid values are from 0 to 7 COS2 COS8 Optional Specifies the mapping CoS value Valid values are from 0 to 7 Default The default priority CoS to queue mapping is 0 to 2 1 to 0 2 to 1 3 to 3 4 to 4 5 to 5 6 to 6 7 to 7 Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline When a packet is received the p...

Page 518: ...ing the minimal bandwidth the aggregate of the configured minimum bandwidth must be less than 75 percent of the interface bandwidth to make sure the configured minimal bandwidth can be guaranteed It is not necessary to set the minimum guaranteed bandwidth for the highest strict priority queue This is because the traffic in this queue will be serviced first if the minimal bandwidth of all queues is...

Page 519: ...d the maximum speed of the specified interface For the ingress bandwidth limitation the ingress will send a pause frame or a flow control frame when the received traffic exceeds the limitation Example This example shows how the maximum bandwidth limits are configured on eth2 0 5 The ingress bandwidth is limited to 2000Kbps and 4096K bytes for burst traffic Switch configure terminal Switch config i...

Page 520: ...rate of 4000 Kbps and bronze is policed by a single rate policer with a committed rate of 16000 Kbps The cust1 classes policy map is configured and then attached to interfaces eth3 0 1 and eth3 0 2 for ingress traffic Switch configure terminal Switch config class map match all gold Switch config cmap match cos 6 Switch config cmap exit Switch config class map match all silver Switch config cmap ma...

Page 521: ... precedence for the packet The range is from 0 to 7 If the optional keyword ip is specified IPv4 precedence will be marked If not specified both IPv4 and IPv6 precedence will be marked For IPv6 packets the precedence is the most three significant bits of traffic class of IPv6 header Setting the precedence will not affect the CoS queue selection dscp DSCP Specifies a new DSCP for the packet The ran...

Page 522: ...tch config pmap c set ip dscp 10 Switch config pmap c police 1000 2000 exceed action set dscp transmit 10 Switch config pmap c exit Switch config pmap 56 22 show class map This command is used to display the class map configuration show class map NAME Parameters NAME Optional Specifies the name of the class map The class map name can be a maximum of 32 alphanumeric characters Default None Command ...

Page 523: ...mls qos aggregate policer agg policer5 cir 500 bc 10 pir 1000 be 10 conform action transmit exceed action set dscp transmit 2 violate action drop Switch 56 24 show mls qos interface This command is used to display port level QoS configurations show mls qos interface INTERFACE ID cos scheduler trust rate limit queue rate limit dscp mutation map dscp color cos color dscp cos Parameters interface INT...

Page 524: ...ault None Command Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command is used to display port level QoS configurations Example This example shows how to display the default CoS for eth 1 0 2 to eth 1 0 5 Switch show mls qos interface eth1 0 2 5 cos Interface CoS Override eth1 0 2 3 Yes eth1 0 3 4 No eth1 0 4 4 No eth1 0 5 3 No Switch This example sho...

Page 525: ...rface DSCP Mutation Map eth1 0 1 Mutate Map 1 eth1 0 2 Mutate Map 2 Switch This example shows how to display the bandwidth allocation for port 1 0 1 to 1 0 4 Switch show mls qos interface eth1 0 1 4 rate limit Interface Rx Rate Tx Rate Rx Burst Tx Burst eth1 0 1 1000 kbps No Limit 64 kbyte No Limit eth1 0 2 No Limit 2000 kbps No Limit 2000 kbyte eth1 0 3 10 100000 kbps 20 200000 kbps 64 kbyte 64 k...

Page 526: ... display the DSCP to color map for port 1 0 1 to port 1 0 2 Switch show mls qos interface eth1 0 1 2 map dscp color eth1 0 1 DSCP 0 7 are mapped to green DSCP 8 40 are mapped to red DSCP 41 43 are mapped to yellow eth1 0 2 DSCP 0 7 are mapped to green Switch This example shows how to display the CoS to color map for port 1 0 3 to port 1 0 4 Switch show mls qos interface eth1 0 3 4 map cos color et...

Page 527: ... 06 06 06 07 07 07 07 60 07 07 07 07 Switch 56 25 show mls qos map dscp mutation This command is used to display the QoS DSCP mutation map configuration show mls qos map dscp mutation MAP NAME Parameters MAP NAME Optional Specifies the name of the DSCP mutation map to be displayed Default None Command Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage Guideline This comma...

Page 528: ...configuration of different scheduler Optional Specifies a series of interfaces or separate a range of interfaces from a previous range No space is allowed before and after the comma Optional Specifies a range of interfaces No space is allowed before and after the hyphen Default None Command Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage Guideline When the optional key...

Page 529: ... the weight configuration for the different scheduler on interface eth1 0 3 Switch show mls qos queueing interface eth1 0 3 wrr bandwidth weights QID Weights 0 1 1 2 2 3 3 4 4 5 5 6 6 7 7 8 wdrr bandwidth weights QID Quantum 0 1 1 2 2 3 3 4 4 5 5 6 6 7 7 8 Switch 56 27 show policy map This command is used to display the policy map configuration show policy map POLICY NAME interface INTERFACE ID ...

Page 530: ...ice Two rate traffic policing has been configured to limit the traffic to an average committed rate of 500 kbps and a peak rate of 1 Mbps Switch configure terminal Switch config class map police Switch config cmap match access group name acl_rd Switch config cmap policy map policy1 Switch config pmap class police Switch config pmap c police cir 500 bc 10 pir 1000 be 10 exceed action set dscp trans...

Page 531: ...rface Configuration Mode Command Default Level Level 12 Usage Guideline The configuration of this command takes effect when the scheduling mode is in the WDRR mode Use the mls qos scheduler wdrr command to change the scheduling mode to WDRR mode Example This example shows how to configure the queue quantum of the WDRR scheduling mode queue quantum of queue 0 queue 1 queue 2 queue 3 queue 4 queue 5...

Page 532: ... the behavior requirements of Expedited Forwarding EF the highest queue is always selected by the Per hop Behavior PHB EF and the schedule mode of this queue should be strict priority scheduling So the weight of the last queue should be zero while the Differentiate Service is supported Example This example shows how to configure the queue weight of the WRR scheduling mode queue weight of queue 0 q...

Page 533: ...e Guideline The RMON statistics group entry number is dynamic Only the interface that is enabled for RMON statistics will have a corresponding entry in the table Example This example shows how to configure an RMON statistics entry with an index of 65 and the owner name guest on Ethernet interface eth3 0 2 Switch configure terminal Switch config interface eth3 0 2 Switch config if rmon collection s...

Page 534: ...nfig if rmon collection history 101 owner it domain com interval 2000 Switch config if 57 3 rmon alarm This command is used to configure an alarm entry to monitor an interface Use the no form of this command to remove an alarm entry rmon alarm INDEX VARIABLE INTERVAL delta absolute rising threshold VALUE RISING EVENT NUMBER falling threshold VALUE FALLING EVENT NUMBER owner STRING no rmon alarm IN...

Page 535: ...to configure an alarm entry to monitor an interface Switch configure terminal Switch config rmon alarm 783 1 3 6 1 2 1 2 2 1 12 6 30 delta rising threshold 20 1 falling threshold 10 1 owner Name Switch config 57 4 rmon event This command is used to configure an event entry Use the no form of this command to remove an event entry rmon event INDEX log trap COMMUNITY owner NAME description STRING no ...

Page 536: ...f 13 to generate a log on the occurrence of the event Switch configure terminal Switch config rmon event 13 log owner it domain com description ifInNUcastPkts is too much Switch config 57 5 show rmon alarm This command is used to displays the alarm configuration show rmon alarm Parameters None Default None Command Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage Guideli...

Page 537: ...is example shows how to displays the RMON event table Switch show rmon events Event 1 owned by manager1 Description is Errors Event trigger action log trap sent to community manager Last triggered time 13 12 15 2014 03 12 Event 2 owned by manager2 Description is Errors Event trigger action log trap Last triggered time Switch 57 7 show rmon history This command is used to display RMON history stati...

Page 538: ...Undersized packets 213 Oversized packets 24 Fragments 2 Jabbers 1 CRC alignment errors 0 Collisions 0 Drop events 0 Sample 2 Received octets 303596354 Received packets 357898 Broadcast packets 3329 Multicast packets 7337 Estimated utilization 19 Undersized packets 213 Oversized packets 24 Fragments 2 Jabbers 1 CRC alignment errors 0 Collisions 0 Drop events 0 Switch 57 8 show rmon statistics This ...

Page 539: ... 2200 Switch 57 9 snmp server enable traps rmon This command is used to enable the RMON trap state snmp server enable traps rmon rising alarm falling alarm no snmp server enable traps rmon rising alarm falling alarm Parameters rising alarm Optional Specifies to configure the rising alarm trap state falling alarm Optional Specifies to configure the falling alarm trap state Default By default this o...

Page 540: ...n Mode Command Default Level Level 12 Usage Guideline This command is used to create an RA guard policy This command will enter into the RA guard policy configuration mode Example This example shows how to create an RA guard policy named policy1 Switch configure terminal Switch config ipv6 nd raguard policy policy1 Switch config ra guard 58 2 device role This command is used to configure the role ...

Page 541: ...ccess list This command is used to filter the RA messages based on the sender IPv6 address Use the no form of this command to disable the filtering match ipv6 access list IPV6 ACCESS LIST NAME no match ipv6 access list Parameters IPV6 ACCESS LIST NAME Specifies a standard IPv6 access list Default None Command Mode RA Guard Policy Configuration Mode Command Default Level Level 12 Usage Guideline Th...

Page 542: ...cified the default policy will set the device role to host Example This example shows how to apply the RA guard policy on interface eth1 0 3 Switch configure terminal Switch config ipv6 nd raguard policy raguard1 Switch config ra guard device role router Switch config ra guard match ipv6 access list list1 Switch config ra guard exit Switch config interface eth1 0 3 Switch config if ipv6 nd raguard...

Page 543: ...n is displayed If the policy name is not specified information is displayed for all policies Example This example shows how to display the policy configuration for a policy named raguard1 and all the interfaces where the policy is applied Switch show ipv6 nd raguard policy raguard1 Policy raguard1 configuration Device Role host Target eth1 0 1 1 0 2 Switch ...

Page 544: ...e Privileged EXEC Mode Command Default Level Level 12 Usage Guideline If this command is issued without parameters then all CPU protect related counters will be cleared Example This example shows how to clear all CPU protect related statistics Switch clear cpu protect counters all Switch 59 2 cpu protect safeguard This command is used to enable or configure the Safeguard Engine Use the no form of ...

Page 545: ...tial packets over its network in a limited bandwidth When the CPU utilization of the Switch rises over configured rising threshold it will enter exhausted mode In exhausted mode the Switch limits the bandwidth of receiving ARP and broadcast IP packets Example This example shows how to enable the Safeguard Engine and configure the thresholds which the rising and falling threshold are 60 and 40 resp...

Page 546: ...rs PROTOCOL NAME Specifies the protocol name to be configured RATE Specifies the threshold value The unit is packets per second When set to 0 all packets of the specified protocol are dropped Default None Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline The CPU must handle certain packets such as routing protocols Layer 2 protocols and packets for management If...

Page 547: ... Protocol Protocol snmp Simple Network Management Protocol Manage ssh Secured shell Manage stp Spanning Tree Protocol 802 1D Protocol telnet Telnet Manage tftp Trivial File Transfer Protocol Manage web HTTP and HTTPS Manage Example This example shows how to configure the threshold of ARP protocol packets as 100 packets per second Switch configure terminal Switch config cpu protect type arp pps 100...

Page 548: ...echanism ceases till the utilization is lower than the falling threshold Normal The Safeguard Engine is not triggered to take actions 59 6 show cpu protect sub interface This command is used to display the rate limit and statistics by sub interface show cpu protect sub interface manage protocol route UNIT ID Parameters UNIT ID Optional Specifies the unit ID to display the rate limit configuration ...

Page 549: ...ified protocol on the CM card and all existing IO cards will be displayed if the optional unit ID is not specified Otherwise only the information on the specified unit ID will be displayed unit UNIT ID Specifies the unit ID to display the rate limit configuration and statistics Default None Command Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this comm...

Page 550: ...server enable traps safeguard engine no snmp server enable traps safeguard engine Parameters None Default By default this option is disabled Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline Use this command to enable or disable sending SNMP notifications for Safeguard Engine Example This example shows how to enable sending SNMP notifications for Safeguard Engin...

Page 551: ...specified a message will be promoted to the user to specify the value Default None Command Mode Privileged EXEC Mode Command Default Level Level 15 Usage Guideline This command is used to generate the RSA or DSA key pair Example This example shows how to create an RSA key Switch crypto key generate rsa The RSA key pairs already existed Do you really want to replace them y n n y Choose the size of ...

Page 552: ...to revert to the default settings ip ssh timeout SECONDS authentication retries NUMBER no ip ssh timeout authentication retries Parameters timeout SECONDS Specifies the time interval that the Switch waits for the SSH client to respond during the SSH negotiation phase The range is from 30 to 600 authentication retries NUMBER Specifies the number of authentication retry attempts The session is close...

Page 553: ...mmand is used to enable the SSH server function Use the no form of this command to disable the SSH server function ip ssh server no ip ssh server Parameters None Default By default this option is disabled Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline Use this command to enable the SSH server function Example This example shows how to enable the SSH server fu...

Page 554: ...hange the service port number to 3000 Switch configure terminal Switch config ip ssh service port 3000 Switch config 60 6 show crypto key mypubkey This command is used to display the RSA or DSA public key pairs show crypto key mypubkey rsa dsa Parameters rsa Specifies to display information regarding the RSA public key dsa Specifies to display information regarding the DSA public key Default None ...

Page 555: ... display the user SSH configuration settings show ip ssh Parameters None Default None Command Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this command to the SSH configuration settings Example This example shows how to display the SSH configuration settings Switch show ip ssh IP SSH server Enabled IP SSH service port 22 SSH server mode V2 Authenticati...

Page 556: ...t the SSH client is using Userid The login username of the session Client IP Address The client IP address for this established SSH session 60 9 ssh user authentication method This command is used to configure the SSH authentication method for a user account Use the no form of this command to restore the default authentication method ssh user NAME authentication method password publickey URL hostb...

Page 557: ...sername command By default the authentication method is password The system will prompt the user to input the password To authenticate a user via SSH public key authentication copy the user s public key file to file system When the user tries to login to the Switch via an SSH client using the SSH public key method the SSH client will automatically transmit the public key and signature with the pri...

Page 558: ...ing message will be displayed when a private key is to be deleted Example This example shows how to delete an imported certificate named tongken ca of the trust point gaa Switch show crypto pki trustpoints Trustpoint Name gaa primary Imported certificates CA tongken ca local certificate webserver crt local private key webserver prv Switch configure terminal Switch config crypto pki certificate cha...

Page 559: ...t the CA certificate only local Specifies to import local certificate and key pairs only both Specifies to import the CA certificate local certificate and key pairs Default None Command Mode Privileged EXEC Mode Command Default Level Level 15 Usage Guideline This command allows administrators to import certificates and key pairs in the PEM formatted files Proper certificates and key pairs need to ...

Page 560: ...ch 61 3 crypto pki trustpoint This command is used to declare the trust point that the Switch will use Use the no form of this command to delete all certificates and key pairs associated with the trust point crypto pki trustpoint NAME no crypto pki trustpoint NAME Parameters NAME Specifies to create a name for the trust point Default None Command Mode Global Configuration Mode Command Default Leve...

Page 561: ...ertificate chain configuration mode Switch configure terminal Switch config crypto pki certificate chain TP1 Switch config cert chain 61 5 primary This command is used to assign a specified trust point as the primary trust point of the Switch primary no primary Parameters None Default By default this option is disabled Command Mode CA Trust Point Configuration Mode Command Default Level Level 15 U...

Page 562: ...of the trust point to be displayed Default None Command Mode Privileged EXEC Mode or Any Configuration Mode Command Default Level Level 12 Usage Guideline If no parameter is specified all trust points will be displayed Example This example shows how to display all trust points Switch show crypto pki trustpoints Trustpoint Name TP1 primary Imported certificates CA tongken ca local certificate webse...

Page 563: ...w ssl service policy SSL Policy Name policyForHttp Enabled Versions TLS 1 0 TLS 1 1 TLS 1 2 Enabled CipherSuites DHE_DSS_WITH_3DES_EDE_CBC_SHA RSA_WITH_3DES_EDE_CBC_SHA RSA_WITH_RC4_128_SHA RSA_WITH_RC4_128_MD5 RSA_EXPORT_WITH_RC4_40_MD5 RSA_WITH_AES_128_CBC_SHA RSA_WITH_AES_256_CBC_SHA RSA_WITH_AES_128_CBC_SHA256 RSA_WITH_AES_256_CBC_SHA256 DHE_DSS_WITH_AES_256_CBC_SHA DHE_RSA_WITH_AES_256_CBC_SH...

Page 564: ...ncryption and SHA for message digest rsa 3des ede cbc sha Specifies to use RSA key exchange with 3DES and DES EDE3 CBC for message encryption and the Secure Hash Algorithm SHA for message digest rsa rc4 128 sha Specifies to use RSA key exchange with RC4 128 bit encryption for message encryption and SHA for message digest rsa rc4 128 md5 Specifies to use RSA key exchange with RC4 128 bit encryption...

Page 565: ...tion stored in the SSL session cache The valid range is from 60 to 86400 When this parameter is not configured the default session cache timeout is 600 seconds In the no form of this command the SSL session cache timeout will be reverted to the default value Default None Command Mode Global Configuration Mode Command Default Level Level 15 Usage Guideline This command is used to configure the SSL ...

Page 566: ... Optional Specifies the IPv4 address of the remote sFlow collector host IPV6 ADDRESS Optional Specifies the IPv6 address of the remote sFlow collector udp port PORT Optional Specifies the UDP port of the remote sFlow collector The default is 6343 The range is from 1 to 65535 Default The default owner name is an empty string The expiry timer is 0 seconds The maximum datagram size is 1400 bytes The ...

Page 567: ...ies to sample egress packets sampling rate RATE Optional Specifies the rate for packet sampling The range is from 0 to 65536 0 means disable If not specified the default value is 0 max header size SIZE Optional Specifies the maximum number of bytes that should be copied from sampled packets The range is from 18 to 256 If not specified the default value is 128 Default By default no sampler is creat...

Page 568: ... receiver RECEIVER Optional Specifies the receiver s index for this poller If not specified the value is 0 The user cannot configure the value to 0 interval SECONDS Optional Specifies the maximum number of seconds between successive polling samples The range is from 0 to 120 0 means disable If not specified the default is 0 Default By default no poller is created Command Mode Interface Configurati...

Page 569: ...ler Parameters agent Optional Specifies to display sFlow agent information receiver Optional Specifies to display information of all receivers sampler Optional Specifies to display information of all samplers poller Optional Specifies to display information of all pollers Default None Command Mode User EXEC or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command is use...

Page 570: ...e Time 0 Current Countdown Time 0 Max Datagram Size 1400 Address 0 0 0 0 Port 6343 Datagram Version 5 Index 3 Owner Expire Time 0 Current Countdown Time 0 Max Datagram Size 1400 Address 0 0 0 0 Port 6343 Datagram Version 5 Index 4 Owner Expire Time 0 Current Countdown Time 0 Max Datagram Size 1400 Address 0 0 0 0 Port 6343 Datagram Version 5 Samplers Information Interface Instance Receiver Mode Ad...

Page 571: ...Datagram Size The maximum number of data bytes of a single sFlow datagram Address The IPv4 IPv6 address of the remote sFlow receiver Port The UDP port of the remote sFlow receiver Datagram Version The version of sFlow datagrams Interface The interface on which the sampler is configured Instance The Sampler instance index Receiver The Receiver s INDEX for this Sampler Mode The instance s mode which...

Page 572: ...Mode or Any Configuration Mode Command Default Level Level 1 Usage Guideline Use this command to display per interface link up down trap state Example This example shows how to display the interface s link up down trap state for port eth1 0 1 to eth1 0 9 Switch show snmp trap link status interface eth1 0 1 1 0 9 Interface Trap state eth1 0 1 Enabled eth1 0 2 Enabled eth1 0 3 Disabled eth1 0 4 Enab...

Page 573: ...itch show snmp server SNMP Server Enabled Name SiteA Switch Location HQ 15F Contact MIS Department II SNMP UDP Port 50000 SNMP Response Broadcast Request Enabled Switch This example shows how to display trap related settings Switch show snmp server traps Global Trap State Enabled Individual Trap State Authentication Enabled linkup Enabled linkdown Enabled coldstart Enabled warmstart Disabled Switc...

Page 574: ...0 2 Enabled eth1 0 3 Disabled eth1 0 4 Enabled eth1 0 5 Enabled eth1 0 6 Disabled eth1 0 7 Enabled eth1 0 8 Enabled eth1 0 9 Enabled Switch 63 4 snmp server This command is used to enable the SNMP agent Use the no form of this command to disable the SNMP agent snmp server no snmp server Parameters None Default By default this option is disabled Command Mode Global Configuration Mode Command Defaul...

Page 575: ...imum length is 255 characters The syntax is a general string that allows spaces Default None Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline This command configures the system contact information for management of the device Example This example shows how to configure the system contact information with the string MIS Department II Switch configure terminal Sw...

Page 576: ...t Parameters authentication Optional Specifies to control the sending of SNMP authentication failure notifications An authenticationFailuretrap is generated when the device receives an SNMP message that is not properly authenticated The authentication method depends on the version of SNMP being used For SNMPv1 or SNMPv2c authentication failure occurs if packets are formed with an incorrect communi...

Page 577: ...tication traps Switch configure terminal Switch config snmp server enable traps snmp authentication Switch config 63 8 snmp server location This command is used to configure the system s location information Use the no form of this command to remove the setting snmp server location TEXT no snmp server location Parameters location TEXT Specifies the string that describes the system location informa...

Page 578: ...nfigure the name longer than 10 characters Default By default this name is Switch Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline Use this command to configure the system s name information on the Switch Example This example shows how to configure the system s name to SiteA switch Switch configure terminal Switch config snmp server name SiteA switch SiteA swit...

Page 579: ...P UDP port number Use the no form of this command to reset the UDP port number to default value snmp server service port PORT NUMBER no snmp server service port Parameters PORT NUMBER Specifies the UDP port number The range is from 0 to 65535 Some numbers may conflict with other protocols Default By default this number is 161 Command Mode Global Configuration Mode Command Default Level Level 12 Us...

Page 580: ...e This example shows how to enable the server to respond to the broadcast SNMP get request packet Switch configure terminal Switch config snmp server response broadcast request Switch config 63 13 snmp trap link status This command is used to enable the notification of link up and link down events that occurred on the interface Use the no form of this command to disable the notification snmp trap ...

Page 581: ... to display SNMP local engine ID information Default None Command Mode Privileged EXEC Mode or Any Configuration Mode Command Default Level Level 12 Usage Guideline This command displays the SNMP information When displaying SNMP community strings the SNMPv1 or SNMPv2c user created will not be displayed Example This example shows how to display SNMP community information Switch show snmp community ...

Page 582: ...iv SNMPv3 User Name user2 UDP Port 162 Total Entries 3 Switch This example shows how to display the MIB view setting Switch show snmp view View Name Subtree View Type restricted 1 3 6 1 2 1 1 Included restricted 1 3 6 1 2 1 11 Included restricted 1 3 6 1 6 3 10 2 1 Included restricted 1 3 6 1 6 3 11 2 1 Included restricted 1 3 6 1 6 3 15 1 1 Included CommunityView 1 Included CommunityView 1 3 6 1 ...

Page 583: ...el v1 ReadView CommunityView WriteView CommunityView NotifyView CommunityView IP access control list GroupName private SecurityModel v2c ReadView CommunityView WriteView CommunityView NotifyView CommunityView IP access control list Total Entries 5 Switch This example shows how to display the SNMP engine ID Switch show snmp engineID Local SNMP engineID 800000ab033c1e04a1b9e000 Switch 63 15 show snm...

Page 584: ...e the community string to access the SNMP Use the no form of this command to remove the community string snmp server community 0 7 COMMUNITY STRING view VIEW NAME ro rw IP ACL NAME no snmp server community 0 7 COMMUNITY STRING Parameters 0 COMMUNITY STRING Optional Specifies the community string in the plain text form with a maximum of 32 alphanumeric characters This is the default option 7 COMMUN...

Page 585: ...witch configure terminal Switch config snmp server view interfacesMibView 1 3 6 1 2 1 2 included Switch config snmp server community comaccess view interfacesMibView rw Switch config 63 17 snmp server engineID local This command is used to specify the SNMP engine ID on the local device Use the no form of this command to revert the SNMP engine ID to the default snmp server engineID local ENGINEID S...

Page 586: ...h Specifies to authenticate the packet but not encrypt it noauth Specifies not to authenticate and not to encrypt the packet priv Specifies to authenticate and encrypt the packet read READ VIEW Optional Specifies a read view that the group user can access write WRITE VIEW Optional Specifies a write view that the group user can access notify NOTIFY VIEW Optional Specifies a write view that the grou...

Page 587: ...mple shows how to create the SNMP server group guestgroup for SNMPv3 access and SNMPv2c Switch configure terminal Switch config snmp server view interfacesMibView 1 3 6 1 2 1 2 included Switch config snmp server group guestgroup v3 auth read interfacesMibView Switch config snmp server group guestgroup v2c read CommunityView write CommunityView Switch config 63 19 snmp server host This command is u...

Page 588: ...eated first using the snmp server user command or snmp server user v3 command In the sending of the trap packet the system will check the notification view associated with the specified user or community name If the binding variables to be sent with the trap packet are not in the notification view the notification will not be sent to this host Example This example shows how to configure the trap r...

Page 589: ...Example This example shows how to configure VLAN 100 as the sourcing interface for sending SNMP trap packets Switch configure terminal Switch config snmp server source interface traps vlan 100 Switch config 63 21 snmp server user This command is used to create an SNMP user Use the no form of this command to remove an SNMP user snmp server user USER NAME GROUP NAME v1 v2c v3 encrypted auth md5 sha ...

Page 590: ...figuration Mode Command Default Level Level 15 Usage Guideline To create a SMNP user specify the security model that the user uses and the group that the user is created for To create an SNMPv3 user the password used for authentication and encryption needs to be specified An SNMP user is unable to be deleted if it has been associated with a SNMP server host Example This example shows how the plain...

Page 591: ... be excluded from the SNMP view Default VIEW NAME OID TREE View Type Restricted 1 3 6 1 2 1 1 Included Restricted 1 3 6 1 2 1 11 Included Restricted 1 3 6 1 6 3 10 2 1 Included Restricted 1 3 6 1 6 3 11 2 1 Included Restricted 1 3 6 1 6 3 15 1 1 Included CommunityView 1 Included CommunityView 1 3 6 1 6 3 Excluded CommunityView 1 3 6 1 6 3 1 Included Command Mode Global Configuration Mode Command D...

Page 592: ... single IP management function of the device Example This example shows how to enable single IP management Switch configure terminal Switch config sim Switch config 64 2 sim role This command is used to configure the device s single IP management role from Candidate to Commander or from Commander to Candidate sim role commander GROUP NAME candidate Parameters commander Specifies to configure the d...

Page 593: ...onfig sim role commander my group Switch config 64 3 sim group member This command is used to add one Candidate switch to the single IP management group Use the no form of this command to remove one member from this single IP management group sim group member CANDIDATE ID PASSWORD no sim group member MEMBER ID Parameters CANDIDATE ID Specifies one Candidate switch in one SIM group MEMBER ID Specif...

Page 594: ...default this value is 100 seconds Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline During the hold time If no SIM protocol message were received it will For the Commander switch clear Member switch information For the Member switch clear the Commander switch information and change the role to Candidate Example This example shows how to configure the single IP m...

Page 595: ...nfig 64 6 sim management vlan This command is used to configure SIM management VLAN Use the no form of this command to revert to the default setting sim management vlan VLAN ID no sim management vlan Parameters VLAN ID Specifies the single IP management message VLAN Default By default this option is set the VLAN 1 Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guidelin...

Page 596: ...s copy sim SOURCE URL DESTINATION URL member MEMBER LIST Parameters SOURCE URL Specifies the source URL to be uploaded to the server The source URL is located on the member switch When the running configuration is specified as the source URL the purpose is to upload the running configuration to the TFTP server When the system log is specified as source URL the system log can be retrieved to the TF...

Page 597: ...m tftp 10 10 10 58 switch had firmware member 1 Download firmware 10 10 10 58 switch had to member 1 y n n y ID MAC Address Status 1 00 02 01 03 01 03 SUCCESS Switch This example shows how to upload the system log from the member switch 1 Switch copy sim system log tftp 10 10 10 58 switchlog member 1 Upload system log from member 1 to 10 10 10 58 switchlog y n n y ID MAC Address Status 1 00 02 01 ...

Page 598: ...ighbor Parameters candidates Specifies to display the information of Candidate switches CANDIDATE ID Specifies to display detailed information of a Candidate members Specifies to display the information of Member switches MEMBER ID Specifies to display detailed information of a Member group Specifies to display the information of other SIM Groups COMMANDER MAC Specifies to display detailed informa...

Page 599: ...ER 1 61 Firmware Version 1 40 014 Device Name Switch MAC Address 3C 1E 04 A1 CC 00 Platform DGS 1510 28XMP SIM State Enabled Role State Member Discovery Interval 30 sec Hold Time 100 sec CS Info CS Group Name my group CS MAC Address 00 02 01 03 01 03 CS Hold Time 90 s Switch This example shows how to display the SIM member list Switch show sim members Member Hold Firmware ID MAC Address Platform T...

Page 600: ...st Switch show sim candidates Candidate Hold Firmware ID MAC Address Platform Time Version Device Name 1 EE FF 00 00 12 12 DGS 1510 28XMP 90 1 40 014 Switch Total Entries 1 Switch This example shows how to display one of the SIM candidate s information in detail Switch show sim candidates 1 Sim Candidate Information Candidate ID 1 Firmware Version 1 40 014 Device Name MAC Address EE FF 00 00 12 12...

Page 601: ...Version Device Name 1 00 01 02 03 04 02 DGS 1510 28XMP 40 1 40 014 Switch 2 00 55 55 00 55 11 Total Entries 2 Switch This example shows how to display SIM group detailed information Switch show sim group 00 01 02 03 04 00 Sim Group Information Commander Info Group Name default MAC Address 00 01 02 03 04 00 Device Name Firmware Version 1 40 014 Platform DGS 1510 28XMP Number of Members 2 Hold Time ...

Page 602: ... Ethernet SmartPro Switch CLI Reference Guide 599 Switch show sim neighbor Port MAC Address Role eth1 0 1 00 02 00 00 08 12 Member eth1 0 2 00 01 00 00 12 12 Member eth1 0 3 EE FF 00 00 12 12 Candidate Total Entries 3 Switch ...

Page 603: ...l legacy bridges on a given LAN have been removed If there is no STP Bridge on the LAN the port will be operated in the configured mode either in the RSTP or MSTP mode Otherwise the port will be operated in the STP mode Example This example shows how to trigger the protocol migration event for all ports Switch clear spanning tree detected protocols all Clear spanning tree detected protocols y n n ...

Page 604: ...s 3C 1E 04 A1 B9 E0 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Topology Changes Count 0 Priority Link Interface Role State Cost Port Type Edge eth1 0 3 designated forwarding 20000 128 3 p2p non edge eth1 0 5 backup blocking 200000 128 5 p2p non edge eth1 0 6 backup blocking 200000 128 6 shared non edge eth1 0 7 root forwarding 2000 128 7 P2p non edge Switch 65 3 show spanning tree config...

Page 605: ...0 Port priority 128 Port Identifier 128 1 Link type auto Port fast auto Guard root Disabled TCN filter Disabled Bpdu forward Disabled Switch 65 4 snmp server enable traps stp This command is used to enable the spanning tree to send SNMP notifications for STP Use the no form of this command to disable the sending of notifications for STP snmp server enable traps stp new root topology chg no snmp se...

Page 606: ...the no form to disable the STP s global state spanning tree global state enable disable no spanning tree global state Parameters enable Specifies to enable the STP s global state disable Specifies to disable the STP s global state Default By default this option is disabled Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline Use this command in the global configura...

Page 607: ...ds The default value of the max age is 20 seconds Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline This command is used to configure the Spanning Tree timer value Example This example shows how to configure the STP timers Switch configure terminal Switch config spanning tree hello time 1 Switch config spanning tree forward time 16 Switch config spanning tree ma...

Page 608: ... to the auto computed path cost spanning tree cost COST no spanning tree cost Parameters COST Specifies the path cost for the port The range is from 1 to 200000000 Default The default path cost is computed from the interface s bandwidth setting Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline In the RSTP or STP compatible mode the administrative path cost is...

Page 609: ...tation The port will listen for BPDUs on the link If the port times out the received superior BPDU it will change to the designated port role When a port changes to the alternate port state due to the root guard a system message will be generated This configuration will take effect for all the spanning tree versions Example This example shows how to configure to prevent Ethernet interface eth3 0 1...

Page 610: ...command is used to configure the STP mode Use the no form of this command to revert to the default setting spanning tree mode mstp rstp stp no spanning tree mode Parameters mstp Specifies the Multiple Spanning Tree Protocol MSTP rstp Specifies the Rapid Spanning Tree Protocol RSTP stp Specifies the Spanning Tree Protocol IEEE 802 1D Compatible Default By default this mode is rstp Command Mode Glob...

Page 611: ...s to the non port fast state Disable mode The port will always be in the non port fast state It will always wait for the forward time delay to change to forwarding state Network mode The port will remain in the non port fast state for three seconds The port will change to the port fast state if no BPDU is received and changes to the forwarding state If the port received the BPDU later it will chan...

Page 612: ...his command is used to configure the bridge priority It is only used for RSTP and STP versions Use the no form of this command to restore to the default setting spanning tree priority PRIORITY no spanning tree priority Parameters PRIORITY Specifies that the bridge priority and bridge MAC address together forms the Spanning Tree Bridge ID which is an important factor in the Spanning Tree topology T...

Page 613: ...ring on a port is useful for an ISP to prevent the external bridge to a core region of the network causing address flushing in that region possibly because those bridges are not under the full control of the administrator When a port is set to the TCN filter mode the TC event received by the port will be ignored This configuration will take effect for all the spanning tree modes Example This examp...

Page 614: ...d count Example This example shows how to configure the transmit hold count value to 5 Switch configure terminal Switch config spanning tree tx hold count 5 Switch config 65 17 spanning tree forward bpdu This command is used to enable the forwarding of the spanning tree BPDU Use the no form of this command to disable the forwarding of the spanning tree BPDU spanning tree forward bpdu no spanning t...

Page 615: ...DGS 1510 Series Gigabit Ethernet SmartPro Switch CLI Reference Guide 612 Switch configure terminal Switch config interface eth6 0 1 Switch config if spanning tree forward bpdu Switch config if ...

Page 616: ...ommand The stack command setting of a switch unit must be enabled before the switch unit can be chained with other switch units The setting will be saved in the individual switch unit if the user saves the configuration Example This example shows how to enable stacking mode Switch stack WARNING The command does not take effect until the next reboot Switch 66 2 stack renumber This command is used t...

Page 617: ...ting with a unit ID of a switch unit already added then this switch unit ID cannot be successfully added Example This example shows how to configure the renumbered unit ID of a switch unit 2 to 3 Switch stack 2 renumber 3 WARNING The command does not take effect until the next reboot Switch 66 3 stack priority This command is used to configure the priority of the switch stacking unit Use the no fo...

Page 618: ...disable preemption stack preempt no stack preempt Parameters None Default By default this option is enabled Command Mode Privileged EXEC Mode Command Default Level Level 12 Usage Guideline When this command is disabled the unit that assumes the master role will not change when units with a better priority are added to the stack If this command is enabled then the unit that assumes the master role ...

Page 619: ...xample shows how to enable sending of stacking related traps Switch configure terminal Switch config snmp server enable traps stack Switch config 66 6 show stack This command is used to display the stacking information show stack Parameters None Default None Command Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command is used to display the stacking i...

Page 620: ... Enabled Trap State Disabled Topology Duplex_Chain My Box ID 1 Master ID 1 Box Count 1 Box User Module Prio Prom Runtime H W ID Set Name Exist rity MAC Version Version Version 1 Auto DGS 1510 28XMP Exist 32 00 01 02 03 04 00 1 00 012 1 40 014 A1 2 NOT_EXIST No 3 NOT_EXIST No 4 NOT_EXIST No 5 NOT_EXIST No 6 NOT_EXIST No Switch ...

Page 621: ...ear enables or disables the notifications for storm control module If no optional keywords is specified both storm occur and storm clear notifications are enabled or disabled If you enter the command with a keyword only the specified notification type is enabled or disabled Example This example shows how to enable sending trap for storm control for both storm occurred and cleared Switch configure ...

Page 622: ...e default action taken when a storm occurs is to drop storm packets Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline Use the storm control function to protect the network from the storm of broadcast packets multicast packets or unknown DA flooding packets Enter the storm control command to enable storm control for a specific traffic type on the interface The...

Page 623: ... 1 and 300 seconds retries NUMBER Specifies the retry count If the action is configured to the shutdown mode and a storm continues as long as the interval times retries values set the port will enter the error disabled state This value must be between 0 and 360 0 means that a shutdown mode port will directly enter the error disabled state when a storm is detected Infinite means that a shutdown mod...

Page 624: ...etting Default None Command Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage Guideline If the interface ID is not specified all interfaces configurations will be displayed If the packet type is not specified all types of storm control settings will be displayed Example This example shows how to display the current broadcast storm control settings Switch show storm contr...

Page 625: ...D Action The configured action the possible actions are Drop Shutdown None Threshold The configured threshold Current The actual traffic rate which is currently flowing though the interface Its unit may be percentage kbps PPS based on the configured meter mode Because hardware can only counts by PPS this value of this filed may be a rough value for percentage and kbps State The current state of st...

Page 626: ...mply with the OUI addresses configured by the surveillance vlan mac address command An auto surveillance VLAN can also be used to carry video traffic from an IP camera and its related components like Video Management Servers VMS VMS clients and video encoders These devices can be recognized by an OUI address and the ONVIF protocol If the IPC is recognized by the ONVIF protocol the Switch will lear...

Page 627: ...2 Usage Guideline Use this command to configure the aging time for aging out the surveillance device and the surveillance VLAN automatically learned member ports When the last surveillance device connected to the port stops sending traffic and the MAC address of this surveillance device is aged out the surveillance VLAN aging timer will be started The port will be removed from the surveillance VLA...

Page 628: ...s of packets comply with the OUI addresses configured by the surveillance vlan mac address command Example This example shows how to enable surveillance VLAN function on physical port eth1 0 1 Switch configure terminal Switch config interface eth1 0 1 Switch config if surveillance vlan enable Switch config if 68 4 surveillance vlan mac address This command is used to add the user defined surveilla...

Page 629: ...and to add user defined OUI s for the surveillance VLAN The OUI for surveillance VLAN are used to identify the surveillance traffic by the surveillance VLAN function If the source MAC addresses of the received packet matches any of the OUI pattern the received packet is determined as a surveillance packet The user defined OUI cannot be the same as the default OUI The default OUI cannot be deleted ...

Page 630: ... the ONVIF recognition IPC state Use the no form of this command to revert to the default setting surveillance vlan onvif ipc IP ADDRESS mac address MAC ADDRESS state enable disable no surveillance vlan onvif ipc IP ADDRESS mac address MAC ADDRESS state Parameters IP ADDRESS Enter the IP address of the IPC here MAC ADDRESS Optional Enter the MAC address of the IPC that is recognized with ONVIF ena...

Page 631: ...nter the MAC address of the IPC that is recognized with ONVIF TEXT Enter the description of the ONVIF recognized IPC here This can be up to 32 characters long Default By default there is no description defined for an ONVIF recognized IPC Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline This command is used to configure the description of the ONVIF recognized IP...

Page 632: ...is command is used to configure the description of the ONVIF recognized NVR with only the IP address of the NVR or both the IP and MAC address of the NVR If there is more than one NVR with the same IP address and the MAC addresses of those NVRs are not specified the description of those NVRs will be configured Example This example shows how to define the description of the NVR with an IP address o...

Page 633: ...vice Specifies to display the learned surveillance devices information interface Optional Specifies to display surveillance VLAN information of ports INTERFACE ID Optional Specifies the port to be displayed Optional Specifies a series of interfaces or separate a range of interfaces from a previous range No space is allowed before and after the comma Optional Specifies a range of interfaces No spac...

Page 634: ...e IP Surveillance Device Total OUI 4 Switch 68 11 show surveillance vlan onvif ipc interface This command is used to display ONVIF based IPC information show surveillance vlan onvif ipc interface INTERFACE ID brief detail Parameters INTERFACE ID Optional Specifies the port to be displayed Optional Specifies a series of interfaces or separate a range of interfaces from a previous range No space is ...

Page 635: ...P Address 10 90 90 1 MAC Address 00 01 02 03 04 05 Model P3384 VE Manufacturer D Link State Enabled Throughput 5 Mbps Description P3384 VE Protocol ONVIF Power Consumption 1 9W 15W PoE 802 3af PoE Status Enable Total Entries 1 Switch 68 12 show surveillance vlan onvif nvr interface This command is used to display ONVIF based NVR and group information show surveillance vlan onvif nvr interface INTE...

Page 636: ...isplay ONVIF based NVR information Switch show surveillance vlan onvif nvr interface ethernet 1 0 1 Interface eth1 0 1 IP Address 111 111 111 111 MAC Address 00 03 02 03 04 08 IPC Number 2 Throughput 10 Mbps Group Group 1 Description D Link NVR Total Entries 1 Switch This example shows how to display ONVIF based NVR information associated with the group ID ipc list Switch show surveillance vlan on...

Page 637: ... negotiation will be enabled if either the speed parameter is set to auto or the duplex parameter is set to auto If the speed parameter is set to auto and the duplex parameter is set to the fixed mode only the speed will be negotiated The advertised capability will be configured to the duplex mode combined with all the possible speeds If the speed is to set to a fixed speed and duplex is set to au...

Page 638: ...peed is set to the forced mode the final flow control setting will be determined by the configured flow control setting If the speed is set to the auto mode the final flow control setting will be based on the negotiated result between the local side setting and the partner side setting The configured flow control setting here is the local side setting Example This example shows how to enable the f...

Page 639: ...the speed to 1000 Mbps and the user must manually set that the port operates as master or slave Specifies that for fiber ports 1000BASE SX LX the port will disable the auto negotiation master slave Specifies the port operates as master or slave timing This parameter is only applicable to 1000BASE T connections 10giga Specifies to force the speed to 10 Gbps auto Specifies that for copper ports it s...

Page 640: ...is set to auto only the duplex mode is negotiated The advertised capability will be both full and half duplex mode combined with the configured speeds For 10GBASE R connections if auto negotiation is enabled the system will automatically configure the speed 1000M or 10G according to the type of SFP SFP Example This example shows how to configure eth1 0 1 to only auto negotiate to 10 or 100 Mbps Sw...

Page 641: ...DGS 1510 Series Gigabit Ethernet SmartPro Switch CLI Reference Guide 638 Switch configure terminal Switch config interface eth1 0 5 Switch config if speed auto downgrade Switch config if ...

Page 642: ...n file is config cfg If there is no valid configuration file the device will be configured to the default state Example This example shows how to configure the file switch config cfg as the startup configuration file Switch configure terminal Switch config boot config c switch config cfg Switch config 70 2 boot image This command is used to specify the file that will be used as the image file for ...

Page 643: ... shows how to specify that the Switch should use the image file named switch image1 had as the boot image file for the next startup Switch configure terminal Switch config boot image c switch image1 had Switch config This example shows how to check a specified image file called c runtime switch had The checksum of the image file has been verified is okay and the information of the image file is di...

Page 644: ... shows how to clear the system s running configuration Switch clear running config This command will clear all of system configuration as factory default setting including IP parameters Clear running configuration y n n y Switch 70 4 reset system This command is used to reset the system clear the system s configuration then save and reboot the Switch reset system Parameters None Default None Comma...

Page 645: ...e FILENAME Specifies the name of the configuration file stored in the NVRAM force Optional Specifies to execute the command immediately with no confirmation needed Default None Command Mode Privilege EXEC Mode Command Default Level Level 15 Usage Guideline This command is used to execute the indicated configuration file to replace the current running configuration The current running configuration...

Page 646: ...opy SOURCE URL tftp LOCATION DESTINATION URL copy tftp LOCATION SOURCE URL DESTINATION URL Parameters SOURCE URL Specifies the source URL for the source file to be copied One special form of the URL is represented by the following keywords If startup config is specified as the SOURCE URL the purpose is to upload the startup configuration save the startup configuration as the file in the file syste...

Page 647: ...load the system log to the TFTP server To upload the running configuration or save the running configuration to the startup configuration specify running config as the SOURCE URL To save the running configuration to the startup configuration specify startup config as the DESTINATION URL As the destination is the startup configuration the source file is directly copied to the file specified in the ...

Page 648: ...ion filename switch config cfg Accessing tftp 10 1 1 254 switch config cfg Transmission start Transmission finished file length 45421 bytes Switch This example shows how to save the system s running configuration into the FLASH memory and uses it as the next boot configuration Switch copy running config startup config Destination filename startup config y n y Saving all configurations to NV RAM Do...

Page 649: ...f remote host 10 1 1 254 Source filename image had Destination filename image had Accessing tftp 10 1 1 254 image had Transmission start Transmission finished file length 8315060 bytes Transmission to slave start Done Transmission to slave finished file length 8315060 bytes Please wait programming flash 0 ERROR Uint2 Not enough space Done Switch 70 7 ip tftp source interface This command is used t...

Page 650: ...lan100 Switch config 70 8 show boot This command is used to display the boot configuration file and the boot image setting show boot unit UNIT ID Parameters UNIT ID Optional Specifies the unit to be displayed Default None Command Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command is used to display the boot configuration file and the boot image sett...

Page 651: ...t parameters Only modified configurations different from the default configuration will be displayed if this option is not selected interface INTERFACE ID Optional Specifies to display command configurations associated with the specified interface Enter the interface ID here Default None Command Mode Privileged EXEC Mode Command Default Level Level 15 Usage Guideline This command displays the curr...

Page 652: ... Level 15 Usage Guideline This command displays the configuration settings that the system will be initialized with Example This example shows how to display the content of the startup configuration file Switch show startup config DGS 1510 28XMP Gigabit Ethernet SmartPro Switch Configuration Firmware Build 1 40 014 Copyright C 2017 D Link Corporation All rights reserved STACK end end DEVICE config...

Page 653: ...l message buffer Use the no form of this command to disable the logging of messages to the local message buffer Use the default logging buffered command to revert to default setting logging buffered severity SEVERITY LEVEL SEVERITY NAME discriminator NAME write delay SECONDS infinite no logging buffered default logging buffered Parameters SEVERITY LEVEL Optional Specifies the severity level of sys...

Page 654: ...sages that are logged The content of the logging buffer will be saved to the FLASH memory periodically such that the message can be restored on reboot The interval for periodically writing the logging buffer to FLASH can be specified The content of the logged messages in the FLASH will be reloaded into the logging buffer on reboot Example This example shows how to enable the logging of messages to...

Page 655: ...e Example This example shows how to enable the logging of messages to the local console and restrict the logging of messages with a security level of errors or higher Switch configure terminal Switch config logging console severity errors Switch config 71 4 logging discriminator This command is used to create a discriminator that can be further used to filter SYSLOG messages sent to various destin...

Page 656: ...TY TYPE discriminator NAME port UDP PORT no logging server IP ADDRESS IPV6 ADDRESS Parameters IP ADDRESS Specifies the IP address of the SYSLOG server host IPV6 ADDRESS Specifies the IPv6 address of the log server host SEVERITY LEVEL Optional Specifies the severity level of system messages The messages at that severity level or a more severe level will be logged to the log server This value must b...

Page 657: ... 4 Security authorization messages 5 Messages generated internally by the SYSLOG 6 Line printer sub system 7 Network news sub system 8 UUCP sub system 9 Clock daemon 10 Security authorization messages 11 FTP daemon 12 NTP subsystem 13 Log audit 14 Log alert 15 Clock daemon note 2 16 Local use 0 local0 17 Local use 1 local1 18 Local use 2 local2 19 Local use 3 local3 20 Local use 4 local4 21 Local ...

Page 658: ... source address of the SYSLOG packet Example This example shows how to configure VLAN 100 as the source interface for SYSLOG packets Switch configure terminal Switch config logging source interface vlan100 Switch config 71 7 show logging This command is used to display the system messages logged in the local message buffer show logging all REF SEQ NN NN Parameters all Specifies to display all log ...

Page 659: ...ewer messages are displayed prior to the later messages If the command is issued without options the system will display up to 200 entries starting from the latest message Example This example shows how to display the messages in the local message buffer switch show logging Total number of buffered messages 2 2 2013 08 02 16 37 36 INFO 6 Logout through Console Username Anonymous 1 2013 08 02 16 35...

Page 660: ...separate table named attack log Example This example shows how to display the first attack log entry Switch show attack logging index 1 Attack log messages 1 2013 10 17 15 00 14 CRIT 2 Land attack is blocked from IP 10 72 24 1 Port 7 Switch 71 9 clear attack logging This command is used to delete the attack log clear attack logging unit UNIT ID all Parameters UNIT ID Specifies the unit on which th...

Page 661: ...e zone specified by the configuration of the clock timezone command The clock configured by this command will be applied to RTC if it is available The configured clock will not be stored in the configuration file If the clock is manually set and the SNTP server is configured the system will still try to sync the clock with the server If the clock is manually set but a new clock time is obtained by...

Page 662: ...ommand Default Level Level 12 Usage Guideline Use this command to automatically switch over to summer time The command has two forms One is the recurring form which is used to specify the time through the week and the day of the month The other form is the date form which is used to specify the date of the month In both the date and recurring forms of the command the first part of the command spec...

Page 663: ... based on UTC time time zone and the daylight saving configuration Example This example shows how to set the time zone to the Pacific Standard Time PST which is 8 hours ahead of UTC Switch configure terminal Switch config clock timezone 8 Switch config 72 4 show clock This command is used to display the time and date information show clock Parameters None Default None Command Mode EXEC Mode or Any...

Page 664: ...isplay information about the SNTP server show sntp Parameters None Default None Command Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage Guideline This command is used to display information about the SNTP server Example This example shows how to display SNTP information Switch show sntp SNTP Status Enabled SNTP Pool Interval 720 seconds SNTP Server Status SNTP Server S...

Page 665: ... time within 100 milliseconds of the accurate time but it does not provide the complex filtering and statistical mechanisms of NTP In addition SNTP does not authenticate traffic although you can configure extended access lists to provide some protection Create multiple SNTP servers by enter this command multiple times with different SNTP server IP addresses Use the no form of this command to delet...

Page 666: ...tch config 72 8 sntp interval This command is used to set the interval for the SNTP client to synchronize its clock with the server sntp interval SECONDS no sntp interval Parameters SECONDS Specifies the synchronization interval from 30 to 99999 seconds Default By default this value is 720 seconds Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline This command is...

Page 667: ...me range Configuration Mode Command Default Level Level 12 Usage Guideline A new period can be partially overlapped with an older one If a new period s starting and ending time is respectively the same as a previous period an error message will be displayed and the new period will not be allowed When specifying a period to remove it must be the same period originally added and cannot be a partial ...

Page 668: ...the configured time ranges Switch show time range Time Range Profile rdtime Daily 09 00 to 12 00 Weekly Saturday 00 00 to Monday 00 00 Time Range Profile lunchtime Daily 12 00 to 13 00 Total Entries 2 Switch 73 3 time range This command is used to enter the time range configuration mode to define a time range Use the no form of this command to delete a time range time range NAME no time range NAME...

Page 669: ...odic command to specify a time period When a time range is created without any time interval periodic setting it implies that there is not any active period for the time range Example This example shows how to enter the time range configuration mode for the time range profile named rdtime Switch configure terminal Switch config time range rdtime Switch config time range ...

Page 670: ... Mode EXEC Mode or Any Configuration Mode Command Default Level Level 1 Usage Guideline While entering this command without any other keywords the traffic segmentation configuration for all ports is displayed Otherwise only the specified interface s traffic segmentation is displayed Example This example shows how to display the configuration of traffic segmentation for eth1 0 1 Switch show traffic...

Page 671: ... The traffic segmentation forward command can be entered multiple times The following interfaces will be appended into the forwarding domain Use the no form command will remove the specified interface from the traffic segmentation forward member list The traffic segmentation member list can be comprised of different interface types for example port and port channel in the same forwarding domain If...

Page 672: ...s VLAN mode the default option is untagged only For the other VLAN mode the default option is admit all Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline This command is used to set the acceptable types of frames by a port Example This example shows how to set the acceptable frame type to tagged only for port eth1 0 1 Switch configure terminal Switch config i...

Page 673: ... the Switch show vlan VLAN ID interface INTERFACE ID mac vlan Parameters VLAN ID Optional Specifies a list of VLANs to display the member port information If the VLAN is not specified all VLANs are displayed The valid range is from 1 to 4094 interface INTERFACE ID Optional Specifies the port to display the VLAN related setting Optional Specifies a series of interfaces or separate a range of interf...

Page 674: ...id untagged VLAN 1 Hybrid tagged VLAN Ingress checking Enabled Acceptable frame type Admit All Dynamic tagged VLAN eth1 0 2 VLAN mode Hybrid Native VLAN 1 Hybrid untagged VLAN 1 Hybrid tagged VLAN Ingress checking Enabled Acceptable frame type Admit All Dynamic tagged VLAN eth1 0 3 VLAN mode Hybrid Native VLAN 1 Hybrid untagged VLAN 1 Hybrid tagged VLAN Ingress checking Enabled Acceptable frame ty...

Page 675: ...gure the interface 1 0 1 to access mode with access VLAN 1000 Switch configure terminal Switch config interface eth1 0 1 Switch config if switchport mode access Switch config if switchport access vlan 1000 Switch config if 75 5 switchport hybrid allowed vlan This command is used to specify the tagged or untagged VLANs for a hybrid port Use the no form of this command to revert to the default setti...

Page 676: ...and if the new tagged allowed VLAN list is overlap with current untagged allowed VLAN list the overlap part will change to the tagged allowed VLAN The last command will take effect The VLAN does not need to exist to configure the command Example This example shows how to configure interface eth1 0 1 to be a tagged member of VLAN 1000 and an untagged member of VLAN 2000 and 3000 Switch configure te...

Page 677: ... no form of this command to revert to the default setting switchport mode access hybrid trunk no switchport mode Parameters access Specifies the port as an access port hybrid Specifies the port as a hybrid port trunk Specifies the port as a trunk port Default By default this option is hybrid Command Mode Interface Configuration Mode Command Default Level Level 12 Usage Guideline When a port is set...

Page 678: ... allowed VLAN ID Specifies the allow VLAN list or the VLAN list to be added to or removed from the allow VLAN list Optional Specifies a series of VLANs or separate a range of VLANs from a previous range No space is required before and after the comma Optional Specifies a range of VLANs No space is required before and after the hyphen Default By default all VLANs are allowed Command Mode Interface ...

Page 679: ...ly to only accept tagged frames When a trunk port works in the untagged mode for a native VLAN transmitting untagged packet for a native VLAN and tagged packets for all other VLANs and the acceptable frame types of the port has to be set to admit all in order to function correctly The specified VLAN does not need to exist to apply the command Example This example shows how to configure interface e...

Page 680: ...d to remove a VLAN The default VLAN cannot be removed If the removed VLAN is a port s access VLAN the port s access VLAN will be reset to VLAN 1 Example This example shows how to add new VLANs assigning the new VLANs with the VLAN IDs 1000 to 1005 Switch configure terminal Switch config vlan 1000 1005 Switch config vlan 75 11 name This command is used to specify the name of a VLAN Use the no form ...

Page 681: ...he priority If not specified the priority is 0 Default None Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline Use this to add or delete the MAC based VLAN classification entry The classification entry will be applied to packets received by the Switch The user should use the switchport hybrid allowed vlan command to configure the VLAN member port for the MAC base...

Page 682: ...with a group ID 10 Switch configure terminal Switch config protocol vlan profile 10 frame type ethernet2 ether type 0x86dd Switch config 75 14 protocol vlan profile interface This command is used to configure the VLAN classification entry for a protocol group on a port Use the no form of this command to remove the VLAN classification entry on a port protocol vlan profile PROFILE ID vlan VLAN ID pr...

Page 683: ...o display Optional Specifies a series of protocol groups or separate a range of protocol groups from a previous range No space is allowed before and after the comma Optional Specifies a range of protocol groups No space is allowed before and after the hyphen interface Specifies to display protocol VLAN information of ports INTERFACE ID Optional Specifies the interface to display Optional Specifies...

Page 684: ...tch show protocol vlan interface eth1 0 1 Interface Protocol Group ID VLAN Priority eth1 0 1 10 3000 0 Switch This example shows how to display the protocol group profile settings Switch show protocol vlan profile Profile ID Frame type Ether type 10 Ethernet2 0x86DD IPv6 Switch ...

Page 685: ...terface configuration mode need to be enabled for a port to start the voice VLAN function When the voice VLAN is enabled for a port the received voice packets will be forwarded in the voice VLAN The received packets are determined as voice packets if the source MAC addresses of packets comply with the OUI addresses configured by the voice vlan mac address command The VLAN to be specified as the vo...

Page 686: ...the aging timer will be cancelled Example This example shows how to configure the aging time of the voice VLAN to 30 minutes Switch configure terminal Switch config voice vlan aging 30 Switch config 76 3 voice vlan enable This command is used to enable the voice VLAN state of ports Use the no form of this command to disable the voice VLAN s port state voice vlan enable no voice vlan enable Paramet...

Page 687: ...or the user defined OUI with a maximum of 32 characters Default The default OUI is listed in the following table OUI Vendor 00 E0 BB 3COM 00 03 6B Cisco 00 E0 75 Veritel 00 D0 1E Pingtel 00 01 E3 Siemens 00 60 B9 NEC Philips 00 0F E2 Huawei 3COM 00 09 6E Avaya Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline Use this command to add a user defined OUI for the vo...

Page 688: ...ort will automatically be learned as a voice VLAN member This membership will be automatically be aged out When the port is working in the auto tagged mode and the port captures a voice device through the device s OUI it will join the voice VLAN as a tagged member automatically When the voice device sends tagged packets the switch will change its priority When the voice device sends untagged packe...

Page 689: ...e The voice packets arriving at the voice VLAN enabled port are marked to the CoS specified by the command The remarking of CoS allows the voice VLAN traffic to be distinguished from data traffic in quality of service Example This example shows how to configure the priority of the voice VLAN to be 7 Switch configure terminal Switch config voice vlan qos 7 Switch config 76 7 show voice vlan This co...

Page 690: ...shows how to display the voice VLAN global settings Switch show voice vlan Voice VLAN ID 1000 Voice VLAN CoS 7 Aging Time 30 minutes Member Ports eth1 0 1 1 0 5 Dynamic Member Ports eth1 0 1 1 0 3 Voice VLAN OUI OUI Address Mask Description 00 01 E3 00 00 00 FF FF FF 00 00 00 Siemens 00 03 6B 00 00 00 FF FF FF 00 00 00 Cisco 00 09 6E 00 00 00 FF FF FF 00 00 00 Avaya 00 0F E2 00 00 00 FF FF FF 00 0...

Page 691: ...0 09 Aging eth1 0 1 00 03 6B 00 00 05 2012 03 20 12 04 Active eth1 0 2 00 03 6B 00 00 0a 2012 03 19 08 11 Aging eth1 0 2 33 00 61 10 00 11 2012 03 20 06 45 Aging Total Entries 5 Switch This example shows how to display the learned LLDP MED voice devices on ports eth1 0 1 1 0 2 Switch show voice vlan lldp med device interface eth1 0 1 2 Index 1 Interface eth1 0 1 Chassis ID Subtype MAC Address Chas...

Page 692: ... Switch config if web auth enable Switch config if 77 2 web auth page element This command is used to customize the Web authentication page elements Use the no form of this command to revert to the default setting web auth page element page title STRING login window title STRING username title STRING password title STRING logout window title STRING copyright line LINE NUMBER title STRING no web au...

Page 693: ...ze Web authentication page elements There are two Web authentication pages 1 the authentication login page and 2 the authentication logout page The Web authentication login page will be displayed to the user to get the username and password when the system doing Web authentication for the user Users can logout from the network by clicking the Logout button on the authentication login page after su...

Page 694: ...t path http www website com Switch config 77 4 web auth system auth control This command is used to enable the Web authentication function globally on the Switch Use the no form of this command to disable the Web authentication function globally on the Switch web auth system auth control no web auth system auth control Parameters None Default By default this option is disabled Command Mode Global ...

Page 695: ...ication processes communicate with this IP address however the virtual IP does not respond to any ICMP packet or ARP request So it s not allowed to configure virtual IP in the same subnet as the Switch s IP interface or the same subnet as the host PCs subnet otherwise the Web authentication cannot operate correctly The defined URL only takes effect when the virtual IP address is configured The use...

Page 696: ...o form of this command to disable sending SNMP notifications snmp server enable traps web auth no snmp server enable traps web auth Parameters None Default By default this option is disabled Command Mode Global Configuration Mode Command Default Level Level 12 Usage Guideline Use this command to enable or disable sending SNMP notifications for Web Authentication Example This example shows how to e...

Page 697: ...Log Message 802 1X authentication success Username username interface id MAC mac address Parameters description username The user that is being authenticated interface id The interface name mac address The MAC address of the authenticated device Informational AAA Log Description Severity Event description This log will be generated when AAA global state is enabled or disabled Log Message AAA is st...

Page 698: ...vilege through exec type from client ip authenticated by AAA aaa method server ip Username username Parameters description exec type It indicates the EXEC types e g Console Telnet SSH Web Web SSL client ip It indicates the client s IP address if valid through IP protocol aaa method It indicates the authentication method e g none local server server ip It indicates the AAA server IP address if auth...

Page 699: ...rname for authentication Informational Event description This log will be generated when RADIUS assigned a valid priority attributes Log Message RADIUS server server ip assigned 802 1p default priority priority to port interface id Username username Parameters description server ip It indicates the RADIUS server IP address priority The assign priority that authorized by from RADIUS server interfac...

Page 700: ...ters description interface id Interface name vid VLAN ID Informational Event description When an IPC is added in the surveillance VLAN the log message will be sent Log Message ASV Add IPC ipaddr Parameters description ipaddr Represent the IP address of the IPC Informational Event description When an IPC is removed from the surveillance VLAN the log message will be sent Log Message ASV Remove IPC i...

Page 701: ...erIP File Name pathFile Parameters description unitID The unit ID session The user s session username Represent current login user ipaddr Represent client IP address macaddr Represent client MAC address serverIP Server IP address pathFile Path and file name on server Informational Event description Firmware upgraded unsuccessfully Log Message Unit unitID Firmware upgraded by session unsuccessfully...

Page 702: ... ipaddr Represent client IP address macaddr Represent client MAC address serverIP Server IP address pathFile Path and file name on server Informational Event description Configuration downloaded unsuccessfully Log Message Unit unitID Configuration downloaded by session unsuccessfully Username username IP ipaddr MAC macaddr Server IP serverIP File Name pathFile Parameters description unitID The uni...

Page 703: ...AC address serverIP Server IP address pathFile Path and file name on server Warning DAI Log Description Severity Event description This log will be generated when DAI detect invalid ARP packet Log Message Illegal ARP type packets IP ip address MAC mac address VLAN vlan id on interface id Parameters description type The type of ARP packet it indicates that ARP packet is request or ARP response Warn...

Page 704: ...nent DDM threshold type It can be one of the following types temperature supply voltage bias current TX power RX power Warning DHCPv6 Client Log Description Severity Event description DHCPv6 client interface administrator state changed Log Message DHCPv6 client on interface ipif name changed state to enabled disabled Parameters description ipif name Name of the DHCPv6 client interface Informationa...

Page 705: ...ssage The IPv6 address ipv6address on interface ipif name was deleted Parameters description ipv6address ipv6 address obtained from a DHCPv6 server ipif name Name of the DHCPv6 client interface Informational Event description DHCPv6 client PD interface administrator state changed Log Message DHCPv6 client PD on interface intf name changed state to enabled disabled Parameters description intf name ...

Page 706: ...refix from a delegation router was deleted Log Message The IPv6 prefix ipv6networkaddr on interface intf name was deleted Parameters description ipv6address IPv6 prefix obtained from a delegation router intf name Name of the DHCPv6 client PD interface Informational DHCPv6 Relay Log Description Severity Event description DHCPv6 relay on a specify interface s administrator state changed Log Message ...

Page 707: ...ost has passed the authentication Log Message JWAC host login success Username string IP ipaddr ipv6address MAC mac address interface id VID vlan id Parameters description Username The host username IP The host IP address mac address The host MAC addresses interface id The interface on which the host is authenticated vlan id The VLAN ID on which the host exists Informational Event description When...

Page 708: ... group that port attach to Informational Event description Member port detach from Link Aggregation Group Log Message ifname detach from Link Aggregation Group group_id Parameters description ifname The interface name of the port that detach from aggregation group group_id The group id of the aggregation group that port detach from Informational LBD Log Description Severity Event description Recor...

Page 709: ... 1 chassisComponent 1 2 interfaceAlias 2 3 portComponent 3 4 macAddress 4 5 networkAddress 5 6 interfaceName 6 7 local 7 chassisID chassis ID portType port ID subtype Value list 1 interfaceAlias 1 2 portComponent 2 3 macAddress 3 4 networkAddress 4 5 interfaceName 5 6 agentCircuitId 6 7 local 7 portID port ID deviceClass LLDP MED device type Notice Event description Conflict LLDP MED device type d...

Page 710: ... Value list 1 chassisComponent 1 2 interfaceAlias 2 3 portComponent 3 4 macAddress 4 5 networkAddress 5 6 interfaceName 6 7 local 7 chassisID chassis ID portType port ID subtype Value list 1 interfaceAlias 1 2 portComponent 2 3 macAddress 3 4 networkAddress 4 5 interfaceName 5 6 agentCircuitId 6 7 local 7 portID port ID deviceClass LLDP MED device type Notice Login Logout CLI Log Description Sever...

Page 711: ...P ipaddr Parameters description username Represent current login user ipaddr Represent client IP address Warning Event description Telnet session timed out Log Message Telnet session timed out Username username IP ipaddr Parameters description username Represent current login user ipaddr Represent client IP address Informational Event description Logout through telnet Log Message Logout through Te...

Page 712: ...ational Event description A host failed to pass the authentication Log Message MAC based Access Control host login fail MAC mac address interface id VID vlan id Parameters description mac address The host MAC address interface id The interface on which the host is authenticated vlan id The VLAN ID on which the host exists Critical Event description The authorized user number on the whole device ha...

Page 713: ...ult instance CIST macaddr The system of bridge mac address priority The bridge priority value must be divisible by 4096 Informational Event description Used to record MSTP instance new root port selected Log Message New root port selected Instance Instance id interface_id Parameters description Instance id MST instance id Instance 0 represents for default instance CIST interface_id The port number...

Page 714: ...en for a specified MST region revision_level Switches using the same given name but with a different revision level are considered members of different MST regions Informational Event description Use to record action to maps a VLAN s to an MST instance Log Message Spanning Tree MST configuration ID VLAN mapping table change instance Instance id add vlan startvlanid endvlanid Parameters description...

Page 715: ...ature recovers to normal Log Message Unit unit id thermal sensor descr temperature back to normal Parameters description unitID The unit ID thermal sensor descr The sensor ID and position Critical Event description Power failed Log Message Unit unit id power descr failed Parameters description unitID The unit ID power descr The power position and ID Critical Event description Power is recovered Lo...

Page 716: ...t type port type interface id Interface name Warning Event description Overload condition detected Log Message ASV Port port type interface id PoE Overload Parameters description port type port type interface id Interface name Warning Event description Power has been denied or removed due to fault Log Message ASV Port port type interface id PoE Power Denied Parameters description port type port ty...

Page 717: ...tion unit id The Unit ID Warning Event description the host enters the mode of normal Log Message Unit unit id Safeguard Engine enters NORMAL mode Parameters description unit id The Unit ID Informational SNMP Log Description Severity Event Description SNMP request received with invalid community string Log Message SNMP request received from ipaddr with invalid community string Parameters Descripti...

Page 718: ...addresses of the conflicting boxes Critical Event description Stacking port linkup A Stacking port will act as a SIO interface or a member of a SIO interface SIO Trunk This log entry is only available on projects that stacking port has got a port number indicator on device s panel Log Message Stacking port port link up Parameters description port Represents the logical port number of a Stacking po...

Page 719: ... id Parameters description Broadcast Broadcast storm is cleared Multicast Multicast storm is cleared Unicast Unicast storm including both known and unknown unicast packets is cleared interface id The interface ID on which a storm is cleared Informational Event description Port shut down due to a packet storm Log Message interface id is currently shut down due to the Broadcast Multicast Unicast sto...

Page 720: ...ss Parameters description interface id Interface name mac address Voice device MAC address Informational Event description When an interface which is in auto voice VLAN mode joins the voice VLAN Log Message interface id add into voice VLAN vid Parameters description interface id Interface name vid VLAN ID Informational Event description When an interface leaves the voice VLAN and at the same time ...

Page 721: ... SSL Username username IP ipaddr Parameters description username The use name that used to login SSL server ipaddr The IP address of SSL client Warning Event description Web SSL session timed out Log Message Web SSL session timed out Username username IP ipaddr Parameters description username The use name that used to login SSL server ipaddr The IP address of SSL client Informational Event descrip...

Page 722: ...lan id The VLAN ID on which the host exists Event description when the authorized user number on the whole device has reached the maximum user limit Log Message Web Authentication enters stop learning state Warning Event description when the authorized user number on the whole device is below the maximum user limit in a time interval Log Message Web Authentication recovers from stop learning state...

Page 723: ...uthVlan 4 dnaSessionAuthUserName 5 dDot1xExtNotifyFailReason 1 3 6 1 4 1 17 1 14 30 0 2 Authentication Fail Trap Name Description OID authenticationFailure An authenticationFailure trap signifies that the SNMPv2 entity acting in an agent role has received a protocol message that is not properly authenticated While all implementations of the SNMPv2 must be capable of generating this trap the snmpEn...

Page 724: ...l 4 dDdmNotifyInfoThresholdExceedOrRecover 1 3 6 1 4 1 17 1 14 72 0 2 DHCP Server Screen Prevention Trap Name Description OID dDhcpFilterAttackDetected When DHCP Server Screen is enabled if the switch received the forge DHCP Server packet the switch will trap the event if any attacking packet is received Binding objects 1 dDhcpFilterLogBufServerIpAddr 2 dDhcpFilterLogBufClientMacAddr 3 dDhcpFilter...

Page 725: ... Binding objects 1 ipaddr 2 macaddr 3 portNumber 4 agentGratuitousARPInterfaceName 1 3 6 1 4 1 17 1 14 75 0 1 IMPB Trap Name Description OID dImpbViolationTrap The address violation notification is generated when IP MAC Port Bindingaddress violation is detected Binding objects 1 ifIndex 2 dImpbViolationIpAddrType 3 dImpbViolationIpAddress 4 dImpbViolationMacAddress 1 3 6 1 4 1 17 1 14 22 0 1 LACP ...

Page 726: ... interface with a VID loop occurs Binding objects 1 dLbdNotifyInfoIfIndex 2 dLbdNotifyInfoVlanId 1 3 6 1 4 1 17 1 14 46 0 3 dLbdVlanLoopRestart This trap is sent when an interface loop with a VID restarts after the interval time Binding objects 1 dLbdNotifyInfoIfIndex 2 dLbdNotifyInfoVlanId 1 3 6 1 4 1 17 1 14 46 0 4 LLDP Trap Name Description OID lldpRemTablesChange A lldpRemTablesChange notifica...

Page 727: ...53 0 3 MAC notification Trap Name Description OID dL2FdbMacNotification This trap indicates the MAC addresses variation in the address table Binding objects 1 dL2FdbMacChangeNotifyInfo 1 3 6 1 4 1 17 1 14 3 0 1 MSTP Trap Name Description OID newRoot The newRoot trap indicates that the sending agent has become the new root of the Spanning Tree the trap is sent by a bridge soon after its election as...

Page 728: ...ance Binding objects 1 pethMainPseConsumptionPower 1 3 6 1 2 1 10 5 0 2 pethMainPowerUsageOffNotifica tion This trap indicates PSE Threshold usage indication is off the usage power is below the threshold At least 500 msec must elapse between notifications being emitted by the same object instance Binding objects 1 pethMainPseConsumptionPower 1 3 6 1 2 1 10 5 0 3 dPoeIfPowerDeniedNotification This ...

Page 729: ...nding objects 1 ifIndex 2 if AdminStatus 3 ifOperStatus 1 3 6 1 6 3 1 1 5 3 Port Security Trap Name Description OID dPortSecMacAddrViolation When the port security trap is enabled new MAC addresses that violate the pre defined port security configuration will trigger trap messages to be sent out Binding objects 1 ifIndex 2 dPortSecIfCurrentStatus 3 dPortSecIfViolationMacAddress 1 3 6 1 4 1 17 1 14...

Page 730: ...fication Unit Hot Insert notification Binding objects 1 dStackNotifyInfoBoxId 2 dStackInfoMacAddr 1 3 6 1 4 1 17 1 14 9 0 1 dStackRemoveNotification Unit Hot Remove notification Binding objects 1 dStackNotifyInfoBoxId 2 dStackInfoMacAddr 1 3 6 1 4 1 17 1 14 9 0 2 dStackFailureNotification Unit Failure notification Binding objects 1 dStackNotifyInfoBoxId 1 3 6 1 4 1 17 1 14 9 0 3 dStackTPChangeNoti...

Page 731: ... 0 14 swSingleIPMSAuthFail The commander switch will send this notification when its member generates an authentation failure notification Binding objects 1 swSingleIPMSID 2 swSingleIPMSMacAddr 1 3 6 1 4 1 17 1 12 8 6 0 15 swSingleIPMSnewRoot The commander switch will send this notification when its member generates a new root notification Binding objects 1 swSingleIPMSID 2 swSingleIPMSMacAddr 1 3...

Page 732: ... 0 2 dsfUploadCfg The notification is sent when the user uploads configuration file successfully 1 3 6 1 4 1 17 1 14 14 0 3 dsfDownloadCfg The notification is sent when the user downloads configuration file successfully 1 3 6 1 4 1 17 1 14 14 0 4 dsfSaveCfg The notification is sent when the user saves configuration file successfully 1 3 6 1 4 1 17 1 14 14 0 5 Web Authentication Trap Name Descripti...

Page 733: ...DGS 1510 Series Gigabit Ethernet SmartPro Switch CLI Reference Guide 730 ...

Page 734: ...er if the user does not configure the privilege level attribute and authenticates successfully the device will not assign any privilege level to the access user If the privilege level is configured less than the minimum supported value or greater than the maximum supported value the privilege level will be ignored To assign the Ingress Egress Bandwidth by the RADIUS server the proper parameters sh...

Page 735: ...e port However if the user does not configure the priority attribute and authenticates successfully the device will not assign a priority to this port If the priority attribute is configured on the RADIUS server is a value out of range 7 it will not be set to the device To assign the VLAN by the RADIUS server the proper parameters should be configured on the RADIUS server To use VLAN assignment RF...

Page 736: ...ication VLAN and when the port is guest VLAN member it will be assigned to its original VLAN To assign the ACL by the RADIUS server the proper parameters should be configured on the RADIUS server The table below shows the parameters for an ACL The parameters of the Vendor Specific Attribute are RADIUS Tunnel Attribute Description Value Usage Vendor ID Defines the vendor 171 DLINK Required Vendor T...

Page 737: ...dard RADIUS attributes are defined in the RFC 2865 Remote Authentication Dial In User Service RADIUS RFC 2866 RADIUS Accounting RFC 2868 RADIUS Attributes for Tunnel Protocol Support and RFC 2869 RADIUS Extensions The following table lists the IETF RADIUS attributes supported by the D Link switch RADIUS Authentication Attributes Number IETF Attribute 1 User Name 2 User Password 3 CHAP Password 4 N...

Page 738: ...ress 5 NAS Port 6 Service Type 8 Framed IP Address 31 Calling Station ID 32 NAS Identifier 40 Acct Status Type 41 Acct Delay Time 42 Acct Input Octets 43 Acct Output Octets 44 Acct Session ID 45 Acct Authentic 46 Acct Session Time 47 Acct Input Packets 48 Acct Output Packets 49 Acct Terminate Cause 52 Acct Input Gigawords 53 Acct Output Gigawords 61 NAS Port Type 95 NAS IPv6 Address ...

Page 739: ...20 DGS 1510 20 Hardware based Software based V V V Model Name ERPS Port 1 to 8 Port 9 to 24 Port 25 to 28 DGS 1510 28 DGS 1510 28P DGS 1510 28X DGS 1510 28XMP Hardware based V Software based V V Model Name ERPS Port 1 to 8 Port 9 to 24 Port 25 to 32 Port 33 to 52 DGS 1510 52 Hardware based V V Software based V V Model Name ERPS Port 1 to 8 Port 9 to 24 Port 25 to 32 Port 33 to 48 Port 49 and 50 Po...

Reviews:

No comments

Related manuals for DGS-510

ETHERNET Accessories 852 852-0111

Brand: WAGO Pages: 38

Brand: FS Pages: 23

Brand: Audio Authority Pages: 12

EX ZS 92 S 22 VD F

Brand: steute Pages: 28

EXHL-TRN-LE1 Series

Brand: Larson Electronics Pages: 2

SISTG1040-242-LRT

Brand: Transition Networks Pages: 31

Brand: Key Digital Pages: 20

Brand: Moxa Technologies Pages: 7

Brand: TRENDnet Pages: 2

Brand: Pathway connectivity solutions Pages: 34

Brand: Kramer Pages: 11

Brand: Leviton Pages: 2

SMT-8-...-B Series

Brand: Festo Pages: 2

Brand: ClimaxDigital Pages: 9

Brand: Sensor Switch Pages: 2

ONW-D-1001-347-W

Brand: Greengate Pages: 2

Brand: Wantec Pages: 4

Brand: N-Tron Pages: 152

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands